O'Grady's PowerPage » bug

Google Chrome updated to 25.0.1364.155

Posted by:
Date: Thursday, March 7th, 2013, 06:09
Category: News, Software

google-chrome-logo

Hey, an update’s an update.

On Wednesday, Google released version 25.0.1364.155 of its Chrome web browser. The update, a 48.8 megabyte download, adds the following fixes and changes:

- This release fixes a crash when typing in the Omnibox.

Google Chrome 25.0.1364.155 requires an Intel-based Mac with Mac OS X 10.6 or later to install and run. If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases Java 2013-002 update for Mac OS X 10.7, 10.8 operating systems, Java for Mac OS X 10.6 Update 14

Posted by:
Date: Tuesday, March 5th, 2013, 07:38
Category: News, security, Software

applelogo_silver

A security update never truly goes unappreciated.

Following up on recently discovered zero-day Java security holes, Apple releases Java updates for its Mac OS X 10.6, 10.7 and 10.8 operating systems.

The first update, Java for Mac OS X 10.6 Update 14, stands as a 72.8 megabyte download and offers the following fixes and changes:

- Delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_41.

The update requires an Intel-based Mac running Mac OS X 10.6.8 or later to install and run.

The second update, Apple Java 2013-002, stands as a 68.3 megabyte download and offers the following fixes and changes:

- Uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a web page, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

- Removes the Java Preferences application, which is no longer required to configure applet settings.

The update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

The updates can be located, snagged and installed via the Software Update feature built into the Mac OS X operating system.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Researcher locates HTML 5 exploit, floods hard drive with cat images in proof of concept video

Posted by:
Date: Monday, March 4th, 2013, 07:32
Category: News, security, Software

HTML5_Logo_256

In as much as Java and Adobe Flash Player have taken recent beatings where security is concerned, apparently no platform is safe.

Per the BBC, a recently discovered flaw in the HTML 5 coding language could allow websites to bombard users with gigabytes of junk data, with a number of popular browsers being open to the vulnerability.

According to developer Feross Aboukhadijeh, who uncovered the bug this week and posted it to his blog, data dumps can be performed on most major Web browsers, including Apple’s Safari, Google’s Chrome, Microsoft’s Internet Explorer and Opera, the BBC reported. The only browser to stop data dump tests was Mozilla’s Firefox, which capped storage at 5MB.

If in doubt, this proof of concept video sorta says it all…:



The problem is rooted in how HTML 5 handles local data storage. While each browser has different storage parameters, many of which support user-definable limits, all provide for at least 2.5 megabytes of data to be stored on a user’s computer.

Aboukhadijeh discovered a loophole that bypasses the imposed data cap by creating numerous temporary websites that are linked to a user-visited site. Because most browsers don’t account for the contingency, the secondary sites were allowed local storage provisions in amounts equal to the primary site’s limit. By generating a multitude of linked websites, the bug can dump enormous amounts of data onto affected computers.

In testing the flaw, Aboukhadijeh was able to dump 1GB of data every 16 seconds on his SSD-equipped MacBook Pro with Retina display. He noted that 32-bit browsers like Chrome may crash before a disk is filled.

“Cleverly coded websites have effectively unlimited storage space on visitor’s computers,” Aboukhadijeh wrote in a blogpost.

The developer has released code to exploit the bug and has created a dedicated website called Filldisk to highlight the flaw. In true internet meme fashion, the site dumps images of cats on to an affected machine’s hard drive.

Bug reports have already been sent to makers of the affected Web browsers, and Aboukhadijeh said malicious use of his code has yet to been seen in the wild.

Stay tuned for additional details as they become available.

CrossOver updated to 12.1.2

Posted by:
Date: Monday, March 4th, 2013, 07:47
Category: News, Software

You can’t knock a decent update.

CrossOver, the popular virtualization program from CodeWeavers, has been updated to version 12.1.2. The new version, a 76 megabyte download, is available as a demo, offers the following fixes and changes:
- Fixed a bug which caused Steam to get stuck in a loop while trying to update.

- Fixed a bug which caused performance to suffer badly in Skyrim, and possibly some other games, on certain Linux systems.

- Fixed a bug which caused Outlook 2010 to fail to open .xlsx, .pptx, and .docx attachments.

