Apple includes Yontoo trojan on XProtect.plist database

Posted by:
Date: Monday, March 25th, 2013, 07:37
Category: News, security, Software

With any luck, the Yontoo trojan won’t be around on the Mac OS X platform for long.

Per the Intego Security Blog and MacRumors, shortly after news emerged of a new adware trojan targeting OS X web browsers, Apple updated its malware and adware detections list to block Yontoo.

The company has apparently updated its “XProtect” anti-malware system. XProtect.plist will now recognize Yontoo and warn users that attempt to install the software on their computers.

Intego’s post notes that the XProtect detection “is very specific and potentially location-dependent.” The extra specificity, Intego supposes, may be there in order to stop only indirect installations of the file.

News of the Yontoo trojan emerged recently when a Russian anti-virus company pointed out its existence. Yontoo asks users if they want to install a browser plugin, media player, download accelerator, or other video-oriented program. Upon agreeing to the download, the plugin begins transmitting browsing data to an off-site server. User browsing data is processed, and the server sends back a file embedding third-party code into webpages visited by the user. The viewing or clicking of embedded ads then generates ad affiliate network profits for the criminals behind the adware.

Stay tuned for additional details as they become available.

Dropbox 2.1.3 beta out the door

Posted by:
Date: Monday, March 25th, 2013, 07:59
Category: News, Software

An update’s an update, even if it’s just a beta.

Late Friday, Dropbox released the public beta 2.1.3 of its cloud-based storage client for Mac OS X. The new version, a 27.4 megabyte download (via MacUpdate), which adds the following fixes and changes:
– Fix an issue preventing Dropbox from starting on Mac.

– Fix an issue when clicking on notification bubbles.

– Fix an issue with Camera Uploads.

– Fix some issues with the right click context menu on Mac.

– Minor translation fixes.

– Other minor fixes.

Dropbox 2.1.3 requires Mac OS X 10.4 or later to install and run.

If you’ve tried the new beta and have any feedback to offer, please let us know in the comments.

Apple adds two-step verification, other new features to iCloud security

Posted by:
Date: Friday, March 22nd, 2013, 06:44
Category: News, security, Software

When in doubt, beef up the ol’ security system a bit…

On Thursday, Apple has rolled out a new two-step verification service for iCloud and Apple ID users. This functionality greatly enhances the security of Apple accounts because it requires users to use a trusted device and an extra security code.

Per 9to5Mac, the security code can be sent via SMS or via the Find my iPhone iOS app (if it is installed). Users can now setup two-step authentication on their devices via the Apple ID web site. Users need to access the security tab on this website to conduct the setup process.

During the setup process for two-step verification, users can choose which of their iOS devices they want to be “trusted.” This new service will allow only you to be able to reset your password.

Full details can be located at the Apple ID web site.

Advertising-based trojan goes into wild on Mac OS X, Windows platforms

Posted by:
Date: Thursday, March 21st, 2013, 07:55
Category: Hack, News, security, Software

The available list of Mac malware (and jerks creating it) just grew a bit.

Per MacNN, a new Mac trojan is inserting ads into Safari, Chrome, and Firefox, says a Russian security firm, Doctor Web. Nicknamed “Trojan.Yontoo.1,” the malware is so far being distributed through movie trailer pages, which prompt people to download a browser plugin, a media player, a video enhancer, or a download accelerator. When launched, the malware asks to be installed under a name such as “Free Twit Tube.”

In reality, the installer inserts a plugin into the aforementioned browsers, which transmits data about the websites a person visits to a remote server, and inserts ads into places in sites where they wouldn’t otherwise exist. Visiting the official Apple page for the iPad mini, for instance, may trigger an ad for unrealistically low iPad discounts. Doctor Web notes that the attackers could potentially swap out the plugin for different or updated code.

The malware is targeting Windows systems as well, but Doctor Web comments that hackers are increasingly targeting Mac owners, and that such ad schemes generate money regardless of the platform they’re on. The hackers likely receive money for each ad impression, and more if a person actually clicks on an ad. There doesn’t appear to be any defense against the trojan in OS X at the moment, short of rejecting the installation; Apple may, however, be able to create a safeguard by updating the OS’ blacklist.

Stay tuned for additional details as they become available.

New iOS passcode bypass bug discovered one day after iOS 6.1.3 release

Posted by:
Date: Thursday, March 21st, 2013, 07:32
Category: iOS, iPhone, News, security

Well, this is sort of awkward…

Remember how you JUST installed iOS 6.1.3 to get rid of a passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone? Per iMore and The Next Web, a new bypass bug has been discovered.

The passcode bypass in the previous versions of iOS 6 required a series of well-timed taps and button presses. The result was full access to the Phone app on a locked device without entering the passcode. This new bug (not quite new, it seems to have existed prior to iOS 6.1.3) requires a sequence that’s a little easier to execute as can be seen in this video. For some reason, this bypass seems to to be more difficult to accomplish on newer, Siri-capable devices.



The bypass can be achieved using the iPhone’s Voice Dial feature. By holding the Home button on a device for a few seconds, the Voice Dial feature will come up. Issue a dial command such as “Dial 303-555-1212”, then as the call is being initiated, eject the SIM card. The iPhone detects the SIM has been removed, cancels the call, and displays an alert saying there is no SIM. Behind the alert you will see the Phone app and after dismissing the alert, you will have full access to the Phone app. As before this means you can access contact information as well as all photos on the device.

