Security News

Month in Review: Apple Security in January 2018

Posted on February 7th, 2018 by

Apple Security News in January 2018

Well, 2018 has sure started off with a bang! January brought to light major vulnerabilities affecting modern processor architectures, newly discovered Mac malware, and more. Read on for the details.

Meltdown and Spectre Vulnerabilities

Months ago, multiple groups of researchers independently discovered serious vulnerabilities related to a feature of modern microprocessors known as speculative execution.

In early January, details about the two classes of vulnerabilities—namely, Meltdown and Spectre—were released to the public. Multiple hardware platforms were affected, including personal computers, mobile phones, and more.

Apple was among the companies that had received early notification about the vulnerabilities before they were publicly disclosed, so Meltdown mitigations were already present in December for macOS High Sierra 10.3.2, iOS 11.2, and tvOS 11.2 (Apple said that watchOS was unaffected).

In January, Apple also released Spectre-mitigating patches for Safari, as well as Meltdown mitigation for the two previous versions of macOS: Sierra and El Capitan.

For lots more details, be sure to listen to our podcast discussion and read our featured article on Meltdown and Spectre:

Meltdown and Spectre: What Apple Users Need to Know

OSX/MaMi: First Mac Malware of 2018

The first Mac malware discovered in 2018 was OSX/MaMi, DNS-hijacking malware found by a forum user on his coworker's computer.

DNS is the technology that translates a domain (for example, apple.com) into the IP address of a server on the Internet. If malware forces a Mac to use rogue DNS servers, it's possible for bad guys to monitor, intercept, redirect, or inject malicious code into your Internet traffic.

Diagram of a man-in-the-middle attack. Image: Nasanbuyn, Apple

OSX/MaMi also installs a root certificate authority, allowing man-in-the-middle interception of even TLS/SSL-encrypted communications, in particular HTTPS connections to Web sites that are normally considered secure.

Intego VirusBarrier detects this threat as OSX/MaMi.A.

For lots more details, including how to know whether your Mac is infected, be sure to check out our featured article on OSX/MaMi:

¡Ay, MaMi! New DNS-Hijacking Mac Malware Discovered

CrossRAT Malware Used for Global Cyber-Espionage

CrossRAT Java Malware Used in Global Cyber-Espionage CampaignResearchers from the Electronic Frontier Foundation and Lookout published a new report called "Dark Caracal: Cyber-espionage at a Global Scale," with details about a "nation-state level advanced persistent threat (APT)."

The report includes information about a Java-based, cross-platform remote access Trojan (RAT) that's capable of running on Macs and other platforms.

CrossRAT is capable of manipulating files, taking screenshots, and gaining persistence (enabling itself to run again automatically after a reboot). Intego VirusBarrier detects this threat as Java/LaunchAgent.

For additional details, including how to know whether your Mac is infected, be sure to check out our featured article about CrossRAT:

New CrossRAT Malware Used in Global Cyber-Espionage Campaign

Apple Security Updates

Apple issued two batches of security updates in January. The first round was on January 8, which notably featured mitigations for the aforementioned Spectre vulnerabilities.

The second round of updates came on January 23. Among other things, Apple mitigated the Meltdown vulnerability for macOS Sierra and El Capitan, as well a vulnerability that could allow a specially crafted link to crash an iOS device or a Mac (as discussed in the January 24 episode of the Intego Mac Podcast). Apple also released security updates for both iTunes and iCloud for Windows.

For more details on Apple's January 23 updates, see our featured article:

macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw

Other Security News, in Brief

There were other notable goings-on in the security world in January. Some highlights:

  • Five episodes of the Intego Mac Podcast were published in January. Be sure to subscribe to make sure you don't miss any future episodes! This month's topics included:
  • In the United States, tax season began on January 30; U.S. citizens should file their tax returns as soon as practical to help prevent scammers from fraudulently filing for youFruit fly photo by Arian Suresh, https://www.flickr.com/photos/ansk/26201092112
  • The U.S. Department of Justice indicted the alleged author of the Fruitfly Mac malware, reports ZDNet; the alleged hacker is 28 years old but was 14 at the time Fruitfly was originally developed
  • Western Digital My Cloud drives have a built-in backdoor (with a hard-coded password) that hasn't been patched for more than six months, and the discoverer has released the full details to the public, reports Tech Spot
  • Strangers can spy on your Tinder swipesreports Wired
  • Personal information of half of Norway's population may have been breached due to an intrusion at a healthcare provider, reports Infosecurity Magazine
  • Personal information of 240,000 U.S. Department of Homeland Security employees has been breached, reports The Register
  • Malware was found at dozens of gas stations in Russiareportedly the malware skimmed money whenever customers used their credit cards at the infected pumps

Also, check out our article featuring the top Apple security stories of 2017—there's a good chance you've missed or forgotten about something!

Stay Tuned! Subscribe to The Mac Security Blog

Be sure to subscribe to The Mac Security Blog to stay informed about Apple security throughout each month.

Also, each week we discuss Mac and iOS security news and other topics of interest on the Intego Mac Podcast. You'll want to subscribe in iTunes/Podcasts to make sure you don't miss any shows! Show notes are available at podcast.intego.com.

Last but not least, be sure to subscribe to the Intego YouTube channel to get monthly updates in video form, and click on YouTube's bell icon (?) so you'll get notified when each new episode is available.
"Evil mommy"/MaMi image credit: Max Pixel. Fruit fly photo: Arian Suresh.

About Joshua Long

Joshua Long (@theJoshMeister) is a renowned security researcher and writer. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Business Administration and Computer and Information Security. His research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's security articles at security.thejoshmeister.com and follow him on Twitter and Google+. View all posts by Joshua Long →