Month in Review: Apple Security in January 2017

The year has only just begun, and there's already plenty to talk about with regard to Apple user security and privacy!

Here are some of the highlights from this past month's security news relevant to users of Macs, iPhones, iPads, and other Apple products.

ClientCapture (Fruitfly, Quimitchin) Malware Discovered

Two weeks ago, Intego analyzed malware samples discovered by a university IT administrator, found after some strange network traffic had been observed on a Mac Pro. The malware (the components of which Intego VirusBarrier detects as OSX/ClientCapture, Perl/ClientCapture, and Java/ClientCapture) appears to have been part of a targeted attack, and may have existing on the university's computer for years before being discovered and submitted to Intego and other companies for analysis.

Apple calls the threat "Fruitfly," and it is also known as "Quimitchin." See Intego's writeup for further details: Targeted Malware Attacks and the Importance of Layered Protection.

"Meitu" Mobile App Has Privacy Risks

It was reported last week that an iOS and Android app called Meitu, which morphs selfies into anime characterizations, contains a number of privacy risks. The app, which was developed in China and has been in the App Store for several years, has recently gained popularity.

Security researcher Jonathan Zdziarski took to Twitter to offer his take on Meitu:

Wired reported Zdziarski had identified "at least half a dozen" analytics and tracking packages within the app, and noted, "You don't generally need that many unless you're selling data."

Another security researcher, Will Strafach, published a brief technical writeup of Meitu for iOS.

Is it really worth sacrificing your privacy for this?

Apple Security Updates

Apple has released security updates for the following software this month:

Intego has written more about this week's updates here: Apple Releases macOS Sierra 10.12.3 and More with Security Fixes.

The bottom line: be sure to check for and install updates on all of your Apple devices!

Scam Site Launched DoS Against Unpatched Macs

In early January, a scam site (which is no longer online) launched a denial-of-service attack (DoS) against Macs running Safari on older versions of macOS. The site would cause Mail to create a plethora of e-mail drafts with a subject line containing the words, "Warning! Virus Detected!" and eventually causing the Mac to crash. Users running the latest versions of macOS and Safari were not affected by this e-mail draft denial-of-service attack; instead, the scam site caused a single fake virus warning to appear in the Mac's iTunes app. On iOS, the scam site would pop up a single e-mail draft at a time, but would continue presenting a new draft each time the draft window was closed. See Intego's writeup for further details: Denial of Service Attack Targets Mac and iOS Users.

An important lesson here is that it's critical to keep your Apple software updated to make it less susceptible to attacks—including, but not limited to, attacks by malicious sites.

Apple CareKit to Incorporate "ZeroKit" Security

Mashable reported that Apple's open-source CareKit platform will soon incorporate technology called ZeroKit, developed by security firm Tresorit. According to the report, ZeroKit "will offer user authentication for patients and healthcare workers, end-to-end encryption of health data, and 'zero knowledge' sharing of health data," meaning that data will not be accessible to any other party during transit. The goal of ZeroKit is to make it easier for developers of healthcare apps to provide better security for end users.

Stay Tuned! Subscribe to The Mac Security Blog

That's it for this month's security roundup! Be sure to subscribe to The Mac Security Blog to stay informed about Apple security.

You may also be interested in Intego's recent in-depth coverage highlighting the top Apple security news of 2016:

The Year in Mac Security 2016