In case you weren’t aware …

Mac’s are vulnerable to exploits too.

Proof of concept exploit code was posted today by a security researcher at SecurityReason to demonstrate a vulnerability in versions 10.5 and 10.6 of Apple‘s Mac OS X operating system.

The vulnerability is a potential buffer overflow error arising from the use of the strtod function Mac OS X’s underlying Unix code. It was first reported by researcher Maksymilian Arciemowicz last June.

SecurityReason’s advisory describes a flaw in the libc/gdtoa code in OpenBSD, NetBSD, FreeBSD, and MacOS X, as well as Google Chrome, Mozilla Firefox and other Mozilla software, Opera, KDE, and K-Meleon.

SecurityReason’s advisory rates the vulnerability’s risk as “high” and claims that the flaw can be exploited by a remote attacker.

A spokesperson for SecurityReason wasn’t immediately available to characterize the likelihood that this vulnerability could be exploited.

The vulnerability was addressed in FreeBSD and NetBSD last last summer.

And shortly thereafter Google and Mozilla, among other vendors, did the same.

But Apple apparently has not yet updated its software to incorporate the fix.

Apple did not immediately respond to a request for comment.

It looks like Apple devices could be targeted more frequently, so Mac users may want to start taking security seriously.

In their respective predictions for 2010, computer security companies Symantec, Websense, and Zscaler all said that they foresaw more attacks being directed at Macs and other Apple devices this year.

To some extent, such predictions represent wishful thinking. But Mac users should give some thought to security, if only in terms of using the built-in Mac OS X firewall and exercising caution in the Web sites they visit and the e-mail messages they open. (Source: Information Week)

Related articles by Zemanta

• Apple sits on critical Mac bug for 7 months (and counting) (theregister.co.uk)
• Open-source communities fight Apple Mail alone (news.cnet.com)
• BumpTop hits the Mac, covers your OS X desktop with piles just like your real desktop (video) (engadget.com)
• Apple Patches Massive Holes In OS X (apple.slashdot.org)

New attacks targeting Macs …

Image by acordova via Flickr

were uncovered last week.

Security experts have discovered two new attacks targeting Mac users, a new version of a worm and a Trojan hidden inside a porn site.

Antivirus firm Sophos on Wednesday discovered a new version of the Mac OS X Tored worm, according to a Sophos blog post.

On Tuesday, Paretologic warned about a porn site that was downloading malware that targets both the PC and the Mac. Mac users get redirected to the pagemac.php page, which downloads a QuickTime.dmg file, the blog post says.

Sophos explained in blog post on Thursday that visitors to the malicious porn site are told they have to download an ActiveX component to view the videos. Instead, a Trojan, dubbed OSX/Jahlavc, gets downloaded.

“As we’ve demonstrated before, and as we’ll no doubt explain again, the Mac malware threat is real,” writes Sophos security researcher Graham Cluley. “Hackers are deliberately planting malicious code on Web sites, and using social engineering tricks to fool you into installing it onto your computer.” (Source: Two new Mac attacks surface – CNET Security)

A reminder that NO system is totally safe from attacks so steps must be taken to protect it.

Related articles by Zemanta

• Experts warn of porn Mac attacks – BBC News (news.bbc.co.uk)
• Apple Mac Trojan caught on film (timesonline.typepad.com)
• Conficker Computer Worm A Bust So Far (cbsnews.com)
• New computer virus on rise warn security experts (telegraph.co.uk)
• Sophos video shows Mac trojan caught in the act (tuaw.com)