[IS&T Security-FYI] SFYI Newsletter, May 9, 2011

Mon May 9 16:08:10 EDT 2011

In this issue:

1. May 2011 Microsoft Security Updates

2. iOS Update Fixes Location Services Bug

3. Malware for Macs on the Rise?

---------------------------------------------------

1. May 2011 Microsoft Security Updates

---------------------------------------------------

On Tuesday, May 10, Microsoft plans to issue two security bulletins for Patch Tuesday, to address three vulnerabilities.

The bulletins will address a flaw in Windows, rated critical, and the other will address two flaws in PowerPoint, rated important.

Read the full May security bulletin:

<http://www.microsoft.com/technet/security/Bulletin/MS11-may.mspx>

-------------------------------------------------------

2. iOS Update Fixes Location Services Bug

-------------------------------------------------------

Last week, Apple released iOS 4.3.3 for the iPhone, iPad, and iPod touch (and 4.2.8 for the Verizon iPhone), to address the recently highlighted iOS location cache bugs and concerns, specifically addressing the following:

 *   Reduces the size of the cache
 *   No longer backs the cache up to iTunes
 *   Deletes the cache entirely when Location Services is turned off

The update addresses concerns made by the public about the feature in iOS 4 that stored a database of up to a year's worth of Wi-Fi hotspot and cell tower locations. Apple admitted that the data should not be collected when users turn off Location Services on their iPhone, and the fact that it was being stored was a bug. Supposedly the next major iOS software release will encrypt the file on the iPhone, ensuring that the data can not be obtained by a third party for illicit purposes.

Users can download the update through iTunes.

Read the notice by Apple: <http://support.apple.com/kb/DL1358>

-------------------------------------------

3. Malware for Macs on the Rise?

-------------------------------------------

I hope that by now the myth that Macs are immune to malware/computer viruses has been put to rest. Macs are certainly not immune. In fact, there have been several articles in the news recently that talk about new malware targeting Macs. The first is a threat called Mac Defender, a fake antivirus program that simulates infection and tries to get you to download a tool to remove the infection, but instead causes the infection to occur.

To avoid this threat, never trust pop up windows warning you of an infection, unless they are coming from your antivirus software, if you have one. If you don't already have one, get a real antivirus software from a reputable source. IS&T provides McAfee antivirus software free to the MIT community.

See: <http://ist.mit.edu/services/software/available-software> and search for the software type "antivirus."

A second threat that may get worse is a do-it-yourself kit provided by hackers to create your own Mac malware. Similar kits have already been available for Windows. But this is the first targeting Apple systems, and Macs, iPhones, iPods and iPads are all targets and will be vulnerable if you don't protect them. Be sure to install any security updates Apple makes available.

More details about both these threats can be found here: <http://deputycio.com/2169/are-there-any-mac-viruses>

====================================================================

Read more Security FYI Newsletter articles online at http://securityfyi.wordpress.com/.

====================================================================

Monique Yeaton
IT Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20110509/bfb6e22e/attachment.htm