Macnn newssecurity Category News
Subscribe to this page now.

Developer spying on iPhone gamers?

Raises iPhone privacy issues

A California iPhone developer, Storm8, has been accused of spying on iPhone owners, according to court documents. A lawsuit was recently submitted on behalf of Washington resident Michael Turner, charging Storm8 with several violations including breaches of contract, the California Computer Crime Law and the Computer Fraud and Abuse Act. On August 26th, says Turner, the company openly admitted that its games had been illicitly collecting phone numbers.

more

Apple to hire new iPhone security manager

Likely related to anti-jailbreaking efforts

Apple is looking to hire a new iPhone manager with significant responsibilities, observers note. In particular the company is now searching for an "iPhone OS Platform Security Manager," who will be responsible for a team securing the booting, installation and running of the firmware. The worker is also expected to help plot a roadmap for iPhone security, and bring at least three years of experience running a development team, plus hands-on knowledge in designing against hardware and software exploits.

more

Kaspersky intros Anti-Virus for Mac

New Mac anti-virus software protects files

Kaspersky has introduced Anti-Virus for Mac, a port of its long-running Windows and Linux software designed to cope with threats such as worms, Trojans and bots. Some features include e-mail and attachment protection, as well as download scans, and alerts on blocked files and programs. The software recognizes up to 30,000 threats; self-protection functions guard settings with a password, and attempt to prevent techniques from being modified or deleted.

more

Hacker attempts to extort Dutch iPhone owners

Exposes security vulnerability

A hacker in the Netherlands has attempted to extort several iPhone owners, reports say. The hacker is believed to have used port scanning to identify T-Mobile-branded phones running SSH, commonly used in jailbreaking techniques. Because many people do not change the default root password on jailbroken devices, the hacker was able to take control of iPhones, and send custom text messages warning them to visit a website in order to resecure their firmware.

more

Firefox 3.5.4 closes 16 vulnerabilities

Cuts off theoretical attacks

Mozilla has released Firefox 3.5.4, a minor but still significant update to its multi-platform web browser. The patch fixes 16 vulnerabilities, 11 of which are said to be critical. Among these are problems with third-party media libraries, the core and JavaScript engines, web worker calls, the GIF color map parser and the string-to-number converter.

more

DocProtect 1.1 adds image support, PDF subscription model

Enhanced support for large image collections

Excel Software has announced an update to its project- and document-protection application, DocProtect 1.1. The program is designed to protect rights and prevent access to HTML projects, image collections, video and audio files, PDFs, and Excel spreadsheets for all non-licensed users. The latest version enables users to release and restore licenses between computers, while adding a new PDF-style subscription model for newsletter and magazine publishers.

more

Open Door upgrades DoorStop security apps

Includes Snow Leopard info

Open Door Networks has announced a set of upgrades for its DoorStop line of Internet security apps. At the center is DoorStop X Security Suite 2.3, which consists of an updated DoorStop X Firewall, Who’s There? Firewall Advisor, and the e-book Internet Security for Your Macintosh and iPhone. The suite has been expanded to include a Twitter stream, a series of bugfixes, and iPhone support in the integrated isfym.com blog.

more

Agile launches public beta of 1Password 3

Software introduces remote data access

Agile Web Solutions has launched a public beta version of 1Password 3, an updated Mac login utility. The software saves passwords and other forms of personal identity for quicker insertion into web forms. Version 3's major addition is said to be inclusion of 1PasswordAnywhere, a feature which lets users remotely access information via a web browser. The update also adds 64-bit support for Snow Leopard, and a new user interface.

more

app4mac releases SecretBox 2 for Mac, iPhone

SecretBox 2 improves interface, adds features

App4mac has released a major upgrade to its data protection program for both the Mac and iPhone: SecretBox 2 is designed to create a database which can be used to store information such as credit card numbers, software registrations, and e-mail logins. New features in the Mac version include an upgraded user interface, additional support for syncing with the iPhone or iPod touch, and improved stability. Approximately 60 percent of the code s also said to be re-written to help enhance performance and security.

more

Endpoint Protector 2009 update adds Snow Leopard support

Also supports Windows 7

CoSoSys has released a new version of Endpoint Protector 2009, its data-loss prevention and endpoint security application. The update adds support for Mac OS X Snow Leopard, along with the soon-to-be-launched Windows 7. Endpoint Protector is designed to protect confidential data, and provides tools for monitoring and controlling activities on other systems. File tracking lets users see copy sources and destinations, as well as determine which files can be copied.

