Header Image - We Provide Solid Removal Solutions

Monthly Archives

4 Articles

WikiLeaks: Apple macOS used by CIA

Previously WikiLeaks discovered that iOS vulnerabilities can be used by CIA for monitoring. WikiLeaks threatened Apple that if they doesn’t fix this problem, there will be consequences. Before any responses came from Apple, we learned new reveals already – according to WikiLeaks, not only iOS, but also macOS, which has the vulnerabilities that can be used by CIA.

2

Compared to iOS, macOS seems to be less risky though. WikiLeaks pointed out that CIA mainly uses Thunderbolt EFI vulnerabilities in Mac apps, and reboot won’t make them gone. WikiLeaks, however, also found out during tests that reinstalling the system will block the vulnerabilities, meaning hardware update will permanently fix them until the next infection.

When WikiLeaks newly exposed the problem, Apple has responded that more than 80% of the vulnerabilities were fixed through the latest update, and their engineers had been working on fixing the rest. For that, Julian Assange, founder of WikiLeaks, said they would like to work with Apple, providing information of the vulnerabilities they discover, so that Apple can resolve them with much higher efficiency.

Pwn2Own hacking competition: macOS & Safari attacked

The 17th annual CanSecWest conference was held in downtown Vancouver, researchers were competing for the tenth anniversary reward over $1,000,000 of Pwn2Own.

22

The Day 1 result has been put on Zero Day Initiative as well as part of the Mac vulnerabilities in the achievement list.  Independent hackers Samuel Groß and Niklas Baumstark successfully acquired the root-access privileges through Safari vulnerabilities on macOS, and display rolling messages on MacBook Pro’s Touch Bar. That helped them win the a reward of $28,000.

On the same day, security inspection lab Chaitin also broke through Safair and obtained root-access privileges on macOS. They found 6 bugs during the crack, which won $35,000 for them.

On Day 1 all the competitors won $233,000 in total, including a $105,000 reward won by Tencent Security team. Other cracked software: Adobe Reader, Ubuntu Desktop and Edge for Windows.

Apple used to send representatives to participate the Pwn2Own competition. Influenced companies will find their security vulnerabilities and fix them asap.

Apple reveals first public sign of macOS 10.13, what will it be called?

21

Eagle-eye blogger Pike’s Universum has discovered what appears to be Apple’s first public sign of macOS 10.13, while the next major version of macOS likely won’t be announced until WWDC 2017 opening keynote on June 5.

Specifically, the blog shared a portion of App Store URL, also known as a CatalogURL, for macOS 10.13. It appears to be a secure HTTPS link originating from Apple’s servers, although the screenshot can be forged,  the blog has been providing reliable information, so we think the screnshot should be legitimate.

22

We don’t know much about what’s coming in macOS 10.13 at present, but since the beginning of the year, there have been more and more devices running macOS 10.13, presumably as Apple’s engineers work on the operating system update ahead of its unveiling.

23

We don’t know what the successor to macOS Sierra will be called, yet in 2014, Apple trademarked a long list of names, which range from popular beaches and well-known cities in California, where Apple is headquartered, to mountains, deserts, and animals.

A list of known trademarked names that have yet to be used: Redwood, Mammoth, California, Big Sur, Pacific, Diablo, Miramar, Rincon, Redtail, Condor, Grizzly, Farallon, Tiburon, Monterey, Skyline, Shasta, Mojave, Sequoia, Ventura, and Sonoma. An entirely different name is certainly possible too.

Chrome users on macOS get enhanced safe browsing protection

macOS is a rock-solid desktop operating system thanks to its Unix foundation. While it’s not infallible, there are far fewer malware threats for Apple’s operating system compared to Windows 10. As more and more consumers buy Mac computers, evildoers will have increased incentive to write malware for macOS.

2

Fortunately, macOS users who choose to use Google Chrome for Internet surfing will be safer, as a few days ago the search giant has announced to improve its safe browsing initiative to better warn users of malicious websites and attempts to alter browser setting. .

“As part of this next step towards reducing macOS-specific malware and unwanted software, Safe Browsing is focusing on two common abuses of browsing experiences: unwanted ad injection, and manipulation of Chrome user settings, specifically the start page, home page, and default search engine. Users deserve full control of their browsing experience and Unwanted Software Policy violations hurt that experience,” says Google.

The search giant further explains, “The recently released Chrome Settings API for Mac gives developers the tools to make sure users stay in control of their Chrome settings. From here on, the Settings Overrides API will be the only approved path for making changes to Chrome settings on Mac OSX, like it currently is on Windows. Also, developers should know that only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings. Starting March 31 2017, Chrome and Safe Browsing will warn users about software that attempts to modify Chrome settings without using the API.”