- Fixed a bug which caused Quicken to fail to connect to Chase Bank online.
Office 2007 and 2010 will now display help topics!

Mac OS X:
- We have improvements to windowing in the Mac Driver.

- We are hopeful that changes in this version of CrossOver will mean that gaming performance will improve when Apple releases its upcoming OS X 10.8.3.

CrossOver 12.1.2 retails for US$59.95 and requires Mac OS X 10.6 and or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

VirtualBox updated to 4.2.8

Posted by:
Date: Monday, March 4th, 2013, 06:17
Category: News, Software

virtualbox.png

VirtualBox, an open source x86 virtualization project available for free has just hit version 4.2.8. The new version, a 109 megabyte download, features the following fixes and changes:
- VMM: fixed guest crash with huge amount of guest RAM on VT-x hosts (bug #11306)

- GUI: fixed a layout bug in the Mac OS X clone VM dialog (bug #10982).

- GUI: not all the translation tags were taken into account during the language switch (bug #11342).

- GUI: take guest screenshot dialog sometimes had no keyboard input available on Windows host.

- Main/Machine: fix generation of spurious event for inaccessible VMs which triggered an endless event generation loop in cooperation with the GUI which became unresponsive (4.2.6 regression, bug #11323).

- Main/Display: fix for an access violation under certain conditions in multi-monitor configurations (bug #10539).

- Main/Metrics: network metrics are now collected for active (up) interfaces only, the state of an interface being evaluated when the associated metric is enabled via setupMetrics.

- Snapshots: reduce the time for merging snapshots under certain conditions.

- Storage: fixed data corruption after resizing a VDI image under certain circumstances (bug #11344).

- Storage: fixed non working online merging of snapshots (4.2.6 regression, bug #11359).

- Storage: fixed crash when connecting to certain QNAP iSCSI targets.

- Storage: fixed incompatibility of VHD differencing images with Hyper-V (bug #5990).

- Bridged Networking: fixed TCP pseudo header checksum computation for IPv6 (bug #9380).

- 3D support: fix Battlefield 1942 game crashes (bug #11369).

- Settings: really sanitize the name of VM folders and settings file, the code was disabled before (bug #10549).

- Settings: allow to change VRDE settings for saved VMs.

- VBoxManage: don’t crash during screenshotpng if there is no display (bug #11363).

- Linux hosts: work around gcc bug 55940 which might lead to wrong kernel module code if gcc 4.7 is used to compile the 32-bit Linux host kernel (bug #11035).

- Linux hosts: fixed inconsistent lock state and deadlock warnings on module load and VM startup when CONFIG_PROVE_LOCKING is enabled (bug #11318).

- Linux hosts: made “]” key work again on Japanese keyboards.

- Mac OS X hosts: don’t crash the kernel during dtrace if the VBox kernel extensions are loaded (10.6 hosts only; bug #11273).

- Solaris / Mac OS X hosts: machine CPU load metrics now report 100% when all cores are fully utilized (used to be a single core).

- Solaris 11 host installer: wait for any services left over from a previous installation to be terminated to avoid confusing SMF.

- Guest Additions: don’t block signals for processes executed via guest control.

- Guest Additions: fixed a small memory leak in VBoxService (bug #10970).

- Windows Additions: fixed shared folder issue with large reads/writes on 64 bit Windows guests (bug #11115).

- Linux Additions: Linux 3.8 compile fixes (bug #11036).

- X11 Additions: fixed blocked SIGALRM in 3D desktop sessions (bug #10987).

- X11 Additions: fixed an unresolved reference in vboxvideo_drv for X.org 6.8 guests and before (e.g. RHEL4; 4.2.0 regression).

- X11 Additions: fixed screen automatic resizing for guests with X.org 1.3 or older (4.2.0 regression).

VirtualBox 4.2.8 is available for free and requires an Intel-based Mac running Mac OS X 10.6 or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback, please let us know.

Mozilla releases Firefox 19.0.1 update

Posted by:
Date: Friday, March 1st, 2013, 07:24
Category: News, Software

elfirefox

Well, a new update can’t hurt.

On Tuesday, Mozilla.org released version 19.0.1 of its Firefox web browser. The new version, a 39.6 megabyte download and adds as-yet-unspecified fixes and changes.

