Illusions Of Security: Wrap-up For Mac
The one thing Apple has going for it is the problems are not in its operating system. Flashback exploited a hole in the Java runtime, and this new virus, called Backdoor.OSX.SabPub, or SabPub for short, comes in two flavors: one targeting Java and another targeting Microsoft Office.
According to a blog post by Costin Raiu of security firm Kaspersky, SabPub first manifested in February via phishing e-mail spam. Once a computer is infected, the virus begins spreading via Microsoft Office documents. SabPub uses the same Java exploit Flashback does to avoid detection by anti-virus software. Raiu said he suspects that SabPub was probably written by the authors of the LuckyCat virus, which has been traced back to China and has targeted supporters of Tibet. The Office version of SabPub delivers its payloads with Microsoft Word documents which exploit the vulnerability MSWord.CVE-2009-00563.a and the filename “10thMarch Statemnet” (sic).
In this week's wrap-up, two flaws affect most modern processors in phones, PCs and Macs. Looking ahead, the world's largest tech show is about to officially kick off. Magic Encyclopedia: Illusions is rated 4.0 out of 5 by 21. Rated 5 out of 5 by R3DFOX01 from One of my All Time Favorites I love playing this one. Such an awesome concept.
March 10, 2011 refers to the day the Dalai Lama delivered his annual speech observing the Tibetan Uprising of 1959. A second version of SabPub exploits the same drive-by Java vulnerability seen in Flashback. In his own blog update, Sophos’s Graham Cluley SabPub drops two files on a user’s system, so look for them to see if you are infected: /Users/ /Library/Preferences/com.apple.PubSabAgent.pfile /Users/ /Library/LaunchAgents/com.apple.PubSabAGent.plist This is not the first malware to target Tibetan sympathizers. In late March, vendors discovered an OS X Trojan called Tibet.C that exploited Microsoft Word to spy on the computers of Tibetan sympathizers. The fix for the Flashback virus won’t work with SabPub, according to Roel Schouwenberg, senior researcher at Kaspersky.
If you want to patch the Java vulnerability, you need to install the Java security update from Oracle or get rid of Java all together, he suggested. “Then you are no longer vulnerable to all those Java drive-bys,” he said. Apple came up with a unique twist on the Flashback fix. If you don’t use Java for more than one month, it turns Java off, so you don’t get dinged by these drove-by viruses. Schouwenberg said it’s time Mac users got serious about security and stopped acting like they were immune.
“I think the major takeaway isn’t necessarily SabPub by itself but the fact that we now have concrete evidence that these attacks are taking place on OS X as well. It shows OS X is a major player for malware guys,” he said.
Schouwenberg added that only a minimum percentage of Mac users use security, around 10 to 20 percent, even though all of the major antimalware vendors offer Mac products. Because so few Mac users run security software, it’s impossible to get proper metrics in the field, he added. “To this day, only the ‘paranoid’ Mac users are using security software. That’s a major reason why the sheer size of Flashback came as a surprise,” he said.
“We have something of a perfect storm happening here, where a lot of tech-savvy people tired of dealing with infected Windows computers just said get a Mac and be done with it, you don’t have to care about security. So now we have this giant pool of people with very little to no security education. I think it’s becoming clear that pool is a very attractive target,” Schouwenberg added.
Apple T2 chip. The next generation of security. The Apple T2 chip — featured on iMac Pro and the 2018 MacBook Pro with Touch Bar — keeps your Mac safer than ever. The Secure Enclave coprocessor in the Apple T2 chip provides the foundation for Touch ID, secure boot, and encrypted storage capabilities.
Touch ID gives you a seamless way to use your fingerprint as a passcode and make purchases with Apple Pay. Secure boot helps ensure that you are running trusted operating system software from Apple, while the Apple T2 chip automatically encrypts your storage drive. FileVault 2 encrypts your data. With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands.
FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. And on Mac systems with an Apple T2 chip, FileVault 2 keys are created and protected by the Secure Enclave. Want to start fresh or give your Mac to someone else? FileVault 2 makes it easy to clean data off your Mac. Instant wipe removes the encryption keys from your Mac — making the data completely inaccessible — then proceeds with a thorough wipe of all data from the disk. Runtime protections defend at the core.