more

Viper SmartStart for iPhone starts cars remotely

Works with Viper security systems

Viper has launched Viper SmartStart for the iPhone. The app works with Viper remote start systems to start a car, lock or unlock its doors, and open its trunk. It can also be used to find a car, or set off a panic alarm. The app can control more than one car, and allows for multiple users to control the same vehicle.

more

McAfee releases Endpoint for Mac

Anti-virus, anti-spyware for enterprise

Noting the rise of Macs in the workplace, McAfee has released Endpoint for Mac, allowing centralized anti-virus, anti-spyware and firewall control, as well as application protection. The software allows IT administrators to use the same basic security console that works with Windows machines for their Mac users.

more

Likewise adds Snow Leopard support to authentication apps

Likewise Open 5.3, Enterprise 5.3 updates

Likewise has announced two new updates to its authentication software for Mac, Likewise Open 5.3 and Likewise Enterprise 5.3. The latest versions add support for 32-bit and 64-bit versions of Apple’s Snow Leopard operating system. Likewise Open is designed to connect Linux and Mac machines to a Microsoft Active Directory and authenticate users with their domain credentials.

more

Microsoft set to launch new anti-malware service

Security Essentials utility to be offered for free

Microsoft is set to launch its new anti-malware service, Security Essentials. The utility is designed to help protect systems against viruses, spyware or other maliciously crafted software. Following the same basic structure as third-party antivirus software, Microsoft's program runs in the background and alerts users as potential threats arise.

more

Verizon adds internet security, online file storage for Mac

Verizon internet security, online storage

Verizon has announced both a new Mac versions of its Verizon Online Backup and sharing software (VOBS) and its Verizon Internet Security Suite. With the storing and sharing app, users can back-up selected files and folders to their designated storage plan, and restore them at a later date. Users can also send or receive invitations which allow people to download or upload photos onto their storage space, for simpler sharing of music, videos, or files. The online storage plans range in size from 5GB to 250GB, with monthly fees starting at $2 and ending at $20.

more

Macs enter crosshairs of Russian hacking group

Part of criminal profit-making scheme

Macs are being deliberately targeted by a Russian hacking group, says Sophos security researcher Dmitry Samosseiko. The group is a subset of a larger criminal network known as the Partnerka, which normally turns a profit through spam promoting fake online drug vendors, and malware in the form of "scareware" anti-virus protection. The Partnerka have generally concentrated malware efforts on Windows users, who together represent the largest possible target.

more

Trend Micro Security for Mac 1.5 improves manual scans

Protection tools for cross-platform enterprises

Trend Micro has released an update to Security for Mac, its threat protection software designed for enterprises. Version 1.5 features improvements to manual scan performance when using the Quick Scan utility. The Cocoa client user interface has been revamped, while enabling automatic registration with the server.

more

NetMine 1.5 Mac firewall now Snow Leopard ready

Firewall adds web updates, other fixes

ProteMac has updated its network firewall, releasing NetMine 1.5. The Mac-based firewall can control all Internet and network access from Mac applications, limiting the possibility of attacks from network worms, trojans malware and viruses. It can limit any specified network traffic from reaching specified Macs. NetMine is a two-way firewall that can prevent the spread of Malware on a network.

more

Apple clarifies iPhone 3.1 anti-phishing protection

Feature requires specific set of actions

Apple has issued a clarification regarding the iPhone 3.1 firmware's anti-phishing capabilities. Released September 9th, the update includes a promised ability to detect phishing and malware sites while using Safari. Early accounts have shown inconsistent performance however, with some phones recognizing hazards, and others missing them completely. The behavior may create the impression that the feature is broken.

more

Apple patent filing details acceleration-based theft alarms

Future iPods to get anti-theft technology?

