I can’t believe what I’m seeing!
The URL starts with a regular “http” instead of “https”!
There’s not “lock” icon on the right corner of Safari!
How can this possible? Very bad days for Apple it seems…
Can someone please explain me?
ARD Patcher is a free utility that patches the infamous ARDAgent exploit in Mac OS X 10.4 and 10.5.
This is a fix to the exploit found a few days ago in Apple Remote Desktop.
It was an opportunity for Antivirus companies to push people installing their softwares in their Macintosh (business is business hehehe).
The software is also useful to test your Mac and see if it’s secure or not (as you can see in the screenshots below):
This security hole has been discovered by Intego (like the previous one).
This one is due to Apple Remote Desktop (on Leopard and Tiger). This is a dangerous one because it allows users to execute scripts and commands as root (which allow a malicious user complete access to the system) even if you’re logged in as a non-root user!
Users must download and run the scripts in order for their computer to become infected. The trojan will install itself in the /Library/Caches folder, and will set itself to run at startup.
The problem is that ARDAgent has its setuid bit set and is owned by root, which means that it will run as root. Since it’s scriptable, any commands sent via AppleScript (including those sent remotely using the osascript command) will also run as root.
To see if your system is secure or not, try this:
tell application "ARDAgent" to do shell script "whoami"
If it says “root” your system is not secure…
You can also go forward in testing the security of your computer by trying this:
tell application "ARDAgent" to do shell script "touch /test;chmod 700 /test"
A test file will be created in the root of your hard drive on which you have no rights but you can delete it by writing your administrator password!
If that’s the case, 4 solutions to protect yourself:
Read the rest of this entry »
Hidden behind a Poker Game, this Trojan has been discovered by Intego.
PokerStealer is its name, this Trojan comes in the shape of a Poker game; it contains a shell script that will asks you for your password pretending it will fix a preferences file in your system.
Once started, PokerStealer will activate SSH on your Mac and will send to a distant server your IP address, your ID and your password.
Then, a Pirate will use these datas to connect to your Mac: erase files, control your computer and do whatever he wants to do!
iTunes 7.6.2, QuickTime 7.4.5, FrontRow 2.1.3, Keynote 4.0.3 and AirPort Utility 4.2.5 are available from the Software Update.
It seems Apple is fixing some security issues with QuickTime:
Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits
eWeek writes.
All of these updates fix security, performance and stability issues.
I guess, we are getting used to have a FrontRow update with every iTunes & QT update.
This security issue was detected first on Windows versions of the QuickTime Player, now it has been confirmed on OS X.
It is highly advised not to use the RTSP protocol unless you’re sure about the source.
The blog may be unusable for the next 30 minutes, just the time to make the update of MacAmour’s Blog from WP 2.3.1 RC1 to WP 2.3.1
 |
  
 |
