Apple released a security update on Tuesday to patch a flaw in Logic Pro X, the company’s software for audio professionals. Attackers taking advantage of this bug could gain control of an affected system.
The upgrade to version 10.3.1, for OS X Yosemite v10.10 and later (64 bit), includes a few feature additions and applies improved memory handling to address a memory corruption issue that could have enabled an attacker to open a “maliciously crafted” GarageBand project file that could lead to arbitrary code execution.
This week’s update follows the release a month ago of v10.3, a significant refresh for the software.
In other Apple news, a new crypto-ransomware campaign has hit the macOS. Researchers at ESET noted their detection of the malware, “Patcher,” written in Swift, a Mac programming language, which is distributed via BitTorrent sites.
The researchers found that a ZIP file, bundled with poorly coded applications, targets Adobe Premiere Pro and Microsoft Office for Mac, but cautioned there could be other targets.
Although no transactions involving Bitcoin have yet been seen, the researchers said decryption is not possible, even by the actors behind the code.
“There is one big problem with this ransomware: it doesn’t have any code to communicate with any C&C server. This means that there is no way the key that was used to encrypt the files can be sent to the malware operators.”
While the coding might be lacking, the researchers stated that the crypto-ransomware still has the potential to do serious damage, namely block victims from accessing their files.
Be wary of downloading from suspicious sites, the ESET researchers warn, particularly pirated software. They also recommend having a security product installed. But above all, they said, in the face of a possible invasion of a crypto-ransomware, backup all important data.