Apple releases Security Update 2013-002 for Mac OS X 10.6, 10.7 operating systems

Posted by:
Date: Wednesday, June 5th, 2013, 06:40
Category: News, security, Software

applelogo_silver

There were security updates yesterday.

And we’re still trying to figure out what was specifically changed.

Per The Mac Observer, Apple released security updates for Snow Leopard (OS X 10.6) and Lion (OS X 10.7) on Tuesday, for both the client and server versions of the OSes.

The patch notes for all four updates say precisely nothing, and Apple’s security update page—where security patch notes get released—has not yet been updated with these releases.

Still, if you’re running Mac OS X 10.6 or later, make sure to run the Software Update feature to snag and install the latest updates.

For those of you who like the direct approach, here are the download links for the updates:
About Security Update 2013-002 (Lion) – 57.68MB

About Security Update 2013-002 Server (Lion) – 105.61MB

About Security Update 2013-002 (Snow Leopard) – 329.85MB

About Security Update 2013-002 Server (Snow Leopard) – 404.83MB

If you’ve tried the security updates and noticed any differences, please let us know in the comments.

How-To: Encrypt volumes on your hard drive

Posted by:
Date: Tuesday, May 28th, 2013, 07:26
Category: How-To, News, security

encryption

It’s understandable that you’d want to keep your personal stuff, well, personal. That being said, CNET’s mighty Topher Kessler has turned out a spiffy step-by-step guide as to how to encrypt certain parts of your Mac’s hard drive while keeping other parts open as needed using OS X’s Disk Utility and Terminal applications.

Take a gander here and if you know of any cool security tricks you’d like to share, please let us know in the comments.

Adobe Reader, Acrobat Pro updated to 11.0.03

Posted by:
Date: Wednesday, May 15th, 2013, 07:36
Category: News, security, Software

Handy updates are handy updates.

Late Tuesday, Adobe released version 11.0.03 of its Adobe Reader and Adobe Acrobat Pro applications. The updates, which can also be snagged through the Adobe Update Utility, add the following fixes and changes:

Japanese support:
- Automatic signature detection is supported.

- Added support for the Japanese Postal Code barcode.

EchoSign integration:
- Acrobat and Reader now intelligently detect if a document may need to be signed. On successful detection, a document message bar appears with a button “Open Sign Pane” which on clicking opens the right-hand Sign Pane.

- Signature appearances can now be imported through the user’s webcam. Reader saves the signature for future use in signing workflows.

- Save a Copy: Allows the user to save the file locally or in cloud. The file will be renamed based on whether user signs the document or not.

- Send via Email: Allows users to upload the document to the EchoSign server where they can fill-in details and send the signed document.

- Send via Fax: Same as the Send via Email option.

- Get Others to Sign: Enables users to send documents that need signing to others through the EchoSign service.

- The dialog which asks the user if they want to save the signed document is removed, thereby streamlining the signing process.

Digital signatures:
- The product now supports allowing administrators to control trust for JavaScript execution for specific certificates through the use of cTrustCertifiedDocumentsByOIDs in HKCU and/or HKLM. If the values in this registry preference match an OID in a certificate’s Extended Key Usage field, then that certificate is trusted.

Tools Pane:
- Tools pane performance is improved.

- The Tools Pane is open by default and the user’s selected state is saved across sessions.

Services integration:
- When using Export PDF, Create PDF and Send Now services, the user can now choose Open from online account > Acrobat.com.

- In the Create PDF panel, the “Convert” button is now a “Select Files” button. After a file is selected the button changes to “Convert”.

- When you open a document from Acrobat.com that you were reading earlier on another device, the document opens to the page where you left off.

- The ExportPDF panel is now available in the Japanese version of Reader.

Fixes:
- Acrobat crashes on Export Image to Online Account (SharePoint).

- On OS X 10.8 Mountain Lion, PDF file preview color is incorrect in A10 and A11 when monitor display profile is other than sRGB.

Miscellaneous:
- PDFMaker plug-in not opening PPT file after conversion from FileSite server.

- Unable to use tabs to put focus on HTML field following embedded PDF.

- Acrobat browser plug-in does not calculate decimal numbers in an AcroForm correctly when system locale is set to French.

