iPhone XS and XS Max in silver, space gray, and gold.
The First Mac OS X Virus? (A New OS X Trojan) [Updated]
On the evening of the 13th, an unknown user posted an external link to a file on MacRumors Forums claiming to be the latest Leopard Mac OS X 10.5 screenshots. The file was named "latestpics.tgz"
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is virus-like or was designed to give that impression. Routines listed include:
_infect:
_infectApps:
_installHooks:
_copySelf:
The exact consequences of the application are unclear, but users who originally executed the application have noted that it appeared to self propogate:
Andrew Welch, who had done some of the initial disassembly, is posting updates to this thread.
According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.
Update: It appears that there is some debate about the classification of this application, and as it does require user activation it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.
Update #2: The most recent updates show that the file does send itself to other users in your AIM/iChat buddy list.
Update #3:
Andrew Welch posted the final technical analysis of the application with assistance from Ed Wynne and Glenn Anderson.
Symantec has posted a step by step guide on what happens when you launch this application.
The resultant file decompresses into what appears to be a standard JPEG icon in Mac OS X but is actually a compiled Unix executable in disguise. An initial disassembly (from original discussion thread) reveals evidence that the application is virus-like or was designed to give that impression. Routines listed include:
_infect:
_infectApps:
_installHooks:
_copySelf:
The exact consequences of the application are unclear, but users who originally executed the application have noted that it appeared to self propogate:
If anyone remembers last night, when lasthope spread that picture that opened in terminal. I just turned on my other computer and it said it had an incoming file, from my computer, which was the latest pics file. Any help. I have already secure deleted it off of my harddrive, but how do i know that it will not come back.
Andrew Welch, who had done some of the initial disassembly, is posting updates to this thread.
According to the initial investigation, the application uses Spotlight to find the other applications on the infected machine and subsequently inserts a stub of code into each application executable.
Update: It appears that there is some debate about the classification of this application, and as it does require user activation it appears to fall into the Trojan classification, rather than self-propogating through any particular vulnerability in OS X.
Update #2: The most recent updates show that the file does send itself to other users in your AIM/iChat buddy list.
Update #3:
Andrew Welch posted the final technical analysis of the application with assistance from Ed Wynne and Glenn Anderson.
Symantec has posted a step by step guide on what happens when you launch this application.
[ 628 comments ]
One year after launching the successful live game show app HQ Trivia, Intermedia Labs is planning a new game called HQ Words. Instead of a basic series of trivia questions and multiple choice...
MacRumors has received confirmation that the names of Apple's latest iPhone models are to be stylized with a capital X, followed by the S or R in Small Caps, which are lowercase characters...
Now that we're just three days away from the launch of the iPhone XS and iPhone XS Max, Apple has given the green light for publications and YouTubers to publish full reviews and unboxing videos...
Twitter recently confirmed that it is bringing back the classic reverse chronological timeline as an option for its users.
In a series of Tweets sent by @TwitterSupport, the company explained...
Withings has returned with a new hybrid smartwatch offering, after one of the company's co-founders bought the brand back from Nokia earlier this year.
Back in 2016, Nokia acquired health...
Apple today published an updated version of its iOS security white paper [PDF] for iOS 12, with information on new features and updates introduced with the iOS 12 software.
According to...
Instagram today announced two major updates to the shopping feature in the Instagram app that's designed to allow users to make purchases directly from Instagram.
Shopping within Stories, a...
Apple today updated its suite of iWork apps for iOS devices, introducing iOS 12 support for Pages, Numbers, and Keynote. All three of the apps now support Siri Shortcuts, a feature designed to let...
