Linked by HAL2001 on Thu 19th May 2011 12:10 UTC
Privacy, Security, Encryption "A little over two weeks have passed since the appearance of MAC Defender, the fake AV solution targeting Mac users. And seeing that the approach had considerable success, it can hardly come as a surprise that attackers chose to replicate it. This time, the name of the rogue AV is Mac Protector, and the downloaded Trojan contains two additional packages. As with MAC Defender, the application requires root privileges to get installed, so the user is asked to enter the password."
Thread beginning with comment 473767
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: We told you so
by pantheraleo on Thu 19th May 2011 18:32 UTC in reply to "RE: We told you so"
pantheraleo
Member since:
2007-03-07

As mention by others...this virus still relies on the Mac owner to be running Safari with auto-open safe files enabled.


Until about two years ago, it was possible to use DNS cache poisoning to trick a Mac into downloading malicious software updates from a bogus update server. Apple's update mechanism didn't properly verify the authenticity of the server it contacted for updates. Apple knew about this vulnerability for years, and did nothing to fix it until it was widely publicized and became very easy to do using a plugin for metasploit.

Also, a couple of years ago, there was a critical vulnerability in Java that allowed applets to break out of the sandbox. Apple didn't patch this vulnerability in their JVM until 8 months after Sun had announced it and patched their own JVM.

So there have been at least two cases in the past that I know of just off the top of my head where it has been possible to target Macs without tricking the user into running an application. One vulnerability was left open for years after it should have been closed. The other was left open for 8 months longer than it should have been.

Reply Parent Score: 4