Mac Hacker Charlie Miller Locations Additional Security Hole in iPhone

Posted by:
Date: Friday, April 17th, 2009, 07:33
Category: iPod, security

3giphone.jpg
Mac hacker Charlie Miller, a principal security analyst at Independent Security Evaluators and the winner of the the CanSecWest security conference hacking contest two years straight, has detailed his latest find wherein he was able to run shellcode on an iPhone.
According to Macworld UK, it was widely believed by many security researchers that it wasn’t possible to run shellcode on an iPhone. Shellcode is code that can run from a command line, but the iPhone was thought not to allow it for security reasons.
If pulled off correctly, shellcode allows users to perform malicious actions such as gaining access to a users text messages or call history from a remote location.
Earlier versions of the iPhone OS firmware didn’t have many protections to prevent people from tampering with its memory to run other commands, Miller said. But the latest version of the iPhone’s software strengthened the overall security of the phone, Miller said.
In his report, Miller detailed how he was able to trick the iPhone into running code which then enabled shellcode. To pull this off, Miller said he needed to have a working exploit for an iPhone and a means of targeting a vulnerability in the software such as the Safari web browser or the iPhone’s operating system.
Miller said he doesn’t have one now but stated that if someone did, “this would allow you to run whatever code you want,” Miller said in an interview after his presentation.
In 2007 Miller and some of his colleagues did find a vulnerability in mobile Safari that would allow an attacker to control the iPhone. Apple was immediately notified and later issued a patch for the problem.
Miller said he isn’t sure if Apple is aware of the latest issue and stopped short of calling the problem a vulnerability, saying instead that Apple engineers may have overlooked the issue. Apple also has never come out publicly and said it is impossible to run shellcode on an iPhone, he said.

(more…)

Drive Genius 2.1.1 Released

Posted by:
Date: Thursday, April 16th, 2009, 13:35
Category: Software

drivegenius.jpg
Prosoft Engineering has released Drive Genius 2.1.1, an updated version of its drive repair and recovery program for Mac OS X.
The new version, a 23.3 megabyte download, offers the following fixes and features:

  • Enhanced Duplicate tool has an option to verify the destination of whole-drive copies. In addition, source bad blocks can be skipped if found during a whole-drive copy.
  • Increased performance and reliability of Defrag.
  • Bug Fix: spurious “test aborted by disk” S.M.A.R.T. warnings in 10.5.x
  • Bug Fix: after shredding a volume, a new volume would always be created as “Untitled” instead of using the previous volume name.
  • Bug Fix: the tooltip displayed for duplicate files in DriveSlim contained an invalid path to the original file when displaying results from the boot volume.
  • Bug Fix: crash during launch if information about installed languages could not be obtained (10.4.x/PPC only).
  • Bug Fix: Adobe and Microsoft application updates would fail if language bundles were removed or their binaries trimmed; these are now excluded from the DriveSlimsearch results.
  • Other bug fixes.
  • Drive Genius retails for US$99 and requires Mac OS X 10.4 or later installed to work. The application is a Universal Binary and functions natively under both PowerPC and Intel-based hardware.

    (more…)

    Man Traded Kidney for PowerBook in 2000

    Posted by:
    Date: Thursday, April 16th, 2009, 08:56
    Category: Fun, PowerBook

    elwallstreet.jpg
    During Apple’s higher-end product releases, we look at the cool new items for sale and wonder what we’d sacrifice for the new Mac Pro or a 17″ MacBook Pro notebook.
    According to PC World, one person went a step further and, back in 2000, apparently indirectly traded his kidney for a then-brand-new PowerBook G3.
    Back then, Washington, D.C.-area consultant Phil Shapir was advising an elderly couple, who brought up the question as to why Apple didn’t use senior citizens in its advertising. At a certain point, the wife asked her husband, “Why don’t we show him the kidney Powerbook? Maybe he can answer some questions about that computer.”
    When Shapiro asked why they call it the “kidney PowerBook,” she said, “My husband donated one of his kidneys to his sister. She asked him what he’d like in return. Without hesitation, he said, ‘I’d love a PowerBook.’”
    And he got it.

    (more…)

    Apple Files Patent for Motion-Adaptive iPhone Software

    Posted by:
    Date: Thursday, April 16th, 2009, 08:56
    Category: iPhone, Patents, Software

