Apple requests developers focus on graphics for recent Mac OS X 10.7.5 beta

Posted by:
Date: Wednesday, June 20th, 2012, 06:34
Category: News, Software

The Retina Display is king for Apple, so graphics have to be pretty high up there these days.

Per AppleInsider, Apple supplied its development community with the first beta of OS X 10.7.5, its forthcoming maintenance update to the Lion operating system.

Sources familiar with the beta issued on Tuesday indicated that it is identified as build 11G15. Those testing the software have reportedly been asked to concentrate on testing graphics performance and quality along with networking reliability and performance.

Another area of focus is said to be the importing, editing or viewing of images and media. The delta download is reportedly a 937-megabyte installer, while the combo update weighs in at 1.87 gigabytes.

Details on what exactly has been changed in the first beta of OS X 10.7.5 remain unknown, but any fixes or updates are likely to be relatively insignificant with OS X 10.8 Mountain Lion set to hit the Mac App Store in July.

The most recent update to Lion, OS X 10.7.4, was publicly released in early May. It included a fix for a potential security flaw in FileBug.

Stay tuned for additional details as they become available.

Mozilla releases Firefox 13.0.1 update

Posted by:
Date: Friday, June 15th, 2012, 19:37
Category: News, Software

elfirefox

On Monday, Mozilla.org released version 13.0.1 of its Firefox web browser. The new version, a 30.7 megabyte download and adds the following fixes and changes:

- FIXED – Windows Messenger did not load in Hotmail, and the Hotmail inbox did not auto-update (764546, fixed in 13.0.1).

- FIXED – Hebrew text sometimes rendered incorrectly (756850, fixed in 13.0.1).

- FIXED – Flash 11.3 sometimes caused a crash on quit (747683, fixed in 13.0.1).

- NEW – When opening a new tab, users are now presented with their most visited pages.

- NEW – The default home page now has quicker access to bookmarks, history, settings, and more.

- CHANGED – SPDY protocol now enabled by default for faster browsing on supported sites.

- CHANGED – Restored background tabs are not loaded by default for faster startup.

- CHANGED – Smooth scrolling is now enabled by default.

- DEVELOPER – 72 total improvements to Page Inspector, HTML panel, Style Inspector, Scratchpad and Style Editor.

- DEVELOPER – The column-fill CSS property has been implemented.

- DEVELOPER – Experimental support for ECMAScript 6 Map and Set objects has been implemented.

- DEVELOPER – Support for the CSS3 background-position property extended syntax has been added.

- DEVELOPER – The :invalid pseudo-class can now be applied to the element.

- DEVELOPER – The CSS turn unit is now supported.

- FIXED – Various security fixes.

Known Issues:
- UNRESOLVED – If you try to start Firefox using a locked profile, it will crash (see 573369).

- UNRESOLVED – For some users, scrolling in the main GMail window will be slower than usual (see 579260).

- UNRESOLVED – Windows: The use of Microsoft’s System Restore functionality shortly after updating Firefox may prevent future updates (see 730285).

- UNRESOLVED – OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup (see 752149).

- UNRESOLVED – CSS :hover regression when an element’s class name is set by Javascript (see 758885).

Firefox 13.0.1 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Opera web browser updated to 12.00

Posted by:
Date: Friday, June 15th, 2012, 06:54
Category: News, Software

operalogo

On Thursday, Opera Software released version 12.00 of its web browser. The new version, a 23.3 megabyte download, boasts the following fixes and changes:

New Features:
- Opera now runs plug-ins as a separate process, allowing for more control when a plug-in misbehaves. This feature will enhance security and stability.

- The 64-bit version of Opera will offer performance improvements for some functions and allow Opera more freedom in allocating memory.

- New, lightweight themes make it easier to customize the browser. Install or change themes at the click of a button, without restarting the browser.

Numerous improvements to the address bar have been made:
- Improved address field and address bar drop-down suggestions.

- Smart URL shortening in the address field drop-down.

- The page title and the page excerpt will be used for full page search results
URL and page content columns in the address field drop-down have been combined
Hardware acceleration allows Opera to offload graphics rendering from the processor (CPU) to the graphics card (GPU), making graphics intensive operations such as animations faster.

- RTL support will bring additional stability for certain languages. Persian, Urdu, Hebrew, and Arabic languages added.

- Extensions will now be able to interact with tabs, create tab groups, and manage windows.

- Opera Unite and Opera Widgets will be off by default in Opera 12.00, and will eventually be phased out of the Opera browser in the future. Voice support will be removed as of Opera 12.00, as the voice-detection library is no longer supported by the third-party vendor.

- Opera 12.00 will include changes in the Opera Presto 2.10 engine up to core-integration-point 289.

