Apple working on fixes for posted iOS security holes

Posted by:
Date: Thursday, July 7th, 2011, 10:25
Category: iOS, iPad, iPhone, iPod Touch, security

applelogo_silver

This probably won’t make you feel safer about the security on your iOS device…

Per Macworld,

Apple said on Thursday that it is developing a fix for vulnerabilities that affect its iPhone, iPad and some iPod touch models, a problem that the German government warned could be used to steal confidential data.

The vulnerabilities became publicized with a new release on Wednesday of JailbreakMe 3.0, a framework that allows unauthorized applications to be installed in devices such as the iPhone.

Apple prohibits the installation of applications that have not been approved for distribution in its App Store. But hackers have used vulnerabilities in the iOS operating system that allow the phones to be “jailbroken,” allowing applications not vetted by Apple to be used that are obtained through alternative application markets such as Cydia.

Germany’s Federal Office for Information Security, known as BSI, issued an alert on Wednesday about the vulnerabilities, which it said could be exploited if a user opened a specially crafted PDF document. The issue involves how the iOS parses fronts within the mobile version of the Safari browser.

There is also a second vulnerability that circumvents ASLR (Address Space Layout Randomization), a security feature which mixes up how programs are loaded into memory and makes it more difficult for an attacker.

BSI noted that it would be possible for an attacker using the flaws to steal passwords, banking data and e-mails as well as have access to built-in cameras, intercept telephone calls and obtain the GPS coordinates of a user.

Apple rarely comments on security issues. But on Thursday, Alan Hely senior director for corporate communications in London, said in a statement that “Apple takes security very seriously, we’re aware of this reported issue and developing a fix that will be available to customers in an upcoming software update.”

The BSI wrote that the devices affected are the iPhone 3G and devices running iOS versions up to 4.3.3. Also affected are both iPad models and iPod Touch models running iOS versions up to 4.3.3.

One of the hackers behind JailbreakMe, Comex, published a fix for the vulnerability called PDF Patcher 2, which is now in the Cydia app store. It will only work if people install JailbreakMe, which Apple discourages.

“Until Apple releases an update, jailbreaking will ironically be the best way to remain secure,” according to a note on the JailbreakMe website.

Stay tuned for additional details as they become available.

Amazon announces new plans, unlimited space with Cloud Drive offerings

Posted by:
Date: Thursday, July 7th, 2011, 03:10
Category: News, Software

It’s the competition that keeps things interesting.

Amazon announced Wednesday a promotion offering unlimited music storage to users who purchase a Cloud Drive storage plan, heating up competition before Apple’s fall launch of its iCloud and iTunes Match services.

Per AppleInsider, the online retailer revealed three enhancements to its Cloud Drive and Cloud Player services in a statement Wednesday: storage plans that include unlimited space for music, free storage for all Amazon MP3 purchases and an iPad version of Cloud Player for Web.

“Customers are already enjoying Cloud Drive and Cloud Player and now for just US$20 a year, customers can get unlimited space for music,” said Craig Pape, Director of Amazon Music. “Additionally, we are adding free storage for all MP3s purchased from Amazon MP3, and support for the iPad. Our customers love Cloud Drive and Cloud Player and we’re excited to innovate these services on their behalf.”

The unlimited music storage applies to all premium Cloud Drive accounts, which start at US$20 a year for 20GB. Users who qualified for 20GB of free storage from an earlier promotion will automatically receive the unlimited space for music. Amazon offers 5GB of free space to all Cloud Drive users.

The addition of an iPad-friendly Amazon Cloud Player is a step back in Apple’s direction, though no mention is made of iPhone or iPod touch compatibility. Cloud Player originally launched for the Web and Google’s Android mobile OS, without direct support for iOS and Mobile Safari. In May, iOS users reported being able to access the Cloud Player, despite the fact that full compatibility had yet to be officially announced.

Whereas only new Amazon MP3 store purchases were automatically added to Cloud Drive when the service first launched in March, now all digital music purchased from Amazon will be added to the drive. The retroactive support for previously purchased music appears to indicate that Amazon has resolved any conflicts with the music industry of its service.

Apple is planning a similar move with its iCloud service, and offered the first taste of its cloud strategy last month with the release of iTunes 10.3, which allows re-downloading of music, apps and books purchased on iTunes and the App Store. When iCloud arrives in the fall, the service will provide complimentary storage of music, apps and books purchased from Apple. However, unlike Amazon’s Cloud Drive, iCloud does not stream music.

Amazon reportedly opted for an ‘ask forgiveness, not permission’ strategy with Cloud Drive, surprising music labels with the announcement of the service. Music industry sources said Amazon only addressed the issue of negotiating licenses after launching the service, leaving some industry members to view the service as illegal.

Google launched a beta of its own music service in May. However, the search giant was unsuccessful in negotiating new licenses with major music labels and has yet to open a full music store as originally planned.

Amazon and Apple will likely compete for subscribers with their respective Cloud Drive and iTunes Match services. Amazon’s cloud offerings require manual uploading of non-Amazon music files, but also offer streaming, and start at a lower price of US$20 a year. On the other hand, iTunes Match runs US$25 a year and will scan and match users’ iTunes libraries with songs available in the iTunes Music Store. Matched songs will then automatically be available for download in iCloud, and the small portion of unmatched musical will be uploaded. Like Amazon, Apple will offer 5GB of free storage for iCloud users.

Stay tuned for additional details as they become available.

SpamSieve updated to 2.8.6

Posted by:
Date: Thursday, July 7th, 2011, 02:26
Category: News, Software

spamsieve2.jpg

Michael Tsai’s must-have shareware program, SpamSieve, has just been updated to version 2.8.6. The new version, an 8.3 megabyte download, makes the following fixes and improvements:

– Made various changes to improve SpamSieve’s filtering accuracy.

– Improved compatibility with Mac OS X 10.7 (Lion).

– Added support for Postbox 2.5.

– Updated the Setting Up MailMate instructions for the new preferences in MailMate 1.1.2.

– Updated the Setting Up Outlook instructions for Microsoft Office 2011 Service Pack 1.

– Updated the Setting Up Postbox instructions to ensure that messages that you train as spam are moved to the junk mailbox or trash.

– Worked around a rare OS/hardware condition that could prevent SpamSieve from launching.

– The Apple Mail plug-in is better at reporting errors when it’s unable to fully load itself.

– Made various other clarifications to the manual.

– Adjusted the help page titles to fit better in the menu and search results.

SpamSieve is available for a US$30 registration fee and requires Mac OS X 10.4 or later to run. The new version can either be downloaded directly from the web site or brought up to the current version via the program’s built-in update feature.