Sophos

Two 'Sophos' stories July 2012 - November 2012

A working exploit for Sophos 8.0.6 on Mac is available, however the
techniques used in the exploit easily transfer to Windows and Linux,
due to multiple critical implementation flaws described in the paper.
Testcases for the other flaws described in the paper are available on
request.

Sophos responded with a post on the multiple vulnerabilities, and it responded over and over that “Sophos has seen no evidence of this vulnerability being exploited in the wild.” But, is that really good enough? How about issuing a fix in the two plus months that they’ve known about these issues? It only takes one wild exploit.

Sophos gave 9to5Mac the following comment:

Some were fixed last month, and for others we started rolling out patches to our users today. :-)

Users of Sophos products should be automatically updated, but if anyone wants to be sure they can initiate a manual update.
Expand
Expanding
Close

Morcut/Crisis Mac malware capable of monitoring location, webcam, address book, more

We told you yesterday about the Trojan named “Crisis“, also being referred to as “OSX/Morcut-A”, discovered for OS X, but it is considered low risk for users. Today, we get some more details about the trojan with security company Sophos explaining the Morcut Malware features code for controlling the following:

mouse coordinates

instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)

location

internal webcam

clipboard contents

key presses

running applications

web URLs

screenshots

internal microphone

calendar data & alerts

device information

address book contents

The malware appears to have been specifically created with spying on the user as its goal. There have not been any reported cases of infected users, though, so the threat is still considered low risk.

Sophos

Use Sophos antivirus? Watch out

Morcut/Crisis Mac malware capable of monitoring location, webcam, address book, more