OS X

(get it in RSS or Atom)

SSCC 121 - WordPress, OS X, iCloud, smartphone tracking and medical devices [PODCAST]

sscc-121-thumb-250

By popular demand, the Chet Chat has gone back to a weekly format, so your favourite security podcast will now be appearing twice as frequently!

Listen to Chet and Duck in the latest episode...

Apple's iCloud iConundrum - does convenience mean insecurity?

shutterstock_AppleArrow250

Researcher Vladimir Katalov explained how documents and backups stored in Apple's iCloud can be accessed bypassing Apple's two-factor authentication, even when enabled, last week at the Hack in the Box conference in Malaysia.

OS X Mavericks - optional OS upgrade or critical security fix?

mav-250

Apple's OS X 10.9, better known as Mavericks, is officially out.

The burning question for OS X fans everywhere, of course, is, "Should I or shouldn't I?"

4 free tools for Cyber Security Awareness Month - and beyond!

try-these-4-250

It's Cybersecurity Awareness Month, so we've been urging you to get more serious about security.

A number of you have replied, "Where do I start? What should I do?"

Here are 4 free tools to help you on your way...

Facebook realities, OS X patched, Yahoo! CEO security! shocker! - 60 Sec Security [VIDEO]

2013-09-14-rose-tinted-specs-250

How realistic are you about your Facebook posts? Why should you encrypt your hard disks? Why doesn't the Yahoo! CEO use a passcode on her phone?

Watch this week's 60 Second Security and find out!

Apple ships OS X 10.8.5 security update - fixes "sudo" bug at last

osx-1085-250

Officially, it's a point release of OS X Mountain Lion.

But with twice as many security fixes listed as regular bug fixes and improvements, Paul Ducklin is happy calling it a "security update" instead...

Facebook transparency, Apple bugs, SEA DDoSes itself - 60 Sec Security [VIDEO]

2013-08-31-ddosing-yourself-250

Which country came top of Facebook's new "Government Requests" report aimed at outing the countries that fish for Facebook user data the most? (I bet you're thinking it's the USA - but it isn't.)

Watch this week's 60 Second Security and find out!

Apple apps turned upside down writing right to left - you're only 6 characters from a crash!

sb-crash-250

Apple's iOS and OS X are currently under what can only be described as a "jolly irritating attack."

Certain text strings, when processed by the operating system's CoreText rendering engine, cause the application that's trying to display them to crash.

Apple neglects OS X privilege escalation bug for six months, gets Metasploit on its case...

bulet-through-apple-500

Six months ago, we wrote about a risky bug in the sudo command, the Unix equivalent of Run As... on Windows.

The vulnerability is still unpatched on OS X, and now there's a Metasploit exploit pack to take advantage of the hole.

Keyjacking, Ubisoft data breach, Apple QuickTime holes - 60 Sec Security [VIDEO]

Here's the first 60 Second Security video of July, looking into some of the intriguing and interesting security stories of the past week.

Neatly compressed into a minute of video, why not give it a whirl?

Anatomy of a buffer overflow - learning from Apple's latest security update

qt-250

Apple has released its latest Security Update for OS X.

Update 2013-003 fixes a trifecta of buffer overflow vulnerabilities in QuickTime.

Paul Ducklin sees what we can learn from the bugs...

Microsoft announces five Bulletins for Patch Tuesday, including Office for Mac

Patch Tuesday is coming on 11 June 2013.

Paul Ducklin gives you a quick preview of what we know so far, and who'll be affected by the updates...

(Mac users, that might include you.)

Apple's OS X and Safari get biggish security fixes

osx-saf-250

Apple has published updates for all supported versions of OS X and for Safari version 6.

A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes.

Apple fixes 41 iTunes security flaws, some more than a year old

iTunes-11-250

Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.

Mac malware found in malformed Word documents - is China to blame?

Mac malware found in malformed Word documents - is China to blame?

Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.

Who could possibly be interested in targeting their computers?

Monday review - the hot 32 stories of the week

Monday review - the hot stories of the week

It's that time of the week again - here's your roundup of everything we wrote in the last seven days.

Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too

Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.

There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.

Apple finally adopts HTTPS for the App Store - here's why it matters

Last year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.

Some time later, Apple has changed its ways.

Paul Ducklin explains why it matters...

Oracle ships out-of-band Java fix, Apple follows suit

Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.

Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...

Apple bans outdated Adobe Flash plugins from Safari

apple-and-flash-250

Last week, Apple showed that it is getting more serious about security by getting strict about the version of Flash you're allowed to use in Safari.

Paul Ducklin explains the what and the why...