Security Updates never look for malware, they only patch vulnerabilities. I also checked DetectX Swift and Malwarebytes, neither of which are looking for it presently. I don’t have a sample yet of that specific component of the infection so can’t fully check for it, but I will return once I’ve been able to get a more definitive answer. I wonder if the latest Catalina/Mojave updates are relevant?Īlthough there are over 17,000 signatures for XLoader files in ClamXAV, I can only verify that they do not appear to look for that specific file name, but might be able to identify it by other means. I use ClamX but am not sure if it currently covers this issue. But look closely at the contents to make sure it isn’t something innocent. In other words, yes, go review the Launch Agents in your system and if something looks like malware, then delete it. In other words, the system won’t be launching anything in this file. Specifically, note the “RunAtLoad” key whose value is set to false. Applications/iMazing.app/Contents/MacOS/iMazing Mini.app/Contents/MacOS/iMazing Mini I have disabled the feature (via its preferences), but the Launch Agent file ( .plist) still exists. The system launcher will still depend on the file’s contents to determine that.įor example, iMazing has one for launching it’s iMazing Mini menu-bar app when you log in. Note also that the mere presence of a Launch Agent doesn’t necessarily mean anything will actually run. (Assuming you actually installed Adobe Reader, of course). The important thing is that, despite the scary looking file name, this specific Launch Agent is perfectly innocent. Which is reasonable for a major app to check for updates. The “StartInterval” is set to 12600 seconds (3.5 hours), which means it will re-run itself about once every 3.5 hours. The “RunAtLoad” key is set to true, meaning it will run this when I log in. In this case, it’s the “Adobe Reader Updater Helper.app” that is contained within the Adobe Reader app. This identifies the app that will be launched. Note the contents of the ProgramArguments key. Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper But if you open it up and read the contents you find: $ cat com.Ĭom.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae If this doesn't work, then they can head over to Adobe's website and download the full Adobe Reader installer from the Acrobat Reader Download Center.TL DR: It’s a good idea to review your system’s Launch Agents, but look closely at them before deleting anything because they may be perfectly innocent, even if there’s a big scary file name.įor instance, I’ve got one called com.Īt first glance, that looks really suspicious, since it’s got a huge string of hex digits as a part of the name. However, if users want to manually install the upgrade, they can go to the Help menu and click on Check for Updates. Read more: Adobe allows users to share Photoshop, Illustrator projects with collaboratorsĪdobe says that while administrators will be able to use their preferred methods of updating managed environments, user-installed versions of Adobe Acrobat and Reader are set to update automatically as soon as a new update is detected. This makes it absolutely essential for users of the software to upgrade their installations as quickly as possible, as leaving the software unpatched with known security flaws is quite dangerous. Perhaps more worryingly, Adobe also revealed that it has received a report that one of the vulnerabilities ( CVE-2021-28550) was being actively used to target Adobe Reader users on Windows in “limited attacks”. Stating that the security updates for both Adobe Acrobat and Reader for Windows and macOS were released to address multiple critical and important software vulnerabilities, the company said that if a malicious actor was able to exploit the flaws, it could grant them the ability to execute arbitrary code (read: dangerous commands) on the current user's system.
0 Comments
Leave a Reply. |