PrivacyScan Publishes Infographic Explaining Net Cookies to Raise Awareness of...

For immediate release October 18, 2013

Summary: SecureMac continues its work to raise awareness of online privacy issues with the release of an internet cookie infographic. The aim is educate and dispel common misunderstandings about the nature of cookies and what they mean for consumer privacy.

SecureMac, creator of the critically acclaimed consumer privacy software, PrivacyScan, continues its initiative to raise awareness of online privacy issues with the release of an infographic to help people understand internet cookies.

The PrivacyScan cookie infographic aims to educate Internet surfers, allowing them to make more informed …

CNet Adware Identification and Removal Guide for Mac OS X

The links for many popular Mac apps on CNET’s download.com have been replaced with a “CNET installer” that installs toolbar adware and changes browser settings. This guide shows how to identify affected apps, how to avoid the toolbar installer, how to determine if it has been installed on your system, and how to remove it if so.

Adware can be a threat to user privacy, and is used to track a user’s browsing habits online. For example, the permissions for one of the Google Chrome extensions shows what these toolbars can …

CNET’s Download.com Adware Installer Bundled with Popular Apps –...

Update (10/29/13 12:15pm): SecureMac has prepared a guide to help users identify and remove the adware being distributed by CNET’s download.com in place of popular Mac apps. The guide provides detailed information, including step-by-step instructions to determine if the adware is installed on your system, and the steps to remove it. View CNet Adware Identification and Removal Guide for Mac OS X.

Direct download links for a variety of popular Mac software products have been replaced on CNET’s Download.com with installers for browser toolbars, commonly used by adware to track user …

PGP 10 WDE for Mac OS X

5.12.10 News
PGP Whole Disk Encryption (WDE) ensures your entire hard disk is encrypted and only accessible by you. Read the whole review of PGP Whole Disk Encryption for Mac OS X.

Trojan Horse Alert: HellRaiser (aka OSX/HellRTS.D)

Trojan Horse Alert: Intego recently alerted users to the presence of a new variant of the HellRaiser Trojan Horse, which they identify as OSX/HellRTS.D. SecureMac has analyzed this new variant and it is detected in the latest MacScan spyware definitions update (Spyware Definitions Version 2010006) as HellRaiser Trojan Horse 4.2. MacScan has detected previous variants of this trojan horse since 2005.

HellRaiser is a trojan horse that allows complete control of a computer by a remote attacker, giving the attacker the ability to transfer files to and from the infected computer, pop up chat messages on the infected system, display pictures, speak messages, and even remotely restart or shut down the infected machine.

The attacker can search through the files on the infected computer, choosing exactly what they want to steal, view the contents of the clipboard, or even watch the user’s actions on the infected computer.

In order to become infected, a user must run the server component of the trojan horse, which can be disguised as an innocent file. The attacker then uses the client component of the trojan horse to take control of the infected system.

Read more about HellRaiser Trojan Horse aka OSX/HellRTS.D

Security Update for Leopard & Snow Leopard

Mac OS X Security Update – Apple posts new security update (2010-003) for Leopard and Snow Leopard. Users may update via the Software Updates System Preferences or by accessing Apple’s download site directly.

This security update addresses ATS (Apple Type Services) handling of embedded fonts. Accessing documents containing malicicously crafted embedded fonts may lead to arbitrary code execution. Charlie Miller is credited for discovery of this threat.

OSX/Jahlav-C = DNSChanger Trojan Horse

DNSChanger Trojan Horse (aka RSPlug Trojan) is running wild lately with multiple variants surfacing rapidly and being distributed through more mainstream sites including gamer and technical download sites as well as pornographic and search engine optimized pages resulting in high rankings in search results.

Learn more about the symptoms of DNSChanger Trojan Horse infected computers or scan your computer for spyware with MacScan or remove DNSChanger Trojan Horse (RSPlug) with DNSChanger Trojan Horse Removal Tool for free.

iPhone 3.0 OS Now Available

Apple has released iPhone 3.0 OS now available for installation. Users who are able to upgrade their operating system for their iphones are suggested to do so as it addresses about 40 security issues. To download and install the latest version simply connect your iPhone to your computer and launch iTunes, from the iTunes’ iPhone interface section for Version an Update option will be available.

Apple Acknowledges Malware

Apple has finally acknowledged that spyware and viruses are a threat for Mac OS X, as well as the latest operating system in the works, Snow Leopard. Snow Leopard will be adding new technology to help prevent against attacks such as sandboxing and anti-phishing features in Safari. This, however, is not a 100% solution to protect against malware.

Apple Safari Vulnerability

Security Alert: Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.

Safari Vulnerability

SecureMac Advisory

Posted: June 9th, 2009

Security Risk: Critical

Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.

Chris Evans has documented this vulnerability in his advisory on his website http://scary.beasts.org/security/CESA-2009-006.html

Safari 4 is now available for download for both Windows and Macintosh systems. Suggested to …

Critical Mac OS X Java Vulnerability Proof of Concept

Today, Landon Fuller posted a proof-of-concept exploit for an unpatched vulnerability in the Java Runtime Environment currently in use by OS X. While this particular proof-of-concept is meant to be harmless, the vulnerability itself currently affects OS X, including OS X 10.5.7, the latest shipping version of OS X. This vulnerability could be exploited to perform “drive-by-downloads” commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user. All a user has to do is visit a web page hosting a malicious java applet to be exploited. Until Apple patches their implementation of Java, we recommend that users disable Java applets in their web browser.

DNS Changer 2.0e Trojan Horse

SecureMac Advisory

Posted: March 17th, 2009

Security Risk: Critical

Just after the DNSChanger 2.0d variant was identified, another new variant of the DNSChanger Trojan Horse, DNSChanger 2.0e, has been discovered in the wild. The trojan horse arrives in a disk image (some samples are called serial_Avid.Xpress.Pro.5.7.2.dmg), and is again disguised as an installer for “MacCinema,” just like the 2.0d variant. Once installed, the trojan horse behaves in a similar manner to past variants.

This variant is being distributed on websites offering “cracked” or pirated copies of software, and is initially disguised as a serial …