- Page being incorrectly identified as scanned in the PDF invokes OCR unnecessarily.

- Print button off screen on low resolution devices in Reader/Acrobat XI.

- The IE AcroIEHelper browser helper object is removed. Needed functionality is moved to a plugin.

- Cannot save PDF from Firefox when multiple windows are used.

- In Reader, doing an overwrite with content type enabled results in a “bad parameters” error.

- Error while entering the value for Managed Metadata field.

- Added support for the Turkish Currency symbol.

Acrobat Reader 11.0.03 and Acrobat Pro 11.0.03 require an Intel-based processor and Mac OS X 10.6.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Apple rolls out two-step ID recovery option to additional countries

Posted by:
Date: Monday, May 13th, 2013, 03:58
Category: News, security

applelogo_silver

This might help keep your Apple ID credentials a bit safer.

Per The Unofficial Apple Weblog, Apple recently introduced two-step verification for your Apple ID in certain countries, and the process is now being expanded to the rest of the world. The feature, which requires two different codes for verifying your Apple ID was initially only available in the US, UK, Australia, Ireland and New Zealand. But Apple has now included Canada in on the feature, as well as users in Argentina, Pakistan, Mexico, the Netherlands, Russia, Austria, Brazil, Belgium and Portugal. In other words, two-step authentication is now rolling out to a more or less worldwide release.

The authentication process is still optional — if users don’t think you need it, they can still stick with just their Apple ID passwords as a login. The process does help security, though it’s still not a perfect solution. Apple only implemented this procedure earlier this year due to some security concerns on behalf of users. But it will help against some attacks, and it should work as another step to keep unwanted invaders out of your Apple ID account.

As always, please let us know what you make of this over in the comments section.

New malware strain found to target Uyghur activists on the Mac

Posted by:
Date: Friday, April 26th, 2013, 07:49
Category: News, security, Software

The bad news: There’s yet a new malware strain going around on the Mac.

The good news: If you’re up to date, it’s not a concern.

Per CNET, security company F-Secure has located spam e-mail laced with backdoor Trojan horse malware has been continuously delivered to members of Uyghur activist groups in an Advanced Persistent Threat attack.

Like prior ones, the new variant takes advantage of old vulnerabilities in Microsoft Word, by sending attachments that will embed the malware in the affected system if the document is opened in an unpatched version of Word.

The malware used has changed a little over the past year, with some versions using Trojans embedded in ZIP files, and others exploiting Word vulnerabilities. F-secure’s report shows this latest attempt uses a Word document called “poadasjkdasuodrr.doc,” though any document name can likely be used. When opened, the malware contained in it will install two files that attempt to pose as update components to RealPlayer, in the following locations:
~/Library/Application Support/.realPlayerUpdate
~/Library/LaunchAgents/realPlayerUpdate.plist

Since these folders are within the user account, the malware used in this attack variant can install itself without user passwords being required. However, another mode of attack does ask for authentication; if received, the malware will then be placed in the global Library folder instead, so it will run for every user on the system.

Using the “launchagent” file, the system will keep the hidden malware in the Application Support folder running, and will attempt connections to a command-and-control server at the URL alma.apple.cloudns.org.

The best ways to avoid this malware are via safe computing practices, deleting obvious spam messages and avoiding messages with attachments that haven’t hailed from trusted sources. Additionally, these attacks often exploit known vulnerabilities that have been patched, so always keep your operating system and installed applications up-to-date.

In conclusion, Mac OS X’s Software Update feature is your best friend, avoid suspicious-looking e-mails and you should be set.

Excelsior!!!

Apple releases Safari 6.0.4 update

Posted by:
Date: Wednesday, April 17th, 2013, 07:48
Category: News, security, Software

safarilogo.jpg

The update-o-rama continues!

Late Tuesday, Apple released Safari 6.0.4, an update to its web browser. The new version, a 44.8 megabyte download (via MacUpdate), includes the following fixes and new features:

- Safari 6.0.4 allows you to enable the Java web plug-in on a website-by-website basis, with four settings to choose from.

