Archive

Archive for May 16, 2009

OS X users, please patch!

If you haven’t patch yet, then please do.

update

How do I know if I’m patched?

Click “About This Mac” and it should display Mac OS X version 10.5.7. You can do the same if you are using Safari by clicking “About Safari”,  this should display Safari 4 (beta).

Why it is important to patch?

There are critical vulnerabilities that could allow malicious user (hacker, malware)  to snoop and steal your information in background.  Let me sight examples from vulnerabilities that has captured media attention (so, it means many attackers are aware of this).

Safari RSS

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6

Solution: The critical issue has been addressed in Security Update 2009-001 for Mac users and Safari 3.2.2 for Windows.

Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution.

Attacker can easily craft URL and execute javascript – and this could expose your personal and sensitive information.

feeds

Disk Images

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6

Solution: The critical issue has been addressed in Security Update 2009-002

Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution.

This is very critical the fact that browser like Safari has enabled “Open safe files after downloading” by default. You can turn off  this option in Safari by following the instructions below:

1. Open Safari

2. Open “Preferences” under the “Safari” menu

3. Click on the “General” tab

4. Un-check the “Open ‘safe’ files after downloading” box

5. Close Safari’s preferences

safari_unsafe