How Apple dodged the Heartbleed bullet

In 2011, Apple told its developers that it would be deprecating OS X’s Common Data Security Architecture including OpenSSL, describing it as an outdated relic of the late 1990s. Nearly three years later, OpenSSL was hit by a severe flaw that affected a wide swath of vendors and their users, but not Apple.

via How Apple dodged the Heartbleed bullet.

Cyber Security Breach: Phishing Site Steals Apple IDs

The hackers who took advantage of the EA server created a phishing site that attempted to steal Apple IDs from consumers. This site appeared legitimate, asking for the user’s Apple ID and password – as well as verification of name, phone number, date of birth, mother’s maiden name, credit card number, expiration date, verification code, and other information that could be used to steal the user’s identity. If the victim made it through the entire process, he or she was simply redirected to the actual Apple ID site, most likely never realizing the information had been stolen by a third party.

via Cyber Security Breach: Phishing Site Steals Apple IDs.

The Internet is Alive and Well! » CounterPunch: Tells the Facts, Names the Names

In comparison, the proprietary Apple software recently had a major security flaw, known as the “GOTO Fail” bug which was around for as long as Heart Bleed (according to Apple). But we know very little about it. We have no history, do not know who made the mistake and whether it was intentional and we have no idea what the company has done to fix it. We don’t really know if we’re now safe from that security flaw. We simply have to trust Apple to be honest about all that because it will never let us see its logs.

via The Internet is Alive and Well! » CounterPunch: Tells the Facts, Names the Names.

Microsoft joins list of recently hacked companies – Computerworld

Microsoft blames Apple for compromise, customers blame Microsoft.

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations,” the company said on its Security Response Center website Friday.

via Microsoft joins list of recently hacked companies – Computerworld.

Huge iTunes patch: Apply it and move on | Mac os x – InfoWorld

The patch fixed a very long list of vulnerabilities — 163 issues in all — to WebKit, an open source technology for rendering HTML used by iTunes and many other applications, including Safari, Googles Chrome, and Yahoo Messenger. Using WebKit as the basic framework for its technologies means that Apple gets many of the benefits of open source, including a well-vetted codebase and the fast reporting of vulnerabilities. In this case, for example, Google found nearly half of the 163 vulnerabilities, while Apple found 26.

via Huge iTunes patch: Apply it and move on | Mac os x – InfoWorld.

Mountain Lion Upgrade Dependency

It is important to check that the recovery partition exists before performing the upgrade from Lion to Mountain Lion.  In testing the Gold Master (GM) release, I found that the installation will start and progress as expected until the system reboots into the installation boot.  At that point, it will fail and you will be caught in a perpetual loop if your recovery partition is non-existant.  Always make sure you have a recent backup before performing the upgrade or any of these steps. Read the rest of this entry »

Adobe patches critical Flash Player holes; adds support for Mac OS X Gatekeeper | ZDNet

Adobe today shipped a new version of its ever-present Flash Player software with fixes for at least seven dangerous security holes and the addition of support for the Gatekeeper technology that coming in Mac OS X Mountain Lion.

The security update, available for Windows, Mac OS X and Linux operating systems, address vulnerabilities that “could cause a crash and potentially allow an attacker to take control of the affected system.”

via Adobe patches critical Flash Player holes; adds support for Mac OS X Gatekeeper | ZDNet.

OS X 10.7.4 Lion update fixes FileVault bug, includes Safari 5.1.6 [u]

Apple on Wednesday released OS X 10.7.4, the latest update to the companys Lion operating system which brings various improvements including a fix for a recently-exposed FileVault bug.

The update, which is recommended for all OS X Lion users, patches a security bug found in certain configurations of the previous 10.7.3 version that allowed for inadvertent access to user passwords.

via OS X 10.7.4 Lion update fixes FileVault bug, includes Safari 5.1.6 [u].

Apple security blunder exposes Lion login passwords in clear text | ZDNet

Apple security blunder exposes Lion login passwords in clear text | ZDNet.

ISC Diary | The Ultimate OS X Hardening Guide Collection

Many security professionals tend to use OS X systems. Maybe for the nice and shiny looks, or the Unix under pinnings that make it a great platform to run current tools. However, the operating system itself isn’t exactly “secure out of the box” and like all operating systems can profit from some additional hardening tricks.

via ISC Diary | The Ultimate OS X Hardening Guide Collection.

←Older