    3giphone.jpg
    Apple may be looking into creating a version of its iPhone with a front-facing camera as well as a software interface capable of adjusting itself for more precise interaction when the user carrying the phone is in motion.
    While the front-facing camera idea hints towards the inevitable adoption of video conference capabilities by the iPhone in the coming years, the adaptive software interface concept could become a reality that much sooner, improving a user’s accuracy in making touch selections by increasing the size of user interface elements on the touch-screen when its determined that the user is operating the device while jogging or participation in some other kind of motion-based activity.
    According to AppleInsider, Apple has filed a patent that proposes an updated version of its iPhone OS software that can detect when the device is in motion and then compare the detected degree of motion to one or more predetermined “signatures of motion.” The iPhone software could then adjust itself by enlarging selection areas on the screen to a degree suitable for the current motion of the device and user.
    “For example, if the user wishes to view the contact information for ‘John Adams,’ the user touches the display over the area of the row for the contact ‘John Adams,” Apple says. “While the device is moving, the motion of the device can be detected. The device can change the size of the rows of the contacts in the contact list application to give the user a larger target area for each contact. For example, the height of a row can be increased. This gives the user a larger touch area with which to select a contact. In some implementations, the height of the toolbar can be increased as well.”
    The 16-page patent filing made back in November of 2007 also suggests that interface elements, such as an array of home screen icons, could shift their position on the screen based on predictions of where the user may touch the screen. Oddly enough, the need for such adjustments isn’t entirely clear from Apple’s description.
    “The shift moves the target touch areas of the display objects to a different position. In some implementations, the new position is a predetermined distance from the original position,” the company says. “In some other implementations, the new position is determined by the device based on a prediction of where the user will touch the touch-sensitive display if the user wanted to select the user interface element while the device is in motion.”
    The filing is credited to Apple employee John Louch.

    AT&T Pushing for Exclusive iPhone Rights Through 2011

    Posted by:
    Date: Wednesday, April 15th, 2009, 08:35
    Category: iPhone

    3giphone.jpg
    After three years of holding exclusive rights to the iPhone, AT&T is looking to take one more shot at an exclusive deal for the Apple handset and may keep it away from competitors until 2011.
    According to the Wall Street Journal, “people familiar with the matter” have stated that AT&T has a deal to keep the iPhone in its stable until 2010 and that negotiations are underway to have the device onboard for one more year.
    Though there has been no specific commentary from AT&T regarding this, an Apple spokeswoman would only say that the two companies have a “great relationship.”
    The commentary follows a report from last year that also said AT&T had struck a deal to keep the iPhone until 2010 and may provide insight into current talks. At the time, the cellular carrier reportedly agreed to allow iPhone 3G subsidies in exchange for a one-year extension of the iPhone’s US exclusivity. Although the cost of discounting those phones has been severe — as much as US$1.3 billion to date, according to an estimate — the agreement renewed interest in AT&T and gave it millions of users paying at least US$60 per month (on grandfathered plans) for service.
    Should AT&T be allowed to keep exclusive rights to the iPhone, it would be able to help prevent customers from jumping ship to Verizon or an alternate carrier at a time when the market is saturated and customers are more likely to have switched than sign up for the first time. The company added 1.9 million iPhone users just in the fall 2008 quarter alone.

    (more…)

    Apple Releases iMovie 8.0.2 Update

    Posted by:
    Date: Wednesday, April 15th, 2009, 07:35
    Category: Software

    imovieicon.png
    Tuesday afternoon, Apple released iMovie 8.0.2, the latest version of its consumer-level video editing application. The new version, a 24.5 megabyte download, fixes an issue with projects having a size of 0 KB. Attempting to open these projects would cause iMovie to quit unexpectedly at launch. The update also addresses a problem where full-screen mode could not be accessed on some systems.
    The update requires Mac OS X 10.5 or later to install and run.

    (more…)

    Microsoft Releases Office 2004 11.5.4, Office 2008 12.1.7 Updates

    Posted by:
    Date: Wednesday, April 15th, 2009, 07:17
    Category: Software

    microsoftlogo.jpg
    On Tuesday, Microsoft released updates for both its Office 2004 and Office 2008 suites for the Mac.
    Microsoft Office 2004 version 11.5.4, a 9.7 megabyte download through the AutoUpdate program, offers stability and performance fixes and repairs a vulnerability in which an outside party could insert malicious code.
    The program requires Mac OS X 10.2.8 or later to install and run.
    The company also released Microsoft Office 2008 12.1.7, a 267.7 megabyte download through the AutoUpdate program that offers improvements to enhance security, stability, and performance, including fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.
    Additional details regarding the update can be found here.
    Microsoft Office 2008 requires Mac OS X 10.4 or later to install and run.

    (more…)

    Apple Stores May Switch To iPhone Software for In-store Purchases

    Posted by:
    Date: Tuesday, April 14th, 2009, 13:16
    Category: Apple, Retail Store

    With the release of iPhone 3.0 enabled hardware and software, Apple may be planning a switch from its EasyPay handheld devices to iPhones for checking out customers at their retail stores.

    apple_ministore.jpg

    An AppleInsider report speculates that Apple may be planning to move away from the current Windows Mobile-based PDAs in favor of iPhones or iPod Touches using credit card scanners enabled by the new 3.0 software which allows devices connected to the 30-pin dock connector to finally talk to applications.

    Apple has reportedly had issues with the EasyPay system in the past, resulting in checkout delays and frustrated customers. Overall, however, the mobile checkout system has worked out well for the retail stores which were reported to average 3.6 million visits per week during Apple’s December financial conference call. Developing its own point of sale system around the iPhone could be costly, but would allow Apple Stores to show off the versatility of their mobile hardware.

