WireLurker security paper released, discusses potential next generation of OS X, iOS malware

Posted by:
Date: Friday, November 7th, 2014, 02:30
Category: iOS, News, security

trojanhorse

Not that you should be entirely paranoid about malware on your OS X and iOS devices, but a little caution couldn’t hurt.

Per Palo Alto Networks, a new paper has been published on WireLurker, a family of malware targeting both Mac OS and iOS systems for the past six months. It’s believed that WireLurker could herald in a new generation of malware on Apple’s desktop and mobile platforms given the following characteristics:
- It is only the second known malware family that attacks iOS devices through OS X via USB.

- It is the first malware to automate generation of malicious iOS applications, through binary file replacement.

- It is the first known malware that can infect installed iOS applications similar to a traditional virus.

- It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.

WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.

(more…)

Security researcher finds unsaved files are automatically saved into iCloud

Posted by:
Date: Wednesday, November 5th, 2014, 17:10
Category: iCloud, News, security

icloudicon

This may not be what Apple intended to have happen with iCloud.

And there may be a patch coming for it posthaste.

According to Slate, security researcher Jeffrey Paul recently noticed that Apple’s default autosave is storing in-progress files—the ones you haven’t explicitly saved yet—in the cloud, not on your hard drive. Unless you decided to hit save before you start typing, or manually changed the default settings, those meeting notes, passwords, and credit card numbers you jotted down in “Untitled 17” are living in iCloud.

Although this issue seems to be a recent phenomenon, it appears that it’s been happening since at least December of 2013, according to Apple’s Knowledge Base, and it doesn’t just affect TextEdit, but also Preview, Pages, Numbers, and Keynote. Hopefully there wasn’t anything sensitive on those screenshots, spreadsheets, presentations, and documents you haven’t yet saved, or you were using other programs. Luckily, Word for Mac files don’t seem to be affected in this way.

You can turn off this surreptitious feature in Documents & Data —> Apple —> System Preferences —> iCloud —> Documents & Data, or you can save your empty file before you even start typing. But that’s not really the point. The problem is that users intuitively expect their in-progress documents to be saved locally, but these files are being stored on the Cloud instead.

(more…)

CurrentC exclusivity contract at MCX merchants to expire in matter of months

Posted by:
Date: Wednesday, November 5th, 2014, 11:34
Category: iOS, iPhone, News, retail

currentc

The conflict between MCX’s CurrentC and Apple Pay may be short lived, as an exclusivity agreement that has caused some merchants involved in the MCX consortium — notably drug store chain CVS — to abruptly pull support for NFC-based payment systems, including Apple Pay and Google Wallet, is set to expire in “months,” according to a new report.

Per Re/code, the consortium, which is made up of a number of major retailers including CVS, Best Buy, and Wal-Mart, instituted the exclusivity contract to provide “breathing room” for the development of the CurrentC ecosystem, said MCX CEO Dekkers Davidson. That contract is set to expire in “months, not years,” Dekkers added.

Confirmation of the exclusivity agreement comes one week after the arrangement was first uncovered, following reports that CVS had disabled NFC terminals in its stores to prevent customers’ use of Apple Pay.
(more…)

Rumor: Apple Watch steel model to begin at $500, gold model to retail between $4,000 and $5,000

Posted by:
Date: Wednesday, November 5th, 2014, 10:00
Category: Hardware, Rumor, Wearables

Apple is far from releasing its price points for its upcoming watch, but the rumors as to the cost are starting to pour in.

Per 9to5Mac, French website iGen.fr, reported on Tuesday that the steel Apple Watch will start at US$500 alongside a gold model that will retail for between US$4,000 and US$5,000. Apple previously claimed at its September event that the Apple Watch would start at US$349, but did not disclose further pricing information.

The report claims that the stainless steel Apple Watch in polished steel or black will cost US$500, while the gold Apple Watch Edition will be the more expensive version at between US$4,000 and US$5,000. That price range would be nearly half the estimated US$10,000 price that some other reports have suggested.

