Month in Review: Apple Security in January 2018

Well, 2018 has sure started off with a bang! January brought to light major vulnerabilities affecting modern processor architectures, newly discovered Mac malware, and more. Read on for the details.

Meltdown and Spectre Vulnerabilities

Months ago, multiple groups of researchers independently discovered serious vulnerabilities related to a feature of modern microprocessors known as speculative execution.

In early January, details about the two classes of vulnerabilities—namely, Meltdown and Spectre—were released to the public. Multiple hardware platforms were affected, including personal computers, mobile phones, and more.

Apple was among the companies that had received early notification about the vulnerabilities before they were publicly disclosed, so Meltdown mitigations were already present in December for macOS High Sierra 10.3.2, iOS 11.2, and tvOS 11.2 (Apple said that watchOS was unaffected).

In January, Apple also released Spectre-mitigating patches for Safari, as well as Meltdown mitigation for the two previous versions of macOS: Sierra and El Capitan.

For lots more details, be sure to listen to our podcast discussion and read our featured article on Meltdown and Spectre:

Meltdown and Spectre: What Apple Users Need to Know

OSX/MaMi: First Mac Malware of 2018

The first Mac malware discovered in 2018 was OSX/MaMi, DNS-hijacking malware found by a forum user on his coworker's computer.

DNS is the technology that translates a domain (for example, apple.com) into the IP address of a server on the Internet. If malware forces a Mac to use rogue DNS servers, it's possible for bad guys to monitor, intercept, redirect, or inject malicious code into your Internet traffic.

Diagram of a man-in-the-middle attack. Image: Nasanbuyn, Apple

OSX/MaMi also installs a root certificate authority, allowing man-in-the-middle interception of even TLS/SSL-encrypted communications, in particular HTTPS connections to Web sites that are normally considered secure.

Intego VirusBarrier detects this threat as OSX/MaMi.A.

For lots more details, including how to know whether your Mac is infected, be sure to check out our featured article on OSX/MaMi:

¡Ay, MaMi! New DNS-Hijacking Mac Malware Discovered

CrossRAT Malware Used for Global Cyber-Espionage

Researchers from the Electronic Frontier Foundation and Lookout published a new report called "Dark Caracal: Cyber-espionage at a Global Scale," with details about a "nation-state level advanced persistent threat (APT)."

The report includes information about a Java-based, cross-platform remote access Trojan (RAT) that's capable of running on Macs and other platforms.

CrossRAT is capable of manipulating files, taking screenshots, and gaining persistence (enabling itself to run again automatically after a reboot). Intego VirusBarrier detects this threat as Java/LaunchAgent.

For additional details, including how to know whether your Mac is infected, be sure to check out our featured article about CrossRAT:

New CrossRAT Malware Used in Global Cyber-Espionage Campaign

Apple Security Updates

Apple issued two batches of security updates in January. The first round was on January 8, which notably featured mitigations for the aforementioned Spectre vulnerabilities.

The second round of updates came on January 23. Among other things, Apple mitigated the Meltdown vulnerability for macOS Sierra and El Capitan, as well a vulnerability that could allow a specially crafted link to crash an iOS device or a Mac (as discussed in the January 24 episode of the Intego Mac Podcast). Apple also released security updates for both iTunes and iCloud for Windows.

For more details on Apple's January 23 updates, see our featured article:

macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw

Other Security News, in Brief

There were other notable goings-on in the security world in January. Some highlights:

Also, check out our article featuring the top Apple security stories of 2017—there's a good chance you've missed or forgotten about something!

Stay Tuned! Subscribe to The Mac Security Blog

Be sure to subscribe to The Mac Security Blog to stay informed about Apple security throughout each month.

Also, each week we discuss Mac and iOS security news and other topics of interest on the Intego Mac Podcast. You'll want to subscribe in iTunes/Podcasts to make sure you don't miss any shows! Show notes are available at podcast.intego.com.

Last but not least, be sure to subscribe to the Intego YouTube channel to get monthly updates in video form, and click on YouTube's bell icon (🔔) so you'll get notified when each new episode is available.

"Evil mommy"/MaMi image credit: Max Pixel. Fruit fly photo: Arian Suresh.