Submitted by: KnightMare @ 03:41 PM | Wednesday, May 13, 2009 | (url: http://blogs.zdne...)
On the same day Microsoft shipped a bundle of patches for gaping holes in its PowerPoint software, Apple followed suit, dropping a monster Mac OS X update to correct 67 security vulnerabilities.
The sudden Apple Patch Day also included a patch to cover a trio of flaws in the Safari Web browser (Mac OS X and Windows).
Submitted by: KnightMare @ 09:03 PM | Thursday, April 16, 2009 | (url: http://blogs.zdne...)
Malware hunters at Symantec have discovered a direct link between a malicious file embedded in pirated copies of Apples iWork 09 software and what appears to be the first Mac OS X botnet launching denial-of-service attacks.
Writing in the current issue of Virus Bulletin (subscription required), researchers Mario Ballano Barcena and Alfredo Pesoli found two malware variants OSX.Iservice and OSX.Iservice.B using different techniques to obtain the users password and take control of the infected Mac machine.
Submitted by: KnightMare @ 10:34 AM | Friday, March 20, 2009 | (url: http://blogs.zdne...)
Charlie Miller has done it again. For the second consecutive year, the security researcher hacked into a fully patched MacBook computer by exploiting a security vulnerability in Apples Safari browser.
It took a couple of seconds. They clicked on the link and I took control of the machine, Miller said moments after his accomplishment.
The contest kicked off at exactly 3:15 PM and, within seconds, Miller launched his drive-by attack and claimed the $10,000 top prize. He also got to keep the MacBook machine.
Submitted by: KnightMare @ 11:19 AM | Tuesday, December 16, 2008 | (url: http://news.bbc.c...)
Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser. Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Submitted by: KnightMare @ 09:53 AM | Wednesday, December 19, 2007 | (url: http://blogs.zdne...)
So this shows that Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious. Clearly this goes against conventional wisdom because the numbers show just the opposite and it isnt even close.
Also noteworthy is that while Windows Vista shows fewer flaws than Windows XP and has more mitigating factors against exploitation, the addition of Windows Defender and Sidebar added 4 highly critical flaws to Vista that werent present in Windows XP. Sidebar accounted for three of those additional vulnerabilities and its something I am glad I dont use. The lone Defender critical vulnerability that was supposed to defend Windows Vista was ironically the first critical vulnerability for Windows Vista.
Submitted by: KnightMare @ 11:53 AM | Tuesday, December 18, 2007 | (url: http://news.yahoo...)
Monday's patches included a whopping 31 updates for the Apple operating system. The Mac OS X patches fix components ranging from the Address Book and iChat software to under-the-covers operating system components such as ColorSync, the IO Storage Family, and the Perl, Python and Ruby programming languages.
Most of these flaws theoretically could be exploited by attackers to run unauthorized software on the Mac, although some of them had other security implications, such as allowing an attacker to gain access to sensitive information or download files to the computer without authorization.
These updates are for the Mac OS X 10.4 and 10.5 operating systems, known as Tiger and Leopard, respectively.
Submitted by: KnightMare @ 09:25 AM | Friday, November 9, 2007 | (url: http://news.yahoo...)
Malicious code that installs files such as Trojans, password stealers, keyboard loggers and other malware on users' systems registered a fivefold increase in the first half of 2007, according to research released by Microsoft at the RSA Security conference in London.
And in the same period, 31.6 million phishing scams were detected, an increase of 150 percent over the previous six months.
The survey, sponsored by Microsoft and conducted by the Ponemon Institute, interviewed more than 3,600 security, privacy and marketing executives across a variety of industries, such as financial services, healthcare, technology and government, in the U.S., U.K. and Germany.