Apple Releases SMC Firmware Update 1.3 for 13″ MacBook

Posted by:
Date: Wednesday, February 18th, 2009, 08:29
Category: MacBook

macbooks.jpg
Late Tuesday, Apple released its SMC Firmware Update 1.3 for the company’s 13″ polycarbonate (black and white non-unibody) MacBook notebooks released in early 2009. The update, a 557 kilobyte download, works to clear a performance issue wherein the notebook may slow down when booted while using battery power only. This SMC Update improves startup time when starting up from the battery.
The update requires Mac OS X 10.5 or later to install and run.
If you’ve tried the update and noticed any changes, please let us know in the comments or forums.

(more…)

Apple Posts Knowledge Base Articles to Help Access RAM/Hard Drive/Battery for Unibody MacBooks

Posted by:
Date: Tuesday, February 17th, 2009, 13:41
Category: How-To

el17.jpg
Recently, Apple posted updated Knowledge Base documents referencing how to access the batteries, hard drive and RAM on the new unibody MacBook and MacBook Pro notebooks.
While the 13″ and 15″ computers come with a hatch that provides easy access (at least to the hard drive and battery), the 17″ computers do not have a hatch and many users have complained about the accessibility for user-serviceable hard drives, as well as RAM upgrades for the whole product line.
Per MacFixIt, Apple’s reasoning for removing the access hatch makes sense from a battery engineering standpoint, but it does limit users from otherwise relatively simple repairs, upgrades, and troubleshooting. Despite not having a hatch, the 17″ macbook is still accessible. Users will have to remove the bottom case of the computer, and will need a #0 philips screwdriver.
The Knowledge Base documents can be located at the following links:
17″ MacBook Hard Drive (and RAM) (note that the RAM installation instructions are inscribed on the inside hatch).
15″ MacBook Hard Drive (and RAM).
For users interested in upgrading the RAM on the new 15″ MacBook Pro, the following video guide functions as a very thorough demonstration on how to upgrade the RAM:
www.5min.com/Video/How-to-Upgrade-RAM-in-Unibody-MacBook-Pro—Bleeding-Edge-TV-297–71649299
If you’ve upgraded your unibody MacBook or MacBook Pro and have any tips to offer, let us know in the comments or forums.

(more…)

Adobe Developing Flash Light for Mobile Phones, Application Still Not iPhone-Ready

Posted by:
Date: Tuesday, February 17th, 2009, 09:23
Category: iPhone

3giphone.jpg
Adobe’s Flash Lite multimedia player, while still lacking iPhone compatibility, may reach one billion mobile phones by the end of March according to market researcher Strategy Analytics. In a recent report, the company said that Adobe could reach its desired target mark one year ahead of schedule given its recent support for HD video as well as Nokia’s agreements to install Flash Lite on its phones. Another factor mentioned by the company is the absence of real competition for Adobe’s Flash Lite player. Representatives from the firm went on to predict that another 1.5 billion smartphones could carry the software within two years according to ComputerWorld.
On the competition end, Microsoft is currently developing a Silverlight for Mobile Player for release on Nokia’s Symbian S60 devices and its own Windows Mobile Phones. Representatives from the company expressed opinions that the plugin won’t make a significant impact on Flash Lite’s current increases.
To help continue with its progress, Adobe will be demonstrating a Flash Player 10 for smartphones at Mobile World Congress in Barcelona this week. Along with the Flash 10 beta, Adobe will also be releasing the beta of a new Flash Lite distributable player based on Flash Lite 3.1.
Even with the increase in phones using Flash Lite, Adobe is still thought distant from getting an equivalent application onto the iPhone. Analysts with Strategy Analytics claimed that Adobe is working diligently to get Flash onto the iPhone and is looking to have it ready to go much later this year.
Independent analyst Jack Gold of J. Gold Associates claims that performance and business are the chief obstacles to Flash on the iPhone. In order to get high performance, Flash must run in the lower layers of the OS, which Apple restricts as part of its iPhone SDK guidelines. Gold stated that Apple will want to push its own technology, such as QuickTime, rather than depend on a third party’s development, despite Apple’s long history with Adobe.
As always, let us know what you think of the situation in the comments or forums.

