Linked by Thom Holwerda on Sat 7th Apr 2012 23:26 UTC
Mac OS X We don't normally report on security issues, especially not when they occur on Mac OS X. So far, the security issues on the Mac can barely be labelled as such, and really don't deserve a lot of attention. Now, however, it would appear we're looking at the first successful widespread malware infection on Mac OS X. Not a bad track record for an eleven year old operating system, by the way.
Order by: Score:
Well ...
by WorknMan on Sun 8th Apr 2012 01:10 UTC
WorknMan
Member since:
2005-11-13

As a Windows user, having listened to Mac users tell me for years how much better the Mac was because Macs never got infected with viruses and stuff, I always knew it was only a matter of time until the day came when they would get theirs as well, despite being told by some that it would never happen. And now that it has, there is no joy in this for me. To all of my Mac-using brethren out there who get infected by this (and other things), I extend my condolences. You guys now get to share the love ;)

Reply Score: 2

RE: Well ...
by Nicholas Blachford on Sun 8th Apr 2012 02:36 UTC in reply to "Well ..."
Nicholas Blachford Member since:
2005-07-06

They didn't get infected because there were no viruses to infect them. I get the impression some people think it's impossible to get them - but this has never been true.

Reply Score: 2

RE[2]: Well ...
by Alfman on Sun 8th Apr 2012 03:25 UTC in reply to "RE: Well ..."
Alfman Member since:
2011-01-28

Well, what do you expect, the corporate slogan is "Think Different", not "Be Different".

But seriously, why is it that every time new mac malware surfaces it's always treated as though it's never happened before? I don't get it?

I wish it was possible to search the web excluding the last couple days since this last incident is overloading the search results. This article published in '06 has a list.

http://www.sophos.com/en-us/press-office/press-releases/2006/02/mac...

Edited 2012-04-08 03:34 UTC

Reply Score: 2

RE[3]: Well ...
by WorknMan on Sun 8th Apr 2012 07:53 UTC in reply to "RE[2]: Well ..."
WorknMan Member since:
2005-11-13

IRIC, the other ones were mostly spread via pirated software and such, so weren't very widespread I think this is the first one to infect hundreds of thousands of users.

Edited 2012-04-08 07:54 UTC

Reply Score: 2

RE[2]: Well ...
by karunko on Sun 8th Apr 2012 09:29 UTC in reply to "RE: Well ..."
karunko Member since:
2008-10-28

They didn't get infected because there were no viruses to infect them. I get the impression some people think it's impossible to get them - but this has never been true.

Isn't this a bit like saying that you are NEVER been hit by a car, therefore you will NEVER be hit by one?

Okay, then! I mean, who could possibly argue with reasoning of such caliber? ;-)



RT.

Reply Score: 2

RE: Well ...
by gonzo on Sun 8th Apr 2012 02:57 UTC in reply to "Well ..."
gonzo Member since:
2005-11-10

And now that it has, there is no joy in this for me.


I did laugh when I read about it :>

Reply Score: 4

RE: Well ...
by Zer0C001 on Thu 12th Apr 2012 11:04 UTC in reply to "Well ..."
Zer0C001 Member since:
2011-12-22

Now we just need to wait 50 years to see a widespread infection on linux machines and we'll be covered ;)

Reply Score: 1

Well Thom..
by gonzo on Sun 8th Apr 2012 02:31 UTC
gonzo
Member since:
2005-11-10

..I don't expect we'll get any numbers from Apple, do you?

Reply Score: 3

Not a bad track record?
by windywoo on Sun 8th Apr 2012 02:35 UTC
windywoo
Member since:
2011-03-01

It simply means Apple's new prominence has brought them unwanted attention and they will have to up their security.

Perhaps we will now see if the user privileges model that is so beloved of Apple's fans actually is as solid a defence as they claim.

Reply Score: 1

Comment by jigzat
by jigzat on Sun 8th Apr 2012 03:19 UTC
jigzat
Member since:
2008-10-30

I as a mac user never claimed there will never be a serious security threat. Although most user does. Pretty serious thing considering it just needs to access a website to get infected. What happened to Java sandboxing?

Reply Score: 1

RE: Comment by jigzat
by Beta on Sun 8th Apr 2012 16:30 UTC in reply to "Comment by jigzat"
Beta Member since:
2005-07-06

What happened to Java sandboxing?

Nobody is perfect, this is a bug in the VM.

Reply Score: 3

My thoughts...
by leech on Sun 8th Apr 2012 04:00 UTC
leech
Member since:
2006-01-10

Well besides the funny of Macs getting a major blast here, even though it's happened plenty of times in the past..

Firstly, they prove more than anything that their security ideas have always been that no one will hit us 'cause we're a minority. Some of the security vulnerabilities that have hit Mac OS are seriously laughable.

