Apple developing program to track, destroy Flashback malware

Posted by:
Date: Wednesday, April 11th, 2012, 07:38
Category: News, security, Software

applelogo_silver

I think this is where an awesome montage scene of productivity/progress begins in an 80s movie. Or at least the cast involves vows to achieve a long-term goal.

Apple revealed on Tuesday that it is currently developing software to detect and remove the Flashback malware that has infected an estimated 600,000 Macs worldwide.

The company made mention of the upcoming tool in a support document regarding the malicious software, as noted by The Loop. The document also pointed users to last week’s Java update that patched the security flaw that the virus was exploiting.

“In addition to the Java vulnerability, the Flashback malware relies on computer servers hosted by the malware authors to perform many of its critical functions. Apple is working with ISPs worldwide to disable this command and control network,” the company said.

Apple also advises Macs running OS X 10.5 or earlier to disable Java in their browser preferences.

The Flashback trojan horse was first discovered last September. The malware posed as a phony Adobe Flash Player installer in order to trick users into installing it. At the time, a security first categorized the threat as “low.” The current version of Flashback used the Java vulnerability to create a botnet that could mine personal information from unsuspecting users.

Evidence of Apple’s efforts to contact ISPs surfaced earlier on Tuesday when a Russian security firm revealed that the company had targeted one of its servers as being “involved in a malicious scheme.” Dr. Web chief executive Boris Sharov said the server was “not doing any harm to users” and was being used to monitor the spread of the virus.

Sharov noted that the relative rarity of Apple security issues meant that Dr. Web hadn’t established close ties with the company. “For Microsoft, we have all the security response team’s addresses,” he said. “We don’t know the antivirus group inside Apple.”

Last week, a Dr. Web analyst claimed that 600,000 Macs around the world had been infected by the Flashback malware. 56.6 percent of those infections are reportedly located in the U.S.

Stay tuned for additional details as they become available.

QuarkXPress 9.2.1.1 update released

Posted by:
Date: Wednesday, April 11th, 2012, 07:52
Category: News, Software

quarklogo

No one ever said updates were a bad thing.

On Wednesday, software developer Quark released version 9.2 of its QuarkXPress design application. The 160 megabyte update, which can be downloaded here, adds the following fixes and changes:

– Support for iPad retina screen in app templates.

– The ability to add retina-resolution icons to app templates.

– Support for Xcode 4.3.x on Mac OS X 10.7 Lion.

– Improvements to the reliability of the notifications feature – Improvements to the bookstore app template.

QuarkXPress 9.2.1.1 requires Mac OS X 10.5.8 later to install and run and retails for US$799.00 for the full version.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

CrossOver updated to 11.0.3

Posted by:
Date: Tuesday, April 10th, 2012, 14:43
Category: News, Software

CrossOver, the popular emulation program from CodeWeavers, has been updated to version 11.0.3. The new version, which is available as a demo, offers the following fixes and changes:

Application Enhancements:
– Fixed a bug whereby Microsoft Office 2010, Service Pack 1 refused to install. It should now install cleanly (an update of CrossTie files from the web-site may be necessary).

– Fixed a bug where Quicken 2012 would hang adding a new online account or updating a bank account.

– Fixed a bug where PowerPoint 2010 would refuse to play slideshows. Slideshows will now work in PowerPoint 2010.

CrossOver Enhancements:
– Fixes for (we hope!) the last outstanding problems with CrossOver registration / licensing.

– Improvements to Japanese and Russian translations.

CrossOver 11.0.3 retails for US$69.95 and requires Mac OS X 10.5 and or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Adobe Reader, Adobe Acrobat Pro updated to 10.1.3

Posted by:
Date: Tuesday, April 10th, 2012, 11:18
Category: News, Software

On Wednesday, Adobe released version 10.1.3 of its Adobe Reader application. The update, which can also be snagged through the Adobe Update Utility, adds the following fixes and changes:

– New electronic signature types have been added, including typewritten and hand-drawn.

– It is now possible to send signed documents via EchoSign.

– AcroForms is now supported.

– Users can sign AcroForms that are not Reader Enabled without a Submit button.

– The document message bar and associated workflow dialog text have been updated.

– Export PDF Reader’s Export PDF service expands optical character recognition beyond English to include French, German, Italian, Japanese, and Spanish.

– 2951429: Ink Manager color swatches are broken, display in RGB, most spots missing.

– Printing workarounds for the issues below appear at http://helpx.adobe.com/acrobat/kb/pdf-wont-print- reader-10.html:   

– The printing preference to print on both sides of the paper is on by default.
Reader crashes when trying to print when Protected Mode is on.

