O'Grady's PowerPage » OS X

Researcher finds Sparkle framework vulnerability, highlights popular apps that could be exploited

Posted by:
Date: Wednesday, February 10th, 2016, 08:31
Category: News, OS X, security, Software, Yosemite

trojanhorse

Well, this is a mess.

A “huge” number of third-party Mac apps are under threat of man-in-the-middle attacks due to a recently discovered vulnerability in Sparkle, an open source framework used to facilitate software updates.

The flaw, which centered around a flawed WebKit rendering engine implementation found in certain Sparkle builds, is to blame for the newly discovered attack that allows malicious users to insert and execute JavaScript code when affected app check for software updates.

Along with a flawed Sparkle version, vulnerable apps must also be running an unencrypted HTTP channel to receive software updates from offsite servers. This can allow other users to capture network traffic and thereby run malicious code on a target computer. The exploit has been cited by a software engineer called “Radek”, who confirmed the exploit affects apps running on the latest versions of OS X 10.11 El Capitan and OS X 10.10 Yosemite.

(more…)

Apple releases iOS 9.2.1, OS X 10.11.3 updates

Posted by:
Date: Tuesday, January 19th, 2016, 16:53
Category: iOS, News, OS X, Software, Yosemite

applelogo1

They’re not huge updates according to Apple, but they could make a difference.

Apple on Tuesday released iOS 9.2.1 and OS X 10.11.3, the company stating that both updates contain security and bug fixes.

More specifically, iOS 9.2.1 contains a fix for an issue “that could prevent the completion of app installation when using an MDM server.”

(more…)

Apple releases OS X 10.11.2 El Capitan update

Posted by:
Date: Tuesday, December 8th, 2015, 15:20
Category: News, OS X, Software

elcapitan

If you’ve been hankering for a heft update to OS X 10.11 El Capitan, it just came out.

On Tuesday, Apple released OS X 10.11.2, the latest update to its OS X operating system. The update, a 1.87 gigabyte download, offers the following fixes and changes:

– Improves Wi-Fi reliability

– Improves the reliability of Handoff and AirDrop

– Fixes an issue that may cause Bluetooth devices to disconnect

(more…)

Apple replaces discoveryd with mDNSResponder for iOS 9, OS X 10.11 betas

Posted by:
Date: Wednesday, June 10th, 2015, 08:28
Category: Developer, iOS, News, OS X, Software

mdns

It looks like the discoveryd protocol may not be working out for Apple and thus, it could be abandoned for both iOS 9 and OS X 10.11.

Recent analysis of the iOS 9 and OS X 10.11 El Capitan have shown that Apple has dropped the network protocol for the time being.

In both cases, mDNSResponder has been substituted in again, although the internal nature of the process makes it impossible to see whether it has changed at all since the build of OS X 10.10.4. The discovery protocol has been blamed for many networking and communication stability issues. One way Apple has achieved this is to get rid of discoveryd completely.

(more…)

How Apple could improve the awesome VIP Sender feature

Posted by:
Date: Tuesday, February 10th, 2015, 07:29
Category: iOS, Mail, OS X

Apple Mail: Could not add VIP. A maximum of 100 VIPs is allowed. Please remove any unused VIPs and try again.

TL;DR I love the VIP Sender feature in OS X and iOS and use it all the time, but it needs to be expanded.

It works like this: click a sender’s name/email address in either OS X Mail or Mail.app and select “Add to VIPs.” Doing so prioritizes email from that sender and when new mail arrives, you’ll see an alert in notification center.

It’s super-convenient when you’re waiting for an important email from a client, colleague or your spouse. You can’t help but notice the email’s arrival on your iPhone lock screen and VIP Sender has saved my bacon many times. I’m using a VIP Sender this week to correspond back and forth with my account, for example, because I’d like to know immediately when he emails me.

The problem is that Apple caps the number of VIPs at 100 and once you’ve reached the cap your only option is to remove some VIPs. Removing a VIP Sender involves, navigating to the “VIP” folder in Mail, then clicking on senders individually, then on “Remove from VIP.” While not difficult, it can be time consuming.

While we should all endeavor to curate, organize and better tend to our email, but who has the time?

Here are two simple enhancements that would make VIP Sender infinitely more valuable…

(more…)

djay Pro hits the decks with huge OS X update

Posted by:
Date: Thursday, December 18th, 2014, 13:42
Category: Mac, music, OS X, Software, Uncategorized

djay Pro hits the decks with huge OS X update

Much of the innovation in DJ software has centered on mobile over the past couple of years. The white-hot iOS market has exploded with DJ software lead by Algoriddim‘s revolutionary djay app for iPhone and iPad, which have changed the way DJs play music live.

