Analyst: Java 1.7 zero-day less likely to affect Mac users due to lack of current installed base on platform

Posted by:
Date: Wednesday, August 29th, 2012, 07:53
Category: News, security

Yesterday, we posted as to a new Java vulnerability that could open the gates for additional malware on the Mac.

Today, there’s some better news regarding this.

Per The Unofficial Apple Weblog, online backup service CrashPlan co-founder Matthew Dornquist had the following to offer about the new Java vulnerability and what it could mean for the Mac.

In a recent study of a random sample of 200K recent users; Dornquist’s numbers showed that the overwhelming majority of CrashPlan’s Mac users are on Java 1.6 (92%) and a small minority on the older 1.5 version. The percentage on the 1.7 version targeted by the malware? Approximately zero.

Research shop FireEye identified a Java zero-day exploit this weekend that is already targeting fully patched versions of the Java JRE version 1.7 running on Windows machines. The exploit attempts to install a dropper executable (Dropper.MsPMs) on the machines it attacks. In theory, a separate dropper could be crafted to attack Mac or Linux systems, although none has yet been observed in the wild.

That’s a reason for Mac users to rest a little more easily, but it’s not the big one. As noted by CNET, the vulnerable edition of the JRE — 1.7 — isn’t installed by default in a stock configuration of OS X. The Java that Apple delivers on Snow Leopard, Lion and Mountain Lion is JRE 1.6 (and on Lion and Mountain Lion, it’s only installed on demand when needed to run Java applications); in order to be on 1.7 and be theoretically susceptible, you’d have to install the Oracle beta build manually.

If you did install the Oracle build and you’re concerned about the new exploit, you can disable the Java plugin in each of your browsers individually, or uninstall 1.7 entirely. While it bears repeating that there is no evidence of a Mac payload for this exploit at this time, if you don’t have a specific reason to run the new version then it’s probably safest to stick with JRE 1.6 instead (or turn off Java completely if you don’t need it). In response to past exploits including Flashback, Apple’s Java web plugin is now set to auto-disable when it isn’t used for some time, further reducing the attack surface for Mac users.

So, yeah, try to avoid manually updating to Java 1.7 on your Mac until this is sorted out and we’ll have additional details as they become available.

Apple seeds fourth Mac OS X 10.7.5 beta to developer community

Posted by:
Date: Tuesday, August 28th, 2012, 10:18
Category: News, Software

Mac OS X 10.7.5 is en route, or at least that’s what the betas would have you believe.

Per MacNN, Apple has released a fourth beta of OS X 10.7.5 to developers. The download, build 11G45, is about 1.16GB as a delta, or 1.93GB as a combo update. As with the previous build there are no known issues, and Apple is again asking developers to test graphics quality and performance, as well as media importing, viewing, and editing.

Mac OS X 10.7.5 could be the last major update for OS X Lion, since Apple is now concentrating development work on Mountain Lion, which was launched late in July. Subsequent Lion updates will probably be intended to patch specific components.

Stay tuned for additional details and if you’ve gotten your mitts on the new beta, please let us know what you make of it in the comments.

Apple seeds third Mac OS X 10.7.5 beta to developer community

Posted by:
Date: Thursday, August 16th, 2012, 07:37
Category: News, Software

The nice thing about betas, it means they’re a bit closer to getting somewhere.

Per MacNN, Apple is seeding a third developer beta of OS X 10.7.5 to developers. The code is listed as build 11G36, and as before, has no known issues. Apple is also holding steady on testing focus, asking developers to look at graphics quality and performance, along with media importing, editing, and viewing.

The Mac OS X 10.7.5 update may or may not be the last for OS X Lion, since Mountain Lion has been available for several weeks. Apple is forging new ground with its current development cycle, since it has switched to releasing a new OS every year. As a result, it may end up having to support Lion well into Mountain Lion’s lifespan.

Stay tuned for additional details as they become available.

Ars Technica testing shows evidence of lowered battery life under Mountain Lion for some MacBook Pro users

Posted by:
Date: Thursday, August 9th, 2012, 05:56
Category: battery, MacBook Pro, News, Software

Well, patches and updates DO tend to exist for a reason…

Per Ars Technica and a test conducted by the web site, there may be evidence that Apple’s new operating system is draining batteries significantly faster than the previous OS X Lion, as the publication’s test unit lost some 38 percent of runtime after having installed Mountain Lion.

In a series of unscientific tests, a MacBook Pro with Retina display was run on battery power both with and without Mountain Lion installed. Ars was able to hit just over eight hours of runtime with Lion and the integrated Intel HD4000 GPU, meaning the computer wasn’t leveraging the discrete and power-hungry NVIDIA GeForce GT 650M. With Mountain Lion installed and using the same settings, however, runtime dipped to around five hours.

The test was conducted a number of times, each using the same applications under what was described as a “daily workload.” Being used actively were Safari, Chrome, Twitter, iChat, TextEdit, Photoshop, Mail and Outlook, among others while Dropbox and gfxCardStatus ran in the background. As far as systems settings, Wi-Fi was activated while Bluetooth was turned off and screen brightness was set to half-strength.

Mountain Lion’s Activity Monitor was used to check CPU usage and, while there were occasional spikes when reading or writing files, loading web pages or other user-initiated operations, the processor was usually below five percent capacity. This is contrary to one account from an Apple Communities forum member who noted a heightened CPU temperature when the computer was idle.

A 49-page Apple Support Communities thread fist started on July 25, the day Mountain Lion was released, chronicles a number of battery issue complaints from users who recently installed Apple’s new OS.

A few forum members suggested the problem lies with one of Mountain Lion’s new features like Power Nap, while others have found limited success with resetting their machine’s system management controller, but a legitimate fix has yet to be discovered.

Interestingly, only certain machines are affected by the purported battery drain issue and some users are even reporting their battery life increased after installing the new operating system.

Apple has yet to release an official statement, but a number of forum members affected by the issue claim Apple representatives reached out to obtain system information in an attempt to remedy the problem.

Stay tuned for additional details as they become available.

Carbon Copy Cloner updated to 3.5.1

Posted by:
Date: Friday, August 3rd, 2012, 12:38
Category: News, Software

carbon.jpg

On Saturday, Carbon Copy Cloner, the shareware favorite for drive cloning operations by Mike Bombich, reached version 3.5.1. The new version, an 8.6 megabyte download, adds the following fixes and changes:

- Fixed an issue in which CCC was unable to save scheduled tasks after being updated.

- Resolved a permissions issue related to accessing some files on source when the destination was a network volume.

- Made some minor UI adjustments in the Documentation window.

- Fixed an intermittent exception at the end of a scheduled task that would result in the “Task finished” window disappearing early and failure of email notifications.

- Fixed an exception that would cause a hang during the creation of a Recovery HD volume.

- Non-admin users will no longer be prompted to authenticate when launching CCC on Lion or Mountain Lion. This authentication was leveraged to collect information about the Recovery HD volumes attached to your Mac, but CCC was unable to give that indication prior to the authentication dialog being presented. To avoid unnecessary concern, we chose to not collect that information when a user is logged in to a non-admin account.

- When LateNite Software’s “Clusters” software makes changes to .DS_Store files on the source volume, those changes can lead to errors during the backup. These errors are now suppressed.

Carbon Copy Cloner 3.5.1 retails for a US$39.95 shareware registration fee. The application requires an Intel-based Mac running Mac OS X 10.6 or later.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Apple releases Mac OS X 10.7.5 build, iCloud Control Panel beta to developer community

Posted by:
Date: Tuesday, July 31st, 2012, 05:24
Category: News, Software

You can’t knock the development cycle.

Per AppleInsider, Apple on Monday seeded new builds of OS X Lion, Lion Server and the Windows-only iCloud Control Panel beta to developers with no known issues.

In the new builds, noted as 11G30 for both OS X Lion and Lion Server, Apple is asking developers to focus on graphics performance and quality as there are no known issues with the release.

Work on the server side is a bit more substantial as developers have been tasked with focusing on Password Server, Profile Manager, Webmail (RoundCube), Server App, System Image Utility, Software Update Server, Web Sharing and Workgroup Manager. No known issues are present in the server build.

iCloud Control Panel:
- The second seed for version 2.0 of iCloud Control Panel brings a host of new features to the Windows-centric software including consolidation of Mail, Contacts, Calendars and Tasks enablement into a single checkbox and overall stability enhancements.

- This seed build of iCloud Control Panel 2.0 includes all the same features as Seed 1, with the following changes:

- Mail, Contacts, Calendars and Tasks are now enabled with a single checkbox.

- Shared Photo Streams can now be explicitly enabled and disabled through the Control Panel.

- Shared Photo Streams UI in Explorer view has been substantially improved.

- Addressed an issue where Push Notifications could crash or stop working.

There are a few known issues with the second iCloud Control Panel beta:
- The seed is available in English only

- If you sign out of the control panel and sign in as another iCloud account, you may need to restart your computer to use Shared Photo Streams with your second iCloud account.

- If you are unable to sign out of the iCloud Control Panel, open the task manager and stop the ApplePhotoStreams.exe process.

- Portrait JPG images may create low-resolution versions and not have proper orientation.

- Both the OS X Lion and Lion server seeds as well as the iCloud Control Panel are available for developer download today.

If you’ve gotten your hands on the new beta and had a chance to play with it, please let us know what you make of it in the comments.

Mozilla releases Firefox 14.0.1 update

Posted by:
Date: Wednesday, July 18th, 2012, 05:14
Category: News, Software

elfirefox

On Monday, Mozilla.org released version 14.0.1 of its Firefox web browser. The new version, a 30.7 megabyte download and adds the following fixes and changes:

New:
- Google searches now utilize HTTPS.

- Full screen support for Mac OS X Lion implemented.

- Plugins can now be configured to only load on click (requires an about:config change).

- The Awesome Bar now auto-completes typed URLs.

Changed:
- Improved site identity manager, to prevent spoofing of an SSL connection with favicons.

Developer:
- Pointer Lock API implemented.

- New API to prevent your display from sleeping.

- New text-transform and font-variant CSS improvements for Turkish languages and Greek.

Fixed:
- Various security fixes.

- GIF animation can gets stuck when src and image size are changed (743598).

- OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup (752149).

- CSS :hover regression when an element’s class name is set by Javascript (758885).

Firefox 14.0.1 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mac OS X 10.7 (Lion) currently impervious to new Java malware, older operating systems remain susceptible

Posted by:
Date: Thursday, July 12th, 2012, 09:43
Category: News, security, Software

Following up on yesterday’s new Java malware story, there’s some good news: if you’re running Mac OS X 10.7 (Lion), you’re in the clear.

Per Macworld, the new Java malware was discovered on a compromised Colombian Transport website, with a bit of social engineering thrown in for good measure: You need to approve the installation of a Java applet, which OS X will warn you is from a root certificate that “is not trusted,” to get infected.

Once authorized, the exploit downloads additional malicious code from the Web. Security firm Sophos says that the malware then attempts to open a backdoor on your computer, through which hackers could remotely access the machine.

Because the Mac version of the malware runs as a PowerPC app, only Macs that can run PowerPC software are at risk. Since Lion (and Mountain Lion) no longer include Rosetta, the technology that allows Intel-based Macs to run PowerPC software, computers running those versions of Mac OS X cannot be infected.

Mac users may not too fondly experience some flashbacks to the insidious Flashback Trojan horse that affected even fully up-to-date Macs, since Apple hadn’t kept up with Java security updates as rigorously as its competitors. Starting in late April, Java developer Oracle began issuing security updates directly to Mac users at the same time those updates became available for other platforms, bypassing Apple.

Stay tuned for additional details as they become available.

Apple posts official list of OS X 10.8 (Mountain Lion)-compatible Macs

Posted by:
Date: Thursday, July 12th, 2012, 06:38
Category: News, Software

If you qualify, you’ll try to high-five everyone you meet today and your friends will eventually want you to shut up about it.

If you don’t, well, you can meet me down at the corner pub for happy hour…

Per The Verge, Apple has posted a “How to Upgrade” page on its website that contains a list of Mac models with Intel chipsets that qualify for Mountain Lion:

- iMac (Mid 2007 or newer)

- MacBook (Late 2008 Aluminum, or Early 2009 or newer)

- MacBook Pro (Mid/Late 2007 or newer)

- MacBook Air (Late 2008 or newer)

- Mac mini (Early 2009 or newer)

- Mac Pro (Early 2008 or newer)

- Xserve (Early 2009)

After verifying that a Mac is eligible for the upgrade, users are instructed to check that they have OS X Lion or the latest version of Snow Leopard (OS X 10.6.8) installed. The third step is simply to “download OS X Mountain Lion when it becomes available in July” and follow the onscreen instructions to install it.

Apple announced OS X Mountain Lion in February, specifically mentioning newer Macs as qualifying for the upgrade. At the time, it was suspected that Macs with Intel’s GMA 950 and GMA X3100 integrated graphics processors would not be capable of running OS X 10.8.

By distributing new versions of OS X solely on the Mac App Store, Apple has also drawn a line in the sand, since Macs not capable of installing at least OS X Snow Leopard 10.6.8 won’t be able to access the App Store.

The Mac maker appears on track to release Mountain Lion this month as promised. Developers received the Golden Master version of the OS on Monday and an invitation from Apple to submit applications for the update to the Mac App Store. The US$19.99 upgrade contains over 200 new features, such as closer integration with iCloud, new security checks and voice dictation.

Stay tuned for additional details as they become available.

And as much as I love my 2006 Mac Pro, maybe it’s time we started seeing other people…

Logitech releases Control Center 3.6 update

Posted by:
Date: Monday, July 9th, 2012, 10:42
Category: News, Software

On Monday, Logitech released version 3.6 of its Control Center software. The update, an 18.9 megabyte download, offers the following fixes and changes for the driver software:

- Mission Control can be assigned to a mouse button or keyboard key. Within this action, you can choose whether to launch Mission Control, or show all windows of the current application, the desktop, Dashboard or Launchpad.

- OS X 10.4, 10.5 and Macintosh computers using a PowerPC processor are no longer supported.

Logitech Control Center 3.6 is available for free and requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new drivers and have any feedback to offer, please let us know in the comments.