Apple releases Safari 7.0.4 update

Posted by:
Date: Thursday, May 22nd, 2014, 11:43
Category: News, security, Software

Apple_Safari

Late Wednesday, Apple released Safari 7.0.4, an update to its web browser. The new version, a 53.7 megabyte download (via MacUpdate), includes the following fixes and new features:
- Addresses a significant memory corruption issue in the WebKit engine powering Apple’s browser.

- Addresses an issue with handling of unicode characters that could be exploited.

Safari 7.0.4 requires an Intel-based Mac running Mac OS X 10.9.3 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Google Chrome updated to 35.0.1916.114

Posted by:
Date: Wednesday, May 21st, 2014, 15:16
Category: News, security, Software

google-chrome-logo

It’s the updates that tend to help.

On Thursday, Google released version 35.0.1916.114 of its Chrome web browser. The update, a 53.7 megabyte download, adds the following fixes and changes:
- More developer control over touch input.

- New JavaScript features.

- Unprefixed Shadow DOM.

- A number of new apps/extension APIs.

- Lots of under the hood changes for stability and performance.

Security Fixes:
- High CVE-2014-1743: Use-after-free in styles.

- High CVE-2014-1744: Integer overflow in audio.

- High CVE-2014-1745: Use-after-free in SVG.

- Medium CVE-2014-1746: Out-of-bounds read in media filters.

- Medium CVE-2014-1747: UXSS with local MHTML file.

- Medium CVE-2014-1748: UI spoofing with scrollbar.

- CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.

- CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Google Chrome 35.0.1916.114 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Microsoft cuts support, but XP still going strong

Posted by:
Date: Friday, May 2nd, 2014, 09:55
Category: Microsoft, security, Software, Windows

XP-LogoSupport for the aging Windows XP operating system was dropped as of April 8th, but according to web traffic monitoring, the OS still held a little over 25% of the market share. While that number continues to drop, those same stats show XP to be second only to Windows 7 (nearly 50%) among the list of major operating systems.

As part of Microsoft’s discontinuation of support, they will no longer provides bug fixes, security patches, or other updates to XP. This will leave the 13-year-old OS vulnerable to future security threats. Microsoft began announcing the end of XP support nearly seven years ago to give people plenty of opportunity to migrate to a newer version of Windows, but the entrenchment of legacy business software and other factors are making then transition a slow one.

Are you going to stick with XP now that Microsoft support is gone? Let us know in the comments or on the Facebook page.

 

 

California kills smartphone ‘kill switch’ bill

Posted by:
Date: Friday, April 25th, 2014, 09:55
Category: Apple, Hardware, iPhone, Legal, Mobile Phone, News, security, Software

Back in February, State Sen. Mark Leno (D-San Francisco) and San Francisco District Attorney George Gascon introduced a bill that would mandate the inclusion of a “kill switch” in phones sold in the state of California. If approved, the anti-theft feature would have been required to be preloaded and automatically enabled on all smartphones sold after January 1, 2015, leaving the phone inoperable if stolen. In a statement put out by Leno and Gascon at the time of the bill’s introduction, in San Francisco alone, cell phone thefts make up 66 percent of all robberies. Just over the bridge in Oakland, thefts are even higher to over 75 percent. The statement also said that recovering those phones cost consumers in the US more than $30 billion in 2012.

(more…)

Samsung’s fingerprint scanner not immune to hackers

Posted by:
Date: Thursday, April 17th, 2014, 08:17
Category: Android, Hacks, privacy, Samsung, security

 

samsung_galaxy_s5_official_1_fingerprint_scanner-crop

It was only a matter of time before someone found a weakness in the fingerprint scanner found on the new Samsung Galaxy S5. Too bad Samsung didn’t learn anything from Apple’s experiences with fingerprint hacking. The very same hack that was used to bypass the iPhone 5S’s scanner, that we reported on last September, has now been used to get past the one on the Galaxy S5. The security blog SRlabs has posted a video of a fake fingerprint, which was copied from a photo image and reproduced, being used to unlock a Galaxy S5.

