Evilgrade exploit targets Mac OS X, iTunes, Java, Winzip

A researcher from Argentina has released an exploit package that can install malware on end user machines that run iTunes, Mac OS X, Winzip and a host of other popular software.Evilgrade is the brainchild of Francisco Amato and works by exploiting weaknesses in the automatic upgrade feature of an effected program or operating system. It […]

A researcher from Argentina has released an exploit package that can install malware on end user machines that run iTunes, Mac OS X, Winzip and a host of other popular software.

Evilgrade is the brainchild of Francisco Amato and works by exploiting weaknesses in the automatic upgrade feature of an effected program or operating system. It works only when a man-in-the-middle attack has first been carried out, but thanks to the domain name system vulnerability that has dominated security coverage ever since researcher Dan Kaminsky sounded the alarm three weeks ago, that's not much of a problem.

Full Article