October’s macOS security update contained a fix for a vulnerability that Trend Micro privately disclosed to Apple earlier this year. The vulnerability (designated as CVE-2017-13811), was in the fsck_msdos system tool. This tool checks for and fixes errors in devices formatted with the FAT filesystem, and is automatically invoked by macOS when a device using FAT (such as a USB disk or an SD card) is inserted.
Read MoreA critical Mac vulnerability was discovered by OS X security researcher Pedro Vilaca last week. According to his research, any attacker can disable the BIOS lock just by taking advantage of a flaw in Apple’s S3 sleep state (more known as ‘standby mode’) suspend-resume implementation. Once an attacker does this, he can install bootkit malware onto a Mac BIOS without…
Read MoreIn an earlier blog post, we tackled what Wirelurker malware is and its security implications and risks for iOS and OSX devices. Within hours of the discovery of this malware, a Windows-based malware (detected as TROJ_WIRELURK.A) that performs the same attack was also seen in the wild. In this blog post, we’d like to share practices…
Read MoreSince the discovery of Shellshock, Trend Micro has continuously monitored the threat landscape for any attacks that may leverage these vulnerabilities. So far, we have identified an active IRC bot, exploit attempts in Brazil and China, botnet attacks, and a wide variety of malware payloads such as ELF_BASHLITE.A, ELF_BASHLET.A, and PERL_SHELLBOT.WZ among others. It is reported that…
Read MoreThe many announcements at Apple’s 2014 Worldwide Developers Conference (WWDC) this week was welcome news to the throngs of Apple developers and enthusiasts. It was also welcome news for another group of people with less than clean motives: cybercriminals. Last week we got a concrete example of how some cybercriminals are now actively targeting Apple ID accounts. A thread…
Read More