Updates to Mac Virus
John Leyden for The Register: Baddies of the internet: It’s all about dodgy mobile apps, they’re so hot right now “Rogue mobile apps have become the most common fraud attack vector, according to the latest quarterly edition of RSA Security’s global fraud report.” If you don’t mind giving your contact information away, the report is available here.
For Sophos, Matt Boddy explains how to use AppMon to see which of your Android apps are paying more attention to your conversations than you’re comfortable with. Not for beginners, but interesting. Are your Android apps listening to you?
Also for Sophos, Paul Ducklin analyses Patrick Wardle’s 0-day Mac exploit, as discussed recently at Def Con. While there’s no fix as yet, Paul points out that “Fortunately, as zero-days hacks go, this one isn’t super-serious – a crook would have to infect your Mac with malware first in order to use Wardle’s approach, and it’s more a tweak to an anti-security trick that Wardle himself found and reported last year than a brand new attack.” Apple Mac “zero day” hack lets you sneakily click [OK]
Martin Beltov for Security Boulevard: Android Man-in-the-Disk Attack Can Expose Apps & User Data – “Security experts discovered a new Android infection mechanism called the Man-in-the-Disk attack. It takes advantage of a design issue found to be with the operating system itself that takes advantage of the external storage access. Abuse of this possibility can expose sensitive data to the criminal operators.”