(more…)

Heartbleed bug hits the Internet

Posted by:
Date: Friday, April 11th, 2014, 08:25
Category: Announcement, Hacks, privacy, security, Websites

heartbleedA newly announced bug, dubbed “Heartbleed” has got online companies on the run as they race to patch the insecurity. In spite of all the current fervor however, the bug has actually been around for about two years. It may also be the first wide-scale bug to have its own web page and logo (heartbleed.com). Heartbleed is based on a fault in functionality in the widely used OpenSSL library. OpenSSL is the cryptographic software that protects information being transferred from server to server throughout the internet. It is meant to stop hackers from intercepting secure information such as logins, usernames, passwords, credit card numbers, and other personal information.

(more…)

iPhone Tips: Improving Touch ID accuracy

Posted by:
Date: Tuesday, April 8th, 2014, 09:37
Category: Apple, iOS, iPhone, security, Software, Tips

touchid-iphone5s-fingerprint-sensor-cropSince I was in a fingerprint scanning news mood, I thought it would be a good time to share this tip that I learned recently. Courtesy of iOS 7.1, you can now add additional training to your Touch ID settings in order to improve accuracy. In iOS 7.0.x, the only way to try and improve Touch ID was really to start over, and once it told you that the training was finished, you could opt to continue adding more scans of your finger. In 7.1, Apple made it fairly painless.

(more…)

Safari updated to version 7.0.3

Posted by:
Date: Thursday, April 3rd, 2014, 15:04
Category: App Store, Apple, Mac, Mavericks, Mountain Lion, OS X, security, Software

safari_icoEarlier this week, Apple released an update to Safari bringing it up to version 7.0.3 for Mavericks and Safari 6.1.3 for Mountain Lion and Lion users. The updates are available through the OS X App Store application. You will need to quit Safari, if it is open, in order to complete the update. The following is the list of changes in the update:

  • Fixes an issue that could cause the search address field to load a webpage or send a search term before the return key is pressed
  • Improves credit card auto fill compatibility with websites
  • Fixes an issue that could block receipt of push notifications from websites
  • Adds a preference to turn off push notification prompts from websites
  • Adds support for webpages with generic top-level domains
  • Strengthens Safari sandboxing
  • Fixes security issues, including several identified in recent security competitions

Interesting to note is Apple’s nod to non-Apple sources for the security fixes, although the specify sources are not named.

 

 

Recent security updates make Macs more secure, unless you’re a Snow Leopard user

Posted by:
Date: Monday, March 3rd, 2014, 08:47
Category: Apple, Lion, Mac, privacy, Processors, security, Software

snowleopardEverybody was concerned last week when it was announced that a nasty bug in OS X was leaving Macs vulnerable to attacks that could grab information traveling across shared networks. While it has been confirmed that the bug only affected Mavericks, Apple simultaneously posted security updates for Mountain Lion (10.8) and Lion (10.7), but there was no sign of any security love for Snow Leopard (10.6). This really shouldn’t be a surprise to most people since 10.6 was also skipped when a previous security update was released as well as an update to the Safari browser. The omission of 10.6 from the current update simply confirms that Snow Leopard is no longer on Apple’s radar.

(more…)

OS X 10.9.2 update is out, run don’t walk to Software Update

Posted by:
Date: Tuesday, February 25th, 2014, 16:46
Category: Announcement, App Store, Apple, Installation, Mac, Mavericks, OS X, security, Software

apple_logoAmongst recent criticism about Apple’s failure to fix an SSL security flaw in OS X, and recently patched on iDevices with iOS 7.0.6, today they released the OS X 10.9.2 update which is available via the App Store app. There was a long list of application updates and system fixes, but noticeably absent in the list was mention of the specific SSL security hole that has been dominating the news recently. The good news is that several sources confirm that there is indeed a fix for it present in the update. This one is pretty important, so it is strongly recommended that you apply the update sooner rather than later…like now would be a good time. Apple historically does not like to confirm or draw notice to security issues in software, especially not ones that have been around longer than they should have been, which probably accounts for this. Apple’s official page on the update is here, but a list of items is included below.

My personal recommendations for applying system updates;

  1. Make sure you run a backup, or that Time Machine has done so recently
  2. Close all running apps (except the App Store of course)
  3. Open Disk Utility and perform a Repair Permissions, the close Disk Utility
  4. Install the update
  5. Once the Mac applies the update and reboots, run Repair Permissions again
  6. Go get some coffee

(more…)