I can’t believe what I’m seeing!
The URL starts with a regular “http” instead of “https”!
There’s not “lock” icon on the right corner of Safari!
How can this possible? Very bad days for Apple it seems…
Can someone please explain me?
ARD Patcher est un utilitaire gratuit qui patche la famuse faille de sĂ©curitĂ© de l’ARDAgent que ce soit sur Mac OS X 10.4 ou 10.5.
Ce dernier fixe une faille découverte celà fait quelques jours.
Une opportunité que les compagnies qui créent des Antivirus ont exploité afin de pousser les gens à installer des Antivirus sur leurs Macs (business is business hehehe).
Cette petite application est également utile pour savoir si votre Mac est sécurisé ou pas (comme vous pouvez le constater dans les images ci dessous):
This security hole has been discovered by Intego (like the previous one).
This one is due to Apple Remote Desktop (on Leopard and Tiger). This is a dangerous one because it allows users to execute scripts and commands as root (which allow a malicious user complete access to the system) even if you’re logged in as a non-root user!
Users must download and run the scripts in order for their computer to become infected. The trojan will install itself in the /Library/Caches folder, and will set itself to run at startup.
The problem is that ARDAgent has its setuid bit set and is owned by root, which means that it will run as root. Since it’s scriptable, any commands sent via AppleScript (including those sent remotely using the osascript command) will also run as root.
To see if your system is secure or not, try this:
tell application "ARDAgent" to do shell script "whoami"
If it says “root” your system is not secure…
You can also go forward in testing the security of your computer by trying this:
tell application "ARDAgent" to do shell script "touch /test;chmod 700 /test"
A test file will be created in the root of your hard drive on which you have no rights but you can delete it by writing your administrator password!
If that’s the case, 4 solutions to protect yourself:
Read the rest of this entry »
DĂ©solĂ©, mais ce poste n’est pas disponible en langue française
iTunes 7.6.2, QuickTime 7.4.5, FrontRow 2.1.3, Keynote 4.0.3 and AirPort Utility 4.2.5 are available from the Software Update.
It seems Apple is fixing some security issues with QuickTime:
Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits
eWeek writes.
All of these updates fix security, performance and stability issues.
I guess, we are getting used to have a FrontRow update with every iTunes & QT update.
This security issue was detected first on Windows versions of the QuickTime Player, now it has been confirmed on OS X.
It is highly advised not to use the RTSP protocol unless you’re sure about the source.
The blog may be unusable for the next 30 minutes, just the time to make the update of MacAmour’s Blog from WP 2.3.1 RC1 to WP 2.3.1
According to this exhaustive FAQ on OS X kernel panic, it seems there are 5 main causes to that:
I find this FAQ very useful especially because of the fact its author didn’t forget any of them (for the moment), for example the famous OS 10.2.5 USB hub caused KP.
Read the FAQ here.
The Mozilla developers have released version 2.0.0.6 of the Firefox browser. It includes a further fix for the the special URL handling problem, which, under Windows XP with Internet Explorer 7 installed, allows attackers to call arbitrary installed programs. This can be accomplished merely by using crafted links on web pages or in e-mails.
Download Firefox 2.0.0.6
 |
  
 |
