Apple releases Safari 5.1.2 update

Posted by:
Date: Wednesday, November 30th, 2011, 04:14
Category: News, Software

safarilogo.jpg

Late Tuesday, Apple released Safari 5.1.2, an update to its web browser. The new version, a 38.7 megabyte download, includes the following fixes and new features:

- Improve stability.

- Address issues that could cause hangs and excessive memory usage.

- Address issues that could cause webpages to flash white.

- Allow PDFs to be displayed within web content.

Safari 5.1.2 is available on Mac OS X via Software Update or via direct download from Apple and requires Mac OS X 10.6.8 or later to install and run.

Security researcher Charlie Miller outs iOS code signing flaw, security hole

Posted by:
Date: Tuesday, November 8th, 2011, 05:46
Category: iOS, News, security, Software

It’s hard to say if it’s discouraging to see the iOS get spotted on assorted security failures or reassuring to see that security experts manage to notice these and bring them to the public’s attention.

According to Forbes, Mac hacker and researcher Charlie Miller has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device by exploiting a flaw in Apple’s restrictions on code signing, allowing the malware to steal user data and take control of certain iOS functions.

Miller explains that code signing restrictions allow only Apple’s approved commands to run in an iOS device’s memory, and submitted apps that violate these rules are not allowed on the App Store. However, he has found a method to bypass Apple’s security by exploiting a bug in iOS code signing that allows an app to download new unapproved commands from a remote computer.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller said. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

The flaw was introduced when Apple released iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a device’s memory than in previous iterations of the OS. Miller realized that in exchange for speed, Apple created a new exception for the web browser to run unapproved code. The researcher soon found a bug that allowed him to expand the flawed code beyond the browser, integrating it into apps downloaded from the App Store.

Miller created a proof-of-concept app called “Instastock” to showcase the vulnerability, which was submitted to and approved by Apple to be distributed via the App Store. The simple program appears to be an innocuous stock ticker, but it can leverage the code signing bug to communicate with Miller’s server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos and other files, as well as initiate certain iOS functions like vibrating alerts.

The app has since been pulled and according to his Twitter account, Miller has reportedly been banned from the App Store and kicked out of the iOS Developer Program.

Miller, a former NSA analyst who now works for computer security firm Accuvant, is a prominent Apple researcher who previously exposed the MacBook battery vulnerability and a security hole in the mobile version of Safari.

The researcher has refused to publicly reveal the exploit, reportedly giving Apple time to come up with a fix, though he will announce the specifics at the SysCan conference in Taiwan next week.

Stay tuned for additional details as they become available.

Cocktail 5.0.2 (Lion Edition) released

Posted by:
Date: Wednesday, November 2nd, 2011, 11:20
Category: News, Software

cocktaillogo.jpg

On Wednesday, shareware developer Maintain released version 5.0 of Cocktail (Lion Edition), Cocktail, the popular shareware utility program that allows for additional Mac OS X system tests. The new version, a 2.2 megabyte download, adds the following fixes and features:

- Addresses compatibility issues with the latest versions of Safari, Firefox and Google Chrome.

- Added clearing of the Revir, Imuler and Flashback trojans.

- Miscellaneous bug fixes and overall improvements.

- Added OS X 10.7.2 compatibility.

- Updated Automator actions.

Cocktail 5.0.2 retails for a US$19.00 shareware registration fee and requires Mac OS X 10.7 or later to install and run.

DevilRobber trojan horse for Mac OS X discovered, controls GPU, steals user data

Posted by:
Date: Tuesday, November 1st, 2011, 04:42
Category: News, security, Software

While there may not be that many viruses out there for the Mac, there are still Trojan horse apps to make life a little bit harder.

Here’s another.

Per AppleInsider, a new Trojan horse hidden in a Mac OS X application can steal sensitive user data and take control of the computer’s GPU to generate Bitcoins, a form of currency used online.

In a report released on Saturday, security firm Sophos reported that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.

DevilRobber, also known as “OSX/Miner-D,” can steal usernames and passwords and is capable of spying on users by taking screenshots of their activity and sending the images online. In addition, the Trojan is able to run scripts that can copy information “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history” to a dump.txt file.

The malware has also been found to search for “pthc” files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.

Another unusual feature for the new Trojan is its capability of taking over a Mac’s GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.

Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application that’s compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the user’s digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly valuing one Bitcoin at US$3.20.

In addition to harnessing the power of the GPU to generate more Bitcoins, DevilRobber can also steal the user’s existing Bitcoin wallet if it finds the appropriate files.

Sophos suggests users be aware of signs that point to a malware attack. For example, a malware attack can result in the slowdown of overall computing performance, with affected users reporting sluggishness as the Trojan steals GPU resources for mining purposes.

In order to avoid unwanted DevilRobber installations, Mac users are advised to refrain from downloading software via untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.

Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.

The new malware is the most recent in a wave of programs targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.

Recently various instances of a different, more advanced malware program emerged. “Flashback” posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.

Stay tuned for additional details as they become available.

Apple releases iOS 5 golden master, updated Mac OS X 10.7.2 build to developer community

Posted by:
Date: Wednesday, October 5th, 2011, 04:55
Category: iPad, iPhone, iPod Touch, News, Software

Amidst yesterday’s hubbub about the iPhone 4S, Apple on Tuesday issued the golden master build of iOS 5 to members of its development community, along with a new build of Mac OS X 10.7.2.

Per AppleInsider, sources close to the story said the golden master build of iOS 5 is known as “Build 9A334″. It is said to be labeled as a GM, or golden master, seed, which means that it is likely to be identical to the final version of the software Apple will release to the public.

Those people said there are a handful of fixes contained in the golden master build. For example, the GM build of iOS 5 reportedly fixes an issue that existed when deleting a song or video from the Music and Videos applications on an iOS device, causing it to crash.

Developers are also notified that starting with iOS 5, AirPlay is enabled by default for video content available on applications and websites. Those with access to the golden master have also been advised that the WebKit framework in the latest build more closely matches the engine used in Apple’s Safari 5.1 desktop Web browser.

iOS 5 will be released to the public next Wednesday, Oct. 12. It will be compatible with the iPhone 4, iPhone 3GS, iPad 2, first-generation iPad, fourth-generation iPod touch, and third-generation iPod touch.

On Wednesday Apple released a new build of Mac OS X 10.7.2, known as “Build 11C73″. It is said to not contain any known issues. The forthcoming update to Lion will add support for iCloud.

Stay tuned for additional details as they become available.

Apple releases Mac OS X 10.7.2 build 11C62 to developer community, includes additional iCloud tools

Posted by:
Date: Friday, September 23rd, 2011, 06:05
Category: News, Software

System updates: they’re a good thing.

Per AppleInsider, sources close to the story have stated that Apple has released a new beta of Mac OS X 10.7.2 was supplied to developers on Thursday with no known issues.

The latest build, coined “11C62″, and weighs in at 740.2MB in its delta form. It comes less than a week after the last beta of Mac OS X 10.7.2 was supplied for testing.

The latest Lion betas have included iCloud integration, while previous builds required that developers download a separate installer to test Apple’s forthcoming syncing and storage service.

The new beta comes the same day that Apple has warned developers it will reset all iCloud data. The reset is being done in preparation for the launch of the new free service.

Apple has not officially announced a specific release date for iCloud, and instead revealed in June that the service will become available this fall. It will store content such as photos, e-mail and contacts, and wirelessly push it to devices, including Macs, iPhones and iPads.

People familiar with the beta issued on Thursday said the latest build again has no known issues. The focus areas are said to remain the same as they were previously, and include Address Book, Graphics Drivers, iCal, iChat, iCloud, the Mac App Store, Mail, MobileMe, Safari, Spotlight and Time Machine.

Mac OS X 10.7.2 will likely be released when iCloud and iOS 5 are made available to the public. They are expected to be released at an event rumored to be scheduled for Oct. 4, where Apple is also expected to introduce its fifth-generation iPhone.

Stay tuned for additional details as they become available.

Adobe Reader updated to 10.1.1

Posted by:
Date: Wednesday, September 14th, 2011, 05:42
Category: News, Software

On Wednesday, Adobe released version 10.1.1 of its Adobe Reader application. The update, which can also be snagged through the Adobe Update Utility, adds the following fixes and changes:

- Acrobat fails to display Rupee symbol.

- Unable to see the last item in drop down list when navigating through list with down arrow.

- Custom scan does not work with Acrobat X.

- Comments and Annotations do not work properly in Workspace launched via Safari on a Mac OS.

- A signed PDF can cause the viewer in a browser to crash.

- Submission of signed data in Acrobat X is slow.

- Unable to input using Japanese IME after using drop box with protected mode.

- Opening a PDF with “CR” in its name gives an error to accept license after disabling Protected Mode.

- Closing a form in a browser may cause the browser to hang.

- Protected mode on XP: IME mode remained Half-alphanumeric mode automatically and cannot change back to Hiragana mode again after move mouse focus from dropdown field to Japanese text filed.

- Form data cannot be exported to CSV in some cases.

- Portfolio behavior different from 9.x with respect to coversheets.

- formBridge events not firing in Portfolio loaded within Reader plug-in inside LiveCycle workspace.

- Touching up text causes ligatures to be dropped.

- IE 6 crashes with magnifier when filling out a text field of a table in a form.

- Reader X call to LiveCycle server fails when submitting an authentication call via SOAP.

- PDFMaker hangs while converting an attached Word file with hidden text to pdf.

- PDFMaker for Office 2007 duplicates headings when both normal and custom headings exist in the same document.

- PDFMaker for MS Office 2003: ES2 (LC 9.0) rendition removes spaces between the Kanji character and the English character while converting an MS word file to PDF.

- PDF was displayed in browser window directly instead of embedded in a ZCI html container when ‘Enable Javascript for this document one time.

- Acrobat Updater Resets “Adobe PDF” PostScript Printer Driver Instance Settings.