(more…)

QuickerTek Releases 2009 Apple aluminum MacBook and MacBook Pro External Battery and Charger

Posted by:
Date: Tuesday, February 17th, 2009, 08:11
Category: Accessory

quickertekbattery.jpg
Accessory maker QuickerTek has begun selling its 2009 Apple aluminum MacBook and MacBook Pro External Battery and Charger for Mac notebooks. According to MacNN, the unit is design for use with the latest unibody 13″ MacBooks and 15″ MacBook Pro notebooks. The battery is said to provide between eight and 10 hours of total run time as opposed to the five offered by Apple’s batteries. When attached, internal batteries are depleted before the QuickerTek one takes effect.
The QuickerTek battery is additionally said to charge in only three hours instead of five, as well as significantly extend the useful life of a MacBook by separately lasting between 2,000 and 3,000 recharge cycles. The unit retails for US$450.
If you’ve worked with QuickerTek batteries before or have an external battery of choice, let us know in the comments or forums.

(more…)

Unibody 17″ MacBook Pro Notebooks Now Shipping

Posted by:
Date: Monday, February 16th, 2009, 09:01
Category: News

el17.jpg
A slew of readers have informed AppleInsider that their order updates for Apple’s unibody 17″ MacBook Pro notebook have been updated to “shipping” as of Friday.
The notebook, which was launched in January at Macworld, showed signs of delay when some customers were told their orders would likely slip into March despite promises it would ship in late January. Early this month, the company let many of these buyers know that their orders wouldn’t ship for about two weeks due to problems “wrapping up” production.
The reason for the delay is currently unknown.
If you’ve heard naything from your end or received an order update, let us know in the comments or forums.

(more…)

Customizable Four-Finger Gestures May be En Route for Apple Notebooks in Mac OS X

Posted by:
Date: Monday, February 16th, 2009, 08:12
Category: News

el17.jpg
There’s some interesting stuff buried within the depths of the Mac OS X file structure. Among these, according to MyAppleGuide, is a bit of code in Mac OS X’s Trackpad preference panethat would allow users of multitouch-capable trackpads such as those on the new MacBooks and MacBook Pros to define their own four-finger gestures.
The file is currently a .nib, meaning it’s currently just installed as part of the interface and no actual code is hooked up to it, but if you have a multitouch-capable Mac (such as a unibody MacBook, MacBook Pro or MacBook Air), you can find the same file at /System/Library/PreferencePanes/Trackpad.prefPane/Contents/Resources/ English.lproj/FourFingerSwipeGesture.nib.
Currently, the multitouch trackpad’s four-finger gestures are hard-coded and perform a given set of functions such as activating the desktop, triggering Expose, and bringing up the Application Switcher.
Customization of gestures could be en route in a future Mac OS X update, a feature many users might appreciate.
Stay tuned for additional details as they become available and let us know what you think in the comments or forums.

(more…)

CoolBook Updated to 2.13, Receives Unibody MacBook Support

Posted by:
Date: Monday, February 16th, 2009, 08:30
Category: Software

coolbook.jpg
Over the weekend, developer Magnus Lundholm released CoolBook 2.13, the latest version of his shareware CPU frequency, voltage and temperature monitoring program.
The new version, a 600 kilobyte download, adds support for Apple’s new unibody MacBooks as well as repairs the following bugs and features:

  • Fixed a bug adding invalid values to the frequency selector.
  • Fixed an issue with the throttling level selector.
  • Additional fixes to support the new unibody models.
  • CoolBook 2.13 retails for a US$10 shareware registration fee and requires Mac OS X 10.4 or later and an Intel-based Mac to run.
    If you’ve tried the program and have either positive or negative feedback about it, let us know over in the forums.

    (more…)

