Why Patch a Mac?

Apple-LogoAccording to ZD Net, this has been a fairly busy security update season for Mac users. In fact, they say, Mac users have a lot more work involved to keep their systems safe.

There have been patches for the operating systems, for Safari for Mac, for Java and Adobe vulnerabilities, quite a long list compared to previous years.

There really are attacks out there against Macs which exploit vulnerabilities, so accepting and installing these patches is important.

Read the story online.

Apple Releases Mac OS X 10.8.4

[Thanks to Justin Fleming for this update.]

Last week, Apple publicly released Security Update 2013-002 which includes OS X 10.8.4 via the Mac App Store.  It addresses 31 security issues. Apple has also issued an updated version of its Safari browser (Safari 6.0.5) that fixes 26 flaws.

Here is Apple’s description of this update:

  • Compatibility improvements when connecting to certain enterprise Wi-Fi networks
  • Microsoft exchange compatibility improvements in Calendar
  • A fix for an issue that prevented FaceTime calls to non-U.S. phone numbers
  • A fix for an issue that may prevent scheduled sleep after using Boot Camp
  • Improved VoiceOver compatibility with text in PDF documents

For detailed information about this update, please visit: http://support.apple.com/kb/HT5730

For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT1222

You can download the security update through the App Store or by using the links below:

OS X Lion

• Security Update 2013-002 (OS X 10.7 Lion): http://support.apple.com/kb/DL1661

• Security Update 2013-002 Server (OS X 10.7 Lion): http://support.apple.com/kb/DL1662

OS X Snow Leopard

• Security Update 2013-002 (OS X 10.6 Snow Leopard): http://support.apple.com/kb/DL1660

• Security Update 2013-002 Server (OS X 10.6 Snow Leopard): http://support.apple.com/kb/DL1663

FTC’s Settlement With Google

The single largest penalty against a single defendant, $22.5 million, was settled against Google last week. According to the FTC, Google violated a 2011 order by representing to certain users that Google wouldn’t place tracking cookies or serve targeted ads based on those cookies. But despite what Google said, the FTC has charged that some users, specifically those using the Safari browser, did get tracking cookies and targeted ads.

The Safari browser generally allows users to choose control over targeted ads, but when Safari users tried to change this setting in the browser, Google sidestepped Safari’s default cookie-blocking setting by taking advantage of Safari’s narrow exception for forms. In other words, when a Safari user visited a Google site or a site within Google’s ad network, Google used code to tell the browser that the person was submitting information through a form. That “tricked” the system into allowing Google to place a temporary cookie for targeted ads.

More details on this case can be found at ftc.gov.

Safari Updated to Fix Security Issues

Apple has released an updated version of its Safari browser. Safari 6 for OS X 10.7 (Lion) addresses more than 120 security issues present in 5.x versions of the browser that could have been exploited to allow cross-site scripting attacks, arbitrary code execution, and file theft. Safari 6 also incorporates several new features.

Read the story in the news.

Safer Browsing With Extensions

Did you know that you can make your browser even more secure by installing extensions? Let’s take Firefox as an example and look at some Firefox add-ons that are designed to protect you when browsing the Web:

  • Want to prevent ads from appearing on the sites you visit and that could potentially take you to more dangerous sites? Install Adblock Plus.
  • Need protection against JavaScript, Java and other executable content that could cause cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking) and Clickjacking attempts? Install NoScript.
  • Would you like to know which sites to trust? Install WOT.
  • Want to know in which country the web server resides that you’re connected to? Install Flagfox.
  • Want to preview sites before you click on their links? Install CoolPreviews.
  • Ever wonder if you’re being tracked by Google, eBay or YouTube and want to block them? Install BetterPrivacy or Ghostery.

See the extensions for the top main browsers:

Two Browser Updates from Last Week

Safari 5 Update:
Last week Apple issued a large update for its Safari web browser. The update fixes a total of 62 security issues in Safari 5 for Mac and Windows, and brings the most current version to 5.0.4. Fifty-six of the flaws could be exploited to allow arbitrary code execution. On the same day, Apple issued an update for its iOS, bringing the most recent version of its mobile operating system to 4.3, which addresses most of the same flaws in the Safari update.

Read the story on Computerworld.com.

Google Chrome 10:
Also last week, Google released Chrome 10 to the stable channel, making the update available to all users. Google Chrome 10 supports password sync and also comes with the latest Flash player (10.2).

Read the story on TechieBuzz.com.

Safari Updates AutoFill Flaw

Last week Apple issued updates for Safari 4 and 5 just one day before a scheduled presentation on one of the flaws at the Black Hat conference.  The updates fix 15 vulnerabilities, some of which could be exploited to allow arbitrary code execution or information disclosure.  Thirteen of the 15 patched flaws could be exploited in drive-by attacks, meaning no user interaction is required.  The flaw slated for presentation is an AutoFill vulnerability that could be exploited to disclose information. Jeremiah Grossman said the same vulnerability affects Internet Explorer.

Read the full story at SC Magazine.