Google Chrome updated to 20.0.1132.57

Posted by:
Date: Wednesday, July 11th, 2012, 11:56
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 20.0.1132.57 for the Mac. The new version, a 40.7 megabyte download, offers the following changes:

- Along with security fixes, this build contains an update to Flash player, v8 (3.10.8.20) and couple of stability/bug fixes.

Google Chrome 20.0.1132.57 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Java malware goes live, begins affecting, Mac OS X, Windows, Linux systems

Posted by:
Date: Wednesday, July 11th, 2012, 10:47
Category: News, security, Software

On the plus side, this keeps a security department employed.

Per F-Secure, a new form of browser-based cross-platform malware can give hackers remote access to computers running Apple’s OS X, Microsoft’s Windows, and even Linux.

The multi-platform backdoor malware was disclosed this week by security firm F-Secure. It was originally discovered on a Colombian Transport website, and relies on social engineering to trick users into running a Java Archive file, meaning it is not likely to be a major threat.

However, its cross-platform design is unique. If users grant permission to the Java Archive, the malware will secretly determine whether the user is running a Mac, a Windows PC, or a Linux machine. When running on a Mac, the malware will remotely connect to an IP address through port 8080 to obtain additional code to execute.

Anti-virus maker Sophos said on Wednesday that the new malware has the potential to affect a higher number of people because of its multi-platform strategy. Typically, malware and viruses target Windows PCs, as they represent the overwhelming majority of computers.

“Once it has found out which operating system you are running, the Java class file will download the appropriate flavor of malware, with the intention of opening a backdoor that will give hackers remote access to your computer,” explained Graham Cluley, senior technology consultant with Sophos.

On a Mac, the new malware is defined as “Backdoor:OSX/GetShell.A. According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.

While rare, cross-platform malware attacks are not unheard of. In 2010, a Trojan known as “trojan.osx.boonana.a” was a Java-based exploit that affected both Macs running OS X, as well as Windows PCs.

As Apple’s Mac platform has grown in popularity and outpaced the PC market as a whole, the OS X platform has become a bigger target for hackers. Last month, Apple opted to tone down promotional language on its website that once claimed the Mac “doesn’t get PC viruses.” Apple’s website now says that OS X is “built to be safe.”

That change was made just a few months after more than 600,000 Macs were estimated to have been infected by a trojan horse named “Flashback.” More than half of the Macs believed to be infected by the botnet were found in the U.S. alone before Apple aggressively released a series of software updates to quash the malware.

Stay tuned for additional details as they become available.

Upcoming OS X 10.8 (Mountain Lion) to feature automatic security updates

Posted by:
Date: Tuesday, June 26th, 2012, 06:26
Category: News, security, Software

If you don’t click “Software Update” that often, Apple will do it for you come Mountain Lion.

On Monday, Apple indicated that the company’s upcoming OS X Mountain Lion will feature an automatic security check feature that will ensure users have the most up-to-date software protection amid a growing number of Mac-targeted malware.

As reported by AppleInsider, an update to the Mountain Lion Developer Preview shows a new automated system that runs a daily check with Apple’s servers to make sure OS X 10.8 users have the most current security patches and protections against known malware and viruses.

Called “OS X Security Update Test 1.0,” the automated feature will run either daily or whenever a Mac restarts and has the ability to download and install updates in the background, making the task of manually performing checks less of a necessity.

The new feature also creates a “more secure connection” to Apple’s servers possibly hinting to new encryption technology or more stringent default settings. Also included are the usual stability and general updates for the operating system set for launch in July.

Apple is making security a priority in the next iteration of OS X to counter new threats that continue to crop up as Macs gain a larger user base. In April the highly-publicized Flashback trojan used a Java exploit to spread onto an estimated 600,000 Macs around the world prompting Apple to release both a Java disabler for Safari and a standalone malware uninstaller.

In a related action, Apple notedly toned down the language of its OS X web page, changing the statement that the Mac “doesn’t get PC viruses” to “It’s built to be safe.”

Coming exactly one week after OS X Mountain Lion Developer Preview 4 was released, the new Security Update is available through the Mac App Store and comes in at 1.15 GB.

Stay tuned for additional details as they become available.

Apple requests developers focus on graphics for recent Mac OS X 10.7.5 beta

Posted by:
Date: Wednesday, June 20th, 2012, 06:34
Category: News, Software

The Retina Display is king for Apple, so graphics have to be pretty high up there these days.

Per AppleInsider, Apple supplied its development community with the first beta of OS X 10.7.5, its forthcoming maintenance update to the Lion operating system.

Sources familiar with the beta issued on Tuesday indicated that it is identified as build 11G15. Those testing the software have reportedly been asked to concentrate on testing graphics performance and quality along with networking reliability and performance.

Another area of focus is said to be the importing, editing or viewing of images and media. The delta download is reportedly a 937-megabyte installer, while the combo update weighs in at 1.87 gigabytes.

Details on what exactly has been changed in the first beta of OS X 10.7.5 remain unknown, but any fixes or updates are likely to be relatively insignificant with OS X 10.8 Mountain Lion set to hit the Mac App Store in July.

The most recent update to Lion, OS X 10.7.4, was publicly released in early May. It included a fix for a potential security flaw in FileBug.

Stay tuned for additional details as they become available.

Mozilla releases Firefox 13.0.1 update

Posted by:
Date: Friday, June 15th, 2012, 19:37
Category: News, Software

elfirefox

On Monday, Mozilla.org released version 13.0.1 of its Firefox web browser. The new version, a 30.7 megabyte download and adds the following fixes and changes:

- FIXED – Windows Messenger did not load in Hotmail, and the Hotmail inbox did not auto-update (764546, fixed in 13.0.1).

- FIXED – Hebrew text sometimes rendered incorrectly (756850, fixed in 13.0.1).

- FIXED – Flash 11.3 sometimes caused a crash on quit (747683, fixed in 13.0.1).

- NEW – When opening a new tab, users are now presented with their most visited pages.

- NEW – The default home page now has quicker access to bookmarks, history, settings, and more.

- CHANGED – SPDY protocol now enabled by default for faster browsing on supported sites.

- CHANGED – Restored background tabs are not loaded by default for faster startup.

- CHANGED – Smooth scrolling is now enabled by default.

- DEVELOPER – 72 total improvements to Page Inspector, HTML panel, Style Inspector, Scratchpad and Style Editor.

- DEVELOPER – The column-fill CSS property has been implemented.

- DEVELOPER – Experimental support for ECMAScript 6 Map and Set objects has been implemented.

- DEVELOPER – Support for the CSS3 background-position property extended syntax has been added.

- DEVELOPER – The :invalid pseudo-class can now be applied to the element.

- DEVELOPER – The CSS turn unit is now supported.

- FIXED – Various security fixes.

Known Issues:
- UNRESOLVED – If you try to start Firefox using a locked profile, it will crash (see 573369).

- UNRESOLVED – For some users, scrolling in the main GMail window will be slower than usual (see 579260).

- UNRESOLVED – Windows: The use of Microsoft’s System Restore functionality shortly after updating Firefox may prevent future updates (see 730285).

- UNRESOLVED – OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup (see 752149).

- UNRESOLVED – CSS :hover regression when an element’s class name is set by Javascript (see 758885).

Firefox 13.0.1 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Opera web browser updated to 12.00

Posted by:
Date: Friday, June 15th, 2012, 06:54
Category: News, Software

operalogo

On Thursday, Opera Software released version 12.00 of its web browser. The new version, a 23.3 megabyte download, boasts the following fixes and changes:

New Features:
- Opera now runs plug-ins as a separate process, allowing for more control when a plug-in misbehaves. This feature will enhance security and stability.

- The 64-bit version of Opera will offer performance improvements for some functions and allow Opera more freedom in allocating memory.

- New, lightweight themes make it easier to customize the browser. Install or change themes at the click of a button, without restarting the browser.

Numerous improvements to the address bar have been made:
- Improved address field and address bar drop-down suggestions.

- Smart URL shortening in the address field drop-down.

- The page title and the page excerpt will be used for full page search results
URL and page content columns in the address field drop-down have been combined
Hardware acceleration allows Opera to offload graphics rendering from the processor (CPU) to the graphics card (GPU), making graphics intensive operations such as animations faster.

- RTL support will bring additional stability for certain languages. Persian, Urdu, Hebrew, and Arabic languages added.

- Extensions will now be able to interact with tabs, create tab groups, and manage windows.

- Opera Unite and Opera Widgets will be off by default in Opera 12.00, and will eventually be phased out of the Opera browser in the future. Voice support will be removed as of Opera 12.00, as the voice-detection library is no longer supported by the third-party vendor.

- Opera 12.00 will include changes in the Opera Presto 2.10 engine up to core-integration-point 289.

- Initial support for real-time communication has been added. Allowing the source of HTML5

- Drag and drop enables webpages to have elements that the user can drag from one page to another, or from their desktop to the webpage.

- Support for animations and transitions has been updated and expanded.

- Added support for the Do Not Track (DNT) HTTP header.

- An innovative new set of CSS constructs that allow webpages to be split up into paged media, revolutionizing the Web reading experience.

- CORS enables more secure and flexible communications between websites.

Improvements:
- General and User Interface.

- Appearance dialog improvements and cleanup.

- Sandboxing enabled for Mac App Store builds.

- A custom user agent preference has been added to opera:config.

Display and Scripting:
- Improved pipelining, JavaScript, and Turbo.

Fixes and Changes:
- Mail, News, Chat.

- Removed IRC client, start bar, navigation bar, main bar, and BitTorrent support.

Security:
- Fixed an issue where hidden keyboard navigation could allow cross site scripting or code execution, as reported by Jordi Chancel.