    Rumor: Apple to Meet with China Unicom Executives Regarding iPhone

    Posted by:
    Date: Friday, February 13th, 2009, 10:20
    Category: Rumor

    3giphone.jpg
    Wireless carrier China Unicom has reportedly sent top executives to meet with Apple in the United States next month as Apple may be bringing its iPhone handset to the Chinese market.
    According to tech.sina.com.cn (the report is in Chinese) and Macworld UK, the movements of the China Unicom executives were cited by “knowledgeable sources.”
    The article then goes on the state that China Unicom plans to launch WCDMA (Wideband Code Divison Multiple Access) 3G services in May.
    In recent months, Apple has been rumored to be in negoatiations with China Mobile Communications, the country’s largest mobile operator, about selling the iPhone in China.
    Throughout this process, rumors have circulated that Apple has also been in talks with China Unicom regarding sales of the iPhone in China.
    The 3G iPhone supports WCDMA, which is widely used in Asia, North America and Europe. However, China Mobile was granted a license to offer 3G services using TD-SCDMA (Time Division Synchronous CDMA), a different 3G technology that was developed in China and is significantly less mature from a development standpoint.
    Even before Chinese regulators made the news official last month, China Mobile was long been expected to receive a license for TD-SCDMA, not WCDMA. For China Mobile to offer the 3G iPhone, Apple would be required to redesign the handset using new components that would need to be sourced from different suppliers.
    Such changes would appreciably increase Apple’s production cost and likely result in higher prices to the end user.
    Another sticking point between Apple and China Mobile was the Apple Store, which the company uses to sell and distribute third-party applications, Sina reported. Previous reports have indicated that China Mobile has its own plans for an application store and did not want to yield to Apple’s control.
    For this reason, a deal to bring the iPhone to China will likely involve significant concessions from China Unicom to meet Apple’s requirements, the report said.
    Stay tuned for additional details as they become available and let us know what you think in the comments or forums.

    (more…)

    Apple Releases Security Update 2009-001

    Posted by:
    Date: Friday, February 13th, 2009, 09:56
    Category: Software

    applesecurity.jpg
    Making Friday a somewhat official update-o-rama, Apple released Security Update 2009-001, its first collection of security fixes for the new year.
    The 43.4 megabyte download contains the following fixes and features:

