Adobe releases Flash Player 11.7.700.169

Posted by:
Date: Wednesday, April 10th, 2013, 08:15
Category: iOS, iPad, News, security, Software

A hefty update is never unappreciated.

On Wednesday, Adobe released Flash Player 11.7.700.169 for Mac OS X, a 16.9 megabyte download via MacUpdate. The new version adds the following fixes and changes:

Fixed Issues:
- On Retina-enabled OS X devices, Flash applications are scaled incorrectly upon opening (3496539).

-In AIR on iOS, loading a SWF with and embedded video can cause a crash in some circumstances (3514499).

- In AIR on iOS, loading an image from a remote server can cause a crash (3476445).

- On OS X, setting stage.fullScreenSourceRect when renderMode is set to “GPU”, leads to inaccurate mouse position reporting (3512232).

- In the Chrome browser, the copy shortcut (Ctrl/Cmd+C) fails (3496300).

- Attempting to embed a Flash project into Microsoft word can result in a crash (3498002).

- In AIR for iOS, some apps get rejected for missing push notification entitlement (3501744).

- In AIR for iOS, Flex applications running on iPad2 over 3G connections can experience a crash (3435401).

- In AIR for iOS, reloading of pure asset SWFs isn’t allowed (3516971).

- On OS X, some fonts do not rending properly when viewing Flash content in the Google Chrome browser (3506958).

New Features:
- Sandboxing enhancements.

- Prevent Cloud backup for Shared Objects (iOS).

- Use CPU render mode for selected devices (iOS).

- Externally host secondary SWF files (iOS).

Adobe Flash Player 11.7.700.169 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Apple receives patent for offline purchasing system

Posted by:
Date: Tuesday, April 9th, 2013, 07:46
Category: iOS, iPhone, iPod Touch, News, Patents, Software

applelogo_silver

Ok, this is interesting.

Per the United States Patent and Trademark Office and AppleInsider, Apple on Tuesday was awarded a patent for an offline purchasing system that would allow iTunes users to buy music, movies and other media when not connected to the internet.

The U.S. Patent and Trademark Office granted Apple U.S. Patent No. 8,417,575 for “On-device offline purchases using credits,” which describes a system involving the purchase of offline credits stored on a given device that can be put toward media in the iTunes store even when not connected to the online marketplace.

Currently, iTunes users must be logged in or have an internet connection to successfully purchase and download content from the online storefront, but Tuesday’s patent lays the groundwork for a type of “pre-loaded” payment system. Beyond the obvious applications for on-the-go iPod touch users and perhaps frequent travelers, the patent could be a harbinger of new never before seen iTunes functionality.

According to Apple, the proposed service involves media stored on an electronic device, like an iPhone or iPod touch, that is not part of the user’s owned library. If a user wants to buy a track, but cannot connect to the Internet to provide a means of payment, they can use pre-paid credits previously purchased through the store and subsequently loaded onto the device. Once a data network is accessed, the appropriate deductions are made to a user’s on-board credit allotment.

Users can add credits to their device accounts either through the device itself or what appears to be a specialized portal on the desktop version of iTunes, along with other options. Multiple forms of payment are accepted, including credit cards, bank accounts and other digitally connected assets a user links to their online profile.

As noted by the patent, in order to play back a purchased song or movie, a device must first have a copy of said media item, as well as authorization to play back the content. The device can retrieve copies of “unauthorized” media in any number of ways, including recommendations downloaded from the media store. Carrying on with the recommendation example, the device can restrict access to the content in any number of ways until authorization, or a purchase, has been detected. In some instances, the media might be played back at a lower quality, or there could be a limit to how many times a track is played.

The locally-stored media can be displayed in a variety of arrangements, including a layout similar to the existing iTunes iOS app, making browsing and buying new content easy. Once a user makes a selection, they can purchase the locally stored media with the credits they bought in advance, which will remove the restrictions previously imposed on the content. In other words, the authorization and playback transaction would be fully completed offline.

The property could be a boon for iTunes users who don’t have ready access to the Internet and, if made real, would likely drive sales for the digital music giant. Specific implementations were not thoroughly discussed, though Apple already has iTunes Match, which allows users iCloud access to their entire music collection, even tracks imported from CDs, for a yearly fee. While mere speculation, further cloud computing integration could bring even more tie-ins with the offline purchasing service, such as music sharing or gifting.