- Initial support for real-time communication has been added. Allowing the source of HTML5

- Drag and drop enables webpages to have elements that the user can drag from one page to another, or from their desktop to the webpage.

- Support for animations and transitions has been updated and expanded.

- Added support for the Do Not Track (DNT) HTTP header.

- An innovative new set of CSS constructs that allow webpages to be split up into paged media, revolutionizing the Web reading experience.

- CORS enables more secure and flexible communications between websites.

Improvements:
- General and User Interface.

- Appearance dialog improvements and cleanup.

- Sandboxing enabled for Mac App Store builds.

- A custom user agent preference has been added to opera:config.

Display and Scripting:
- Improved pipelining, JavaScript, and Turbo.

Fixes and Changes:
- Mail, News, Chat.

- Removed IRC client, start bar, navigation bar, main bar, and BitTorrent support.

Security:
- Fixed an issue where hidden keyboard navigation could allow cross site scripting or code execution, as reported by Jordi Chancel.

- Fixed an issue where a combination of clicks and key presses could lead to cross site scripting or code execution, as reported by Jordi Chancel.

- Fixed an issue where cross-domain JSON resources may be exposed as JavaScript variable data.

- Fixed an issue where carefully timed reloads, redirects, and navigation could spoof the address field, as reported by Jordi Chancel.

- Fixed a moderate severity issue; details will be disclosed at a later date.

- Fixed an issue where pages could prevent navigation to a target page, spoofing the address field, as reported by Code Audit Labs of vulnhunt.com.

Opera 12.00 is available for free and requires and Intel-based Mac running Mac OS X 10.5 or later to install and run.

Apple releases Java for Mac OS X 10.6 Update 9, Java for Mac OS X Lion 2012-004 updates

Posted by:
Date: Wednesday, June 13th, 2012, 07:50
Category: News, Software

applelogo_silver

You can’t argue with an Apple Java update, especially not in the wake of the Flashback trojan.

Late Tuesday, Apple released Java for Mac OS X 10.6 Update 9, providing “improved reliability, security and compatibility for Java SE 6.” The 76 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-004, which claims to offer improved compatibility, security and reliability for Java SE 6 and updates Java SE 6 to 1.6.0_33. The download comes in at 63.8 megabytes and requires OS X 10.7 or later to install and run.

The updates can also be located, snagged and installed with Mac OS X’s Software Update feature.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 19.0.1084.52

Posted by:
Date: Thursday, May 24th, 2012, 07:46
Category: News, Software

google-chrome-logo

Sorry for the lack of updates yesterday, I was flying across the country and the plane lacked Wi-Fi. During the flight, “The Vow” with Channing Tatum and Rachel McAdams happened to be the in-flight movie, should you choose to plug in headphones and listen to it. During this time, I desperately wanted there to be a director’s cut where the characters are slathered in salmon juice and attacked by irate grizzly bears in every scene…

Google Chrome, Google’s new web browser, just reached version 19.0.1084.52 for the Mac. The new version, a 38.6 megabyte download, offers the following changes:

- [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).

- [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).

- [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.

- [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).

- [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).

- [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.

- [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.

- [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

- [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.

- [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

- [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

- [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).

- [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Google Chrome 19.0.1084.52 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases Flashback removal tool for Mac OS X 10.5.x operating systems

Posted by:
Date: Tuesday, May 15th, 2012, 05:21
Category: News, security, Software

If you’ve yet to upgrade to Mac OS X 10.6 or Mac OS X 10.7, there’s some good news.

Per Macworld, Apple on Monday released a pair of security updates for the older operating system: Leopard Security Update 2012-003 and Flashback Removal Security Update.

The Leopard Security Update disables older versions of Adobe Flash Player that don’t contain the latest security updates, prompting you to upgrade instead. That mirrors an update Apple offered for Safari on Snow Leopard and Lion last week.

The Flashback Removal Security Update finds and removes the most common variants of that malware; the updater may need to restart your Mac to complete the removal of any malware.

Both updates are available directly from Apple’s website or via Mac OS X’s Software Update feature and require Mac OS X 10.5.8 to install and run.

If you’ve tried the updates/malware removal tools and have any feedback to offer, please let us know in the comments.

Kaspersky Lab to help advice Apple on Mac OS X security

Posted by:
Date: Monday, May 14th, 2012, 10:08
Category: News, security, Software

It never hurts to ask for a helping hand.

Per computing.co.uk, Apple has invited Kaspersky Lab to consult on potential OS X security issues following the aftermath of the largest malware outbreak on the platform.

Kaspersky has begun analyzing the OS X platform at Apple’s request, the company’s chief technology officer, Nikolai Grebennikov, said in an interview with Computing. The Kaspersky executive has publicly called Apple out for not taking security seriously enough.