  • AFP Server:
    Impact: A user with the ability to connect to AFP Server may be a able to trigger a denial of service
    Description: A race condition in AFP Server may lead to an infinite loop. Enumerating files on an AFP server may lead to a denial of service. This update addresses the issue through improved file enumeration logic. This issue only affects systems running Mac OS X v10.5.6.
  • Apple Pixlet Video:
    Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exist in the handling of movie files using the Pixlet codec. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
  • CarbonCore:
    Impact: Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in Resource Manager’s handling of resource forks. Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of resource forks. Credit: Apple.
  • CFNetwork:
    Impact: Restores proper operation of cookies with null expiration times
    Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. Cookies may not be properly set if a web site attempts to set a session cookie by supplying a null value in the “expires” field, rather than omitting the field. This update addresses the issue by ignoring the “expires” field if it has a null value.
  • CFNetwork:
    Impact: Restores proper operation of session cookies across applications
    Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. CFNetwork may not save cookies to disk if multiple open applications attempt to set session cookies. This update addresses the issue by ensuring that each application stores its session cookies separately.
  • Certificate Assistant:
    Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant
    Description: An insecure file operation exists in Certificate Assistant’s handling of temporary files. This could allow a local user to overwrite files with the privileges of another user who is running Certificate Assistant. This update addresses the issue through improved handling of temporary files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • ClamAV:
    Impact: Multiple vulnerabilities in ClamAV 0.94
    Description: Multiple vulnerabilities exist in ClamAV 0.94, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.94.2. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/.
  • CoreText:
    Impact: Viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow may occur when processing Unicode strings in CoreText. Using CoreText to handle maliciously crafted Unicode strings, such as when viewing a maliciously crafted web page, may result in an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rosyna of Unsanity for reporting this issue.
  • CUPS:
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination
    Description: Exceeding the maximum number of RSS subscriptions results in a null pointer dereference in the CUPS web interface. This may lead to an unexpected application termination when visiting a maliciously crafted website. In order to trigger this issue, valid user credentials must either be known by the attacker or cached in the user’s web browser. CUPS will be automatically restarted after this issue is triggered. This update addresses the issue by properly handling the number of RSS subscriptions. This issue does not affect systems prior to Mac OS X v10.5.
  • DS Tools:
    Impact: Passwords supplied to dscl are exposed to other local users
    Description: The dscl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users and administrators. This update makes the password parameter optional, and dscl will prompt for the password if needed. Credit: Apple.
  • fetchmail:
    Impact: Multiple vulnerabilities in fetchmail 6.3.8
    Description: Multiple vulnerabilities exist in fetchmail 6.3.8, the most serious of which may lead to a denial of service. This update addresses the issues by updating to version 6.3.9. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
  • Folder Manager:
    Impact: Other local users may access the Downloads folder
    Description: A default permissions issue exists in Folder Manager. When a user deletes their Downloads folder and Folder Manager recreates it, the folder is created with read permissions for everyone. This update addresses the issue by having Folder Manager limit permissions so that the folder is accessible only to the user. This issue only affects applications using Folder Manager. This issue does not affect systems prior to Mac OS X v10.5. Credit to Graham Perrin of CENTRIM, University of Brighton for reporting this issue.
  • FSEvents:
    Impact: Using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available
    Description: A credential management issue exists in fseventsd. By using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available. This includes the name of a directory which the user would not otherwise be able to see, and the detection of activity in the directory at a given time. This update addresses the issue through improved credential validation in fseventsd. This issue does not affect systems prior to Mac OS X v10.5. Credit to Mark Dalrymple for reporting this issue.
  • Network Time:
    Impact: The Network Time service configuration has been updated
    Description: As a proactive security measure, this update changes the default configuration for the Network Time service. System time and version information will no longer be available in the default ntpd configuration. On Mac OS X v10.4.11 systems, the new configuration takes effect after a system restart when Network Time service is enabled.
  • perl:
    Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of certain UTF-8 characters in regular expressions. Parsing maliciously crafted regular expressions may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of regular expressions.
  • Printing:
    Impact: A local user may obtain system privileges
    Description: An error handling issue exists in csregprinter, which may result in a heap buffer overflow. This may allow a local user to obtain system privileges. This update addresses the issue through improved error handling. Credit to Lars Haulin for reporting this issue.
  • python:
    Impact: Multiple vulnerabilities in python
    Description: Multiple vulnerabilities exist in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project.
  • Remote Apple Events:
    Impact: Sending Remote Apple events may lead to the disclosure of sensitive information
    Description: An uninitialized buffer issue exists in the Remote Apple Events server, which may lead to disclosure of memory contents to network clients. This update addresses the issue through proper memory initialization. Credit: Apple.
  • Remote Apple Events:
    Impact: Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information
    Description: An out-of-bounds memory access exits in Remote Apple Events. Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information to network clients. This update addresses the issue through improved bounds checking. Credit: Apple.
  • Safari RSS:
    Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
    Description: Multiple input validation issues exist in Safari’s handling of feed: URLs. esp issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
  • servermgrd:
    Impact: Remote attackers may be able to access Server Manager without valid credentials
    Description: An issue in Server Manager’s validation of authentication credentials could allow a remote attacker to alter the system configuration. This update addresses the issue through additional validation of authentication credentials. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • SMB:
    Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges
    Description: An integer overflow in SMB File System may result in a heap buffer overflow. Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • SMB:
    Impact: Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown
    Description: A memory exhaustion issue exists in the SMB File System’s handling of file system names. Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown. This update addresses the issue by limiting the amount of memory allocated by the client for file system names. Credit: Apple.
  • SquirrelMail:
    Impact: Multiple vulnerabilities in SquirrelMail
    Description: SquirrelMail is updated to version 1.4.17 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/
  • X11:
    Impact: Multiple vulnerabilities in X11 server
    Description: Multiple vulnerabilities exist in X11 server. The most serious of these may lead to arbitrary code execution with the privileges of the user running the X11 server, if the attacker can authenticate to the X11 server. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security
  • X11:
    Impact: Multiple vulnerabilities in FreeType v2.1.4
    Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by incorporating the security fixes from version 2.3.6 of FreeType. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.
  • X11:
    Impact: Multiple vulnerabilities in LibX11
    Description: Multiple vulnerabilities exist in LibX11, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security These issues do not affect systems running Mac OS X v10.5 or later.
  • XTerm:
    Impact: A local user may send information directly to another user’s Xterm
    Description: A permissions issue exists in Xterm. When used with luit, Xterm creates tty devices accessible by everyone. This update addresses the issue by having Xterm limit the permissions so tty devices are accessible only by the user.
  • Security Update 2009-001 requires Mac OS X 10.5 or later to install and run.
    If you’ve tried the update and noticed any changes, please let us know in the comments or forums.

    (more…)

    Apple Releases Java for OS X 10.5 Update 3

    Posted by:
    Date: Friday, February 13th, 2009, 08:39
    Category: Software

    applelogo1.jpg
    Early Friday, Apple released its Java for Mac OS X 10.5 Update 3 patch. The 3.1 megabyte download, adds the following fix:

  • Java: Impact: Multiple vulnerabilities in Java Web Start and Java Plug-in
    Description: Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user. This update provides patches for the Java Bug IDs 6694892, 6707535, 6727081 and 6767668 from Sun Microsystems.
  • The update requires Mac OS X 10.5 or later to install and run.
    If you’ve tried the update and have any feedback to offer, let us know in the comments or forums.

    (more…)