~ MamakTalk ~: Mac users have two new vulnerabilities to worry about

2015年8月4日 星期二

Mac users have two new vulnerabilities to worry about



keychain-securityIn case you still labored under the illusion that Macs are immune from malware, here are two security related stories that offer up a big bite of the reality sandwich:

Researchers create the first firmware worm that attacks Macs

Wired reports that researchers have discovered that some malware designed to reside in a PC’s firmware – the embedded software that starts a computer and loads its operating system – can also work in Apple’s Macintosh systems.

“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” says Xeno Kovah, one of the researchers who designed the worm. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

The emphasis is mine.

The researchers created a proof-of-concept worm called Thunderstorm 2 that can hop from Mac to Mac, even if the machines aren’t networked, by hiding in the chips in smart peripherals:

An attacker could first remotely compromise the boot flash firmware on a MacBook by delivering the attack code via a phishing email and malicious web site. That malware would then be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those. The worm would then spread to any other computer to which the adapter gets connected.

When another machine is booted with this worm-infected device inserted, the machine firmware loads the option ROM from the infected device, triggering the worm to initiate a process that writes its malicious code to the boot flash firmware on the machine. If a new device is subsequently plugged into the computer and contains option ROM, the worm will write itself to that device as well and use it to spread.

This should make you think twice about borrowing someone’s adapter cable.

The researchers will demonstrate their findings at this week’s Black Hat conference in Las Vegas.

So far, that exploit is only in the lab. This next one is not.

0-day bug in fully patched OS X comes under active exploit to hijack Macs

Hackers are already taking advantage of a security flaw discovered just last week in the latest version of OS X, 10.10.4. The same flaw apparently still exists in beta versions of 10.10.5, but has been locked down in early releases of the upcoming El Capitan, or 10.11, writes Dan Goodin of Ars Technica. The problem comes from a new error-logging system introduced in 10.10 Yosemite:

As Ars reported last week, the privilege-escalation bug stems from new error-logging features that Apple added to OS X 10.10. Developers didn’t use standard safeguards involving additions to the OS X dynamic linker dyld, a failure that lets attackers open or create files with root privileges that can reside anywhere in the OS X file system. It was disclosed last week by security researcher Stefan Esser.

On Monday, researchers from anti-malware firm Malwarebytes said a new malicious installer is exploiting the vulnerability to surreptitiously infect Macs with several types of adware including VSearch, a variant of the Genieo package, and the MacKeeper junkware. Malwarebytes researcher Adam Thomas stumbled on the exploit after finding the installer modified the sudoers configuration file.

It’s not clear if the malware can be placed from an infected website, a process known as a “drive-by” infection. But most Mac users have seen come-ons for the MacKeeper junkware, and enough of them fall for it that the software’s still out there. It would be fairly easy for an evildoer to mimic those ads to place the compromised version on clueless users’ systems.

Exclusive Car Review at www.automoview.com

Share this interesting post: