I have for years been warning my clients that there were currently no issues on this level on Mac OS.
BUT do not be complacent, it will happen eventually.
Well that day appears to have come, I say appears to have come because this problem arises only in specific circumstances and requires user intervention. That has never stopped Windows users getting caught so I see no reason for Mac users not to either.
From the feedback I am getting, this is not just another proof of concept, this is criminal in intent and implementation.
Read here:-


http://www.intego.com/news/ism0705.asp

The moral as always "Never download software unless from a known good source".

Stay safe.

Someone, Somewhere will always click the button.
Its what keeps us busy. http://www.the75andztclub.co.uk/forum/images/icons/icon10.gif

there is some news of issues with a new version of the browser isn't there?

Easily dealt with. :)

http://www.macosxhints.com/article.php?story=20071031114140862


In the Finder, navigate to /Library -> Internet Plug-Ins, and delete the file named plugins.settings. Empty the trash. This deletes the tool that sets the rogue DNS Server information.

In Terminal, type sudo crontab -r and provide your admin password when asked. This deletes the root cron job that checks the DNS Server settings. You can prove it worked by typing sudo crontab -l; you should see the message crontab: no crontab for root.

Open your Network System Preferences panel, go to the DNS Server box, and copy the entries you can see to a Stickies note, TextEdit document, or memorize them. Now retype those same values in the box, then click Apply.
Reboot your Mac.

there is some news of issues with a new version of the browser isn't there?

If you could point to it would be helpful. I have seen no mention anywhere.
There is an option in the preferences for Safari to open safe files automatically after downloading. I always uncheck this option when doing an install or upgrade and advise my clients to make sure they want the item before opening it. If unsure bin it or ask my advice.

My job is to keep my clients safe and secure, been doing that for 14+ years. :)

Grey Ghost, if only we could stop users from blindly clicking on things that say "Click Here" :) life would be a lot easier.

If you could point to it would be helpful. I have seen no mention anywhere.


http://news.bbc.co.uk/1/hi/technology/7071017.stm

Seems to be with the OS and not the browser though! (that will teach me to read the news on the tram into work at 6:30am!)

I was wandering round Meadow hall last week and found a new Apple shop i must admit i was very impressed with the machines on display, and spent a good hour in there messing about. I may have to invest in a new toy Not sure which one though.

http://news.bbc.co.uk/1/hi/technology/7071017.stm

Seems to be with the OS and not the browser though! (that will teach me to read the news on the tram into work at 6:30am!)

No probs. Firewall. The default has always been off, can't see what they are on about, other than they have little else to do, wish I was an overpaid expert. (insert little green man with wrist ache here).

Admittedly the new installation should pick up "on" from a previous setting, that is wrong IMV. But a clean install of OSX any flavour is by default off. Not good for the average user.
It only takes a few complaints for Apple to issue a fix for any vulnerability, hard to understand why they have never addressed this. Must be a very good reason.
In terms of Safari preference to open safe files after downloading, initially the default was on, then after some proof of concept attacks it was set as default off. You guessed it, it's now back on. :shrug: