Security Issues Warning List

Last modified: Jul 23, 2013 11:24 PM
3 22194 Last modified Jul 23, 2013 11:24 PM

Hello and welcome to my User Tip



This is a warning list of potential security issues you need to address.


Run your Software Update as Apple addresses issues and even installs a anti-malware system for OS X based malware.


For free anti-malware for Windows viruses that don't affect the Mac, install the free ClamXav.




1: Printers /routers may need a firmware update to prevent remote attack


Read the HP printer warning here


Samsung and Dell printers also


http://www.kb.cert.org/vuls/id/281284



Linksys/Cisco now Belkin routers


http://arstechnica.com/security/2013/04/using-a-linksys-wi-fi-router-it-could-be -ripe-for-remote-takeover/



2: Java - almost always insecure


10.6 users use Software Update to get current as Apple maintains Java 6


10.7 and later users Java 7 is available from Oracle, you need to manually keep abreast of updates yourself.


https://www.java.com/en/download/index.jsp


If you don't require Java, don't use it or install it. It's been a constant source of insecurity on Mac's and PC's.



Disable Java by opening Java Preferences and uncheck all at the General pane.


Disable Java (not Javascript) in all your web browsers preferences.


You can enable Java if you have programs on your machine that use it, but disable the applet plugin and Web Start applications and disable it all browsers as that's a attack vector.


Check your installed plug-ins here


https://www.mozilla.org/en-US/plugincheck/



3: Flash browser plugin - nearly always insecure


Flash has been a constant security nightmare as well, but not as bad as Java. However so many websites use it it's almost impossible to get away from it.


Install Click2Flash for Safari, Flash Block or NoScript for Firefox to prevent Flash from always running the instant you visit a website.


This way if you trust the site, you have control to enable Flash


Check Flash version


https://www.mozilla.org/en-US/plugincheck/


Install Flash


https://get.adobe.com/flashplayer/


Install Flash help


How to install/uninstall Flash, fix problems



4: Blackhole exploit sites - bad news


The Blackhole Explit Kit is sort of a plugin for malware on compromised websites. It uses Javascript to determine your web browser and it's plugins (Flash, Java, Silverlight etc) and then tailors a exploit payload based upon the what would work best to compromise the machine.


Sites targeted for attack with this sort of kit are those who have a lot of hit traffic, usually adult content or free illegal TV shows or some other draw to get one to run their plugins to view the content. Also some of these sites may attempt you to install a update for a plugin (usually Flash) by being all friendly. They may also popup a malware warning or Flash update that looks like the real thing.


If you suspect or need to update, shut down the browser and even restart the computer, then visit trusted sites for the updates.


https://en.wikipedia.org/wiki/Blackhole_exploit_kit


Extra warning: Trick links in emails to Blackhole exploit compromised websites. Don't trust links in emails!



It's important to keep your web browser and it's plugins updated

https://www.mozilla.org/en-US/plugincheck/



Have the Google Safe Browsing enabled. If it's not being updated this is what appears in Safari preferences.


User uploaded file


If your running Firefox, also install the free Web of Trust add-on, it's a community based malicious/reputable site warning ability.


https://www.mywot.com/




5: "This site may harm your computer". In Google search results.


Don't be tempted to click just because you heard Mac's are secure, that's a myth, they are more resistant but not immune.


https://support.google.com/websearch/bin/answer.py?hl=en&answer=45449




6: AppStore software is 4-8 weeks BEHIND in security updates


Because of the time required to review AppStore submissions and Apple's insistence that all updates goes through AppStore, if your trusting AppStore for downloads of any third party software that connects to the Internet, your at great peril of being compromised.


https://www.computerworld.com/s/article/9216860/Mac_App_Store_s_slow_updates_exp ose_users_to_security_risks


For all apps that require a Internet connection, especially other web browsers, it's advised to uninstall the AppStore version and use the version directly available from the developers website if it contains a auto-update feature.


Check in System Preferences that your getting automatice updates from Apple.



7: Safari web browser is a bit too slow to receive security updates


Apple has not yet adopted a rapid update ability for Safari like Firefox, Opera and Chrome already have to keep users safer.


One should use Firefox as it's not based on Webkit, is open source code viewable by anyone, used on Linux by the smartest geeks and thus gets very rapid updates though their auto-update feature. No browser is 100% secure, however none get faster patches than Firefox in my opinion.


Chrome is a close second place due to Google spending great sums of money to try to secure and fix the flaws in Webkit, but Google is chiefly a advertising company and thus has a agenda in knowing your Internet business. Also any Google software installed installs a root level auto-updater which in my opinion is potential angle of exploitation. If a vulnerability is found in the root level auto-updater, attackers can immediately compromise the machine.


If you want to uninstall Chrome here are the instructions. You should NOT uninstall Safari, use it as a backup browser.


Uninstall Chrome: https://support.google.com/chrome/bin/answer.py?hl=en&answer=95319


Google root level auto-updater: to uninstall that (provided you have no Google software on the machine)


https://support.google.com/installer/bin/answer.py?hl=en&answer=100386


Firefox doesn't require root level permissions to auto-update, it does so in the existing permissions level the user is using either Admin or Standard User which are lower and thus safer as a exploit will likely require to ask the user for Admin password to elevate it's permissions level (alerting the user) to compromise the entire machine.