A recent patent filing, submitted by Apple, describes an anti-theft system that utilizes acceleration data to detect if a portable device is stolen. Information from the accelerometer would be analyzed by a controller to determine if the particular direction and speed of movement indicates that a thief might be taking the device.

more

Apple releases security updates for Tiger, Leopard systems

Long list of vulnerabilities addressed

Apple on Thursday released security updates for Mac OS X v10.5.8 and v10.4.11, including the standard and Server editions. The updates resolve a variety of security vulnerabilities relating to maliciously crafted alias files, resource forks, image files, PDFs, scheduler requests and PixarFilm files, among others.

more

Apple releases Mac OS X 10.6.1 with compatibility fixes [u]

Flash vulnerability addressed in latest Mac udpate

Apple on Thursday released Mac OS X 10.6.1, its first maintenance update following the recent Snow Leopard launch. The company has addressed a variety of compatibility issues involving Sierra Wireless 3G modems, interrupted DVD playback, automatic account setup in Mail, and Motion 4 problems.

more

QuickTime 7.6.4 fixes video, FlashPix exploits

For both Mac and Windows systems

In tandem with iTunes 9, Apple has released QuickTime 7.6.4, a minor update to its signature AV playback software. The patch primarily fixes problems with H.264 and/or MPEG-4 playback, which exposed systems to crashes or arbitrary code execution. H.264 vulnerabilities were connected to memory corruption and heap buffer overflows, while an MPEG-4 flaw involved conventional buffer overflows.

more

iPhone OS 3.1 now available, fixes security vulnerabilities

Security issues fixed in latest iPhone firmware

The latest iPhone firmware, announced during Apple's music-themed media event, addresses a variety of security vulnerabilities. Previous releases had allowed unauthorized use of a device after a timeout period configured by an Exchange administrator. The system now disables any "Require Passcode" values greater than the maximum inactivity time lock setting, eliminating the time gap.

more

Disk Station Manager 2.2 adds iPhone, Time machine support

Disk Station Manager 2.2 improves performance

Synology has released Disk Station Manager 2.2, an update to its cross platform file-sharing and data storing app that was previously available as a beta program. The upgrade delivers new Surveillance Station 3 software, iPhone and Time Machine support along with a DLNA compliant media server for streaming multimedia digital content between a Disk station and DLNA home-compliant devices. System enhancements include improved HDD driver quality and compatibility, and a dynamic bad sector remapping and recovery function.

more

Windows 7 allows remote blue-screen attacks [U]

Windows 7 returns remote BSOD

(Updated with Microsoft advisory) Windows 7 when it ships next month will be vulnerable to an attack that hasn't been possible since 1999, a new vulnerability found by a security researcher shows. Sending a deliberately malformed network negotiation request can force a Windows 7 system into a page fault that triggers a "blue screen of death" error, even without the user's help in launching the code. The attack affects both 32-bit and 64-bit versions of the OS.

more

Future Firefox updates to check for outdated plug-ins

May close some common vulnerabilities

Beginning with two Tuesday updates, all future iterations of Mozilla's Firefox browser will check for at least some outdated plug-ins, the company has announced. Firefox 3.5.3 and 3.0.14 will both scan for the latest version of Flash, prompting users to visit a link where an updated plug-in can be downloaded. "For now, our focus is on the Adobe Flash Player both because of its popularity and because some studies have shown that as many as 80 percent of users currently have an out-of-date version," says Firefox security team member Johnathan Nightingale.

more

MacNN review iAntiVirus: four out of five stars

iAntiVirus get four of five stars in review

MacNN has reviewed PC tools' iAntiVirus, rating the Mac virus protection software four out of five stars. It protects against Mac-based malware, keyloggers, viruses, Trojans, and other threats, while running in the background and available from a menubar. The software monitors the system and scans for prior infection. Users can also run immediate scans via drag-and-drop for individual files.

more

iPhone owner catches three criminals using GPS tracking

iPhone GPS catches criminals

The iPhone’s GPS system has reportedly assisted yet another individual attempting to find and catch thieves, according to Mashable.com. An unidentified person living in Shadyside, PA, was held at gunpoint by two men demanding the victim's wallet, PIN numbers and iPhone. The robbed individual than used his computer and the iPhone’s GPS technology to locate the thieves and helped provide police with information necessary to capture the suspects.

more

Apple releases Java security update for OS X 10.5.8

Several Java threats addressed via security update

Apple has released a Java update for Mac OS X 10.5.8 that addresses a wide range of security vulnerabilities. The most serious issue allowed untrusted Java applets to obtain elevated privileges after users visit a web page containing maliciously crafted code. The problem has been addressed for systems running Mac OS X 10.5.8 or 10.5.8 Server.

more

Report: New Snow Leopard security features still limited

Intego takes a closer look at OS X anti-malware

Mac security company Intego has taken a closer look at the limitations of Apple's new anti-malware features in the recent Snow Leopard update. The new security functions, noticed by developers shortly before the public release, alert users to malicious code found in downloaded files.

more

ProteMac Meter 3.0 interface gets real-time graphics

ProteMac Meter 3.0 updated

ProteMac has released ProteMac Meter 3.0, updating the network activity monitor with a new interface, featuring real-time traffic summaries. The tool watches activity passing through all applications on a Mac, and keeps tabs on network connections, host availability, remote host names, timestamps and the amount of traffic. It presents views of total and app-specific traffic, and can send out user-tailored notifications.

more

Snow Leopard security features still too weak?