But this particular case is because of Java, which is a security crapfest in itself, even more so since Apple rolls their own.

Reply Score: 2

RE: My thoughts...
by Alfman on Sun 8th Apr 2012 06:04 UTC in reply to "My thoughts..."
Alfman Member since:
2011-01-28

leech,

"But this particular case is because of Java, which is a security crapfest in itself, even more so since Apple rolls their own."

You are correct, and some of the vulnerabilities against macs do seem to be third party related. Note though that apple was always eager in it's advertising to group together all malware under the "windows" umbrella regardless of whether microsoft windows was at fault or not.

Now, that view has some merit. We can recognize that the windows experience can be worse for end-users regardless of who is responsible for vulnerabilities. However in order to not be hypocrites, apple would have to admit that mac users are in fact affected by malware.

To be honest though, apple's portrayal of being impervious to malware is far more appalling (to me) than their security track record, which is still respectable in context. On the other hand, the fact that they deny any security risks is a disservice to the mac community who are ill prepared to cope when things like this inevitably happen.

Reply Score: 4

RE[2]: My thoughts...
by kwan_e on Sun 8th Apr 2012 06:16 UTC in reply to "RE: My thoughts..."
kwan_e Member since:
2007-02-18

Note though that apple was always eager in it's advertising to group together all malware under the "windows" umbrella regardless of whether microsoft windows was at fault or not.

Now, that view has some merit. We can recognize that the windows experience can be worse for end-users regardless of who is responsible for vulnerabilities. However in order to not be hypocrites, apple would have to admit that mac users are in fact affected by malware.


That's a good point.

Apple can't have it both ways, but Jobs knows they'll try.

Reply Score: 1

RE[2]: My thoughts...
by leech on Sun 8th Apr 2012 16:46 UTC in reply to "RE: My thoughts..."
leech Member since:
2006-01-10

leech,

You are correct, and some of the vulnerabilities against macs do seem to be third party related. Note though that apple was always eager in it's advertising to group together all malware under the "windows" umbrella regardless of whether microsoft windows was at fault or not.

Now, that view has some merit. We can recognize that the windows experience can be worse for end-users regardless of who is responsible for vulnerabilities. However in order to not be hypocrites, apple would have to admit that mac users are in fact affected by malware.

To be honest though, apple's portrayal of being impervious to malware is far more appalling (to me) than their security track record, which is still respectable in context. On the other hand, the fact that they deny any security risks is a disservice to the mac community who are ill prepared to cope when things like this inevitably happen.


Yeah that was kind of my point, in that even though it technically was "Java's fault" which some Apple fans (of which I am the exact opposite, I hate Apple, and their products), it was inevitably Apple's fault anyhow 'cause they're not even using Oracle's Java.

It's like a double whammy for 'em. And for their users.

Reminds me of the one I read about where a Mac could act as the Mac authentication server and grab all of the login names and passwords on a network. I can't recall the exact specifics of that, but I was talking to my older brother (he's a jerk with a Mac) and he was saying "at least it's not Stuxnet." Yeah, Stuxnet affected a particular hardware platform, not just Windows (if I'm recalling correctly) but that's the gist of how Apple fans think.

'Oh, well aren't our faces red... but LOOK how much worse it is for Windows!!!' 'Yeah, but uhm, I've been asking you for years why you don't use Linux, especially since you work for a security firm?' 'Uhm, well my Mac will do all that and is secure...'

Well, this is the same guy (yeah my older brother...) that replied a long time ago when I asked him why he didn't use Linux, and he said he couldn't get his printer working... of course I had to ask which model..

It was an HP! They have probably the best Linux support out there... I just shook my head and walked away.

Reply Score: 1

RE: My thoughts...
by unoengborg on Sun 8th Apr 2012 22:52 UTC in reply to "My thoughts..."
unoengborg Member since:
2005-07-06

...
But this particular case is because of Java, which is a security crapfest in itself, even more so since Apple rolls their own.


I'm not sure why java should be the root of the problem. Sure, java like any software sometimes containes bugs that might be malignant, but unlike most other software Java is designed to keep close control over what java code is allowed to do. So running java is not worse than running any other program.

The real root of the problem here is not java, but that people download unknown software over the net, in combination with insecure operating systems that forbids certain things that can be dangerous, instead of allowing things that are not dangerous (making anything not explicitly allowed forbidden).

It doesn't matter if it is java, flash, or even your webbrowser that does it, this behaviour will always be associated with a risc, even though I agree with you that Apple rolling their own version of java is a bad thing as fewer people will test it, and bugs fixed by Oracle doesn't directly end up in the Apple version.

Reply Score: 2

It's a conspiracy
by Neolander on Sun 8th Apr 2012 06:34 UTC
Neolander
Member since:
2010-03-08

Okay, you've read the official version, now here is the real deal.

