2012 was an "exciting" year for OS X security—at least if you're a security expert or researcher. There were plenty of events to keep people on their toes. Although Apple took some egg on the face for some of them, overall, the company came out ahead when it came down to keeping users safe.
At least that's the opinion of some security researchers who followed OS X developments throughout the year.
Fake installers have been around for quite some time now, but so far, they’ve only targeted Windows users. Now, researchers from security firm Doctor Web have identified a variant that’s designed for Mac OS X.
Dubbed Trojan.SMSSend.3666, the malicious element disguises itself as an installer for a popular application called VKMusic 4 – an app that allows users to listen to music on a Russian social media site. During the “installation” process, victims are asked to provide their mobile phone numbers. Then, they’re requested to enter a code received via SMS.
Noted security researcher Kristin Paget (formerly Chris Paget) — known for her work that helped to beef up the security of Windows Vista—is now working at Apple as a Core OS Security Researcher. Paget confirmed to Wired that she has been working at Apple since September but couldn't divulge any specific details of her work.
Apple today released its second supplemental update to OS X Mountain Lion 10.8.2. Supplemental Update 2.0 addresses a bug in OS X’s Keychain, the database that stores saved passwords and logins.
We received a couple tips yesterday about 2012 Macs being unable to update to 10.8.2 due to a password-related bug. It appears that today’s update resolves that issue.