Google Chrome updated to 29.0.1547.62

Posted by:
Date: Friday, August 30th, 2013, 08:16
Category: News, Software

google-chrome-logo

It’s not a monumental change.

But it’s nice to be able to print from Google Docs.

On Friday, Google released version 29.0.1547.62 of its Chrome web browser. The update, a 51.5 megabyte download, adds the following fixes and changes:

- Fixed an issue with printing from Google Docs applications.

Google Chrome 29.0.1547.62 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Researcher draws attention to long-standing security vulnerability in OS X operating systems

Posted by:
Date: Thursday, August 29th, 2013, 10:19
Category: News, security, Software

applelogo_silver

After five months, it might be time to fix this sucker…

Per mitre.org and Ars Technica, a unaddressed bug in Apple’s Mac OS X discovered five months ago allows hackers to bypass the usual authentication measures by tweaking specific clock and user timestamp settings, granting near unlimited access to a computer’s files.

While the security flaw has been around for nearly half a year, a new module created by developers of testing software Metasploit makes it easier to exploit the vulnerability in Macs.

The bug revolves around a Unix program called sudo, which allows or disallows users operational access based on privilege levels. Top tier privileges grant access to files belonging to other users’ files, though that level of control is password protected.

Instead of inputting a password, the flaw works around authentication by setting a computer’s clock to Jan. 1, 1970, or what is referred to as the Unix epoch. Unix time starts at zero hours on this date and is the basis for calculations. By resetting a Mac’s clock, as well as the sudo user timestamp, to epoch, time restrictions and privilege limitations can be bypassed.

“The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit,” said H.D. Moore, founder of the open-source Metasploit and chief research officer at security firm Rapid7.

Macs are especially vulnerable to the bug as OS X does not require a password to change these clock settings. As a result, all versions of the operating system from OS X 10.7 to the current 10.8.4 are affected. The same problem exists in Linux builds, but many of those iterations password protect clock changes.

While powerful, the bypass method has limitations. In order to implement changes, an attacker must already be logged in to a Mac with administrator privileges and have run sudo at least once before. As noted by the National Vulnerability Database, the person attempting to gain unauthorized privileges must also have physical or remote access to the target computer.

Apple has yet to respond or issue a patch for the bug.

“I believe Apple should take this more seriously but am not surprised with the slow response given their history of responding to vulnerabilities in the open source tools they package,” Moore said.

Stay tuned for additional details as they become available.

Apple could release OS X 10.8.5 update as soon as today

Posted by:
Date: Monday, August 26th, 2013, 06:46
Category: News, Software

If you’ve been hankering for OS X 10.8.5, it could hit as soon as today.

Per AppleInsider, Apple began supplying prerelease builds of OS X 10.8.5 Mountain Lion to select partners on Monday, signaling that a public release of the maintenance and software update is not far behind.

Sources familiar with the software indicated that the prerelease version made available is identified as build “12F35.” The update, recommended for all users of Mountain Lion, includes the following changes:
- Fixes an issue that may prevent Mail from displaying messages.

- Improves AFP file transfer performance over 802.11ac Wi-Fi.

- Resolves an issue that may prevent a screen saver from starting automatically.

- Improves Xsan reliability.

The prerelease build supplied to partners on Monday is said to weigh in at 286 megabytes. Those early releases are typically provided only hours before the software is launched to the public, suggesting that OS X 10.8.5 will arrive on Monday.

A total of seven beta builds of OS X 10.8.5 have been supplied to developers for testing ahead of the final release. The most recent was issued on July 31, identified as build “12F30.”

Stay tuned for additional details as they become available.

Drive Genius updated to 3.2.3

Posted by:
Date: Friday, August 23rd, 2013, 07:11
Category: News, Software

17099

Prosoft Engineering has released Drive Genius 3.2.3, an updated version of its drive repair and recovery program for Mac OS X.

The new version, a 15.2 megabyte download” target=”_blank”>download, offers the following fixes and changes:

- Bug fixes.

Drive Genius retails for US$99 and requires an Intel-based Mac running Mac OS X 10.6.7 or later installed to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Apple releases Find My iPhone 2.0.3 update, adds bug fixes

Posted by:
Date: Thursday, August 22nd, 2013, 11:17
Category: iOS, iPad, iPhone, iPod Touch, News, Software

updatedfindmyiphone

You might want to snag this sometime today.

On Thursday, Apple released version 2.0.3 of its Find My iPhone app for iOS. The new version, a 17.5 megabyte download, adds bug fixes and stability improvements for the app.

Find My iPhone 2.0.3 requires iOS 5.0 or later to install and run.

Yeah, this may not be the most poignant thing that’ll happen to you today, but if your iPhone, iPad or iPad touch gets snagged and this gives you a better shot at getting it back, then it’s worth grabbing the new version if you have a free minute.

As always, be careful out there and let us know what’s on your mind in our comments section.

Apple seeds Mavericks Developer Preview 6 to programmer community, include minor fixes

Posted by:
Date: Thursday, August 22nd, 2013, 07:41
Category: News, Software

maverickslogo

Mavericks is still en route, folks.