In terms of a launch date, the report claims that the Apple Watch will launch in time for Valentine’s Day, but that was the most specific date given. An internal memo from Apple retail chief Angela Ahrendts was recently published in which she wrote that the Apple Watch will launch in the “Spring” following the Chinese New Year.

iwatchface
(more…)

Rumor: Apple to discontinue iPad mini in favor of larger 12-inch “iPad Pro” model

Posted by:
Date: Tuesday, November 4th, 2014, 10:00
Category: Hardware, iPad, Rumor

It’s just a rumor, but it’s got some decent sources behind it.

Per AppleInsider and Taiwan’s Economic Daily News, a rumor out of East Asia on Monday claims Apple is looking to wind down iPad mini production in favor of a 12-inch tablet, a response to flagging sales and growing consumer interest in larger-screened devices.

Citing sources in Apple’s supply chain, the Economic Daily News reports the company is looking to discontinue iPad mini sales when the tablet lineup is refreshed next year and will instead concentrate on production of a new 12-inch format being called “iPad Pro.”

The shift in tablet strategy is said to be in reply to a shifting smartphone market, which has seen consumers gravitate toward devices with screens larger than 5 inches when measured diagonally. Apple itself has seen unexpectedly high demand for the new 5.5-inch iPhone 6 Plus, the company’s first “phablet” handset.

Also cited as a catalyst for change is increasingly aggressive competition in the tablet sector, with competitors like Samsung slowly nibbling away at Apple’s dominant marketshare. For the most recent fourth fiscal quarter of 2014, Apple moved 12.3 million iPads, down 17 percent from 14.1 million year-over-year.

ipadminiretina

(more…)

Apple retail exec Ahrendts indicates “spring” launch date for Apple Watch

Posted by:
Date: Monday, November 3rd, 2014, 11:16
Category: Hardware, Rumor, Wearables

The latest word is that the Apple Watch will launch next spring.

Per 9to5Mac, Apple Senior Vice President of Retail and Online Stores Angela Ahrendts, stated the device’s release timeframe to retail employees in a video message, a transcript of which was provided by a source. While explaining that employees need to conserve energy for upcoming shopping seasons, Ahrendts stated, “we’re going into the holidays, we’ll go into Chinese New Year, and then we’ve got a new watch launch coming in the spring:”

Up until this point, Apple has consistently said that the Apple Watch will ship in “early 2015,” without specifying a day or month. The broad window was announced at the Apple Watch’s unveil in September, is stated on Apple’s website, and was reiterated by Apple executives last month. Sources indicated in September that Apple would struggle to hit a Valentine’s Day release, which now appears to be even more unlikely. Spring begins on March 20th and lasts until June. If Apple considers late March to be “early 2015,” there may have actually been no change in plans. However, Ahrendts clearly states the launch is after the Chinese New Year (February 19th), so it appears the launch will miss Valentine’s Day regardless.

Last year, a report indicated that Apple planned to ship the wearable in fall 2014, but engineering difficulties delayed the launch to 2015. Subsequent reports confirmed that battery issues were partially to blame for Watch delays, and sources tell us that Apple is still working out kinks in the device’s battery system. Tim Cook has noted that Apple intends for the first-generation model to last all day and be charged each night. While Apple has reportedly hit that particular goal, the company is still working to speed up the amount of time it takes the inductive MagSafe charging system to fully juice up the product.

iwatchface
(more…)

Rumor: Apple designing larger, thinner “iPad Pro” tablet for education market

Posted by:
Date: Monday, November 3rd, 2014, 10:23
Category: Hardware, iPad, Rumor

ipadair

The new iPads are out.

That doesn’t stop the rumor mill speculating about the next generation of the tablets.

Per AppleInsider and Macotakara, the latest rumblings surrounding the anticipated release of a larger, education-focused iPad next year suggest the device may touch down with Microsoft’s Surface Pro 3 in its crosshairs, sporting a super-slim form factor, enhanced audio, and a slightly more compact 12.2-inch display.

Macotakara has cited its own sources as saying that iPad maker is specifically designing the device to play into the same markets as Microsoft’s Surface Pro 3, but adds that the company may choose to employ a slightly more compact 12.2-inch display than the 12.9-inch option that is widely rumored and also used by the Surface Pro 3.

The overall design of the iPad Pro itself is said to largely resemble a jumbo iPad 2 with two additional speakers (and an additional microphone) located at the top of the device, which “might” make the iPad Pro “capable of supporting stereo audio.” It reportedly won’t be as thin as the 6.1mm iPad Air 2, but will still be as slim as an iPhone, measuring somewhere between the iPhone 6′s 6.9mm and the iPhone 6 Pro’s 7.1mm at its thickest point.

(more…)

Walgreens weighs in on Apple Pay, CurrentC conflict, offers snarky response to competitors CVS and Rite Aid

Posted by:
Date: Friday, October 31st, 2014, 11:51
Category: Uncategorized

It’s not a huge step in the squabble between Apple and retail chains like CVS and Rite Aid who are opting out of Apple Pay to keep using CurrentC, but it is another chain taking advantage of the conflict.

Per The Unofficial Apple Weblog, CVS competitor Walgreens has chosen its weapon for the battle, and that weapon is snark.

The company is currently promoting the following Tweet on Twitter.
Hey, iPhone 6 and 6 Plus users! The choice is yours: Use #ApplePay today at any of our stores!

walgreensshot

(more…)

Apple Pay fans tears down CurrentC’s App Store rating, MCX suggests possible switch to NFC technology

Posted by:
Date: Thursday, October 30th, 2014, 11:53
Category: Finance, iOS, News, Software

currentc

The most recent volley in the NFC payment war between Apple Pay and the MCX consortium’s CurrentC mobile payment service has been fired.

And it has a lot to do with app reviews.

Per 9to5Mac, a number of users have expressed their displeasure with the CurrentC app, at the time of writing, the app having accumulated 2,856 1-star reviews against a total of just 30 reviews giving it 2 stars or more …

The movement to boycott merchants who are members of the MCX consortium also seems to be growing in popularity, gaining a Boycott MCX website with a full list of members. When you click on the name of a consortium member (CVS Pharmacy in the example shown below), a list of competing stores who accept or plan to accept Apple Pay is displayed.

Having been criticized for its clunky use of QR codes, MCX said yesterday that CurrentC may “pivot to NFC over time.” The company had earlier said that it was “entirely possible” that it would do a U-turn on its current exclusivity requirement and allow merchants to accept both CurrentC and Apple Pay at some point in the future, though no certainty or timeframe was offered.

MCX CEO Dekkers Davidson also expanded on yesterday’s less than convincing assurances about data security, saying that the recent hack “does not impact the rollout of CurrentC at all” – that the company expected attacks and will “deal with them.”

(more…)

Hours after citing capable security, CurrentC announces unauthorized access of users’ email accounts

Posted by:
Date: Wednesday, October 29th, 2014, 16:35
Category: Finance, iOS, News, security, Uncategorized

currentc

Hubris, anyone?

Just hours after publishing a blog post answering some questions about its upcoming CurrentC mobile payments system and touting the security of its cloud-based storage of sensitive information, the company behind the effort, Merchant Customer Exchange (MCX) has alerted users of unauthorized access to their email addresses.

Per MacRumors, the company released the following statement:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

Details on the unauthorized access have not been disclosed, but reporter Nick Arnott of iMore took some time earlier this week took a look at some of the personal information being collected by MCX and CurrentC and noted that he could ping CurrentC’s systems to look for valid registered email addresses on the system. While he did not find valid addresses, the system appeared capable of returning a substantial amount of personal information about such accounts.

(more…)