The technically sophisticated runtime protections in macOS work at the very core of your Mac to help keep your system safe. Technologies like XD (execute disable), Address Space Layout Randomization (ASLR), and Kernel ASLR make it difficult for malware to run or do harm by subverting memory or other apps.
System Integrity Protection (SIP) ensures that even with root access to your system, malware cannot change critical system files and settings. On macOS Mojave, developers can opt in to an Enhanced Runtime that extends these runtime protections to their apps. And on Mac computers with an Apple T2 chip, secure boot ensures that only legitimate macOS operating system software loads on your Mac.
MacOS and iCloud can help find your missing Mac. MacOS and iCloud can help keep your Mac safe even when you misplace it. Sign in to iCloud.com from another computer or use the Find My iPhone app on an iPhone, iPad, or iPod touch to locate your missing Mac on a map. If your Mac is offline when you try to find it, you can ask to receive an email as soon as it makes a Wi‑Fi connection. You can also display a message on your Mac screen so whoever has it knows how to get it back to you.
And until your Mac is back in safe hands, you can set a passcode lock remotely, suspend Apple Pay, or even initiate a remote wipe to delete your personal data and restore your Mac to its factory settings. Sandboxing helps contain malicious code. The App Sandbox in macOS helps ensure that apps do only what they’re intended to do. App sandboxing isolates apps from the critical system components of your Mac, your data, and your other apps. Even if an app is compromised by malicious software, sandboxing automatically blocks it to keep your computer and your information safe.
Illusions Of Security: Wrap-up For Mac Download
MacOS delivers sandboxing protection for Safari, Mail, Messages, FaceTime, Calendar, Contacts, Photos, Notes, Reminders, Photo Booth, Quick Look previews, Game Center, Dictionary, Font Book, and the Mac App Store. Gatekeeper makes downloading apps from the Internet safer. Gatekeeper gives you more control over what you install on your Mac.
It allows you to run apps from the Mac App Store as well as those from other sources that are signed with a Developer ID from Apple. The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with. With macOS Mojave, developers can upload their apps to Apple for a security check. And now you’ll see a streamlined dialog when you first launch these apps.
Intelligent Tracking Prevention. Remember when you looked at that green mountain bike online? And then saw annoying green mountain bike ads everywhere you browsed? Safari uses machine learning to identify advertisers and others who track your online behavior, and removes the cross‑site tracking data they leave behind. So your browsing stays your business.
And now Safari keeps embedded content such as Like buttons, Share buttons, and comment widgets from tracking you without your permission. We know you’ll like that. Stronger passwords are harder to crack. The strongest passwords are long and complex. Creating passwords like this for every site can be tedious.
But Safari makes it easy by automatically creating and storing strong passwords for you, then autofilling your passwords across all your Apple devices. And in Safari preferences, you can see any passwords that have been used more than once and easily update them. To further increase security for your Apple ID, Apple recommends that you turn on two-factor authentication. With two-factor authentication, your account can be accessed only on devices you trust, like your iPhone, iPad, or Mac. So when you want to sign in with your Apple ID on a new device for the first time, you need to provide two pieces of information — your password and the six-digit verification code that’s automatically displayed on your trusted devices. ICloud Keychain securely stores your passwords, punctuation, and numbers. Once you have a unique, strong password, iCloud Keychain will remember it so you don’t have to.
ICloud Keychain stores your user names and passwords and syncs them between the devices you choose — Mac, iPhone, iPad, and iPod touch. When you visit a site, iCloud Keychain will fill in your login information to give you access to your online accounts, and it can also autofill your credit card information when you’re checking out online. And your information is always protected with robust, 256-bit AES encryption. Antiphishing protects you from fraudulent websites.
Phishing is a form of attack in which online thieves try to acquire sensitive information such as user names, passwords, and credit card details by creating fake websites that look like sites from legitimate companies — like your bank or a social networking site. The antiphishing technology in Safari can protect you from such scams by detecting these fraudulent websites. And if you try to visit a suspicious site, Safari disables the page and displays an alert warning you about its suspect nature.