Per MacNN, on Wednesday, Apple seeded the sixth Developer Preview of the next major upgrade of OS X, known as “Mavericks” (10.9) to developers. Apple appears to be back on its normal development cycle following the disruption of the Developer Center due to a security intrusion in July. The latest update comes two weeks after the fifth DP, which introduced iBooks for the Mac to the upgrade. Registered developers can download the software from the Mac App Store or Software Update. The final version is expected to arrive in September.

The update arrives with no significant reported enhancements, just bug fixes and minor tweaks. The final version will include new additions such as Finder Tabs, Apple Maps for OS X, and a number of processor-management enhancements that should further extend battery life for portable users, among other features.

Stay tuned for additional details as they become available.

Apple releases iBooks 3.1.1 update

Posted by:
Date: Wednesday, August 21st, 2013, 09:58
Category: iOS, News, Software

You can’t kvetch about this kind of update.

Late Tuesday, Apple released version 3.1.1 of its iBooks update for its iOS reader program.

The new version, a 41 megabyte download, offers the following fixes and changes:

- This version of iBooks improves compatibility with iOS and iCloud.

iBooks 3.1.1 requires a compatible iOS device and iOS 5.0 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 29.0.1547.57

Posted by:
Date: Wednesday, August 21st, 2013, 07:05
Category: News, Software

google-chrome-logo

On Tuesday, Google released version 29.0.1547.57 of its Chrome web browser. The update, a 51.5 megabyte download, adds the following fixes and changes:
- Improved Omnibox suggestions based on the recency of sites you have visited.

- Ability to reset your profile back to its original state.

- Many new apps and extensions APIs.

Lots of stability and performance improvements:
- Incomplete path sanitization in file handling.

- Information leak via overly broad permissions on shared memory files.

- Integer overflow in ANGLE.

- Use after free in XSLT.

- Use after free in media element.

- Use after free in document parsing.

- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 29.0.1547.57 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Georgia Institute of Technology security researchers prove App Store security flaw via “Jekyll and Hyde” attack

Posted by:
Date: Tuesday, August 20th, 2013, 07:18
Category: iOS, News, security, Software

The good news is that it’s getting a bit harder to sneak malware into the App Store.

The bad news is that it can still be done and Apple might need to invest in more security/screening features.

Per 9to5Mac and Ars Technica, researchers from the Georgia Institute of Technology managed to get a malicious app approved by Apple and included in the App Store by using a ‘Jekyll & Hyde’ approach, where the behaviour of a benign app was remotely changed after it had been approved and installed.

It appeared to be a harmless app that Apple reviewers accepted into the iOS App Store. They were later able to update the app to carry out a variety of malicious actions without triggering any security alarms. The app, which the researchers titled “Jekyll,” worked by taking the binary code that had already been digitally signed by Apple and rearranging it in a way that gave it new and malicious behaviors.

The researchers presented their findings in a paper at the USENIX Security Forum.

“Our method allows attackers to reliably hide malicious behavior that would otherwise get their app rejected by the Apple review process. Once the app passes the review and is installed on an end user’s device, it can be instructed to carry out the intended attacks. The key idea is to make the apps remotely exploitable and subsequently introduce malicious control flows by rearranging signed code. Since the new control flows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple’s approval.”

An Apple spokesman stated that changes have been made to iOS as a result of the exploit, but it’s not yet clear whether the change is to iOS 7 or the older iOS 5 and 6 versions that had been attacked. The researchers only left their app in the store for a few minutes and said that it was not downloaded by anyone outside the project in that time.

Apple Senior Vice President Phil Schiller tweeted back in March about a study revealing the rising incidences of malware on Android. The study showed that Android accounted for 79 percent of all mobile malware in 2012, while iOS came in at less than 1 percent.

Stay tuned for additional details as they become available.

Cocktail updated to 6.7

Posted by:
Date: Tuesday, August 20th, 2013, 06:53
Category: News, Software

10909

On Tuesday, shareware developer Maintain released version 6.7 of CocktailCocktail (Mountain Lion Edition), the popular shareware utility program that allows for additional Mac OS X system tests. The new version, a 5.6 megabyte download, adds the following fixes and features:
- Improvements on the “Clear System caches” procedure. Added clearing of CVMS and Core symbolication daemon caches. XPC Helper Agent cache is now forced to be rebuilt – this can fix many of media plug-in issues, including issues with Aperture and iPhoto.

- Improvements on the “Clear Java caches” procedure. Added compatibility with the latest version of Java.

- Improvements on the “Clear Kernel caches” procedure. Addresses an issue in which kernel cache could not be rebuilt, “Can’t create kext cache under / – owner not root” error.

- Improvements on the “Clear QuickLook caches” procedure.

- Improvements on the “Clear QuickTime caches” procedure.

- Addresses an issue in which Cocktail may not be able to change Launchpad background blur radius.

- Addresses an issue in which number of CPU cores may not be displayed in the Specifications window.

- Added OS X 10.8.5 compatibility.

- Updated Automator actions.

- Updated Help files.

Cocktail 6.7 retails for a US$19.00 shareware registration fee and requires an Intel-based Mac running Mac OS X 10.8 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.