Adobe warns against Flash Player security exploit, offers version 14.0.0.125 as fix

Posted by:
Date: Wednesday, July 9th, 2014, 11:43
Category: News, security, Software

flashplayericon

Even if you’re not crazy about Adobe Flash Player these days, there’s a better reason than usual to upgrade to the new version.

Per AppleInsider and Adobe, a well-known vulnerability in Adobe’s Flash player that could allow malicious users to steal browser data — including cookies — on Macs, PCs, and Linux machines has been exploited for the first time. As such, Adobe has issued a patch and urged users to upgrade their system as soon as possible.

The company says that Flash Player versions 14.0.0.125 and earlier for Mac and Windows and version 11.2.202.378 and earlier for Linux suffer from the bug, which was exploited in a proof-of-concept by Google engineer Michele Spagnuolo. Mac and Windows users should update to version 14.0.0.145 while Linux users should update to version 11.2.202.394.

(more…)

Rumor: iOS 7.1.2 update to include fixes to Mail, security issues, iBeacon support

Posted by:
Date: Monday, June 23rd, 2014, 10:46
Category: iOS, Rumor, security, Software

ios-7-logo

Apple’s forthcoming iOS 7.1.2 update may fix an email attachment encryption issue, a lock screen vulnerability and improve iBeacon support along with other minor bug fixes.

Per MacRumors and AppleInsider, an anonymous source has claimed that Apple has distributed iOS 7.1.2 to carrier partners for testing ahead of a release sometime within the next two weeks.

The update supposedly contains a number of bug fixes and security patches, including a resolution to an email encryption issue discovered in April. Security researchers proved the flaw, which prevents email attachments to be saved with proper encryption protection, exists in recent iOS releases as far back as iOS 7.0.4.

(more…)

PayPal is eager to integrate Touch ID

Posted by:
Date: Friday, June 6th, 2014, 08:07
Category: Apple, Finance, Hardware, iOS, iPhone, retail, security, Services, Software

touch-id_PaypalLittle was said about Touch ID in the WWDC keynote except that the API would be opened to third-party developers for use in iOS 8. Craig Federighi did show a nice pie chart claiming that since the introduction of Touch ID on the iPhone 5s, 83% of users now use passcodes, up from the 49% that used their iPhone’s security previously. Just days after this announcement, PayPal is reportedly dipping their toes into the Touch ID API with hopes of incorporating fingerprint recognition into their iOS app’s authentication system. This isn’t really surprising as it has already done this on Android with the Samsung Galaxy S5. Hopefully the process will be more hacker-proof on iOS.

PayPal may just be the first of several companies including other mobile payment services, banks, and even large retail chains, to take advantage of access to Apple’s fingerprint scanner. Getting users familiar with using Touch ID for purchases may be just the first step in Apple’s own long rumored plans to get into the mobile payments game, using it in tandem with their Passbook software. Apple is expected to start building Touch ID sensors into all of its mobile hardware soon. Here’s hoping the technology becomes more reliable than many users’ past experiences or people may get frustrated with the process and just not use it.

 

 

1Password updated to 4.4.1

Posted by:
Date: Thursday, June 5th, 2014, 10:34
Category: News, security, Software

21711

Even a minor update to 1Password brings a hefty list of changes.

On Thursday, AgileBits released 1Password 4.4.1, the newest version of its password security utility. The new version, a 40.8 megabyte download, offers the following fixes and changes:

New:
- Added support for the WhiteHat Aviator web browser.

Improvements:
- 1Password will now keep monthly backups for the last two years.

- The Password Generator in 1Password mini can now generate passwords up to 50 characters long.

- Added Watchtower vulnerability status column in the Top View.

- The Watchtower database last updated date is now visible in Preferences > Watchtower.

- Improved the performance of code signature verification when web browsers connect to 1Password mini.

- The details view Generate Password button is now accessible in Edit Mode.

(more…)

Is Apple doing anything about iCloud breach?!

Posted by:
Date: Tuesday, May 27th, 2014, 08:16
Category: Apple, Hack, iCloud, iOS, iPhone, security

icloud-iconUnfortunately, Apple has not acknowledged the supposed hack into the iCloud systems, and rarely comments publicly on such matters, so we’ll just have to hope they are working towards protecting users’ accounts. The incursion was claimed by two hackers going by the handles AquaXetine and MerrukTechnolog, who form Team DoulCi (derived by spelling “iCloud” backwards-ish). The hack exploits an iCloud security flaw that allows someone to bypass Apple’s Activation Lock system to unlock a lost or stolen iPhone. By utilizing the DoulCi web site, and making a simple change to a file on your computer, the iPhone can be fooled into thinking DoulCi’s site is actually Apple’s iCloud servers.