If a user is security savvy, they will maintain a Standard User for day to day uses and a Admin user for emergency uses and also backups of their user data off the machine, this way they can log into Admin user and simply delete the infected Standard User account and create another one.


To change one's Admin user to Standard, first create another Admin user in System Preferences, log into it and change the original Admin to Standard User by unchecking the ability to administer the machine.


Install NoScript into Firefox and drag a Temp Allow All button to the Firefox Toolbar for click on trusted sites.



8: WiFi and password security issues


WPA and WEP Encrypted are cracked, only WPA2(AES) with a proper password is secure

WiFi security issues, at home and WiFi hotspots



9: HTML 5 bug if exploited, fills boot hard drives in all browsers (except Firefox)


http://feross.org/fill-disk/



10: Malicious advertising and iFrame injection compromising browsers


Malvertisement is a growing issue, increasing 20 times over from 2010 to 2012.


Recommend Firefox + Ad Block Plus + NoScript (enable iFrame blocking) and drag a Temp Allow All button to FF toolbar to enable on trusted sites to reduce one's exposure window.


iFrame injections on compromised websites also leading to Blackhole exploit sites.


https://net-security.org/malware_news.php?id=2440



11: Driveby downloads occur mearly by visiting sites or clicking links


Enable Show Downloads Window and 'Always Ask me where to save files' in Firefox preferences


Disable "Open Safe Files" in Safari preferences.


Keep the Downloads folder empty, it's not a longterm storage as malware can be hidden there awating a click to see what it is.


This way you know a download occurs and prevent it from opening or getting on your machine unawares.



12: Outdated third party software = security risk


Not only a security risk, but some older third party software which installed a at boot kernel extension file in OS X itself becomes a problem as Apple makes under the hood changes to OS X itself for enhancements and security reasons.


It's important to check on all third party software (some check merely by opening them) and applying their updates or uninstalling them.


Many third party software contact the Internet and thus are attack vectors. Enable your OS X Firewall in System Preferences.



13: Social enginnering tricks to install malware


"Yontoo" and "TorrentHandler" is making the rounds as and it convincing users to install it as a browser plugin, the results is numerous advertising and pop up windows of advertisements in nearly all browsers.


Apple will block Yontoo for 10.6.8 and above users from installing it, but if it's on the machine already it's too late and requires removal.


http://reviews.cnet.com/8301-13727_7-57575543-263/how-to-remove-yontoo-adware-tr ojan-from-your-os-x-system/


Only install browser plugins from verified original source, never from a browser window or via a web site.



14: ChatZum adware trojan in fake VLC player for Mac


User uploaded file



The REAL VLC Player for the Mac is located here:


http://www.videolan.org/


http://www.videolan.org/vlc/download-macosx.html



And looks like this, doesn't require a installer. It's a standalone app you just drag and drop into Applications.


User uploaded file



14: Mac.apps malware signed by a Apple developer id, bypasses Gatekeeper


http://www.2-spyware.com/news/post1855.html


Use the free Easy Find to search entire bootdrive for "mac.app", or use free ClamXav


https://www.macupdate.com/app/mac/11076/easyfind


http://www.clamxav.com/



15: InstallGenieo icon appears, do not install it


May appear simply by browsing sites, or come bundled with other software or via a fake Flash or other update. It's basically a browser hijack that if installed will redirect your search and web traffic for advertising revenue.


It requires being unisntalled and still leaves one's homepage etc., on their page. It's borderline trojan/malware that's just above being legal.


Turn off "open safe files after downloading" in Safari preferences to prevent stuff like this from mounting on your desktop.


Firefox + PublicFox add-on can prevent downloads from occuring unless a password is entered.


http://www.intego.com/mac-security-blog/another-problematic-softonic-installer-b rings-adware/




16: FBI/Moneypak ransomware


User uploaded file


May appear simply by browsing sites, it's a Javascipt lock on your web browser only (for Macs) as far as we know at this time.


Command tab to the Finder and Apple > Menu > Force Quit the browser and if Safari hold the Shift down when launching to disable the loading of the page.


If you can search your History and report to the URL to: https://www.google.com/safebrowsing/report_badware/


To defeat this type of low level malware, install NoScript into Firefox web browser and drag a Temp Allow All button to the Firefox Toolbar for clicking on trusted sites.



17: Outdated browser popup installer


User uploaded file


Report the two URL's in the area covered by blue to: https://www.google.com/safebrowsing/report_badware/




18: OSX.Janicab.A and other like trojan malware using Unicode right-to-left character encoding


OS X will display the typical app warning message written completely backwards to play on your confusion, do not install!


Often signed with Apple Developer ID, so it bypasses Gatekeeper warnings.

Comments

Mar 25, 2013 8:06 AM

perhaps suggest that the Lion & SL option to automatically install important security updates is checked on, also the ML ''system data files & security updates' option

Mar 25, 2013 8:06 AM

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.