Long story short, if you’re feeling a bit courageous, give it a try and let us know what you think in the comments.

Firefox 19.0.1 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

OnyX 2.6.8 beta 1 released

Posted by:
Date: Thursday, February 28th, 2013, 07:06
Category: News, Software

onyxicon

OnyX, Titanium Software’s popular freeware multifunction utility for Mac OS X, has been updated to version 2.6.8 beta 1. The new version, a 17.1 megabyte download via MacUpdate, adds the following fixes and changes:
- Deleting the Internet Cache improved.

- Bug corrected in the authenticate pane.

- Maintenance > Scripts pane improved.

- Help improved, corrected, and reindexed.

- New option: Show the Displays Extras menu with resolutions.

- New option: Show/hide shadow in window captures.

- New option: Show/hide the Reminders Debug menu.

- New option: Show/hide the Photo Booth Debug menu.

- New option: Lock/unlock the screen of automatically logged in user.

- New option: Show the dark menu bar in fullscreen mode.

- Misc. corrections.

OnyX 2.6.8 beta 1 requires an Intel-based processor and OS X 10.8 or later to install and run.

If you’ve tried the new version and have any feedback, please let us know in the comments.

Adobe releases Flash Player 11.6.602.175 beta

Posted by:
Date: Wednesday, February 27th, 2013, 06:35
Category: News, Software

Hey, a reliable update never hurts.

Late Thursday, Adobe released Flash Player 11.6.602.175 for Mac OS X, a 16.9 megabyte download via MacUpdate as a pre-release beta. The new version adds the following fixes and changes:

Fixed Issues:
- External interface Javascript zero-day(3496801.)

- Microphone stops dispatching SampleDataEvents after repeated use(3499824).

New Features:
- Graphics Data Query.

- Improved permissions UI for full screen keyboard access.

- Multiple SWF support.

- Setting device specific Retina Display resolution.

- Updated File API following App Store guidelines.

- HiDpi support for FlashPro.

Adobe Flash Player 11.6.602.175 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new Flash Player and have any feedback to offer, please let us know in the comments.

Second lockscreen bypass exploit discovered in iOS 6.1, data vulnerable via USB connection

Posted by:
Date: Tuesday, February 26th, 2013, 07:07
Category: Hack, iOS, News, security, Software

Apple either needs to assign its iOS security people some business hammocks or take their current ones away…

A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

Per MacRumors and Kaspersky’s Threatpost, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.

Stay tuned for additional details as they become available.

Apple’s iOS 6.1.3 beta could fix security holes, disable Evasi0n jailbreak

Posted by:
Date: Tuesday, February 26th, 2013, 07:02
Category: Hack, iOS, News, security, Software

evasi0n-icon

It was awesome while it lasted.

Per Forbes,

Late last week Apple released an update for iOS to developers in beta that prevents the use of the popular jailbreak software evasi0n, according to one of evasi0n’s creators who tested the patch over the weekend, David Wang.

Wang has stated that he’s analyzed the 6.1.3 beta 2 update and found that it patches at least one of the five bugs the jailbreak exploits, namely a flaw in the operating system’s time zone settings. The beta update likely signals the end of using evasi0n to hack new or updated devices after the update is released to users, says Wang, who says he’s still testing the patch to see which other vulnerabilities exploited by the jailbreak might no longer exist in the new operating system.

That impending patch doesn’t mean evasi0n’s time is up, says Wang. Judging by Apple’s usual schedule of releasing beta updates to users, he predicts that it may take as long as another month before the patch is widely released.

When evasi0n hit the Web earlier this month, it quickly became the most popular jailbreak of all time as users jumped at their first chance to jailbreak the iPhone 5 and other most-recent versions of Apple’s hardware. The hacking tool was used on close to seven million devices in just its first four days online.

Apple already has a more pressing security reason to push out its latest update. The patch also fixes a bug discovered earlier this month that allows anyone who gains physical access to a phone to bypass its lockscreen in seconds and access contacts and photos.

When Apple’s update arrives, the team of jailbreakers known as the evad3rs may still have more tricks in store. Wang has stated that the group has discovered enough bugs in Apple’s mobile operating system to nearly build a new iOS jailbreak even if all the bugs they currently use are fixed.

Stay tuned for additional details as they become available.