iThreats

March 18 - Apple Released Its Gigantic Update.

• Security Update 2008-002 fixes 95 security vulnerabilities found in different components of Mac OS X operating system.
• Safari 3.1 fixes 13 security vulnerabilities found in Safari for Mac (10) and Windows (3).

March 20 - “iMunizator” The 2nd Rogue In Mac

• iMunizator a rebranded version of MacSweeper.
• It was first seen in Apple Discussions web site, where someone asked this question “What is iMunizator?”
• Difference between the two:
  • • iMunizatorSetup.dmg file size is 1.49Mb while MacSweeper 1.52Mb.
    • iMunizator company is iMunizator.com while MacSweeper is KiVVi Software.
    • iMunizator executable file size is 407,036 bytes while MacSweeper 407,468 bytes.
    • iMunizator resource folder does not contain TODO.txt.
    • If Last time, MacSweeper is sharing NS server with Cleanator (a known rogue program in windows) this time iMunizator.com neighbor is AntiSpywaredeluxe.com [67.205.72.9] which is also a rogue program in Windows. iMunizator.com network information below:

March 27 - Mac OS X Hacked in 2 Minutes Read [CNET News]

• CanSecWest PWN2OWN 2008 contest targets Linux, Vista and OSX.

• • • VAIO VGN-TZ37CN running Ubuntu 7.10
      
    • Fujitsu U810 running Vista Ultimate SP1
      
    • MacBook Air running OSX 10.5.2

• March 26 (1st Day) when the contest started. However, nobody was able to hacked any of these three operating systems in a limited resources and confined local network connection.
• March 27 (2nd Day) when the attackers were given internet connection.
• March 28 (3rd Day) when the attackers were allowed to use popular software to exploit.
• The results are as follows:

• • • On the 2nd day, Mac OS X was successfully hacked in 2 minutes using a zero-day exploit in Safari.
    • On the 3rd day, Vista was successfully hacked after 7 hours using zero-day exploit in Adobe Flash.
    • Linux stays intact and won against hackers.