Transmission is a popular BitTorrent client for Mac, over the weekend it emerged that a version of their app available from the projects website had been swapped with another version.
This version contained the KeRanger ransomware, this seems to be the first functioning example of ransomware affecting OS X.
Below is more information, as well as a script that should alert or clean up affected Macs.
Sparkle is an open source update framework that is used within thousands of Mac apps, including my own AutoCasperNBI & AutoImagrNBI.
A vulnerability within which was recently disclosed, with an update to Sparkle issued soon after.
However, the update may take some time to reach all the apps that are on the Macs that we admin. So the below is some more detail, methods of mitigation & detection.
JAMF have a great article on deploying the binary needed to set a firmware password on 2010+ Macs via the Casper Suite, here.
I recently had a chance to play with it, but found that the below command (which is used by the following EA to check EFI Password status) often returns nothing or just 0 after running. Regardless if an EFI password is set or not.
sudo /Library/Application\ Support/JAMF/bin/setregproptool -c
So below is a different version of the before linked Extension Attribute, using “expect” & maybe a inelegant check.. but hey, if it works!
UPDATE: Updated to now work with Lion
The Extension Attribute below checks to see if Mac has either an Airport or Wireless & returns “Yes” is the Mac has one & “No” if it doesn’t.
The below Extension Attribute checks if Microsofts Silverlight Plugin is installed, if it’s not it returns the message not installed, if it is installed it returns the version number.