A critical Mac vulnerability was discovered by OS X security researcher Pedro Vilaca last week. According to his research, any attacker can disable the BIOS lock just by taking advantage of a flaw in Apple’s S3 sleep state (more known as ‘standby mode’) suspend-resume implementation. Once an attacker does this, he can install bootkit malware onto a Mac BIOS without…
Read MoreThe newly discovered Wirelurker malware affecting both OS X and iOS devices has been covered extensively in the media. While this is a significant incident, some of the coverage appears to have been exaggerated, and might lead users to unnecessary panic. Several points would be useful in helping calm down the worst fears of users and distilling…
Read MoreOne of the Mac OS X platform’s security features is Gatekeeper, which was first introduced in 2012 and works with Lion, Mountain Lion, and Mavericks. If a program is downloaded from the Internet and launched, Gatekeeper will first validate its digital signature and choose whether to let it run based on the user’s settings. How…
Read MoreThis new backdoor reminds everyone that, indeed, the myth that Mac is safe is, well, a myth. Exploiting a vulnerability in a component of Apple Remote Desktop, this malware detected by Trend Micro as BKDR_HOVDY.A, runs hidden on an affected operating system and allows a remote malicious user to escalate privileges to root. Also this…
Read MoreNitesh Dhanjani has disclosed around middle of last month a vulnerability in Safari (and the way it interacts with Windows and OSX) that allows a remote malicious user to download several files unknowingly to the user’s default download folder (Desktop for Windows and Downloads for OSX). The attack has been dubbed carpet bombing because of…
Read More