The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!

Staying safe on public wifi

Posted on May 21st, 2015 at 12:54 PM EDT


Everyone has to use public wifi now and then. It is somewhat common knowledge that this is unsafe, but most people aren’t entirely sure what to do about that, other than not visiting sensitive sites, like their bank site. Fortunately, there are some good tricks to keeping your Mac and your data safe on public wifi. Read the rest of this entry »


Address bar spoofing vulnerability found

Posted on May 20th, 2015 at 2:19 PM EDT


A proof-of-concept was released several days ago of an issue with some web browsers, including Safari, that could allow a phishing page to display the wrong address in the browser’s address bar. This is a potentially very serious issue, but fortunately there are some things you can do about it, if you’re aware of them. Read the rest of this entry »


MPlayerX adware behaving like malware!

Posted on May 11th, 2015 at 4:38 PM EDT


MPlayerX has long been used as “bait” to convince people to run adware installers. Most of the time, MPlayerX is installed along with the adware to (somewhat) disguise the fact that anything else was installed. However, it now appears that the folks behind MPlayerX are definitely in on the scam. Worse, the installer is now displaying malware-like behavior, by trying to foil analysis! Read the rest of this entry »


Serious MacKeeper vulnerability found

Posted on May 9th, 2015 at 7:21 AM EDT


I have long advised against using MacKeeper for a variety of reasons (some of which can be found in Ongoing MacKeeper fraud). However, now there’s a new reason to avoid MacKeeper: it has been found to contain a serious vulnerability that can lead to remote code execution through the use of a malicious URL. In non-tech-speak, a hacker can create a link that will, if clicked, result in MacKeeper executing code embedded within the link! Such code could do things like wiping your hard drive clean, uploading data to a remote server, or downloading and installing malware. Read the rest of this entry »


Chinese networks redirecting to

Posted on April 28th, 2015 at 1:18 PM EDT


A couple days ago, I got an e-mail message from someone who was having trouble with being redirected to frequently. We fruitlessly explored a number of possibilities, including adware, hacked sites and hacked wireless routers. As more reports have surfaced over the intervening period, though, it looks like this is a problem that only people connected to networks in China are experiencing. Read the rest of this entry »


Problem with Yosemite Recovery Update 1.0

Posted on April 11th, 2015 at 9:50 AM EDT


If you’re a reader of this blog, there’s a higher-than-usual chance that you are one of those security-minded folks with both FileVault disk encryption and a firmware password enabled. If so, you may have a problem after installing Yosemite Recovery Update 1.0. When I installed it (along with 10.10.3), I ended up with the dreaded “flashing folder with a question mark” icon when the machine restarted halfway through the install. Read the rest of this entry »


InstallCore adware proliferates

Posted on April 8th, 2015 at 11:42 AM EDT


InstallCore is adware that began with a couple simple browser extensions. (One of these took the same name as a Spigot extension, “Searchme”, leaving questions about whether InstallCore might be related to Spigot in some way or whether this is purely coincidence.) Recently, however, new variants of InstallCore have been appearing like poop on a lawn full of geese. And some of the strategies it’s using stink just as badly! Read the rest of this entry »


Java now installing adware

Posted on March 4th, 2015 at 11:34 AM EDT


Rich Trouton, a Mac systems administrator who runs the Der Flounder blog, discovered yesterday that a Java installer is installing adware, in the form of the Ask Toolbar. (He first wrote about it on JAMF Nation, but has published additional information in his Der Flounder post today.) Fortunately, in the course of trying to duplicate his findings, it appears that this installer is a bit finicky, and may not always install the toolbar properly. Read the rest of this entry »


Avast’s man in the middle

Posted on February 24th, 2015 at 12:47 PM EDT


The security community is ablaze with news of Superfish being pre-installed on some Lenovo computers. The primary issue concerning experts is that Superfish replaced SSL certificates, used for ensuring secure connections on the internet, with its own certificates. It turns out that the same behavior is being exhibited by software that many people are inclined to trust: Avast’s anti-virus software! Read the rest of this entry »


Apple cracks down on adware

Posted on February 13th, 2015 at 7:25 AM EDT


Apple has used the XProtect anti-malware protection in Mac OS X to block a few pieces of adware in the past. Yesterday, they cracked down on adware again, adding a slew of new items to XProtect’s signatures, used for identifying and blocking malicious apps. Three are updated signatures, while one is for adware never before blocked by XProtect. Read the rest of this entry »


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.