(more…)

Apple releases Safari 6.1.4 update

Posted by:
Date: Thursday, May 22nd, 2014, 16:14
Category: News, security, Software

Apple_Safari

On Thursday, Apple released Safari 6.1.4, an update to its web browser for its OS X 10.7 and 10.8 operating systems. The new version, a 52.9 megabyte download (via MacUpdate), includes the following fixes and new features:
- Addresses a significant memory corruption issue in the WebKit engine powering Apple’s browser.

- Addresses an issue with handling of unicode characters that could be exploited.

According to Macworld, it’s also been rumored that Apple is currently working on a significant security update for the iOS version of its Safari web browser, the company having been criticized for patching discrepancies between the iOS and OS X versions of the software.

Safari 6.1.4 requires an Intel-based Mac running OS X 10.7.5 or OS X 10.8.5 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Apple releases Safari 7.0.4 update

Posted by:
Date: Thursday, May 22nd, 2014, 11:43
Category: News, security, Software

Apple_Safari

Late Wednesday, Apple released Safari 7.0.4, an update to its web browser. The new version, a 53.7 megabyte download (via MacUpdate), includes the following fixes and new features:
- Addresses a significant memory corruption issue in the WebKit engine powering Apple’s browser.

- Addresses an issue with handling of unicode characters that could be exploited.

Safari 7.0.4 requires an Intel-based Mac running Mac OS X 10.9.3 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Google Chrome updated to 35.0.1916.114

Posted by:
Date: Wednesday, May 21st, 2014, 15:16
Category: News, security, Software

google-chrome-logo

It’s the updates that tend to help.

On Thursday, Google released version 35.0.1916.114 of its Chrome web browser. The update, a 53.7 megabyte download, adds the following fixes and changes:
- More developer control over touch input.

- New JavaScript features.

- Unprefixed Shadow DOM.

- A number of new apps/extension APIs.

- Lots of under the hood changes for stability and performance.

Security Fixes:
- High CVE-2014-1743: Use-after-free in styles.

- High CVE-2014-1744: Integer overflow in audio.

- High CVE-2014-1745: Use-after-free in SVG.

- Medium CVE-2014-1746: Out-of-bounds read in media filters.

- Medium CVE-2014-1747: UXSS with local MHTML file.

- Medium CVE-2014-1748: UI spoofing with scrollbar.

- CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives.

- CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16.

Google Chrome 35.0.1916.114 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Microsoft cuts support, but XP still going strong

Posted by:
Date: Friday, May 2nd, 2014, 09:55
Category: Microsoft, security, Software, Windows

XP-LogoSupport for the aging Windows XP operating system was dropped as of April 8th, but according to web traffic monitoring, the OS still held a little over 25% of the market share. While that number continues to drop, those same stats show XP to be second only to Windows 7 (nearly 50%) among the list of major operating systems.

As part of Microsoft’s discontinuation of support, they will no longer provides bug fixes, security patches, or other updates to XP. This will leave the 13-year-old OS vulnerable to future security threats. Microsoft began announcing the end of XP support nearly seven years ago to give people plenty of opportunity to migrate to a newer version of Windows, but the entrenchment of legacy business software and other factors are making then transition a slow one.

Are you going to stick with XP now that Microsoft support is gone? Let us know in the comments or on the Facebook page.

 

 

California kills smartphone ‘kill switch’ bill

Posted by:
Date: Friday, April 25th, 2014, 09:55
Category: Apple, Hardware, iPhone, Legal, Mobile Phone, News, security, Software

Back in February, State Sen. Mark Leno (D-San Francisco) and San Francisco District Attorney George Gascon introduced a bill that would mandate the inclusion of a “kill switch” in phones sold in the state of California. If approved, the anti-theft feature would have been required to be preloaded and automatically enabled on all smartphones sold after January 1, 2015, leaving the phone inoperable if stolen. In a statement put out by Leno and Gascon at the time of the bill’s introduction, in San Francisco alone, cell phone thefts make up 66 percent of all robberies. Just over the bridge in Oakland, thefts are even higher to over 75 percent. The statement also said that recovering those phones cost consumers in the US more than $30 billion in 2012.

(more…)