“Mac OS is really vulnerable, and Apple recently invited us to improve its security,” Grebennikov said. We’ve begun an analysis of its vulnerabilities, and the malware targeting it.”

As one specific security issue with OS X, he noted that Apple has blocked Oracle from directly updating Java on the Mac. Instead, Apple handles the updates, and they typically arrive months after Oracle issues its own patches.

Mac-centric Java development is set to move to Oracle following the latest runtime updates built in-house at Apple. Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced its plans to deprecate the software’s release from the Mac platform.

In April, Oracle released its first Java Development Kit and JavaFX Software Development Kit for Mac users. They arrived one and a half years after Apple announced the depreciation of its own edition of Java for Mac.

Kaspersky’s newfound partnership with Apple comes on the heels of the Flashback malware botnet, which was believed to have infected hundreds of thousands of Macs at its peak. The presence of Flashback was greatly diminished after Apple released a series of software updates to squash the malware, including a Java update and a separate removal tool.

Grebennikov cited the Flashback malware as “a huge sign that Apple’s security model isn’t perfect.” He also predicted that the first malware targeting Apple’s iOS mobile operating system, which powers the iPhone and iPad, will arrive in the next “year or so.”

Stay tuned for additional details as they become available.

Microsoft releases Office 2011 14.2.2, Microsoft Office 2008 12.3.3 updates for Mac

Posted by:
Date: Tuesday, May 8th, 2012, 12:14
Category: News, Software

On Tuesday, Microsoft released its Microsoft Office 2011 14.2.2 update. The update, a 110 megabyte download, adds the following fixes and features:

- This update includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2011 14.2.2 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run and for the Service Pack 1 updater to have been previously installed.

The company also released version 12.3.3 of its Microsoft Office 2008 suite for Mac. The update, a 217.9 megabyte download, offers the following fixes and features:

- The update includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2008 12.3.3 requires Mac OS X 10.4.9 or later to install and run.

If you’ve tried the update and have anything to report back, let us know.

Google Chrome updated to 18.0.1025.168

Posted by:
Date: Tuesday, May 1st, 2012, 06:04
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 18.0.1025.168 for the Mac. The new version, a 35.4 megabyte download, offers the following changes:

- Security and bug fixes.

Google Chrome 18.0.1025.168 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Dr. Web points out dormant nature of Flashback, cites that malware could remain on 650,000 Macs

Posted by:
Date: Tuesday, April 24th, 2012, 06:13
Category: News, security, Software

Well, this is a bit of a kick in the head.

Per Russian security company Dr. Web and Macworld, the Mac Flashback Trojan horse was still installed on more than half a million Apple computers late last week and is declining only slowly.

Although all security companies now agree that the best days for Flashback (or “Flashflake”) are now behind it, the new numbers suggest a greater level of infection than that has been reported by rivals.

Measured by UUID device identifiers, Dr. Web now believes that at its greatest extent, the bot controlled around 817,000 machines, with an average of 550,000 contacting the command and control servers during any 24-hour period.

By April 19, the bot was communicating with 566,000 Macs, down from 673,000 three days earlier, still considerably higher than Symantec’s estimate last week that the bot’s size had shrunk to 270,000 infected systems, and Kaspersky’s figure of 237,000 on April 14 and 15.

Some of the confusion could be down to measuring the bot using either IP addresses or device IDs (UUIDs), and doing so at different points in time.

However, Dr. Web thinks it has a better explanation for the understands this discrepancy, which, it said, has to do with attempts by an unnamed entity (presumably a security company) to block the bot’s activity.

Infected bots had been connecting to a server at 74.207.249.7, which was putting them into a suspended state. All machines doing this would no longer be able to communicate and be registered as ‘active’ by security company sinkholes despite still being infected.

“This is the cause of controversial statistics on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of Backdoor.Flashback.39 bots, on the other hand, Dr. Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably,” the company argued.

At least one security company—Mac security specialist Intego—agrees with Dr. Web’s contention that Flashback’s infection numbers have recently been underestimated.

“Intego has analyzed the malware, and, following discussions with other security companies, has determined that not only are these numbers [the lower estimates] incorrect, they are underestimating the number of infected Macs,” the company announced in a Friday blog post.

If this is correct, it does at least mean that while infected, these machines are now dormant and presumably beyond the control of the bot controllers.

On Friday, Kaspersky offered more information on how the malware was able to infect its victims through WordPress blog sites that had been compromised to host a malware redirection script.

Stay tuned for additional details and if you haven’t downloaded the latest security updates through Mac OS X’s built-in Software Update feature to help nix the Flashback malware on your Mac.