+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: The only cure for new Apple malware is to trash your Mac (/showthread.php?tid=181735)
Re: The only cure for new Apple malware is to trash your Mac - silvarios - 08-05-2015
Bill in NC wrote:
I'm a little skeptical that the cheap (e.g. 2TB for $89) 2.5" external drives I'm buying for backup have up-dateable anything.
Maybe a NAS does.
Even a keyboard has room to add an attack vector. Check my link from earlier in the thread.
Re: The only cure for new Apple malware is to trash your Mac - Onamuji - 08-05-2015
silvarios wrote:
[quote=Onamuji]
Yes and no.
It'd have to be in the form of an executable attachment or a link to a maliciously crafted website. Not just an attachment, but one that you'd download and run, perhaps because the email appears to be coming from a Nigerian prince who desperately needs you to escrow some money for him. (Might even need admin priv's to run.)
...Unless there's also a zero-day exploit for Apple Mail to auto-execute attachments like Windows mail clients do. Then we're all screwed.
That's a fair point, but if you combine it with the privilege escalation bug you just mentioned, wouldn't that work without requiring a password?
Yes, but you'd still need to take some sort of action to run an app, even if you didn't enter your admin password.
...Unless they combine it with a flash vulnerability to launch the app.
Re: The only cure for new Apple malware is to trash your Mac - silvarios - 08-07-2015
Onamuji,
Thanks for the info.