    It is interesting to note that in the current batch of Apple’s iPhone commercials, one of the highlighted apps is CCTerminal which allows you to process credit card transactions online using an iPhone or iPod Touch.

    Thanks to Chuck Freedman for bringing this to my attention, although I’ve actually been musing about this possibility since the 3.0 sneak peek. Yes, I do spend too much time at the Apple Store.

    How-To: Work Around Delays, Hangs in Time Machine

    Posted by:
    Date: Tuesday, April 14th, 2009, 09:23
    Category: How-To

    eltimemachine.jpg
    Let’s face it, Time Machine is a spiffy and useful thing as well as one of the main bells and whistles of Mac OS X 10.5. This isn’t to say it’s without its bugs and despite Apple’s best efforts, there are times where backups appear to hang or stall out sans warning.
    You may be familiar with the situation, as described by poster “PaulArthurUK” in the Apple Discussion forums:

    “When time machine starts to back up my machine, it hangs (the clock icon in the top right-hand corner of the screen spins, but the backup disk is not being accessed and currently Time Machine shows no backup in the last five days). Once it has hung, various applications start to behave oddly and generally I am unable to shut them down, even via force quit.”

    Per MacFixIt, there are a variety of reasons why this could happen. The most common is when the backup daemon is doing a “Deep Traversal” of the source drive to ensure its catalog of changed files correctly reflects the status of the source disk. When this happens, Time Machine will stick at “Preparing…,”. This can take a long time, depending on the size of the node being traversed, but usually speeds up once the deep traversal is completed.
    To easily check out Time Machine logs and track down problems and exactly what Time Machine is doing, download the “Time Machine Buddy” widget, which will display the TM logs in the dashboard.
    Time Machine’s hanging may affect other chunks of the operating system, causing widespread slowdown. This type of behavior usually indicates the system resources are not accessible to the system when the system is expecting them to be.
    Other scenarios that may cause a slowdown include the following:

    Drive malfunction: If the drive is making clicking sounds, or doesn’t appear properly either on the Desktop or in Disk Utility, then there may be a problem with the drive. For external drives, low power to the drive can cause the system to hang.
    Volume corruption: While the disk may be fine, if the formatting or partitioning of the drive has problems, then the drive will not be properly accessible by the system.
    Drives being put to sleep: The energy-saver setting to put drives to sleep whenever possible can cause them to go into a state where they won’t wake up properly. This depends on the drive itself, but while the system waits for the drive, you can experience a hang.

    User can try running Disk Utility to check for and repair errors on the drive or perform these tasks more thoroughly with a third-party disk utility software such as “Disk Warrior,” “Drive Genius,” “Disk Tools Pro,” or “Tech Tool Pro.” Checking both the boot drive and the Time Machine drive for errors is recommended.
    Beyond drive-specific issues, there can be incompatibilities both with other system resources and third-party applications, which can cause Time Machine slowdowns. Antiviral software can interfere with Time Machine’s functions, especially if you have live scanning or “on-access” scanning enabled. Turning off these settings in the antivirus software may help this situation. Additionally, if you have Spotlight enabled for the Time Machine drive (it is enabled by default), this can sometimes endlessly try to index the drive. As such, you can try adding the Time Machine drive to Spotlight’s privacy list, and then remove it to restart indexing.
    A similar trick can also be performed via Mac OS X’s Terminal application, which will ensure the spotlight stores are deleted and started anew via the following steps:

    Open Terminal
    Type the following command and include a space after the command:
    mdutil -E -i off
    Drag the Time Machine disk to the Terminal window to enter the full path to the disk, such as the following:
    mdutil -E -i off /Volumes/TMDisk/
    Ensuring a space is between the “off” and the drive path, press enter
    Repeat this command, changing the “off” to “on” in order to enable spotlight on the drive again.

    Finally, if you are backing up over a network (especially a wireless network), backups can be slow by nature. At 54Mb, speeds of most wireless connections, you will run at a maximum of 6MB per second, which translates to 14 hours for a 300GB backup when running at optimal conditions. Given network overhead and other interferences, this can easily double and result in the backup taking a day or two. For the initial backup to a networked device, you might try plugging in the Ethernet connection, which should be at least double the speed, but up to 20 times faster than wireless.
    A final fix for slow backups can be to restart Time Machine on the drive by removing it and re-adding it in the Time Machine preferences. Doing this seems to clear various bottlenecks in Time Machine and start backups running at faster speeds again.

    (more…)

    Rumor: Apple May Have Ordered Four Million Additional iPhones for Chinese Marketplace

    Posted by:
    Date: Tuesday, April 14th, 2009, 08:40
    Category: iPhone, Rumor

    3giphone.jpg
    This is a bit strange but there may be something to it.
    According to ChinaTimes, component suppliers have stated that Apple has placed orders for shipments of four million iPhone units expected to be ready by the end of the quarter.
    The units will allegedly be a combination of three new models, consisting of an EDGE-only device, a 3G-capable model and a model made for the market in China, possibly on TD-SCDMA.
    Stay tuned for additional details as they become available.

    (more…)