As you all know, Apple hate interpreters. These nasty program are a way out of the "App Store" ecosystem that they cannot control or apply pressure on. As such, as is shown by the large number of infected IP addresses from Cupertino, they deliberately engineered malware targeting the Java runtime environment so as to reduce public faith in it and reduce criticism towards their latest decision to remove it from Mac OS X and making it increasingly harder to get it back as time passes.

It goes further than that, though. Following a secret plot that has been devised by Steve Jobs himself as a last will, Apple is currently examining ways to completely remove web browser functionality from their operating systems, as these represent an unacceptable source of free speech.

The first part of the plan, getting rid of every technology that could put web applications on par with native code (by slowly phasing out plugins and messing up every part of the HTML5 standard that represents a threat as badly as a polar bear raping a baby seal) is now completed. Now, the next step is to slowly inject security flaws in the Webkit codebase and design malware for it, so as to publicly make fun of Google Chrome and simultaneously announce with puppy eyes an increase in "techno-terrorist" attacks targeting the Safari web browsers. Finally, Apple will be able to introduce a "curated, secure, and family-friendly" alternative to the Web, called the iNetwork, which will gradually be the only thing that shows up when you click the Safari icon on an Apple device.

And after that, they will replace the iMac line with giant iPads with maniacal laughters.

(Joking aside, it wouldn't surprise me that Apple would use this as a way to justify their phasing out of Java ^^)

Edited 2012-04-08 06:37 UTC

Reply Score: 8

RE: It's a conspiracy
by Alfman on Sun 8th Apr 2012 08:10 UTC in reply to "It's a conspiracy"
Alfman Member since:
2011-01-28

Neolander,

You'd be a certifiable conspiracy nut to believe in that plan, but I also have to admit there are elements of genius in it. Discredit technology controlled by others by attacking one's self.

Reply Score: 2

RE: It's a conspiracy
by viton on Sun 8th Apr 2012 18:17 UTC in reply to "It's a conspiracy"
viton Member since:
2005-08-09

iNetwork, which will gradually be the only thing that shows up when you click the Safari icon on an Apple device.
http://www.youtube.com/watch?feature=player_detailpage&v=GnO7D5UaDi...

;-)

Edited 2012-04-08 18:17 UTC

Reply Score: 2

RE[2]: It's a conspiracy
by Neolander on Mon 9th Apr 2012 07:32 UTC in reply to "RE: It's a conspiracy"
Neolander Member since:
2010-03-08

Cool ! Ancient roots of the conspiracy unveiled ! \o/

Now I have to write a website for it in pure HTML4. No Javascript, no CSS, no PHP. Maybe a frameset for the menu if I want to get fancy, but that's it. And host it on my laptop too. Because that is what all people who know the truth do.

Edited 2012-04-09 07:34 UTC

Reply Score: 1

Why hasn't this happened sooner
by lucas_maximus on Sun 8th Apr 2012 07:55 UTC
lucas_maximus
Member since:
2009-08-18

As an ex-OSX user (Jaguar to Leopard), I am really surprised that this hasn't happened before.

The default configuration for OSX From Jaguar to Snow Leopard was with the Firewall OFF.

Reply Score: 3

Comment by marcp
by marcp on Sun 8th Apr 2012 08:15 UTC
marcp
Member since:
2007-11-23

As usual - people are drawing conclusions about everything from a single event.
This infection looks serious, but the truth is that Java is the one to be blamed [or Apple as a maintainer].
But - to be honest - Java was not written by Apple. It's not their faulty, bad code.
In other ways: you [I'm talking to you, young man] have no reasons to bash Apple in this case for its code.
All we know is that Apple acts like a moron releasing the patch so long aftern an actual disclosure, but they might have had a reason for that, which we - obviously - don't know.

So stay calm and drop your weapons. There's no real reason to get excited.

Might I also say Java problem corresponds to most platform containing Java ...

Now, I am no way an Apple or Microsoft "fan". I avoid walled gardens. I usually use GNU/Linux, *BSDs and other stuff.

Reply Score: 3

RE: Comment by marcp
by Alfman on Sun 8th Apr 2012 08:50 UTC in reply to "Comment by marcp"
Alfman Member since:
2011-01-28

marcp,

As far as I know apple's own code is pretty good but the reason they particularly deserve criticism is because they continually advertise that security is a non-issue on the mac. They even continued their misleading ads after security researchers exploited mac vulnerabilities twice at pwn 2 own contests. These were real zero-day exploits that happened to be in the "right" hands.

http://www.engadget.com/2008/03/27/pwn-2-own-over-macbook-air-gets-...

Security vulnerabilities happen to the best of us, it's just a shame that companies are too arrogant to admit it.

