Mozilla releases Firefox 8.0 update

Posted by:
Date: Tuesday, November 8th, 2011, 10:02
Category: News, Software

elfirefox

On Monday, Mozilla.org released version 8.0 of its Firefox web browser. The new version stands as an 28.2 megabyte download offered the following change:

– Add-ons installed by third party programs are now disabled by default.

– Added a one-time add-on selection dialog to manage previously installed add-ons.

– Added Twitter to the search bar.

– Added a preference to load tabs on demand, improving start-up time when windows are restored.

– Improved tab animations when moving, reordering, or detaching tabs.

– Improved performance and memory handling when using.

– Added CORS support for cross-domain textures in WebGL.

– Added support for HTML5 context menus.

– Added support for insertAdjacentHTML.

– Improved CSS hyphen support for many languages.

– Improved WebSocket support.

– Fixed several stability issues.

Firefox 8.0 requires an Intel-based Mac and Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback, let us know.

Apple Store app hits 2.0, adds in-store pickup, Easy Pay features

Posted by:
Date: Tuesday, November 8th, 2011, 07:37
Category: iOS, iPad, iPhone, iPod Touch, News, retail, Software

applelogo_silver

Apple may not make all aspects of your life easier at all times, but they do try to streamline buying more of their products…

Per AppleInsider, Apple has updated its official Apple Store application for iOS, adding the new “Personal Pickup” option, as well as an “Easy Pay” feature, which allows customers to pay for an item on their own, direct from an iPhone, while in a retail store.

The Apple Store application was updated on Tuesday to version 2.0. The free application is a 4.0MB download that requires iOS 4.2 or later to install and run and is compatible with the iPhone, iPod touch and iPad.

The most significant new features in the update are EasyPay and Personal Pickup. With EasyPay, an iPhone 4 or iPhone 4S the user can scan the barcode of an accessory while in a store, and complete the transaction using the same credit card information tied to their Apple ID.

Word of the self-checkout option first surfaced last week, and accurately revealed that the option would only apply to accessories and items found on the shelf. Users cannot complete a self-checkout with more expensive items that are kept in Apple’s retail stockrooms, including the iPhone, iPad, iPods or Macs.

The updated Apple Store application also features a built-in Personal Pickup feature. With the software, users can buy an item on their iOS device, and then pick it up in a store in less than an hour if it is in stock.

Apple began offering an in-store pickup option on its website last month with a trial that began in San Francisco, Calif., and quickly spread to New York City stores. The in-store pickup option is currently available in the U.S. only.

The full list of new features included in version 2.0 of the Apple Store iOS application are included below:

Personal Pickup: Buy in the app and choose to pick up your order at any Apple Retail Store. Most in-stock orders are available for pickup within an hour. (U.S. only)

EasyPay: Purchase select accessories in store quickly by scanning the barcode and completing your transaction right in the app. (U.S. only, requires iPhone 4 or iPhone 4S)

Track your stuff: View the status of current and previous orders from the order status section in the More tab.

If you’ve tried the new app and its features and have any feedback to offer, please let us know in the comments.

Security researcher Charlie Miller outs iOS code signing flaw, security hole

Posted by:
Date: Tuesday, November 8th, 2011, 05:46
Category: iOS, News, security, Software

It’s hard to say if it’s discouraging to see the iOS get spotted on assorted security failures or reassuring to see that security experts manage to notice these and bring them to the public’s attention.

According to Forbes, Mac hacker and researcher Charlie Miller has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device by exploiting a flaw in Apple’s restrictions on code signing, allowing the malware to steal user data and take control of certain iOS functions.

Miller explains that code signing restrictions allow only Apple’s approved commands to run in an iOS device’s memory, and submitted apps that violate these rules are not allowed on the App Store. However, he has found a method to bypass Apple’s security by exploiting a bug in iOS code signing that allows an app to download new unapproved commands from a remote computer.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller said. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

The flaw was introduced when Apple released iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a device’s memory than in previous iterations of the OS. Miller realized that in exchange for speed, Apple created a new exception for the web browser to run unapproved code. The researcher soon found a bug that allowed him to expand the flawed code beyond the browser, integrating it into apps downloaded from the App Store.

Miller created a proof-of-concept app called “Instastock” to showcase the vulnerability, which was submitted to and approved by Apple to be distributed via the App Store. The simple program appears to be an innocuous stock ticker, but it can leverage the code signing bug to communicate with Miller’s server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos and other files, as well as initiate certain iOS functions like vibrating alerts.

The app has since been pulled and according to his Twitter account, Miller has reportedly been banned from the App Store and kicked out of the iOS Developer Program.

Miller, a former NSA analyst who now works for computer security firm Accuvant, is a prominent Apple researcher who previously exposed the MacBook battery vulnerability and a security hole in the mobile version of Safari.

The researcher has refused to publicly reveal the exploit, reportedly giving Apple time to come up with a fix, though he will announce the specifics at the SysCan conference in Taiwan next week.

Stay tuned for additional details as they become available.

Hackers unlock hidden panorama camera mode in iOS 5, post instructions on accessing it

Posted by:
Date: Tuesday, November 8th, 2011, 05:19
Category: iPhone, News, security

It’s the hidden features that tend to make a gadget that much cooler.

Per iDownloadBlog, a group of hackers have discovered a hidden panorama mode embedded within Apple’s Camera application on iOS 5, though the feature does not appear to be completed.

iOS hacker Conrad Kramer, who goes by the alias Conradev, revealed via a tweet on Monday that he had discovered a way to enable the hidden Panorama mode within Apple’s own app, as noted by iDownloadBlog. The feature, which appears to be in ongoing development by Apple, offers settings for a grid and HDR when creating a panorama photo.

According to Kramer, the mode is activated by setting the “EnableFirebreak” key to YES in a preference file within the mobile operating system.

Fellow jailbreak hacker Grant Paul, also known as Chpwn, posted screenshots and examples of the panorama mode. He also announced that a tweak enabling the feature has been submitted to the Cydia application storefront for jailbroken iPhones and should arrive sometime on Tuesday.

‘Jailbreaking’ is a process that opens up an iOS device to run unauthorized code and applications. Though the U.S. government has legalized the procedure, it does still void Apple’s warranty.

With the release of the iPhone 4S, iCloud and iOS 5 last month, jailbreak hackers have been kept busy. Paul recently publicized a tweak that brought limited Siri voice assistant functionality to the iPhone 4 and the fourth-generation iPod touch. Siri is currently only officially available on Apple’s new iPhone 4S.

In addition, a “hidden” Drop Box-like syncing feature was discovered last week in Mac OS X Lion that can be used to sync files across multiple Macs.

In August, notorious jailbreak hacker “Comex” revealed that he would be starting an internship with Apple. It is not immediately clear whether he is working specifically on iOS security, but some have speculated that the iPhone maker will put him to use on locking down its software.

If you’ve tried the panorama hack and have any feedback about it, please let us know in the comments.