A take on the security news, week 41
iWorm method of infection
The attack vector of the iWorm Mac Malware seems to be infected Adobe CC 2014 installers downloaded from Piratebay. The pirated software does install, but it also install more than Adobe CC
As part of the installation process the user are prompted for the administrator user/password, and at the moment its filled in and you click ok, the malware is installed.
There has been an XProtect update to block this malware, and the moral of the story should be clear.
A Bash Shellshock update
An update on the Bash Shellshock bug with some new proof-of-concetps exploits.
Adobe spying on users ebook libraries
Its reported that Adobes Digital Edition ebook reader is sending statistics from the program back to Adobe. It is tracking what the user is doing in the app and report back.
The application also index your harddrive for ebooks (not neccessary related to the DE reader) and upload the list to Adobe.
And to top the story, all the reports that are sent back to Adobe is sent unencrypted!
Malware turn ATMs into cash-spitting devices
Tyupkin malware enables attackers to control the ATMs in a degree that make it spit out money when told to. The article outlines the details.
Bug in Bugzilla
Its been discovered a bug in the popular bugtracker that enables an attacker to masquerade as another user. This in turn can give the attacker escalated priviliges (if masquerading as a user with priviliges), and possibly access to otherwise private bugs.
Bugzilla administrators are urged to deploy the patch and upgrade their software immediately.
Microsoft Advance Notification
This months patches from Microsoft contains 3 critical, 1 moderate and a few important ones. Amongst the important ones are an update for Office for Mac.