Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The only cure for new Apple malware is to trash your Mac
#41
Bill in NC wrote:
I'm a little skeptical that the cheap (e.g. 2TB for $89) 2.5" external drives I'm buying for backup have up-dateable anything.

Maybe a NAS does.

Even a keyboard has room to add an attack vector. Check my link from earlier in the thread.
Reply
#42
silvarios wrote:
[quote=Onamuji]
Yes and no.

It'd have to be in the form of an executable attachment or a link to a maliciously crafted website. Not just an attachment, but one that you'd download and run, perhaps because the email appears to be coming from a Nigerian prince who desperately needs you to escrow some money for him. (Might even need admin priv's to run.)

...Unless there's also a zero-day exploit for Apple Mail to auto-execute attachments like Windows mail clients do. Then we're all screwed.

That's a fair point, but if you combine it with the privilege escalation bug you just mentioned, wouldn't that work without requiring a password?
Yes, but you'd still need to take some sort of action to run an app, even if you didn't enter your admin password.

...Unless they combine it with a flash vulnerability to launch the app.
Reply
#43
Onamuji,
Thanks for the info.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)