Created by iThreats on Jan 2, 2011
Last updated: 03/11/11 at 09:13 PM
SharedItems has no followers yet. Be the first one to follow.
Brian Krebs published an interesting blog post about Rogue Antivirus and the scams that offers "professional online repair service" plan for Mac and Windows users.
A team of security researchers from the French pen-testing firm VUPEN successfully exploited a zero-day flaw in Apple’s Safari browser to win this year’s Pwn2Own hacker challenge.
VUPEN co-founder Chaouki Bekrar (right) lured a target MacBook to a specially rigged website and successfully launched a calculator on the compromised machine.
The hijacked machine was running a fully patched version of Mac OS X (64-bit).
crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
‘BlackHole’ is the latest remote administration tool (RAT) and is available both in Windows and Mac. Hacktool such RAT employs client-server program that communicates to its victim’s machine through its trojan server. The server application is installed on the victim while the client application is on the managing side.
Use-after-free vulnerability in WebCore in WebKit before r77705, as used in Google Chrome before 11.0.672.2 and other products, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that entice a user to resubmit a form, related to improper handling of provisional items by the HistoryController component, aka rdar problem 8938557.
-- Affected Vendors:
-- Affected Products:
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Reader on Mac OS X. User interaction
is required to exploit this vulnerability in that the target must visit
a malicious page or open a malicious file.
Millions of iOS users and developers have come to rely on Apple’s Push Notification Service (APN). In this article, I will briefly introduce details of how APN works and present scenarios of how insecure implementations can be abused by malicious parties.
Apple’s iOS allows some tasks to truly execute in the background when a user switches to another app (or goes back to the home screen), yet most apps will return and resume from a frozen state right where they left off. Apple’s implementation helps preserve battery life by providing the user the illusion that iOS allows for full-fledged multi-tasking between 3rd party apps.
Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
As defined by malwarecity.com in Top 5 Malware for Mac OS X Users Should Know About:
Starfield is a bundle of unwanted application, component and internet plugin usually distributed and discreetly installed by tool offered by GoDaddy network.
Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x before 10.6.6 allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to interaction between Software Update and distribution scripts.
After the release of the Mac AppStore, Logan of Appinsect has devised a new way of cracking Mac store applications. Interestingly, the method does not use KickBack or Hackulous’s Installous 4.0. The method only replaces the signature files from free apps into the paid apps. Follow the simple steps below to install cracked apps on your Mac.