Information about Mac/Apple related security issues

Mac OS X Security Keychain

/
The keychain is a secure database store for passwords and certificates and is created for each user account on Mac OS X. The system software itself uses keychains for secure storage.

Using Login Banner on a Mac OS X system

/
A login banner is a statement made by the system owner that asserts their rights and informs the users of the system what expectation of privacy they should have. Login banners are a critical aspect of IT system security as they allow IT systems administrators and IT Security staff to monitor the system for intrusion and abuse.

Apple Releases Security Updates for Safari Browser

/
Original release date: March 18, 2015 Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system. Updates include: • Safari 8.0.4 for OS X Mountain Lion v10.8.5 • Safari 7.1.4 for OS X Mavericks v10.9.5 • Safari 6.2.4 for OS X Yosemite v10.10.2 US-CERT encourages users and administrators to review Apple security update HT204560 and apply the necessary updates.

Apple Releases Security Updates for OS X

/
Apple Releases Security Updates for OS X

WireLurker Malware Infects Mac OS X and iOS Devices

/
Researchers at Palo Alto Networks recently uncovered a new family of malware called WireLurker, which targets both Mac OS X computers and Apple iOS mobile devices.

“Rootpipe” Vulnerability

/
A new critical vulnerability titled “Rootpipe” affecting the Apple Mac OS X operating system has been discovered courtesy of Swedish security researcher and consultant Emil Kvarnhammar (@emilkvarnhammar).

Apple’s own Macs bitten by Java-based malware attack

/
An article form naked Securty about malware  on Mac:   If you…

Revir Malware for OS X Undergoes Revision

/
Recently a new PDF-based malware threat for OS X was discovered that displays a Chinese PDF file while it installs and runs its malicious code in the background. While the initial version of this malware (OSX/Revir.A) was detected over a week ago, the criminals developing the code are busy revising and refining it, and over the weekend a variant has been identified (OSX/Revir.B). As with all malware, new versions of these threats are likely to surface in the future, and as they do, expect malware detection utilities (including Apple's XProtect) to follow close behind and label them alphabetically as they appear.

Key New Features in SAINT 7.10

/
SAINT Professional is now available on Mac OS X Lion (10.7). You can now fingerprint iPhones and iPads connected to your network. SAINT includes OS Fingerprinting during network discovery and/or vulnerability scanning. New OWASP Top 10 Web Application scanning policy including 12 new web application checks. DoD IAVA - Department of Defense Information Assurance Vulnerability Alert scanning policy and report template added (Requires IAVA plugin). A new OS Password Guess policyhas been added including: all SAINT password-guessing features (excluding password configuration policies) designed to guess the operating system password checks for default FTP passwords the capability to provide dictionary-based password guessing for operating systems (Windows, *nix), including Cisco and other devices, that have Telnet, SSH or FTP. These checks to do not include password guessing for databases or Web Auth. Enhanced content scanning probe now includes performance enhancements as well as assessments on numerous file formats for Linux and UNIX OSs, in addition to Windows. Live hosts that were identified during network discovery can now be displayed within the GUI. A report can also be generated from this discovery file. Enhancements have been made to the backup & restore functionality to include credentials, custom logos, and additional configuration data. New menu-driven launcher application allows starting SAINTmanager, SAINT nodes, and SAINT web listeners from the desktop menu without command-line knowledge. New SAINTmanager RPM and DEB packages for easier SAINTmanager installation on Linux.