[Apparently this is our 200th post on this blog. Sadly, there are no prizes.]
So, the Infosecurity Magazine blog I mentioned previously is now up: Virus Bulletin and the Mac, then and now.
Plenty of more recent action around the Apple orchard, though, mostly around updating and patching:
- Graham Cluley: Error 3200: Apple iOS 5 stumbles on launch
- Chester Wisniewski: Apple releases OS X 10.7.2 and iOS 5 with enormous security patch
- Intego: Apple Issues Security Updates for Almost Everything
And Aaron Sigel has flagged a vulnerability in Safari that could be used to allow arbitrary code execution (not applicable to Windows): he reports that
“This allows you to send any “file:” url to LaunchServices, which will run binaries, launch applications, or open content in the default application, all from a web page.”
- CVE-2011-3230 – Launch any file path from web page
- Apple: About the security content of Safari 5.1.1 (also refers to CVE-2011-3229 – Steal files and inject js in Safari Extensions)
Hat tip to Alice Decker of Trend Micro for bringing the vtty posts to my attention.
David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus
