Adobe Reader, Acrobat Pro updated to 11.0.03

Posted by:
Date: Wednesday, May 15th, 2013, 07:36
Category: News, security, Software

Handy updates are handy updates.

Late Tuesday, Adobe released version 11.0.03 of its Adobe Reader and Adobe Acrobat Pro applications. The updates, which can also be snagged through the Adobe Update Utility, add the following fixes and changes:

Japanese support:
- Automatic signature detection is supported.

- Added support for the Japanese Postal Code barcode.

EchoSign integration:
- Acrobat and Reader now intelligently detect if a document may need to be signed. On successful detection, a document message bar appears with a button “Open Sign Pane” which on clicking opens the right-hand Sign Pane.

- Signature appearances can now be imported through the user’s webcam. Reader saves the signature for future use in signing workflows.

- Save a Copy: Allows the user to save the file locally or in cloud. The file will be renamed based on whether user signs the document or not.

- Send via Email: Allows users to upload the document to the EchoSign server where they can fill-in details and send the signed document.

- Send via Fax: Same as the Send via Email option.

- Get Others to Sign: Enables users to send documents that need signing to others through the EchoSign service.

- The dialog which asks the user if they want to save the signed document is removed, thereby streamlining the signing process.

Digital signatures:
- The product now supports allowing administrators to control trust for JavaScript execution for specific certificates through the use of cTrustCertifiedDocumentsByOIDs in HKCU and/or HKLM. If the values in this registry preference match an OID in a certificate’s Extended Key Usage field, then that certificate is trusted.

Tools Pane:
- Tools pane performance is improved.

- The Tools Pane is open by default and the user’s selected state is saved across sessions.

Services integration:
- When using Export PDF, Create PDF and Send Now services, the user can now choose Open from online account > Acrobat.com.

- In the Create PDF panel, the “Convert” button is now a “Select Files” button. After a file is selected the button changes to “Convert”.

- When you open a document from Acrobat.com that you were reading earlier on another device, the document opens to the page where you left off.

- The ExportPDF panel is now available in the Japanese version of Reader.

Fixes:
- Acrobat crashes on Export Image to Online Account (SharePoint).

- On OS X 10.8 Mountain Lion, PDF file preview color is incorrect in A10 and A11 when monitor display profile is other than sRGB.

Miscellaneous:
- PDFMaker plug-in not opening PPT file after conversion from FileSite server.

- Unable to use tabs to put focus on HTML field following embedded PDF.

- Acrobat browser plug-in does not calculate decimal numbers in an AcroForm correctly when system locale is set to French.

- Page being incorrectly identified as scanned in the PDF invokes OCR unnecessarily.

- Print button off screen on low resolution devices in Reader/Acrobat XI.

- The IE AcroIEHelper browser helper object is removed. Needed functionality is moved to a plugin.

- Cannot save PDF from Firefox when multiple windows are used.

- In Reader, doing an overwrite with content type enabled results in a “bad parameters” error.

- Error while entering the value for Managed Metadata field.

- Added support for the Turkish Currency symbol.

Acrobat Reader 11.0.03 and Acrobat Pro 11.0.03 require an Intel-based processor and Mac OS X 10.6.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Apple rolls out two-step ID recovery option to additional countries

Posted by:
Date: Monday, May 13th, 2013, 03:58
Category: News, security

applelogo_silver

This might help keep your Apple ID credentials a bit safer.

Per The Unofficial Apple Weblog, Apple recently introduced two-step verification for your Apple ID in certain countries, and the process is now being expanded to the rest of the world. The feature, which requires two different codes for verifying your Apple ID was initially only available in the US, UK, Australia, Ireland and New Zealand. But Apple has now included Canada in on the feature, as well as users in Argentina, Pakistan, Mexico, the Netherlands, Russia, Austria, Brazil, Belgium and Portugal. In other words, two-step authentication is now rolling out to a more or less worldwide release.

The authentication process is still optional — if users don’t think you need it, they can still stick with just their Apple ID passwords as a login. The process does help security, though it’s still not a perfect solution. Apple only implemented this procedure earlier this year due to some security concerns on behalf of users. But it will help against some attacks, and it should work as another step to keep unwanted invaders out of your Apple ID account.

As always, please let us know what you make of this over in the comments section.