Reply Score: 4

RE[2]: Comment by marcp
by jbauer on Sun 8th Apr 2012 08:56 UTC in reply to "RE: Comment by marcp"
jbauer Member since:
2005-07-06

marcp,

As far as I know apple's own code is pretty good but the reason they particularly deserve criticism is because they continually advertise that security is a non-issue on the mac. They even continued their misleading ads after security researchers exploited mac vulnerabilities twice at pwn 2 own contests. These were real zero-day exploits that happened to be in the "right" hands.

http://www.engadget.com/2008/03/27/pwn-2-own-over-macbook-air-gets-...

Security vulnerabilities happen to the best of us, it's just a shame that companies are too arrogant to admit it.


And they will continue the denial until (if) the problem becomes too blatant to deny it anymore. It helps them sell Macs, you know. And the buyers, they want to believe they don't have to worry about security issues anymore.

Edited 2012-04-08 08:58 UTC

Reply Score: 4

RE[3]: Comment by marcp
by lucas_maximus on Sun 8th Apr 2012 13:40 UTC in reply to "RE[2]: Comment by marcp"
lucas_maximus Member since:
2009-08-18

MacOSX has always had the firewall disabled (well when I used it Jaguar to Leopard), because it basically stops any problems with network enabled programs.

Apple don't give a f--k about security. They only care about the pretence of it.

Edited 2012-04-08 13:40 UTC

Reply Score: 2

RE[2]: Comment by marcp
by marcp on Sun 8th Apr 2012 08:57 UTC in reply to "RE: Comment by marcp"
marcp Member since:
2007-11-23

Well, of course, you're right. I just think we should not believe in anything they say [unless it's proven to be right]. We should - instead - take it with grain of salt.
Just as we don't believe in ads, commercials, I don't think we should take such things seriously.

Reply Score: 2

brichpmr
Member since:
2006-04-22

OSX has been historically a safer neighborhood, compared to Windows. However, this situation...a drive-by that installs without user authentication, is something to pay attention to. For Mac users, the choices include not enabling Java (Safari, Firefox), installing network sniffing apps like Little Snitch (Flashback won't install if it detects Little Snitch) or using Intego VirusBarrier (same reaction by FlashBack).

I don't recall reading or hearing from Apple that Mac OSX is impervious to malware...just not susceptible to crap that infects Windows. There is no room for Windows fanbois to laugh about the situation...you need to make sure that MSE is running and up to date to clean up the turds in your own neighborhood.

Reply Score: 1

moondevil Member since:
2005-07-08

All easy things that any normal user will be able to do...

Reply Score: 2

confusing headlines
by fran on Sun 8th Apr 2012 14:12 UTC
fran
Member since:
2010-08-06

I thought the other press headlines was a bit sensasionalist and confusing.

550,000-strong army of Mac zombies spreads across world

http://forums.theregister.co.uk/forum/2/2012/04/05/flashback_trojan...

Confusing because they where actually referring to the machines.

Edited 2012-04-08 14:13 UTC

Reply Score: 3

Interesting
by Saladar on Sun 8th Apr 2012 18:37 UTC
Saladar
Member since:
2011-10-25

I go to the dirtiest sites on the net and so far have come (ohh, you know I wanted too ;) out clean. This is quite alarming though. Right after I read this I did check to see if I was infected. Nope, still clean. I will be paying closer attention to security though. Not that I was particularly lacking in it before though.

Reply Score: 1

Comment by aligatro
by aligatro on Sun 8th Apr 2012 21:59 UTC
aligatro
Member since:
2010-01-28

"Earlier this week, a Russian antivirus company (little red flag going up) "


What's that supposed to mean? Just because its Russian, you don't trust it?

Reply Score: 1

RE: Comment by aligatro
by Thom_Holwerda on Sun 8th Apr 2012 22:36 UTC in reply to "Comment by aligatro"
Thom_Holwerda Member since:
2005-06-29

What's that supposed to mean? Just because its Russian, you don't trust it?


No, it's because it's an antivirus company.

Reply Score: 2

Comment by ilovebeer
by ilovebeer on Mon 9th Apr 2012 00:29 UTC
ilovebeer
Member since:
2011-08-08

Not the first time it's happened, and won't be the last. Isn't even that interesting of a news tidbit imo.

Reply Score: 2

Bill Shooter of Bul
Member since:
2006-07-14

App Launcher seems to be a thin veneer over some unix tools, one of which requires a specific Environment variable for Java 1.5. The recent Java update which fixes the vuln kills that Environment Variable. This cost me quite a bit of time on wednesday....

http://stackoverflow.com/questions/5783481/an-error-occurred-upload...

Has the fix there.

Reply Score: 2

iKill
by Lorin on Mon 9th Apr 2012 09:49 UTC
Lorin
Member since:
2010-04-06

Look for the new iKill product at an Apple store near you for a nominal fee of course.

Reply Score: 1