Tag - Malware
Although Apple "quickly reacted" to a threat emanating from China last month where altered, pirated versions of Xcode found to contain non-threatening spyware were in use that could have been used to launch a greater attack, variant versions of the XcodeGhost malware are still present, and have been found on servers in the US in the enterprise sector. The actual danger is greatly reduced, as the command-and-control networks have mostly been disabled, but there is still some potential risk.
A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.
Apple has now responded publicly to the XcodeGhost malware scare, explaining in a page on its Chinese website addressed to customers that even if they used apps affected by the issue, no personally-identifiable information was gathered. The company removed any affected apps, and explained the cause (iOS programs were built using compromised Chinese versions of Xcode downloaded from other sources), while offering developers a method of ensuring that their own installations of Xcode were valid.
The latest version of the adware toolbar malware known as Genieo now has the ability to access the OS X Keychain without user knowledge, thanks to privileges gained during the initial install where the user willingly uses their admin password. Though the program itself does not use the technique to cause any malicious harm on its own, the trick will likely be copied and used by others to possibly compromise the security of the OS X password manager. The technique exploits no hack or flaw, but abuses existing privileges.
Users of controversial utility software MacKeeper who are not up-to-date on the latest version are vulnerable to a serious security flaw that can trick users into passing their admin passwords onto attackers, thus leaving the Mac vulnerable to a complete remote takeover. Though the problem has been fixed in version 3.4.1 of the much-maligned "cleanup" utility, the flaw is being actively exploited in the wild by attackers preying on users who have not updated.
Controversial software package MacKeeper -- long a sore spot with veteran users due to its aggressive and fear-based advertising, reputation for causing more problems than it might solve, and deliberate difficulty and obfuscation when users want to remove it -- has often been labelled junkware, extortionware, trickware, or even a form of malware in its own right, despite the company's protestations. A security researcher has now found, however, that the program contains a critical security flaw that leaves users vulnerable to attack.
Victims of one strain of "ransomware" may be able to get their data back. A collaboration between the Netherlands Police's National High Tech Crime Unit (NHTCU) and security company Kaspersky, a tool has been created that can be used to decrypt data encrypted by the CoinVault malware, potentially saving many users from paying a random or having to rebuild their data if backups failed.
Oracle's Java Update 8 Update 40 for OS X has an unexpected surprise for installers. The update instructions note that the company has "partnered with companies that offer various products" and will install the borderline-malware Ask.com toolbar into unsuspecting OS X users' systems.
Hackers have stolen more than $300 million from financial institutions around the world, according to a report from Kaspersky Lab provided to the New York Times. More than 100 banks in over 30 countries have allegedly been the victims of a malware-based attack, which began in 2013, though it appears the criminals behind it employed more sophisticated techniques than other malware intrusions, such as that of Target.
Millions of Android users are at risk from malicious apps offered for download on Google Play, an antivirus firm has revealed. A card game called Durak downloaded between 5 million and 10 million times, an IQ test, and a history app are all said by an Avast researcher to include malware which can trick users into paying for services or buying apps they do not need.
Now AAPL Stock: 94.02 ( -2.58 )
Remote S for Tesla Apple Watch app drives car out
Developer Allen Wong has created the Remote S for Tesla app, which can be used to remotely activate the Model S electric car via an Apple Watch, and drive it a short distance. Aside from providing data about the car and some basic function controls, the unofficial app uses the manufacturer's Summon command to allow the car to turn on, exit the garage, and park near to the user's location. The app is available to purchase from the App Store for $10. http://apple.co/1PprF4t
Seagate 3TB unreliability suit expands
The Seagate 3TB class-action hard drive lawsuit has been expanded to more devices. The expanded suit, filed today, now includes Seagate's Barracuda 3TB Hard Disk Drive, Desktop HDD 3TB, Backup Plus 3TB External Hard Disk Drive, GoFlex 3TB External Hard Disk Drive, or any other Seagate hard drive with model number ST3000DM001. The law firm, Hagens Berman, is seeking information from consumers such as time in service, purchase price, and the nature of any drive received in return from Seagate as a replacement for a failed unit. http://bit.ly/1Pc34Cq
BlackBerry Canada, Florida hit with layoffs
The BlackBerry campus has reportedly been wracked with layoffs. Sources familiar with the company's Waterloo office staffing claim that close to 35 percent of the local workforce has been laid off, with the deepest cuts being made in the BlackBerry 10 OS and hardware teams. Additionally, the state of Florida has been officially notified that the company's Sunrise facility will see 75 people fired. Enthusiast site Mobilesyrup puts the layoffs at around 1000 total. http://bit.ly/1Pc1Rep
Instagram tests multiple account support for iOS
Instagram is trialling support for multiple accounts in its iPhone app with a small number of users. The Facebook-owned photo sharing service confirmed the reports of the tests to TechCrunch, which will allow a single user to manage more than a single account within the app, transferring between two or three accounts with a few taps. It is unclear when the feature will roll out to the public, but it has previously tested it with the Android version of the app since November. http://tcrn.ch/1SPKEKh
Foxconn CEO declares Sharp deal near done
The Foxconn bid for Sharp is allegedly only waiting on specific details of the deal. Foxconn CEO Terry Gou has declared that his company has privileged negotiation rights for the Apple iPhone screen supplier, saying that "we have a consensus, the rest is a process ... I don't see a problem completing this process." Gou hopes the deal, worth up to $5.6 billion, will be formalized by the end of February. http://reut.rs/1SPEQjN
MIT demoes 'Eyeriss' AI chip for mobile
At the International Solid State Circuits Conference in San Francisco this week, MIT researchers presented a new chip designed specifically to implement neural networks. The researchers claim that "Eyeriss" is 10 times as efficient as a mobile GPU, so it could enable mobile devices to run artificial-intelligence algorithms such as Siri or Cortana, rather than uploading all data to a remote server for processing. http://bit.ly/1TISJBe
Pocket for iOS adds readability settings
Offline reader iOS app Pocket has updated, with reader-friendly changes. With the new revision, premium subscribers can adjust character spacing, and choose from eight new fonts including one that makes it easier for sufferers of dyslexia to read saved content. The app itself is free, with a premium subscription available for $5 a month, or $45 a year. http://apple.co/1KuILBl