New malware strain found to target Uyghur activists on the Mac

Posted by:
Date: Friday, April 26th, 2013, 07:49
Category: News, security, Software

The bad news: There’s yet a new malware strain going around on the Mac.

The good news: If you’re up to date, it’s not a concern.

Per CNET, security company F-Secure has located spam e-mail laced with backdoor Trojan horse malware has been continuously delivered to members of Uyghur activist groups in an Advanced Persistent Threat attack.

Like prior ones, the new variant takes advantage of old vulnerabilities in Microsoft Word, by sending attachments that will embed the malware in the affected system if the document is opened in an unpatched version of Word.

The malware used has changed a little over the past year, with some versions using Trojans embedded in ZIP files, and others exploiting Word vulnerabilities. F-secure’s report shows this latest attempt uses a Word document called “poadasjkdasuodrr.doc,” though any document name can likely be used. When opened, the malware contained in it will install two files that attempt to pose as update components to RealPlayer, in the following locations:
~/Library/Application Support/.realPlayerUpdate
~/Library/LaunchAgents/realPlayerUpdate.plist

Since these folders are within the user account, the malware used in this attack variant can install itself without user passwords being required. However, another mode of attack does ask for authentication; if received, the malware will then be placed in the global Library folder instead, so it will run for every user on the system.

Using the “launchagent” file, the system will keep the hidden malware in the Application Support folder running, and will attempt connections to a command-and-control server at the URL alma.apple.cloudns.org.

The best ways to avoid this malware are via safe computing practices, deleting obvious spam messages and avoiding messages with attachments that haven’t hailed from trusted sources. Additionally, these attacks often exploit known vulnerabilities that have been patched, so always keep your operating system and installed applications up-to-date.

In conclusion, Mac OS X’s Software Update feature is your best friend, avoid suspicious-looking e-mails and you should be set.

Excelsior!!!

Apple releases Safari 6.0.4 update

Posted by:
Date: Wednesday, April 17th, 2013, 07:48
Category: News, security, Software

safarilogo.jpg

The update-o-rama continues!

Late Tuesday, Apple released Safari 6.0.4, an update to its web browser. The new version, a 44.8 megabyte download (via MacUpdate), includes the following fixes and new features:

- Safari 6.0.4 allows you to enable the Java web plug-in on a website-by-website basis, with four settings to choose from.

Safari 6.0.4 requires an Intel-based Mac running Mac OS X 10.7 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Apple releases Java 2013-003 update for Mac OS X 10.7, 10.8 operating systems, Java for Mac OS X 10.6 Update 15

Posted by:
Date: Wednesday, April 17th, 2013, 07:41
Category: News, security, Software

applelogo_silver

A timely security update never goes amiss.

Following up on recently discovered zero-day Java security holes, Apple released Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 15, stands as a 72.8 megabyte download and offers the following fixes and changes:

- This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 for Mac OS X v10.6.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The second update, Apple Java 2013-003, stands as a 68.3 megabyte download and offers the following fixes and changes:

- This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 and is for OS X versions 10.7 or later.

- This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

- This update also removes the Java Preferences application, which is no longer required to configure applet settings.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Adobe releases Flash Player 11.7.700.169

Posted by:
Date: Wednesday, April 10th, 2013, 08:15
Category: iOS, iPad, News, security, Software

A hefty update is never unappreciated.

On Wednesday, Adobe released Flash Player 11.7.700.169 for Mac OS X, a 16.9 megabyte download via MacUpdate. The new version adds the following fixes and changes:

Fixed Issues:
- On Retina-enabled OS X devices, Flash applications are scaled incorrectly upon opening (3496539).

-In AIR on iOS, loading a SWF with and embedded video can cause a crash in some circumstances (3514499).

- In AIR on iOS, loading an image from a remote server can cause a crash (3476445).

- On OS X, setting stage.fullScreenSourceRect when renderMode is set to “GPU”, leads to inaccurate mouse position reporting (3512232).

- In the Chrome browser, the copy shortcut (Ctrl/Cmd+C) fails (3496300).

- Attempting to embed a Flash project into Microsoft word can result in a crash (3498002).

- In AIR for iOS, some apps get rejected for missing push notification entitlement (3501744).

- In AIR for iOS, Flex applications running on iPad2 over 3G connections can experience a crash (3435401).

- In AIR for iOS, reloading of pure asset SWFs isn’t allowed (3516971).

- On OS X, some fonts do not rending properly when viewing Flash content in the Google Chrome browser (3506958).