It remains unknown if and when Apple plans to roll out the offline crediting functionality, but the device-specific solution could theoretically be implemented with a firmware update as no hardware limitations were described in the patent.

Apple’s offline purchasing patent was first filed for in 2010 and credits Taido Nakajima, Tyler Mincey, Gloria Lin and Joey Darragh as its inventors.

Stay tuned for additional details as they become available.

iOS 7 user interface rumors fly, concept animation surfaces

Posted by:
Date: Monday, April 8th, 2013, 06:38
Category: iOS, Rumor

And now comes the rumor mill and concept art.

Per 9to5Mac, Apple’s Jony Ive seems to be focusing iOS 7′s user interface on widgets and lock screen enhancements.

Since a picture’s worth a thousand words, designer F. Bianco certainly gives us a taste of the possibilities constructed the following movie which shows concepts such as widgets, app switching, media controls and more.

Take a gander:

As always, let us know what you think or what you’re hoping to see in iOS 7 in the comments.

Rumor: Unlocked GSM iPhones could go from 2G EDGE to LTE on T-Mobile network, firmware update possible

Posted by:
Date: Tuesday, April 2nd, 2013, 13:31
Category: iOS, iPhone, Rumor

Bring your iPhone over to the right carrier and nifty things can happen.

Per TmoNews, T-Mobile customers that brought their iPhones over to the carrier will see feature enhancements and perhaps even a data speed boost when the carrier rolls out an update on Friday.

The web site carried an image of a leaked screenshot showing a carrier update set for April 5. The update will bring features like Visual Voicemail, and MMS Settings, as well as “Network/Device optimizations that customers do not have access to today.”

While unconfirmed, it is possible that these “optimizations” will give current iPhone owners on T-Mobile access to the network’s LTE network. Currently, data speeds for iPhones on T-Mobile’s network top out at 2G EDGE levels. The iPhone 5, when it reaches T-Mobile, will be able to take advantage of the carrier’s new high-speed network.

Apple’s iPhone 5 will make its official debut on T-Mobile on April 12, for US$99 on the carrier’s new UNCarrier payment plans. The OTA update for current T-Mobile iPhone users will go out to devices running iOS 6.1.x or higher beginning April 5.

Stay tuned for additional details as they become available.

Apple now hiring Maps Ground Truth managers in seven countries to help clean up iOS 6 Maps application

Posted by:
Date: Thursday, March 28th, 2013, 05:04
Category: iOS, News, Software

When in doubt, add additional staff to a project.

Per iMore, Apple is increasing its efforts to improve Maps around the world, having recently posted open positions for Maps Ground Truth managers in seven countries. Previously, Apple had only been hiring for these positions in Australia. Among other dutites, managers are expected to be able to do things like provide feedback for their area to enhance maps, according to the company’s job postings web site.
- Testing new releases of map code and data around the U.S.

- Collecting ground truth data to allow for analysis of the impact of potential map code or data changes relative to known truth.

- Utilizing local expertise to provide feedback about U.S.-specific mapping details.

- Evaluating competing products in-region relative to our maps.

Ground truth refers to collecting mapping data locally rather than by satellite imagery or other remote means. We heard about Apple retail employees being asked to help improve Maps back in October. This, however, points to teams of people dedicated to mapping improvements.

Apple has been steadily improving Maps since the launch of iOS 6 in September of last year. Enhancements to Flyover, 3D buildings, and turn-by-turn navigation have been made to locations around the world. There is still a long way to go, but there is no doubt that Apple’s making the effort to fix its mistakes.

Facebook Messenger to receive VOIP upgrade for European versions of the software

Posted by:
Date: Monday, March 25th, 2013, 08:14
Category: iOS, News, Software

Facebook-Messenger-Icon1

If you’re across the pond, this’ll come in handy.

Per AppleInsider, Facebook Messenger users on iOS in the U.K. and other parts of Europe will get a software update on Monday enabling Voice Over Internet Protocol (VOIP) calling within the app.

The update comes after Facebook already rolled out the feature in the United States and Canada in January. Facebook Messenger users will now be able to call each other directly through the service instead of passing voice messages to each other.

The Messenger VOIP feature in the United States was soon followed up with Facebook bringing the feature to its flagship Facebook app, and this may soon be the case in the UK and Europe.

Facebook Messenger for iPhone is available as a free download on Apple’s iTunes App Store.

If you’re in the United Kingdom and have had a chance to test Facebook Messenger’s new VOIP feature, please let us know how it goes in the comments section.