S. Lep. security too weak?

Apple has still left considerable gaps in Mac security, despite advances in Mac OS X Snow Leopard, say some security experts. The OS is said to have several protection advances over Leopard, most notably a built-in anti-virus scanner, perhaps the first concrete admission from Apple that Macs are now vulnerable to malware. The tool scans content received through apps like Safari, Mail and iChat, and can also check signatures to determine whether a file has been altered since its creation.

more

Opera 10 adds interface, performance enhancements

Opera 10 update

Opera Software has introduced the latest version of its web browser, Opera 10. Three main features in the update include an enhanced browser interface, a new compression technology for dealing with slow network speeds, and improvements to the browser tabs. With the added network support the browser is capable of compressing pages to lower the amount of data transferred, and increase the users browsing speed. For the browser tabs users can now view full thumbnails of all their open tabs, as well as customize the size of the tab bar by pulling down or double clicking on the handle.

more

Apps: KavaMovies, BetterZip, eBaytoiCal

SignalScope, R10cipher

  • KavaMovies 1.4 ($35) is a movie database application that allows users to organize the movies they have seen, the ones they want to see and those that are a part of their collection. The application also connects to the internet to obtain extra information about each movie such as actors, directors, genres and more. The latest update adds a new favorites browser and has been optimized to run under Snow Leopards 64-bit architecture. The move to 64-bit should also result in improved interface performance and database access speeds. [Download - 4.6MB]

    more

  • Bill to allow President to cut private Internet

    Controversial web bill

    A proposed bill has Internet companies and civil liberty groups in a huff, as it would grant the US President the power to cut off private-sector users from the Internet during cyber security emergencies. The 55-page S. 773 bill (pdf), months in the making behind closed doors, is vague in its wording, but does suggest private Internet networks could be taken over by specially licensed individuals in the government.

    more

    US intros new rules on border notebook searches

    New notebook border rules

    US lawmakers have introduced new measures regarding searches of notebook computers entering the US, according to a Friday report. The revised rules attempt to address concerns regarding violations of privacy and Constitutional rights. The Department of Homeland Security (DHS) maintains such searches are necessary to fight potential terrorism plots, child pornography and copyright infringement. Air travelers with notebooks are often asked to power up their devices to ensure they are what they appear to be, with some incidents going on to more in-depth searches of hard drive content.

    more

    Apple works to investigate MobileMe hackers

    User's MobileMe hacked

    Philp Hayes, a self-declared IT expert, claims his MobileMe account was hacked. The user asserts that hackers accessed his account, changed the password and made a €55 PayPal purchase from RapidShare. The blog entry lends insight to the way Apple reps communicate with each other, suggesting those that assisted Hayes used iChat and prompted him to also chat online via an Apple Support page.

    more

    Snow Leopard contains new anti-malware feature

    Snow Leopard antivirus

    The upcoming Snow Leopard update reportedly contains new anti-malware functionality, according to the Mac security company Intego. A number of beta testers have noticed a new warning screen that alerts users to malicious code. A leaked screenshot shows an alert dialog for an RSPlug Trojan contained in a disk image downloaded through Safari.

    more

    New 'Get a Mac' ads level virus accusations at PCs

    New 'Get a Mac' TV ads

    Apple has produced two more TV ads as part of its long-running "Get a Mac" campaign, touting the advantages of Macs over Windows PCs. The new commercials are primarily negative, accusing PCs of being subject to many more virus attacks than Macs. The first spot, "Surprise," has PC (John Hodgman) disguise himself as Mac (Justin Long), and insist to a computer buyer that PCs are very reliable.