Initially thought to only be possible on non-Siri phones, reports are now coming in of this bypass being performed on the iPhone 4S and 5 as well, though it doesn’t seem to be as easily reproducible on these devices. Performing the bypass on these devices devices would also require Siri to be disabled and Voice Dial to be enabled.

Unlike the previous bug, this bypass can also easily be prevented by disabling Voice Dial. This can be done in the iPhone’s Settings app, under General > Passcode Lock, by turning the Voice Dial switch to off. With the way Apple has been handling these so far, it would not be surprising to see this fixed in a 6.1.4 update.

Stay tuned for additional details as they become available.

Tom’s Hardware runs benchmark tests on Haswell prototype chip, finds modest performance gains for next-gen architecture

Posted by:
Date: Wednesday, March 20th, 2013, 07:35
Category: Hardware, News, Processors

intellogo.jpg

Intel’s new Haswell architecture is en route.

And its performance gains are about the same as those seen in the move from the Sandy Bridge to Ivy Bridge architectures.

A profile of a performance test of a prototype Core i7 Haswell chip by the mighty Tom’s Hardware suggests that it will offer a 7 percent to 13 percent performance gain over equivalent Ivy Bridge CPUs—a similar gain to that experienced with the move from Sandy Bridge to Ivy Bridge.


profile

The integrated HD 4600 GPU experiences an impressive speed boost of almost 30 percent, but the website noted that this still won’t allow for comfortable gaming on HD monitors, so gamers will need discrete graphics chips.

While performance gains reached up to 75 percent in the case of some specific tasks, the gains for typical desktop applications are relatively modest.

Stay tuned for additional details as they become available.

AT&T adds premium shared data, data-only options to Mobile Share plans

Posted by:
Date: Wednesday, March 20th, 2013, 07:52
Category: News

attlogo

If you’ve got the money for it, AT&T has a fairly hefty data plan for you.

Per TechHive, the wireless carrier just added three new tiers for its Mobile Share plans, which allow users to share a single pool of data across several devices. Subscribers can now get 30GB per month for US$300, 40GB per month for US$400, and 50GB per month for US$500.

At these tiers, AT&T also adds a per-device charge of US$30 per month for each smartphone, US$10 per month for tablets and gaming devices, and US$20 per month for each laptop or USB data sticks.

Streaming video through services like Netflix is one example of where you might engage in heavy use, especially with data use skyrocketing over LTE. Although if you’re dropping US$300 per month on a bad Netflix habit, that’s a problem.

Previously, AT&T’s top tier was 20GB for US$200 per month. Exceeding the limit meant paying a US$15 per gigabyte overage charge so, while the new plans seem expensive, they do offer a savings to users and businesses that need large amounts of data.

AT&T and Verizon launched their respective shared-data plans last year. Both carriers include unlimited talk and text in these plans, as well as mobile hotspot use on smartphones at no extra charge.

Stay tuned for additional details as they become available.

Apple TV updated to 5.2.1, adds bug fixes, redesigned Hulu interface

Posted by:
Date: Wednesday, March 20th, 2013, 06:49
Category: Apple TV, News, Software

When in doubt, go for a bit of a redesign.

Per 9to5Mac, Apple released its Apple TV 5.2.1 operating system on Tuesday. The update features bug fixes, security fixes and a redesigned Hulu interface that makes it easier and quicker to access content. Like other Apple TV features, the updated Hulu section now has a top-bar with categories. Users can now jump into each individual category to access content.

Apple TV users on the latest iOS version will receive the new interface automatically. Apple added Hulu to the Apple TV last summer after settling some “political” issues with the content provider. Apple is rumored to be adding HBO Go to the Apple TV later this year.

Apple releases iOS 6.1.3 update

Posted by:
Date: Tuesday, March 19th, 2013, 12:59
Category: iOS, iPhone, iPod Touch, News, security, Software

I’ll say this for Apple: it’s getting speedier on its iOS updates.

On Tuesday, Apple released iOS 6.1.3, a 107 megabyte download offering the following fixes for its supported iOS devices:

– Fixes a bug that could allow someone to bypass the passcode and access the Phone app.

– Improvements to Maps in Japan.

iOS 6.1.3 is available via iTunes or Over-The-Air updating and requires an iPhone 3GS, 4, 4S, 5, iPad 2, third or fourth-gen iPad, iPod Touch 4th Gen or iPad Mini to install and run.

Dropbox updated to 2.0.2

Posted by:
Date: Tuesday, March 19th, 2013, 12:51
Category: News, Software

You can’t knock a credible update.

On Tuesday, Dropbox released version 2.0.2 of its cloud-based storage client for Mac OS X. The new version, a 27.4 megabyte download (via MacUpdate), which adds the following fixes and changes:
– Fix a bug on OS X where the tray popup isn’t repositioned properly when plugging in an external monitor.

– Fix a bug on OS X where the tray popup can sometimes fail to appear.

– Fix a bug on OS X where the popup can fail to appear if the “Hide” option of the “Login Item” is set.

– Better reporting and handling of error conditions.

– Fix a bug where a notification’s time label sometimes contained incorrect information.

– Fix a bug where closing the client can trigger errors.

– Various performance improvement and bug fixes in rendering.

– Tweaks to notification acknowledgement.

– Minor tweaks to the tray popup’s UI.

– Other small fixes.

Dropbox 2.0.2 requires Mac OS X 10.4 or later to install and run.

If you’ve tried the new beta and have any feedback to offer, please let us know in the comments.