New iOS passcode bypass bug discovered one day after iOS 6.1.3 release

Posted by:
Date: Thursday, March 21st, 2013, 07:32
Category: iOS, iPhone, News, security

Well, this is sort of awkward…

Remember how you JUST installed iOS 6.1.3 to get rid of a passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone? Per iMore and The Next Web, a new bypass bug has been discovered.

The passcode bypass in the previous versions of iOS 6 required a series of well-timed taps and button presses. The result was full access to the Phone app on a locked device without entering the passcode. This new bug (not quite new, it seems to have existed prior to iOS 6.1.3) requires a sequence that’s a little easier to execute as can be seen in this video. For some reason, this bypass seems to to be more difficult to accomplish on newer, Siri-capable devices.



The bypass can be achieved using the iPhone’s Voice Dial feature. By holding the Home button on a device for a few seconds, the Voice Dial feature will come up. Issue a dial command such as “Dial 303-555-1212”, then as the call is being initiated, eject the SIM card. The iPhone detects the SIM has been removed, cancels the call, and displays an alert saying there is no SIM. Behind the alert you will see the Phone app and after dismissing the alert, you will have full access to the Phone app. As before this means you can access contact information as well as all photos on the device.

Initially thought to only be possible on non-Siri phones, reports are now coming in of this bypass being performed on the iPhone 4S and 5 as well, though it doesn’t seem to be as easily reproducible on these devices. Performing the bypass on these devices devices would also require Siri to be disabled and Voice Dial to be enabled.

Unlike the previous bug, this bypass can also easily be prevented by disabling Voice Dial. This can be done in the iPhone’s Settings app, under General > Passcode Lock, by turning the Voice Dial switch to off. With the way Apple has been handling these so far, it would not be surprising to see this fixed in a 6.1.4 update.

Stay tuned for additional details as they become available.

Apple releases iOS 6.1.3 update

Posted by:
Date: Tuesday, March 19th, 2013, 12:59
Category: iOS, iPhone, iPod Touch, News, security, Software

I’ll say this for Apple: it’s getting speedier on its iOS updates.

On Tuesday, Apple released iOS 6.1.3, a 107 megabyte download offering the following fixes for its supported iOS devices:

- Fixes a bug that could allow someone to bypass the passcode and access the Phone app.

- Improvements to Maps in Japan.

iOS 6.1.3 is available via iTunes or Over-The-Air updating and requires an iPhone 3GS, 4, 4S, 5, iPad 2, third or fourth-gen iPad, iPod Touch 4th Gen or iPad Mini to install and run.

Rumor: ABC working on subscriber-based streaming app to bring network’s live programming to iOS devices

Posted by:
Date: Tuesday, March 19th, 2013, 07:26
Category: iOS, iPad, iPhone, iPod Touch, Rumor, Software

abc-current-logo1

You can’t knock additional streaming options if they’re offered to you…

The Walt Disney Company, while sorting out the future of the online video Web site Hulu, has an app in the works that may render Hulu passé for some people.

Per the New York Times, the app will live stream ABC programming to the phones and tablets of cable and satellite subscribers. The app could become available to some subscribers this year, according to people briefed on the project, who insisted on anonymity because they were not authorized to speak about it publicly.

With the app, ABC, a subsidiary of Disney, will become the first of the American broadcasters to provide a live Internet stream of national and local programming to people who pay for cable or satellite. The subscriber-only arrangement, sometimes called “TV Everywhere” in industry circles, preserves the cable business model that is crucial to the bottom lines of broadcasters, while giving subscribers more of what they seem to want — mobile access to TV shows. The arrangement could extend the reach of ads that appear on ABC as well.

Disney already distributes similar live streaming and on-demand apps, known as “Watch” apps, for ESPN and the Disney Channel. Special hurdles exist, however, for the ABC app, in part because of contracts between the network and the companies that produce some of its shows that were written before mobile phone video streaming was even possible. Other complexities involve ABC’s local stations, which might — if not courted properly — feel threatened by an app.

But ABC, seeing shifts in consumer behavior, is pressing forward. The network has started to talk with stations about how to include them in the live streaming app. Illustrating the difficult contractual issues, ABC offhandedly first mentioned a forthcoming Watch ABC app in a news release nine months ago, when it signed a deal with Comcast to make several Watch Disney apps available to Comcast subscribers.

