The 'construction kit' is used to create and set free many kinds of harmful malware. The latest Trojan, Prg Trojan is another kind of wnspoem Trojan found in October last year (2006).
![]()
Bad news for Mac users: the first construction kit for Mac OS X Trojans has appeared. That comes just as Microsoft released a report showing that Windows 7 is far safer than previous versions of Windows. So while it's true that the Mac is still safer than a PC, the security difference between them has begun to shrink.The Trojan construction kit for Mac OS X 'is the first of its kind to hit the Mac OS platform,' Peter Kruse, a partner and security specialist at the security firm CSIS,.Why is the kit appearing now?
Because Mac OS X is finally. A paper back in 2008 estimated that Mac OS X would be targeted when it reached 16% market share - which is what it now has in several countries, including the U.S.
Related: Adam O'Donnell, chief architect of the cloud technology group at SourceFire, 'What is happening is that people are testing the waters. It just becomes economically viable to do it, so you start seeing these attacks becoming more common.' While Mac OS X may be becoming more vulnerable, Windows, at least according to Microsoft, is getting safer.
The claims that Windows 7 is far safer than previous versions of Windows. (Download the full report.) The report found that Windows XP SP3 32-bit machines have an infection rate of 15.9 for every thousand systems, and Windows Vista SP2 32-bit PCs have a rate of 7.5 infections per thousand.
![]() ![]()
Windows 7 32-bit computers have infection rates of 3.8 per thousand, and Windows 7 64-bit PCs have a rate of 2.5 per thousand.That means a Windows 7 32-bit PC is more than four times more secure than an XP machine.All this means that the days of Macs being far more secure than PCs may be coming to an end. Today a Mac is still safer than a Windows 7 computer. Whether Macs will be safer than PCs a few years from now isn't so clear, though.
UPDATED with response from Apple, and with news that patch is available.Apple's new macOS 10.13 High Sierra is only a day old, and it's already been hacked.A rogue application or other service running on a Mac can easily break into Apple's Keychain password vault and steal all user credentials stored therein, said security researcher Patrick Wardle.(Image credit: Apple)'I'm continually disappointed in the security of macOS,' Wardle told both. 'Every time I look at macOS the wrong way, something falls over.' To prevent such attacks, users will have to disable Keychain from automatically unlocking whenever they log into their Macs. On the bright side, Wardle has not disclosed exactly how his attack works, and there's no malware in the wild that's known to use this technique.MORE: How to Protect YourselfNot upgrading to macOS 10.13 High Sierra won't keep you safe from this sort of attack.
Wardle said on his blog that the flaw also exists in macOS 10.12 Sierra, and probably on OS X 10.11 El Capitan as well.What you can do instead is to change the Keychain settings so that Keychain is not automatically unlocked when you log into your Mac. You'll have to log in every time Keychain needs to be accessed, which will be inconvenient, until Apple patches this flaw.A Wardle posted yesterday (Sept. 25) shows his proof-of-concept malware, called 'KeychainStealer,' installing on a Mac running High Sierra.Wardle then scans the machine using the open-source networking utility Netcat, entering a command, and grabbing his own (presumably temporary) passwords for Facebook ('hunter2'), Twitter ('Idothisforfollowers') and Bank of America ('ShowMeTheMoney$$$').' As my discovery of this bug and report (in early September) was 'shortly' before High Sierra's release, this did not give Apple enough time to release a patch on time,' Wardle explained in a this morning (Sept. 26) 'However, my understanding is a patch will be forthcoming!'
How Keychain worksMac applications normally can access only their own information in the Keychain, which besides passwords can hold any kind of sensitive information, such as credit-card numbers. Wardle's malware completely bypasses that process.' Random apps should not be able to access the entire keychain and dump things like plaintext passwords,' Wardle wrote on his blog.Wardle, whose day job is as director of research at Redwood City, California, security firm Synack, didn't get into technical details about how he pulled off the attack. But this isn't the first time he's shown Mac security to be lacking.'
Apple marketing has done a great job convincing people that macOS is secure,' Wardle told ZDNet. 'I think that this is rather irresponsible and leads to issues where Mac users are overconfident and thus more vulnerable.' The silver lining here is that a random hacker cannot simply log into your Mac from afar and steal your passwords. Rather, the hacker must get you to agree to install the malware, which would probably be masquerading as something else.You may think 'I'm too smart to fall for that.' But online criminals know how to fool people by using fake software updates, or, as evidenced by the just last week, by sneaking malware into legitimate software updates at the source.Last year, Wardle himself showed.
Apple's solution won't workApple has not responded to an email sent by Tom's Guide requesting comment.However, Apple provided this statement to Ars Technica and to: 'MacOS is designed to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval. We encourage users to download software only from trusted sources like the Mac App Store and to pay careful attention to security dialogs that macOS presents.' The problem is that Gatekeeper doesn't work very well at keeping out malware, as Wardle and have shown.
All Gatekeeper does is check to see whether a new piece of software has been 'signed' with a valid Apple developer ID — and anyone can get an Apple developer ID with an email address and $99.Wardle deliberately didn't sign KeychainStealer with an Apple developer ID because he 'merely wanted to show how low the bar was/is set,' he explained on his blog.' Essentially any malicious code can perform this attack,' Wardle added. 'Yes, this includes signed apps as well!' UPDATE: Apple responded to our query with the same statement it provided to Ars Technica and CNET, reproduced in full above.UPDATE Oct. 6: Apple has patched this flaw with the, which also fixes a.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |