Mac Hacker Charlie Miller Locations Additional Security Hole in iPhone

Posted by:
Date: Friday, April 17th, 2009, 07:33
Category: iPod, security

3giphone.jpg
Mac hacker Charlie Miller, a principal security analyst at Independent Security Evaluators and the winner of the the CanSecWest security conference hacking contest two years straight, has detailed his latest find wherein he was able to run shellcode on an iPhone.
According to Macworld UK, it was widely believed by many security researchers that it wasn’t possible to run shellcode on an iPhone. Shellcode is code that can run from a command line, but the iPhone was thought not to allow it for security reasons.
If pulled off correctly, shellcode allows users to perform malicious actions such as gaining access to a users text messages or call history from a remote location.
Earlier versions of the iPhone OS firmware didn’t have many protections to prevent people from tampering with its memory to run other commands, Miller said. But the latest version of the iPhone’s software strengthened the overall security of the phone, Miller said.
In his report, Miller detailed how he was able to trick the iPhone into running code which then enabled shellcode. To pull this off, Miller said he needed to have a working exploit for an iPhone and a means of targeting a vulnerability in the software such as the Safari web browser or the iPhone’s operating system.
Miller said he doesn’t have one now but stated that if someone did, “this would allow you to run whatever code you want,” Miller said in an interview after his presentation.
In 2007 Miller and some of his colleagues did find a vulnerability in mobile Safari that would allow an attacker to control the iPhone. Apple was immediately notified and later issued a patch for the problem.
Miller said he isn’t sure if Apple is aware of the latest issue and stopped short of calling the problem a vulnerability, saying instead that Apple engineers may have overlooked the issue. Apple also has never come out publicly and said it is impossible to run shellcode on an iPhone, he said.

(more…)

Drive Genius 2.1.1 Released

Posted by:
Date: Thursday, April 16th, 2009, 13:35
Category: Software

drivegenius.jpg
Prosoft Engineering has released Drive Genius 2.1.1, an updated version of its drive repair and recovery program for Mac OS X.
The new version, a 23.3 megabyte download, offers the following fixes and features:

  • Enhanced Duplicate tool has an option to verify the destination of whole-drive copies. In addition, source bad blocks can be skipped if found during a whole-drive copy.
  • Increased performance and reliability of Defrag.
  • Bug Fix: spurious “test aborted by disk” S.M.A.R.T. warnings in 10.5.x
  • Bug Fix: after shredding a volume, a new volume would always be created as “Untitled” instead of using the previous volume name.
  • Bug Fix: the tooltip displayed for duplicate files in DriveSlim contained an invalid path to the original file when displaying results from the boot volume.
  • Bug Fix: crash during launch if information about installed languages could not be obtained (10.4.x/PPC only).
  • Bug Fix: Adobe and Microsoft application updates would fail if language bundles were removed or their binaries trimmed; these are now excluded from the DriveSlimsearch results.
  • Other bug fixes.
  • Drive Genius retails for US$99 and requires Mac OS X 10.4 or later installed to work. The application is a Universal Binary and functions natively under both PowerPC and Intel-based hardware.

    (more…)

    Apple Releases iMovie 8.0.2 Update

    Posted by:
    Date: Wednesday, April 15th, 2009, 07:35
    Category: Software

    imovieicon.png
    Tuesday afternoon, Apple released iMovie 8.0.2, the latest version of its consumer-level video editing application. The new version, a 24.5 megabyte download, fixes an issue with projects having a size of 0 KB. Attempting to open these projects would cause iMovie to quit unexpectedly at launch. The update also addresses a problem where full-screen mode could not be accessed on some systems.
    The update requires Mac OS X 10.5 or later to install and run.

    (more…)

    Microsoft Releases Office 2004 11.5.4, Office 2008 12.1.7 Updates

    Posted by:
    Date: Wednesday, April 15th, 2009, 07:17
    Category: Software

    microsoftlogo.jpg
    On Tuesday, Microsoft released updates for both its Office 2004 and Office 2008 suites for the Mac.
    Microsoft Office 2004 version 11.5.4, a 9.7 megabyte download through the AutoUpdate program, offers stability and performance fixes and repairs a vulnerability in which an outside party could insert malicious code.
    The program requires Mac OS X 10.2.8 or later to install and run.
    The company also released Microsoft Office 2008 12.1.7, a 267.7 megabyte download through the AutoUpdate program that offers improvements to enhance security, stability, and performance, including fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.
    Additional details regarding the update can be found here.
    Microsoft Office 2008 requires Mac OS X 10.4 or later to install and run.

    (more…)

    SpamSieve Updated to 2.7.4

    Posted by:
    Date: Monday, April 13th, 2009, 17:05
    Category: Software

    spamsieve2.jpg
    Michael Tsai’s must-have shareware program, SpamSieve, has just been updated to version 2.7.4. The new version, a 5.8 megabyte download, makes the following fixes and improvements:

  • Improved compatibility with pre-release versions of Mac OS X 10.6 (Snow Leopard).
  • SpamSieve is better able to recover from corpus files that were damaged due to disk errors.
  • Improved the Entourage installer’s error handling.
  • Improved the error reporting when saving the corpus.
  • Improved the troubleshooting instructions.
  • Fixed a problem where messages trained as good in Apple Mail could be moved into the inbox of a disabled account.
  • Fixed a bug that could cause harmless error messages to be logged to the Console when playing System 7 sound files.
  • The crash reporter now warns before sending a report without an e-mail address.
  • You can now press Enter to click the Send Report button in the crash reporter.
  • SpamSieve is available for a US$30 registration fee and requires Mac OS X 10.4 or later to run. The new version can either be downloaded directly from the web site or brought up to the current version via the program’s built-in update feature.

    (more…)

    Apple Releases VoiceOver Kit 1.0.1 Update for iPod Shuffle

    Posted by:
    Date: Monday, April 13th, 2009, 06:50
    Category: iPod shuffle, Software

    newipodshuffle.jpg
    Late Friday, Apple released its VoiceOver Kit 1.0.1, an update containing several fixes for the newest generation of its iPod Shuffle media player. According to Macworld UK, the update, a 17 megabyte download contains corrected pronunciations for several artist names as well as a series of unspecified minor bug fixes.
    The update is currently not listed on Apple’s Web site, but it is available via the Mac OS X’s built-in Software Update feature.

    (more…)

    Roxio Toast Titanium 10.0.2 Update Released

    Posted by:
    Date: Thursday, April 9th, 2009, 07:19
    Category: Software

    toastlogo.jpg
    Late Wednesday night, Roxio released version 10.0.2 of its Toast Titanium authoring software. The new version, available here, adds the following fixes and changes:

  • Resolves crash issue that may occur with some FLAC audio files.
  • Resolves issue when converting QuickTime movies with text tracks.
  • Improved handling of corrupt PCM audio packets.
  • Toast 10 Titanium requires Mac OS X 10.4 or later to install and run and retails for US$99.99.

    (more…)

    Skype 2.8.0.438 Released

    Posted by:
    Date: Thursday, April 9th, 2009, 07:20
    Category: Software

    skypelogo.jpg
    On Thursday, Skype released version 2.8.0.438 of its popular Voice over Internet Protocol communications program.
    The new version, a 41.4 megabyte download, adds the following fixes and features:

  • change: spectator window for screen sharing.
  • change: My Account page embedded in the client.
  • bugfix: Skype didn’t hide on OS X login< ./li>
  • bugfix: copy/paste from chats was not working correctly.
  • bugfix: sometimes Skype froze for a couple of seconds when starting or stopping screen sharing.
  • bugfix: screen sharing windows could be left on screen when a call was joined to a conference.
  • bugfix: PiP didn’t appear in full screen when receiving screen sharing.
  • bugfix: the overlay didn’t appear for fullscreen screen sharing and then the exit fullscreen button didn’t work.
  • bugfix: fullscreen mode would exit after a held call was resumed.
  • bugfix: call could not be ended after being redirected to voicemail.
  • bugfix: the call window layout was broken if the dialpad was shown during a video call
  • bugfix: URLs inside brackets were not clickable.
  • bugfix: sometimes Skype crashed after deleting missed events without reading them.
  • Click the jump for the full story…

    (more…)

    Recent Mac OS X 10.5.7 Beta Focuses on 100+ Fixes, Second Security Update for 2009

    Posted by:
    Date: Wednesday, April 8th, 2009, 07:44
    Category: Software

    applelogo1.jpg
    A recent Mac OS X 10.5.7 beta has made its way among Apple developer with Apple apparently also beta testingits second security update of the year for certain Mac OS X distributions.
    According to AppleInsider, build 9J44 of Mac OS X 10.5.7 was released to developers. The new beta arrives a little more than a week after the company issued build 9J39 and, per sources close to the story, offers a fix for a PDF font render along with four other fixes, thus bringing the number of documented code corrections to 104.
    Similarly, the lone issue affecting the last several builds has been the inability to install Apple’s Safari 4 beta, which hasn’t been tweaked to run on the new system update.
    Mac OS X 10.5.7, code-named Juno, is expected for a release sometime this month and reportedly weighs in at approximately 442MB. A combo updater capable of updating versions of Leopard prior to 10.5.6 and bundling earlier security improvements is currently about 730MB.
    Where the second security update is concerned, Apple has reportedly tasked security experts with evaluating its second security update to Mac OS X of the 2009 calendar year. The release is said to be in testing for versions of Apple’s Mac OS X 10.4 operating system and a version for Mac OS X 10.5 has yet to be reported.
    People familiar with the situation say Apple doesn’t brief its security testers on the improvements it bundles into beta security updates and instead asks them probe for holes blindly. As such, it’s not entirely clear what components of Tiger it targets, though the rumor is that it addresses a networking vulnerability.
    Apple is expected to recommend the update “for all users” saying it “improves the security of Mac OS X.” Four different distributions are currently being evaluated: Tiger client (PPC), Tiger server (PPC), Tiger client (Intel), and Tiger server (Intel).
    The latest known builds are reportedly 8S410 (PPC) and 8S2410 (Intel).

    (more…)

    Apple Releases iTunes 8.1.1 Update

    Posted by:
    Date: Tuesday, April 7th, 2009, 06:17
    Category: Software

    blueituneslogo.jpg
    Late Monday, Apple released iTunes 8.1.1, the latest version of its multimedia/jukebox application for Mac OS X. The new version, a 68 megabyte download, offers the following fixes, changes and new features:

  • Adds support for renting HD movies.
  • Provides a number of bug fixes, including addressing issues with VoiceOver and syncing with iPhone or iPod touch.
  • iTunes 8.1.1 is available for free, requires Mac OS X 10.4 or later to run and can be snagged using Mac OS X’s built-in Software Update feature.

    (more…)