In additional to its popular iOS apps Algoriddim also offers djay for OS X (first launched in 2006) that today got a major reboot as djay Pro ($49.99, Mac App Store).

djay Pro is a complete rewrite of Algroriddim’s popular DJing application for Yosemite that leverages modern OS X standards like 64-bit, 60 FPS, and native sandboxed iTunes access plus everything they’ve learned from their iOS apps.

I’ve been using djay apps since day one and they’re hands down the best DJ apps on iOS and OS X. Whether you’re a bedroom DJ, spinning the hits at a holiday party or an aspiring club DJ, Algoriddim’s djay is the way to go.

Here’s a video of djay Pro for OS X in action:

Yosemite easter egg: mountain tree spirits

Posted by:
Date: Wednesday, November 26th, 2014, 15:51
Category: Apple, OS X, Yosemite

Color me skeptical, but this one came to my attention and was too cool not to share.

A PowerPage reader sent along what he believes to be an easter egg hidden in plain sight in one of Mac OS 10.10 (Yosemite’s) default desktop pictures, a.k.a. “wallpaper.” If you’re running Yosemite, open System Preferences > Desktop & Screen Saver > Desktop, then choose Apple > Desktop Pictures and the third option (the grey and green mountain scene:

Yosemite Mountain Sprits hidden in Desktop Pictures?

Click through for the spooky result…

(more…)

Apple releases OS X Yosemite, iWork updates as free updates on Mac App Store

Posted by:
Date: Thursday, October 16th, 2014, 14:30
Category: News, OS X, Software, Yosemite

os-x-yosemite-logo

The OS X 10.10 Yosemite downloading and installation frenzy begins today.

Over at its media event, Apple announced that OS X 10.10 Yosemite, its free next-generation operating system, will arrive on the Mac App Store today. The new version includes a new design that’s more contiguous with iOS 8 as well as features like Continuity and Handoff. Apple has also released a redesigned version of its iWork suite, which will be available as a free download.

Apple software chief Craig Federighi demonstrated many of the new features of Yosemite at a media event in Cupertino, California today, chief among them the new Continuity and Handoff features, which allow users to seamlessly transition between their Mac and their iOS devices.

Stay tuned for additional details as they become available.

Apple patches Shellshock vulnerability, but it’s not in Software Update

Posted by:
Date: Wednesday, October 1st, 2014, 01:24
Category: OS X, security

OS X bash Update 1.0 for OS X Mavericks released to address Shellshock bug on Macs

Apple released OS X bash Update 1.0 for OS X Mavericks to fix a vulnerability in the bash UNIX shell. “Shellshock” is believed to be much worse than the Heartbleed vulnerability that was discovered earlier this year.

PC Magazine wrote about two scenarios that can make OS X vulnerable to the Shellshock bash bug:

For example, Bash would be exposed if a user turned on the remote login capability for all users, including guests. But that is an action that “is probably not the most secure thing to do anyway,” Erwin wrote, as it would open up the computer to other possible attacks.

Another scenario in which adjusted settings could make a difference is on a Lion OS X server running Apache or PHP scripting environments, Erwin wrote. If Apache is configured to run scripts, an attacker could insert variables into a script that a Bash shell would run.

Curiously, OS X bash Update 1.0 isn’t available through the usual channel (the Updates tab in the App Store). It needs to be downloaded and installed manually. Based on the potential impacts of the bug it’s recommended that all OS X 10.9/Mavericks users install OS X bash Update 1.0 right away. 

Apple posts new MacBook Air EFI update 2.9.1

Posted by:
Date: Wednesday, July 30th, 2014, 18:36
Category: Announcement, App Store, Apple, Installation, Mac, MacBook Air, OS X, Software

MBA_EFI_291

As we reported last week, there were numerous problems with the MacBook Air firmware update released earlier in the week. Users reported symptoms as innocuous as the update simply not being applied, to preventing the laptop from rebooting. In most cases, performing multiple SMC resets on the computer fixed the booting problem, but the update was still not installed. A few users found that even though the System Information application reported that the firmware was not updated, afterwards their MacBook Airs began suffering some of the problems that the 2.9 update was supposed to fix. Some of the symptoms included trouble reconnecting to wifi networks, fans unnecessarily running at full speed, and issues with sleeping and waking the computer.

Let than a day after the reports began flooding in, Apple removed the update from the App Store and users were no longer getting prompted to install it. As of today, a newly numbered 2.9.1 update can be found appearing in the App Store under Updates. Owners are cautioned to hold off on applying the new update, unless necessary, until reports come back that the install is working correctly. We will keep you updated as reports come in and the situation develops.

Have you already risked the update? Let us know and any relevant details in the comments or on our Facebook page!