[Moogs]

Seems Safari remains the easiest way for someone to hack your Mac... but we'll never know for sure.

http://www.macworld.com/article/1327...8/03/hack.html

[Kyros]

If I understand this correctly, the hack only worked when the user was directed to a specific website? That seems harder to pull off than the article makes it sound. I guess it might work on some users, but I don't think any of my friends would follow a link that was sent by a source they don't identify. They also don't click on random ads and such. Also, did it allow the hacker to do more than just read a specific file (the article says he "seized control of the computer," but the rules state that opening a specific file is enough to win)? Of course, that can be dangerous, if they can find a password or credit card/personal info, but there are other, often easier, ways of doing that. Perhaps stealing info from the government/trade secrets from companies is one concern, but those types of places should have serious security anyway. This doesn't seem very relevant to me. Not that I'm saying Apple shouldn't do anything about it, it just seems sensationalized.

[alcimedes]

Well, it's a wakeup call for people who think they're invulnerable to exploits. That being said I'm not sure if that was a web hack vs. getting Safari to run a local file and exploit the machine that way.

If you need to have Safari run a local file to exploit the machine that's not nearly as bad, but still not a good thing.

The reality is as Macs gain in popularity they will get targeted more often, and more exploits will be found.

At my University we're routinely finding Macs infected with a Trojan and sending/receiving files without the user's knowledge, so exploits are being used in the wild.

[nikstar101]

I think the headline makes it sound a lot worse than it is. Firstly like people have said above that he had to direct the user to the web-site. It then doesn't make clear if that was all that was needed or if there was some more user interaction. My GUESS is that the web-site asked the user to do something or download something.

[apple007]

Quote:

Originally Posted by alcimedes At my University we're routinely finding Macs infected with a Trojan and sending/receiving files without the user's knowledge, so exploits are being used in the wild.

Are you talking about Trojans that were installed on the computer by someone else at the college (with malicious intent), or that were foolishly installed by users installing an app or executing a file, etc., they shouldn't have? Thanks.

[alcimedes]

The instances that I've seen it's people who were heavy P2P users, thought they were downloading something else and installed a Mac Trojan instead. They foolishly assumed since they were using a Mac they were immune to viruses/trojans/malicious software.

Macs have better default settings, less crap to infect them to begin with etc., but they aren't immune. If you're stupid you can and will get hit with something.