- The Share Pane has been renamed to “Tools Pane”. The Tools Pane has been renamed to the “Extended Pane” for Adobe Reader (this is only not for Acrobat). This change is designed to facilitate future additions and enhancements to the Tools area.

- The Welcome screen (with the recent file list) can be disabled via three methods:

- Improved stability and integration with MS Outlook on 64 bit systems. 8.x products redirect users to Reader 10.x downloads if new updates are available. Note that 8.x will be end-of-lifed in November, 2011.

- Major changes in the user JavaScript and global variables features as described in the Application Security Guide. If you use these features, you must make changes to your distributed products.

Acrobat Reader 10.1.1 and Acrobat Pro requires an Intel-based processor and Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Apple releases Mac OS X 10.7.2 seed to developers, includes built-in iCloud support for the first time

Posted by:
Date: Monday, September 12th, 2011, 03:54
Category: News, Software

It’s inevitable.

And with system updates, that’s never a bad thing.

Per AppleInsider, Apple on Sunday seeded Mac OS X 10.7.2 beta to developers with support for the beta version of iCloud incorporated directly into the build.

For the first time, the pre-release version, labeled build 11C55, does not require a separate install of iCloud services. No known issues are listed for the beta. Apple reportedly lists iCloud, Address Book, iCal, Mail, Safari, and MobileMe as focus areas for the release.

One source familiar with the matter also indicated that Apple has begun transitioning user accounts from MobileMe to iCloud, allowing the transfer of mail, contacts, and calendars to the iCloud.com.

The last beta release of Mac OS X 10.7.2 came on Sept. 2 and included the 10th test version of iCloud as a separate install.

Developers have seen a steady stream of beta software as Apple gears up for several major releases this fall. The launch of iOS 5 and iCloud will be supported by updated versions of iTunes and Mac OS X. Last Friday, Apple issued a beta release of iTunes 10.5, along with pre-release versions of iWork for iOS. The company also recently extended the test period of its iTunes Match service to additional developers.

Apple launched Mac OS X 10.7 Lion on the Mac App Store in July. The company then updated its flagship desktop operating system to version 10.7.1 in August, adding improvements to Wi-Fi and audio out functionality.

Stay tuned for additional details as they become available.

Apple releases Mac OS X 10.7.1 update

Posted by:
Date: Tuesday, August 16th, 2011, 14:34
Category: News, Software

Late Tuesday, Apple released Mac OS X 10.7.1, the update to its recently-released Mac OS X 10.7 “Lion” operating system. The update, a 79.1 megabyte download, features the following fixes and changes:

- Address an issue that may cause the system to become unresponsive when playing a video in Safari.

- Resolve an issue that may cause system audio to stop working when using HDMI or optical audio out.

- Improve the reliability of Wi-Fi connections.

- Resolve an issue that prevents transfer of your data, settings, and compatible applications to a new Mac running OS X Lion.

The update can be located, downloaded and installed via the Software Update feature in Mac OS X.

Mac OS X 10.7.1 requires an Intel-based Mac running Mac OS X 10.7 to install and run.

If you’ve tried the update and noticed any changes, please let us know in the comments.

Apple releases Lion Recovery Disk Assistant to function with external hard drives

Posted by:
Date: Tuesday, August 9th, 2011, 03:11
Category: News, Software

If your Lion partition is being finicky, this might help.

Per AppleInsider, Apple on Monday released Lion Recovery Disk Assistant software to enable users to create recovery partitions on external drives.

Lion Recovery Disk Assistant expands Apple’s Recovery features in Mac OS X 10.7 Lion to add support for creating a Recovery Disk on external drives. According to Apple’s release notes for the software, the resulting partition has all of the same capabilities as the built-in Lion Recovery: reinstall Lion, repair the disk using Disk Utility, restore from a Time Machine backup, or browse the web with Safari.

Creating an external Lion Recovery using the assistant requires that the Mac already have an existing Recovery HD. The external drive must also have at least 1GB of free space, while Lion Recovery Disk Assistant is a 1.07MB download.

The new partition will not be visible in the Finder or Disk Utility on Mac OS X, but can be accessed by rebooting the Mac while holding the Option key.

Users are warned that the Lion Recovery Disk Assistant will erase all data on the external hard drive. Apple recommends either backing up data or creating a new partition on the drive before running the assistant.

Apple also notes that if the Recovery HD is created for a Mac that shipped with Lion, the external recovery drive can only be used with that system. However, if the the assistant is run on a Mac that upgraded to Lion from Mac OS X Snow Leopard, then the external recovery drives can be used on other systems that upgraded from Snow Leopard.

Max OS X Lion contains a number of advanced Recovery tools, in part because the update is deployed over the Mac App Store, rather than via optical disk as with previous OS X versions. The latest Macs, which ship with Lion pre-installed, include a new Internet Recovery feature that allows users to start a Mac directly from Apple’s servers.

Lion arrived on July 20 and was downloaded more than 1 million times in the first 24 hours. The upgrade contains more than 250 new features, including AirDrop, Mission Control and full-screen apps.

Apple plans to release a US$69 USB thumb drive loaded with Lion on its online store later this month.

Stay tuned for additional details as they become available.