Safari 6.0.4 requires an Intel-based Mac running Mac OS X 10.7 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Apple releases Java 2013-003 update for Mac OS X 10.7, 10.8 operating systems, Java for Mac OS X 10.6 Update 15

Posted by:
Date: Wednesday, April 17th, 2013, 07:41
Category: News, security, Software

applelogo_silver

A timely security update never goes amiss.

Following up on recently discovered zero-day Java security holes, Apple released Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 15, stands as a 72.8 megabyte download and offers the following fixes and changes:

- This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 for Mac OS X v10.6.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The second update, Apple Java 2013-003, stands as a 68.3 megabyte download and offers the following fixes and changes:

- This release updates the Apple-provided system Java SE 6 to version 1.6.0_45 and is for OS X versions 10.7 or later.

- This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

- This update also removes the Java Preferences application, which is no longer required to configure applet settings.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Adobe releases Flash Player 11.7.700.169

Posted by:
Date: Wednesday, April 10th, 2013, 08:15
Category: iOS, iPad, News, security, Software

A hefty update is never unappreciated.

On Wednesday, Adobe released Flash Player 11.7.700.169 for Mac OS X, a 16.9 megabyte download via MacUpdate. The new version adds the following fixes and changes:

Fixed Issues:
- On Retina-enabled OS X devices, Flash applications are scaled incorrectly upon opening (3496539).

-In AIR on iOS, loading a SWF with and embedded video can cause a crash in some circumstances (3514499).

- In AIR on iOS, loading an image from a remote server can cause a crash (3476445).

- On OS X, setting stage.fullScreenSourceRect when renderMode is set to “GPU”, leads to inaccurate mouse position reporting (3512232).

- In the Chrome browser, the copy shortcut (Ctrl/Cmd+C) fails (3496300).

- Attempting to embed a Flash project into Microsoft word can result in a crash (3498002).

- In AIR for iOS, some apps get rejected for missing push notification entitlement (3501744).

- In AIR for iOS, Flex applications running on iPad2 over 3G connections can experience a crash (3435401).

- In AIR for iOS, reloading of pure asset SWFs isn’t allowed (3516971).

- On OS X, some fonts do not rending properly when viewing Flash content in the Google Chrome browser (3506958).

New Features:
- Sandboxing enhancements.

- Prevent Cloud backup for Shared Objects (iOS).

- Use CPU render mode for selected devices (iOS).

- Externally host secondary SWF files (iOS).

Adobe Flash Player 11.7.700.169 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Opera web browser updated to 12.15.1748

Posted by:
Date: Thursday, April 4th, 2013, 07:55
Category: News, security, Software

operalogo

It’s hard to knock a useful web browser update.

On Thursday, Opera Software released version 12.15.1748 of its web browser. The new version, a 20.3 megabyte download via MacUpdate, boasts the following fixes and changes:
- Fixed a moderately severe issue, as reported by Attila Suszter; details will be disclosed at a later date.

- Added safeguards against attacks on the RC4 encryption protocol.

- Fixed an issue where cookies could be set for a top-level domain.

Opera 12.15.1748 is available for free and requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

Apple includes Yontoo trojan on XProtect.plist database

Posted by:
Date: Monday, March 25th, 2013, 07:37
Category: News, security, Software

With any luck, the Yontoo trojan won’t be around on the Mac OS X platform for long.

Per the Intego Security Blog and MacRumors, shortly after news emerged of a new adware trojan targeting OS X web browsers, Apple updated its malware and adware detections list to block Yontoo.

The company has apparently updated its “XProtect” anti-malware system. XProtect.plist will now recognize Yontoo and warn users that attempt to install the software on their computers.

Intego’s post notes that the XProtect detection “is very specific and potentially location-dependent.” The extra specificity, Intego supposes, may be there in order to stop only indirect installations of the file.

News of the Yontoo trojan emerged recently when a Russian anti-virus company pointed out its existence. Yontoo asks users if they want to install a browser plugin, media player, download accelerator, or other video-oriented program. Upon agreeing to the download, the plugin begins transmitting browsing data to an off-site server. User browsing data is processed, and the server sends back a file embedding third-party code into webpages visited by the user. The viewing or clicking of embedded ads then generates ad affiliate network profits for the criminals behind the adware.

Stay tuned for additional details as they become available.