But the network live streaming ability is inching closer to fruition, the people briefed on the project said. A spokesman for ABC declined to comment.

Stay tuned for additional details as they become available.

Security firm Skycure illustrates possible hacking attacks through iOS’ use of Provisioning Profiles

Posted by:
Date: Tuesday, March 12th, 2013, 07:41
Category: iOS, iPhone, News, security, Software

In the words of assorted security analysts, Apple may be setting itself up for a malware fall thanks to its Provisioning Profiles.

Per The Next Web, while iOS users have been relatively safe from malware on their devices, researchers from security company Skycure say they’re concerned about a feature of iOS that could be used by malicious actors to read information, passwords and even encrypted data from devices without customers knowledge. They’ve detailed the new vulnerability in a presentation at the Herzliya Conference and a company blog post.

It’s worth noting at the beginning that Skycure’s product, still in development, is a mobile firewall with a cloud component designed to secure devices against attacks just like these. This isn’t all that unusual, though, as many security firms like Sophos and Intego produce research reports along with consulting and security products.

Provisioning Profiles (mobileconfigs) are small files installed with a single tap on iOS devices. They essentially function as instruction lists which can alter many settings, including network configurations and they’re used by thousands of companies around the world including app developers, corporations with IT departments and more.

Their use is officially approved by Apple and there is nothing innately malicious about any given profile. But, if put to the right uses, they do open up the ability to read usernames and passwords right off of a screen, transmit data that would normally be secure (over HTTPS) to a malicious server where it can be read and a lot more.

In a demonstration, Skycure’s CTO Yair Amit and CEO Adi Sharabani sent the author to a website where a link was offered. A provisioning profile was presented, installed and led to a screen that looked a lot like a phishing attempt, which requires an action on the part of a user in order to infect or grant access to a hacker.

After the profile was installed, Sharabani demonstrated that he could not only read exactly which websites the author had visited, but also scrape keystrokes, searches and login data from apps like Facebook and LinkedIn. To be perfectly clear, this is not a vulnerability within iOS, instead it uses standardized frameworks to deliver a profile that has malicious intent.

iOS has typically been far more secure than other platforms because of its heavy use of curation on the App Store, but also because it has been built from the ground up to use sandboxing. This means that apps are cordoned off, unable to reach outside of their data box or to affect any other apps that have not given them explicit permission to do so.

Provisioning Profiles step outside of that protection and can do things like route all of a victim’s traffic through a third-party server, install root certificates allowing for interception and decryption of secure HTTPS traffic and more.

Sharabani provides a couple of scenarios by which people could be convinced to install what seems like a harmless provisioning profile, only to be a victim of a traffic re-routing attack:

- Victims browse to an attacker-controlled website, which promises them free access to popular movies and TV shows. In order to get the free access, “all they have to do” is to install an iOS profile that will “configure” their devices accordingly.

- Victims receive a mail that promises them a “better battery performance” or just “something cool to watch” upon installation.

The attacks, Sharabani stated, can be configured to use a VPN, APN proxy or a wireless proxy (WiFi), so just because you’re not on a WiFi network doesn’t mean that the profile can’t send your traffic to a third-party. This also means that (unlike a VPN, where there is an indicator in your status bar), you could also be affected by the hack without your knowledge. Of course, you would still have had to install a profile in the first place.

For the third attack scenario, Skycure came up with a list of cellular carriers that ask clients to install a special profile that configures their device to work with that network’s data servers. Of course, those sites could end up being compromised to deliver corrupted profiles, but it’s bound to be harder to do if it’s the carrier’s own servers doing the distribution.

As of now, no evidence has been found of a Provisioning Profile attack in the wild. And, to be extremely blunt once again, you are not at risk at all if you don’t install any profiles to your device, period. And if you have to, make sure that those profiles are from a trusted source and are verified. You should also only download and install profiles from ‘secure’ HTTPS links.

The disclosure of the issue, Sharabani says, is really about raising awareness, rather than starting a panic. While the attacks can be powerful and harmful, the Provisioning Profile attack, much like phishing, relies on user ignorance. Just as you wouldn’t type your password into a page provided as a random link, don’t install profiles from websites that you don’t know and avoid them completely if at all possible.

Because of the deep integration of Provisioning Profiles into the workflows of IT departments and other companies, it’s unlikely that they’ll be going away any time soon. So the best defense for now is knowledge and care.

Stay tuned for additional details as they become available.