New Features:
- Sandboxing enhancements.

- Prevent Cloud backup for Shared Objects (iOS).

- Use CPU render mode for selected devices (iOS).

- Externally host secondary SWF files (iOS).

Adobe Flash Player 11.7.700.169 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Opera web browser updated to 12.15.1748

Posted by:
Date: Thursday, April 4th, 2013, 07:55
Category: News, security, Software

operalogo

It’s hard to knock a useful web browser update.

On Thursday, Opera Software released version 12.15.1748 of its web browser. The new version, a 20.3 megabyte download via MacUpdate, boasts the following fixes and changes:
- Fixed a moderately severe issue, as reported by Attila Suszter; details will be disclosed at a later date.

- Added safeguards against attacks on the RC4 encryption protocol.

- Fixed an issue where cookies could be set for a top-level domain.

Opera 12.15.1748 is available for free and requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

Apple includes Yontoo trojan on XProtect.plist database

Posted by:
Date: Monday, March 25th, 2013, 07:37
Category: News, security, Software

With any luck, the Yontoo trojan won’t be around on the Mac OS X platform for long.

Per the Intego Security Blog and MacRumors, shortly after news emerged of a new adware trojan targeting OS X web browsers, Apple updated its malware and adware detections list to block Yontoo.

The company has apparently updated its “XProtect” anti-malware system. XProtect.plist will now recognize Yontoo and warn users that attempt to install the software on their computers.

Intego’s post notes that the XProtect detection “is very specific and potentially location-dependent.” The extra specificity, Intego supposes, may be there in order to stop only indirect installations of the file.

News of the Yontoo trojan emerged recently when a Russian anti-virus company pointed out its existence. Yontoo asks users if they want to install a browser plugin, media player, download accelerator, or other video-oriented program. Upon agreeing to the download, the plugin begins transmitting browsing data to an off-site server. User browsing data is processed, and the server sends back a file embedding third-party code into webpages visited by the user. The viewing or clicking of embedded ads then generates ad affiliate network profits for the criminals behind the adware.

Stay tuned for additional details as they become available.

Apple adds two-step verification, other new features to iCloud security

Posted by:
Date: Friday, March 22nd, 2013, 06:44
Category: News, security, Software

When in doubt, beef up the ol’ security system a bit…

On Thursday, Apple has rolled out a new two-step verification service for iCloud and Apple ID users. This functionality greatly enhances the security of Apple accounts because it requires users to use a trusted device and an extra security code.

Per 9to5Mac, the security code can be sent via SMS or via the Find my iPhone iOS app (if it is installed). Users can now setup two-step authentication on their devices via the Apple ID web site. Users need to access the security tab on this website to conduct the setup process.

During the setup process for two-step verification, users can choose which of their iOS devices they want to be “trusted.” This new service will allow only you to be able to reset your password.

Full details can be located at the Apple ID web site.

Advertising-based trojan goes into wild on Mac OS X, Windows platforms

Posted by:
Date: Thursday, March 21st, 2013, 07:55
Category: Hack, News, security, Software

The available list of Mac malware (and jerks creating it) just grew a bit.

Per MacNN, a new Mac trojan is inserting ads into Safari, Chrome, and Firefox, says a Russian security firm, Doctor Web. Nicknamed “Trojan.Yontoo.1,” the malware is so far being distributed through movie trailer pages, which prompt people to download a browser plugin, a media player, a video enhancer, or a download accelerator. When launched, the malware asks to be installed under a name such as “Free Twit Tube.”

In reality, the installer inserts a plugin into the aforementioned browsers, which transmits data about the websites a person visits to a remote server, and inserts ads into places in sites where they wouldn’t otherwise exist. Visiting the official Apple page for the iPad mini, for instance, may trigger an ad for unrealistically low iPad discounts. Doctor Web notes that the attackers could potentially swap out the plugin for different or updated code.

The malware is targeting Windows systems as well, but Doctor Web comments that hackers are increasingly targeting Mac owners, and that such ad schemes generate money regardless of the platform they’re on. The hackers likely receive money for each ad impression, and more if a person actually clicks on an ad. There doesn’t appear to be any defense against the trojan in OS X at the moment, short of rejecting the installation; Apple may, however, be able to create a safeguard by updating the OS’ blacklist.

Stay tuned for additional details as they become available.