    more

    ContactCrypt provides security encryption for iPhone

    ContactCrypt iPhone app

    SMobile Systems has released ContactCrypt 1.6, an iPhone app that provides an extra layer of security for sensitive information such as contacts. Unlike apps that simply store passwords, ContactCrypt specifically encrypts contact names, addresses, account numbers, phone numbers, e-mail addresses and more. The app is claimed to prevent unauthorized bypass of the iPhone's breakable encryption methods.

    more

    Apps: Wallet, Floola, iPDA

    Voila, Skeiron

  • Wallet 3.1 ($20) is a storage application that allows users to keep track of contacts, passwords, serial numbers and credit cards. Wallet stores and organizes the information and encrypts data using 256-bit AES encryption to make sure the data is safe. The v3.1 update includes WebDAV sync support along with an improved password generator and a new keyboard shortcut for the menubar application. Snow Leopard support has also been added and syncing is said to now be more reliable. [Download - 3.4MB]

    more

  • SecuritySpy 2.0 adds OpenGL, expands support

    SecuritySpy 2.0 released

    Ben Software has released v2.0 of its surveillance utility, SecuritySpy. The application is used to manage surveillance cameras, and catalog recorded security footage. The latest version includes support for audio recording from Axis and Panasonic network cameras, along with Axis video servers. The update also uses OpenGL graphics acceleration, and can play audio back in real-time.

    more

    Apple aware of iPhone Mail bug, working on fix?

    Apple and iPhone Mail bug

    Apple is already fully aware of a critical security flaw in the iPhone Mail client, according to an inside source. The source claims to have proof of the fact, and suggests that Apple will probably fix it with the release of the iPhone 3.1 firmware. Temporary remedies may including rebooting a phone, loading messages several times, or simply waiting long enough.

    more

    iPhones more vulnerable to Internet-based threats?

    iPhones more vulnerable?

    iPhones may be more susceptible to Internet-related threats, a recent Trend Micro survey suggests. The study is based on 1,000 smartphone users 18 years or older, and seeks to shed light on public beliefs about smartphone security. According to the survey, when compared with other smartphone users, iPhone owners generally use their phone's web browser more, and spend more time shopping online, visiting media-sharing websites, and sending and receiving larger quantities of e-mail, which can often involve URLs they click on. Malicious hackers and scammers may be drawn to the iPhone due to this fact, says Trend Micro.

    more

    iPhone 3.0 Mail security issue surfaces

    iPhone 3.0 mail security

    A potential security issue in the iPhone 3.0 firmware has surfaced via a YouTube video. The bug allows users to view previously-deleted e-mails, by searching for the title of a deleted message. The results screen displays two copies of the message; when either is selected for the first time, Mail crashes. When the messages are selected a second time however, an iPhone will either display the original text, or a warning saying "This message cannot be displayed because of the way it is formatted."

    more

    China limits plans for web filtering software

    China holds on web filters

    The Chinese government has relented in its plans to impose web filtering software on computers, a statement from the country's industry and technology minister suggests. Li Yizhong claims that the Communist Party will "absolutely not" force installation of Green Dam-Youth Escort on every computer sold in the country, despite the fears of both corporations and political dissenters. Nominally meant to block pornography, critics have claimed that the software could easily be used to extend censorship beyond current network filtering techniques.

    more

    Mac OS X security update for Leopard, Tiger systems

    Mac OS X security udpate

    Apple has released Security Update 2009-004 for systems running Mac OS X 10.5.8 and v10.4.11, including Server editions. The fix comes just a week after the company's last update which contained a longer list of corrected vulnerabilities. The current update addresses an issue relating to the Domain Naming System server. A remote attacker could potentially create a malicious update message to interrupt the BIND service.

    more

    Apple's Safari 4.03 brings security, other fixes

    Apple's Safari 4.03 update

    Apple on Tuesday released Safari 4.03, an update to its cross-platform browser. The company says the "update is recommended for all Safari users and includes improvements to stability, compatibility and security including, (1) stability improvements for webpages that use the HTML 5 video tag; (2) fixes an issue that prevented some users from logging into iWork.com; and (3) fixes an issue that could cause web content to be displayed in greyscale instead of color."

    more

    Mac Trojan masquerades as a QuickTime update

    Mac Trojan spotted

    TrendMicro has spotted another Domain Naming System (DNS) Trojan targeting Mac systems. The malware, known as OSX/Jahlav-D, masquerades as a MacCinema Installer. Users are prompted to update QuickTime Player by downloading a QuickTimeUpdate.dmg file.

    more

     
    Popular News