– Acrobat X Professional crashes on close Preflight panel access: See http://helpx.adobe.com/acrobat/kb/acrobat-x-professional-crashes-close.html.

– PDFs in a browser appear as a grey box and don’t display when sent via HTTPS/SSL: For a hot fix and workaround, go here: http://helpx.adobe.com/acrobat/kb/pdf-opens-grey-screen-browser.html.

– Some plugins that rely on HFTs may cause a hang or crash. For example, the LeanGreen plugin does not work. Acrobat 10.1.3 crashes when closing Acrobat after accessing Preflight panel.

Acrobat Reader 10.1.3 and Acrobat Pro requires an Intel-based processor and Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

U.S. government to work with wireless carriers to create national stolen phone database

Posted by:
Date: Tuesday, April 10th, 2012, 07:28
Category: iPhone, News

This could be perceived as sort of “Big Brother”-ish, but also pretty helpful.

Per the Wall Street Journal, four of the largest wireless carriers in the US are working with the US government to create a national stolen phone database. Verizon Wireless, AT&T, Sprint and T-Mobile will develop their own databases and then merge them into a centralized server within the next 18 months. Eventually, regional carriers will also participate in this initiative.

The database will help carriers and law enforcement track lost and stolen phones. Besides tracking phones, carriers have agreed to block both calling and data services for these blacklisted phones. This will be an easy task for Verizon and Sprint, but not so simple for T-Mobile and AT&T.

Verizon Wireless and Sprint already track each subscriber’s phone using the phone’s unique electronic serial number. This lets them easily block any phone that’s been reported lost or stolen. AT&T and T-Mobile do not have a similar service in place, because their GSM phones use SIM cards. As long as you have a valid SIM card, you can use any phone, regardless of whether it is lost or stolen. These two GSM carriers are working on new technology that would let them track and block a phone using a unique ID.

Stay tuned for additional details as they become available.

Parallels Desktop updated to 7.0.15094.749908

Posted by:
Date: Monday, April 9th, 2012, 12:08
Category: News, Software

parallelslogo1.jpg

On Thursday, Parallels released version 7.0.15094.749908 of its Parallels Desktop virtualization software. The new update, a 306 megabyte download, adds the following fixes and changes:

– Improved 3D support.

– Ability to easily download and install Fedora 16 from within the Parallels Wizard.

– Support for the Dvorak keyboard, Arabic keyboard and French numeric keyboard layout.

– Improved support for the Swedish keyboard layout.

Parallels Desktop 7 retails for US$79.99 and requires a 64-bit Intel-based processor, Mac OS X 10.5.8 or later, 2GB of RAM (4GB recommended to run Windows 7), at least 700 MB of space available on the boot volume for Parallels Desktop installation and 15 GB of available disk space for Windows.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

AT&T using iTunes, telephone-based assistance for iPhone unlock process

Posted by:
Date: Monday, April 9th, 2012, 07:36
Category: iPhone, News

attlogo

Following up on Friday’s story, wireless carrier AT&T began allowing out-of-contract customers to unlock their iPhone for use on other carriers yesterday, and the unlock codes are applied to the device after restoring through iTunes.

Per AppleInsider, customers who were among the first to take advantage told the web site that after dialing 611 to speak with a customer service representative, they were met with a lengthy wait to speak with a technician.

Once that AT&T representative was on the phone, they asked a series of qualifying questions to ensure that the user was eligible for their iPhone to be unlocked.

The unlock process is detailed by AT&T in a PDF document shared by users who request the service. In it, the carrier offers a series of four steps that must be accomplished in order to complete the unlock.

The unlock code actually comes through Apple and is administered through iTunes. AT&T’s instructions tell users to open iTunes on their Mac or PC, connect their iPhone via USB, and backup and restore their handset. Restoring the iPhone will unlock it for use on other carriers.

AT&T’s instructions also include a link to a support document available on Apple’s website. There, users are instructed to reseat the SIM card in their iPhone, restore their handset, or contact their carrier if they experience issues with unlocking via iTunes.

If the authorized unlock is completed successfully, users are met with the message: “Unlock Complete. Congratulations, your iPhone has been unlocked. To set up and sync this iPhone, click Continue.”

If you’ve been part of the unlock process, please let us know how it went via the comments and thank you.

