A Tweet Can Hack Your Mac

People often think that Apple OS X is more secure than other operating systems.  This is a widely held misconception.  The truth is less comforting.  Every operating system has exploits.  Without constant updating and smart researchers finding zero day vulnerabilities before the bad guys, we are all open to attacks.

The Register recently published an article based on a twitter post of a code snippet designed to bypass security in the latest production version of Apple’s OS X operating system.  In less than 140 characters a hacker can establish root (or superuser) privileges for a target system allowing code execution without the need for a password.

There is an fix on the way in the latest beta release of OS X.  Those of us waiting for a fix will have to wait on Apple.  So how can you protect your Mac from hackers?  This post below highlights 4 ways to approach the problem:

  1. Remove Java from your Mac unless you absolutely need it
    The attack last year on Apple’s Mac users exploited a vulnerability in Java (which Apple belatedly fixed only after the attack). If you can’t eliminate Java completely, at least turn it off in your browser, where most of the worst Java threats are.
  2. Keep your software patched with up-to-date security fixes
    Hackers find plenty of victims by exploiting known vulnerabilities that could have been halted by a security patch. If you aren’t updating your Mac with the latest security fixes, this is a friendly reminder to do it when prompted.
  3. Set GateKeeper to only run digitally-signed apps from the Mac App Store
    As we reported in our Security Threat Report 2014, malware authors have figured out how to digitally sign applications with a phony Developer ID to get around GateKeeper security. However, using GateKeeper settings to warn you when you’re attempting to download an unsigned app, or if the app is not from the App Store, adds an extra layer of security. Apple has thus far been very good at keeping malicious apps out of its stores for Mac and iOS apps (iPhones, iPads).
  4. Run antivirus software on your Macs
    If you’re running a Mac without antivirus, you should download the free Sophos Antivirus for Mac Home Edition.