Patches for Macs, and Advice for Mac Users
Apple last week released Mac OS X 10.6.1, the first security update for Snow Leopard users. Cupertino also issued a bundle of updates to fix more than 30 security flaws in its 10.4 and 10.5 OS X and OS X Server systems.
Snow Leopard shipped with an outdated and insecure version of the Adobe Flash Player. The 10.6.1 update fixes that, patching at least nine vulnerabilities in Flash, and bringing the Snow Leopard Flash plug-in up to date with the current 10.0.32.18 version.
The Tiger and Leopard security bundles also include the Flash update, along with security fixes for components like ColorSync and CoreGraphics.
The updates are available through Software Update or via Apple Downloads.
One final note: Over the weekend, a number of Security Fix readers who are also Mac users wrote in to ask for advice after being peppered with rogue anti-virus pop-ups. The readers complained they received the bogus alerts while browsing The New York Times' Web site.
The Times published a brief acknowledgment of this problem today, saying the company believes this was generated by an unauthorized advertisement, and that it is working to prevent the problem from recurring." According to the dozens of posts about this on Apple's support forum, it seems that many Mac users believe these rogue anti-virus attacks pose some kind of threat to them. The short answer is that at this point, they do not.
Not long ago, I wrote a column called What To Do When Scareware Strikes. The basic advice in that column applies to both Windows and Mac users.
In short, if you're a Mac user and you see one of these rogue anti-virus pop-ups, remain calm, close out your browser, and restart it. If the attacking site manages to download a ".exe" file to your Mac, just toss it in the trash.
Most Mac users probably are savvy enough to know that Windows executable files (those ending in ".exe") cannot run or be launched in Mac OS X systems. So far, none of the rogue anti-virus threats that I have seen try to drop the equivalent ".dmg" installer files when users merely browse the site. There are, however, threats like DNSChanger, that disguise themselves as legitimate video plug-ins for the browser and try to download ".dmg" files. But even then the user will know something is awry because the installer will prompt the user to enter her password before installing.
September 13, 2009; 10:25 PM ET
Categories: Latest Warnings , New Patches , Safety Tips | Tags: apple, flash, mac, rogue anti-virus
Save & Share: Previous: Clamping Down on the 'Clampi' Trojan
Next: Cyber Crooks Target Public & Private Schools
Posted by: Bartolo1 | September 14, 2009 7:17 AM | Report abuse
Posted by: clathey | September 14, 2009 7:44 AM | Report abuse
Posted by: clathey | September 14, 2009 7:46 AM | Report abuse
Posted by: ElrodinTennessee | September 14, 2009 9:00 AM | Report abuse
Posted by: ElrodinTennessee | September 14, 2009 9:11 AM | Report abuse
Posted by: wiredog | September 14, 2009 9:47 AM | Report abuse
Posted by: JBV1 | September 14, 2009 4:26 PM | Report abuse
Posted by: jimdouglas | September 14, 2009 6:42 PM | Report abuse
Posted by: JBV1 | September 14, 2009 7:02 PM | Report abuse
Posted by: jimdouglas | September 14, 2009 7:20 PM | Report abuse
Posted by: idealist61 | September 14, 2009 9:46 PM | Report abuse
Posted by: jsdoodlerex | September 15, 2009 8:36 AM | Report abuse
Posted by: tomwentom | September 17, 2009 2:42 PM | Report abuse
The comments to this entry are closed.