Apple, Universal Studios reach accord, Universal Studios films now available via iTunes/iCloud

Posted by:
Date: Monday, April 9th, 2012, 07:22
Category: iTunes, Software

It took some finagling of contracts, but movies from Universal Pictures purchased on iTunes can now be re-downloaded through the iCloud service.

Per MacRumors, Universal and Fox were initially absent from iCloud as a result of content deals with premium cable network HBO, though those issues were resolved last month. Universal Pictures films became available this weekend on iCloud, and users who have previously purchased the films from iTunes can re-download them at no cost.

While Universal’s films are now available through iCloud, customers looking to re-download 20th Century Fox must still wait for that content, even though HBO was said last month to have reached an agreement. The Wall Street Journal said at the time that Fox expected to have its content on iCloud “within weeks,” suggesting it may not be a much longer wait.

In March, Apple began offering users the ability to re-download movies that were previously purchased on iTunes via its iCloud service. The service even applies to the iTunes Digital Copy format, which gives users the ability to download a digital version of a film when they buy a DVD or Blu-ray disc.

The iTunes in the Cloud functionality in iCloud originally only applied to music, books and applications purchased through the iTunes Store. Now, users can access both movies and TV shows as well, from participating studios.

In addition, television content is available in high-definition 1080p format, allowing it to be natively displayed on the new Apple TV. Previously, content maxed out at 720p, which was the highest resolution output of the previous generation Apple TV.

Stay tuned for additional details as they become available.

AT&T to begin unlocking off-contract iPhone units beginning April 8th

Posted by:
Date: Friday, April 6th, 2012, 11:31
Category: iPhone, News

attlogo

As much as AT&T may drive you crazy, you might like this.

Per Electronista and Engadget, AT&T will begin unlocking certain iPhones in the (very) near future. As of April 8, customers that are either out of contract or bought contract-free will have the option of derestricting the phone’s SIM slot much like the already-unlocked iPhones sold at Apple retail stores. The only other condition was to have a healthy account.

“Beginning Sunday, April 8, we will offer qualifying customers the ability to unlock their AT&T iPhones,” a spokesman said. “The only requirements are that a customer’s account must be in good standing, their device cannot be associated with a current and active term commitment on an AT&T customer account, and they need to have fulfilled their contract term, upgraded under one of our upgrade policies or paid an early termination fee.”

The initiative follows a number of complaints that led to Apple’s Tim Cook taking action and arranging for a handful of case-by-case unlocks. Other carriers worldwide have been offering after-sale iPhone unlocks, most notably in Canada, but AT&T until now has declined to do it, even for customers who paid the unsubsidized price.

More incentive exists for AT&T to unlock phones now that its spectrum refarming gives a real chance that its 3G network, and future 4G LTE network, will work properly with existing iPhones. A SIM unlock was previously only useful for those either willing to limit themselves to 2G data or who were traveling and wanted a much less expensive local SIM card instead of AT&T’s roaming plans.

If you go through the unlocking experience, please let us know how it went and stay tuned for additional details as they become available.

Security hole discovered in Facebook, Dropbox apps for iOS, physical connection needed to exploit it (updated)

Posted by:
Date: Friday, April 6th, 2012, 07:26
Category: security, Software

You’re probably not going to like this.

According to security researcher Gareth Wright and The Next Web, a fairly prominent security hole has been discovered in the popular Facebook and Dropbox iOS apps. The good news is that someone would have to have physical access to your iPhone, and you’d have to allow them to plug it into their Mac, then allow them to do a bunch of business on your phone to grab a plain text file from inside these apps, then they’d have to go and do something malicious on your Facebook or Dropbox accounts.

Although many have reported jailbreak is required to access this hole, that is simply not true. A Mac app like iExplorer, which allows you to open app folders on an iPhone, will allow you to access the security hole.

According to The Unofficial Apple Weblog, it works like this: iOS apps use .plist files (aka property list files), to store all sorts of little things about an app. In this case, Dropbox and Facebook are using an unencrypted property list to apparently store both the oauth key and its secret counterpart.

By using iExplorer to find the right plist, that file can be copied and dropped into another device, which would then be able to access your account as though you had already logged in. Using a property list in this way leaves us scratching our heads.

Facebook issued a comment saying they will patch this soon and a representative with Dropbox offered the following comment:

“Dropbox’s Android app is not impacted because it stores access tokens in a protected location. We are currently updating our iOS app to do the same. We note that the attack in question requires a malicious actor to have physical access to a user’s device. In a situation like that, a user is susceptible to all sorts of threats, so we strongly advise safeguarding devices.”

Stay tuned for additional details as they become available.