+ + Mac Users Attacked Again by Fake Adobe Flash Update Posted on April 12th, 2016 by Mac users are once again being urged to exercise caution when installing updates to Adobe Flash Player, after a fake update was discovered infecting computers. Intego security experts have identified the rogue package installer as a variant of OSX/InstallCore, and have updated definitions to provide protection.
The in-the-wild attack has been spread in the form of a Mac Package installer.pkg file, also known a flat package, and has been signed with a legitimate Developer ID certificate — effectively tricking OS X's built-in Gatekeeper security to believe that the files can be trusted and are not malicious. Curiously, if the Mac Package installer, called Product.pkg, is located outside the DMG volume and the DMG volume Installer is unmounted, then you will receive a 'Missing parameters' error. However, if the Package installer is located in the DMG volume, then you will be prompted to continue the installation. As a result, victims may find that their OS X computers have had a number of potentially unwanted programs (PUPs) installed on their systems.
Intego researchers report that third-party apps they have seen being installed by the fake Adobe Flash update include MegaBackup, ZipCloud, and MacKeeper. Embedded within the installer's code is a copyright message, referencing an Israeli company that develops the InstallCore software installation platform, and has been criticised in the past for: Copyright © 2016 ironSource. All rights reserved. Two months ago we described how an after Mac users began to see bogus pop-up warnings about Adobe Flash requiring an update, which resulted in scareware being installed onto their computers.
In both this and the previous instance, online criminals signed their malicious code with an Apple developer certificate, allowing the malware to bypass a key part of OS X's built-in defence. In an attempt to prevent malicious code from infecting OS X computers, by default you are only allowed to run programs that have been downloaded from the official App Store or that have come from 'identified developers.' By using a valid Apple developer certificate, the attackers are tricking OS X into believing that their code can be trusted and allowed to execute — with potentially dangerous consequences. There are a variety of to allow malicious code to sneak onto computers, but presently it seems the simplest method of all is to sign your code with a developer's certificate. All of which raises the question — from where are the attackers getting their valid Apple developer certificates? A definite possibility is that some OS X developers are being too careless with their own security, and not recognising the need to properly protect their certificates from hackers.
A flash player can be easily downloaded and installed in Mac by going to Adobe's official website through Safari or any other browser. Don't forget to check.
![]()
At the time of writing, the compromised Apple developer ID certificate (MDK7FNV856, in the name of one Nikolay Nikolay Lastovka) has not been revoked. The seemingly never-ending advisories from Adobe about newly-discovered security holes in Flash Player have made critical updates a regular occurrence. There is a certain irony that security professionals have devoted a lot of time in warning the general public about the importance of installing patches and keeping their Flash installations updated, only to see online criminals exploiting the situation by launching their own attacks as warnings that Flash needs to be updated. Is it possible that the security of all OS X users is being put at risk because some developers are blind to the threat of their own Macs being attacked, and are carelessly allowing themselves to be hacked and confidential certificates to be stolen? Ultimately the only safe place to get your Adobe Flash Player update is, and if you are uncertain — read our guide on. The best advice for many users may be to ensure that you have configured Adobe Flash Player to automatically update itself — while retaining the option to trigger manual updates if you can't wait for Adobe to get around to updating your system. If you still find the regular appearance of security holes in Adobe Flash disturbing, you may wish to take further action such as.
About Graham Cluley Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's.
He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the '10 Greatest Britons in IT History' for his contribution as a leading authority in internet security. Follow him on Twitter at. This entry was posted in, and tagged,.
Bookmark the. So this happened to me but I never opened the file that was downloaded to my mac. I did check my security settings, and it allowed applications downloaded from mac store and identified developers, so i guess it recognized it as a identified developer.
I moved the file (FlashPlayer.dmg) to the trash and since changed my settings (for now) to only allow application downloads from the app store. Im just curious as to why the virus didn’t automatically open itself and wreak havoc on my computerit went straight to downloads and I never opened it and simply deleted it. Do viruses like this usually require the user to open the file (thinking its the real adobe flash player) and install it? I actually downloaded the whole thing like an idiot.
I was in the middle of going through my bank statements online because I was doing my taxes and was just trying to quickly get it off my screen by updating and moving on to get my stuff done. I had just downloaded my previous tax return with all kinds of sensitive information. Everything I was doing at that moment was sensitive. As soon as my search engine changed and pop ups came up every second, I unplugged my wifi and turned it off on my computer. I tried to delete everything but nothing would delete from the trash can. I ended up deleted iOS from my hard drive and reinstalling. I am terrified, however, that the hacker gained access to my stuff prior to me downloading or even in the few minutes post-download before my computer started wiggling out and I turned my wifi off.
Any words of encouragement? I was just about to finish my dolphin essay. All I needed was a special picture from the book when my mom said she would help. And after she was done with the computer I went back on and found fake adobe flash downloader so, not knowing what adobe flash does I downloaded it thinking that this would help me get my special picture on the book on the computer I downloaded it. And I was thinking that this was a rip-off because adobe flash is not installing even though I pressed Install I downloaded it like three times and then I realized that it was not going to do anything luckily my dad found it and tried to destroy it.
On every OS X 10.8 Mountain Lion there is a hidden partition to enable a method for Mountain Lion OS to be reinstalled on the machine, it is known as the Recovery Partition or drive and is 650mb in size. If you bought a new machine from Apple you have OS X 10.8 already installed – but no back up disk! And since you haven’t bought the OSX Lion 10.8 App from the App store you can’t re-download it – so thats why you have the recovery drive as a partition in your main hard drive, to boot from it you need to restart the machine and when it starts to boot hold down “command” + “r” keys.
From the Recovery Partition Hard Drivr you can run Disk Utility, access the command line, get online help and do a restore from a Time Machine backup and re-install Mountain Lion leaving all your other files intact – it just replaces the core operating system. You can make a bootable USB drive or disk from the Recovery Partition 2 ways – the easy way and on the Terminal The Easy Way 1) Download and uncompress and launch it 2) Attach the USB drive that you want to copy the Recovery Partition to. 3) Select the drive and continue (All contents on it will be erased) That’s it one external bootable Recovery Drive – this works on both OSX 10.7 and 10.8 The Terminal Way 1) Launch Terminal from /Applications/Utilities and run: diskutil list The main drive in this list is No.2 with the “Identifier” of disk0s2, the boot Recovery HD drive is disk0s3. Update For Newer Models – hidden BaseSystem.dmg – BaseSystem.chunklist If you have the latest models from Apple that came already shipped with OSX 10.7, then you may not have the “BaseSystem.dmg” but instead see a “ BaseSystem.chunklist”, the “BaseSystem.dmg” is there it’s just hidden.
To show it so you can see it in the finder – go to Terminal – and after you have mounted the Recovery Drive: cd /Volumes/Recovery HD/com.apple.recovery.boot sudo chflags nohidden BaseSystem.dmg Now it will be visible in the Finder.
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |