From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. Many of them are legacy bugs if you will from older *nix-based systems. This is as good a time as any for the now familiar lesson – NO operating system is invulnerable, you must keep any software install updated with current security patches.
Category: Mac Tech Support
-
Mozilla Firefox user-agent spoofing
Sometimes you run across a site that’s a browser snob. You know the type…. you visit it in Mozilla Firefox or (anything other than IE) and it says, “you must use Internet Explorer version 6 or newer to use this site. Well, some browsers have nice ways of changing the user agent through the menus, and I wouldn’t be surprised if there’s a plugin for this in firefox (haven’t yet looked.) But, there is a way in about:config.
-
More reason to be cautious with Firefox plugins
Again…. this article referring to an exploit related to the cross platform plugin capability in firefox, is a GOOD reminder to be cautious when looking at potential plugins to install for mozilla firefox. In fact, the advice is usually do NOT install software (including plugins) from untrusted sources. By all means, please investigate any piece of software before downloading and installing. (And please don’t take just the software makers word for it…. ie. “my toolbar is really cool and makes firefox work better” does not equal something you can now trust and install.)
-
Adobe Acrobat reader update
On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone has installed. So, this will be of particular interest to MOST computer users. A SERIOUS security flaw (They’re tagging it CRITICAL) could be exploited with a specially crafted PDF file in version 6.0.4 (or earlier – back to 6) of the Reader for Mac or Windows.
Version 6.0.5 has been released to address this. It should be noted that the current newest version available is 7.0.8….
-
Converting MPG video to dv files
I don’t know much about the dv format, except that it is a standard format that many camcorders use. For this reason, many video editors (such as kino for linux) prefer to see files coming in dv format. The problem I ran into is that the new handycam dvd puts images in .VOB files (which are really MPG). So, I found this handy script… that runs on Mac or Linux and is called mpeg2dv. It does the trick and is public domain. The only requirement I can see is ffmpeg.
-
Fasten your seatbelts – Browser vulnerability a day to be announced in July
I hope there aren’t too many browser developers that have planned on taking July off….. I ran across browserfun.blogspot.com where it is planned to release information on a web browser vulnerability EACH DAY for the month of July. This comes to us from HD Moore of Metasploit. Judging from This securityfocus article, most of the vulnerabilities may just lead to a browser crash, but some seem to be remote code execution vulnerabilities. Microsoft Internet Explorer is where they found most of them, but other browsers were NOT immune and did find at least one remotely exploitable vulnerability to gain remote access for each browser tested.
-
Exploit in the wild for Apple vulnerability
A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit could gain remote root (administrator) access to the machine. So, don’t delay any further on patching. No system is a fortress if the administrator doesn’t keep up with security updates……
-
Apple Mac OS X updates
There are several issues fixed by a bundle of updates for OS X (for 10.4 up to 10.4.6). The new release is 10.4.7 There are a number of issues fixed in addition to at least 3 security related problems. Incidents.org has more details. I know many Mac users feel the “aura of invincibility”, but…. keeping your OS updated is important no matter what Operating system you use…. mac, windows, linux, bsd, etc.
-
Google Video Player for Mac released
The Official Google blog passes along the release of the Google Video Player for Mac. I’m impressed at the universal binary which means it should work on either PPC or Intel architecture. Here’s the download page.
(more…) -
Cross browser javascript vulnerability
It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. According to Symantec …. “This issue is triggered by utilizing JavaScript ‘OnKeyDown’ events to capture and duplicate keystrokes from users,” and is a way that the attacker could scrape/log things that are typed in (bank information, passwords, etc.) Also, they say “In one scenario, a crafty programmer might be able to trick users into entering personal data into a seemingly secure field on an online payment form, giving the hacker access to anything typed within the field.”