Apple Safari carpet-bombing is a vulnerability that allows remote attacker via malicious website to silently download arbitrary files in users’ default download directory (~/Download). This issue became serious in Windows … Continue reading “Safari users still vulnerable to “carpet-bombing” attack”
From Intego security advisory today: ——————————————————————————————————– Malware: OSX/OpinionSpy Risk: High Description: Intego has discovered a spyware application that is installed by a number of freely distributed Mac applications and screen … Continue reading ““PremierOpinion” Spyware Now in Mac OS X”
DESCRIPTION: A vulnerability has been reported in Apple Mac OS X, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an … Continue reading “CVE-2010-1120”
There’s a 0-day vulnerability affecting Safari 4.x users, it’s not critical, but it is important to be aware of it. <link rel=”stylesheet” type=”text/css” href=”www.yahoo.com”> Hola <script language=”javascript”> setTimeout(“alert(document.styleSheets[0].href)”, 10000); //setTimeout … Continue reading “Apple Safari Style Sheet Redirection vulnerability”
An interesting news (it’s now all over the net) – Snow Leopard includes malware protection that detects two known threats, RSPlug and iServices. (Intego first spotted this anti-malware feature.) Now curious … Continue reading “Snow Leopard includes malware protection”
When you download an application or installer from legitimate website, you establish a level of trust expecting not to be tricked or deceived. Distribution: The installer is distributed by Starfield … Continue reading “Analysis of OSX Starfield”
Pob of SophosLabs found this interesting update, please read this blog post Updated XProtect protects against OSX.HellRTS Apple Mac OS X Snow Leopard Anti-Malware signature file ‘XProtect.plist’ has new definition … Continue reading “About Mac OS X v10.6.4 ‘XProtect’ Update”
Release Date : 2010-05-07 Criticality level : Highly critical Impact : Remote code execution Solution Status : Unpatched Description: A vulnerability has been discovered in Apple Safari, which can be … Continue reading “0day: Apple Safari “parent.close()””
Exploited PDFs has been prevalent attack vector for awhile now but only in Windows but never been in Mac. I had discussed this here, the prevalence, “util.printf()“, Virut generated PDFs … Continue reading “Do you use Adobe Reader?”
Let’s call the bad iWork as Krowi. So, the story starts when OS X user will download an iWork 09 installation package with serial key through BitTorrent. Take note that … Continue reading “Update: “iWorkServices” Not Just A Trojan”
