Apple releases another set of advisories for Mac OS X for 23 vulnerabilities

Apple users can get the updates from Software Update (inside the Mac OS) or from Apple downloads. Some of the programs affected have several vulnerabilities that are patched in this update.

Another Adobe Flash/Reader/Acrobat attack is loose

Security Advisory for Flash Player, Adobe Reader and Acrobat: "Adobe has released an advisory that a critical vulnerability exists for Windows, Macintosh, Linux and Solaris in the Adobe Flash Player version 10.0.45.2 and earlier as well as in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems…". Full advisory here. This is huge in that it is actively being exploited and it’s a weekend. Expect to see this through social network attacks, and advertisements on web pages. The announcement will lend live and credibility to Apple’s lobby against the use of Flash on systems like the iPhone. I certainly hope that Microsoft is learning something from this. MS Silverlight is already picking up steam and will replace Flash if Adobe doesn’t get these vulerabilities under control. In an interesting twist, Acrobat/Reader 8.x versions are not affected. v9.x and v10.x are. Adobe has a release candidate available here. Other mitigation steps suggested by Adobe include :

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

MAC Malware…more of it

The Mac Security Blog » Intego Security Alert: OSX/OpinionSpy Spyware Installed by Freely Distributed Mac Applications
Contrary to all the marketing spin, MAC users need to beware. This story is another example of the misinformation that MACs are safe from viruses.

This malware is targeting MACs. It comes on freely distributed MAC applications and screen savers from various web sites. According to intego.com,

"this spyware performs a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected MACs."

This reads very similar to "PC" viruses.

OSX/OpinionSpy, as it has been dubbed, comes from software that is actually virus free. It’s during the installation process that the malware is downloaded to the machine.

Don’t have a real-time scanner for your MAC? Time to start looking.

This won’t be the last that you see. It’s certainly not the first, but marks the interest by malware authors to target MACs (something that I’ve said for a while now). But with more MACs out "in the wild" now, they certainly have more of an appeal to those with ill intentions.

Hope you are backing up all those pictures you are storing/tagging.