- Fixed an issue where a combination of clicks and key presses could lead to cross site scripting or code execution, as reported by Jordi Chancel.

- Fixed an issue where cross-domain JSON resources may be exposed as JavaScript variable data.

- Fixed an issue where carefully timed reloads, redirects, and navigation could spoof the address field, as reported by Jordi Chancel.

- Fixed a moderate severity issue; details will be disclosed at a later date.

- Fixed an issue where pages could prevent navigation to a target page, spoofing the address field, as reported by Code Audit Labs of vulnhunt.com.

Opera 12.00 is available for free and requires and Intel-based Mac running Mac OS X 10.5 or later to install and run.

Apple releases Java for Mac OS X 10.6 Update 9, Java for Mac OS X Lion 2012-004 updates

Posted by:
Date: Wednesday, June 13th, 2012, 07:50
Category: News, Software

applelogo_silver

You can’t argue with an Apple Java update, especially not in the wake of the Flashback trojan.

Late Tuesday, Apple released Java for Mac OS X 10.6 Update 9, providing “improved reliability, security and compatibility for Java SE 6.” The 76 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-004, which claims to offer improved compatibility, security and reliability for Java SE 6 and updates Java SE 6 to 1.6.0_33. The download comes in at 63.8 megabytes and requires OS X 10.7 or later to install and run.

The updates can also be located, snagged and installed with Mac OS X’s Software Update feature.

If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

Google Chrome updated to 19.0.1084.52

Posted by:
Date: Thursday, May 24th, 2012, 07:46
Category: News, Software

google-chrome-logo

Sorry for the lack of updates yesterday, I was flying across the country and the plane lacked Wi-Fi. During the flight, “The Vow” with Channing Tatum and Rachel McAdams happened to be the in-flight movie, should you choose to plug in headphones and listen to it. During this time, I desperately wanted there to be a director’s cut where the characters are slathered in salmon juice and attacked by irate grizzly bears in every scene…

Google Chrome, Google’s new web browser, just reached version 19.0.1084.52 for the Mac. The new version, a 38.6 megabyte download, offers the following changes:

- [117409] High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community (Brett Wilson).

- [118018] Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno).

- [$1000] [120912] High CVE-2011-3105: Use-after-free in first-letter handling. Credit to miaubiz.

- [122654] Critical CVE-2011-3106: Browser memory corruption with websockets over SSL. Credit to the Chromium development community (Dharani Govindan).

- [124625] High CVE-2011-3107: Crashes in the plug-in JavaScript bindings. Credit to the Chromium development community (Dharani Govindan).

- [$1337] [125159] Critical CVE-2011-3108: Use-after-free in browser cache. Credit to “efbiaiinzinz”.

- [Linux only] [$1000] [126296] High CVE-2011-3109: Bad cast in GTK UI. Credit to Micha Bartholomé.

- [126337] [126343] [126378] [127349] [127819] [127868] High CVE-2011-3110: Out of bounds writes in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

- [$500] [126414] Medium CVE-2011-3111: Invalid read in v8. Credit to Christian Holler.

- [127331] High CVE-2011-3112: Use-after-free with invalid encrypted PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

- [127883] High CVE-2011-3113: Invalid cast with colorspace handling in PDF. Credit to Mateusz Jurczyk of the Google Security Team, with contributions by Gynvael Coldwind of the Google Security Team.

- [128014] High CVE-2011-3114: Buffer overflows with PDF functions. Credit to Google Chrome Security Team (scarybeasts).

- [$1000] [128018] High CVE-2011-3115: Type corruption in v8. Credit to Christian Holler.

Google Chrome 19.0.1084.52 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases Flashback removal tool for Mac OS X 10.5.x operating systems

Posted by:
Date: Tuesday, May 15th, 2012, 05:21
Category: News, security, Software

If you’ve yet to upgrade to Mac OS X 10.6 or Mac OS X 10.7, there’s some good news.

Per Macworld, Apple on Monday released a pair of security updates for the older operating system: Leopard Security Update 2012-003 and Flashback Removal Security Update.

The Leopard Security Update disables older versions of Adobe Flash Player that don’t contain the latest security updates, prompting you to upgrade instead. That mirrors an update Apple offered for Safari on Snow Leopard and Lion last week.

The Flashback Removal Security Update finds and removes the most common variants of that malware; the updater may need to restart your Mac to complete the removal of any malware.

Both updates are available directly from Apple’s website or via Mac OS X’s Software Update feature and require Mac OS X 10.5.8 to install and run.

If you’ve tried the updates/malware removal tools and have any feedback to offer, please let us know in the comments.

Kaspersky Lab to help advice Apple on Mac OS X security

Posted by:
Date: Monday, May 14th, 2012, 10:08
Category: News, security, Software

It never hurts to ask for a helping hand.

Per computing.co.uk, Apple has invited Kaspersky Lab to consult on potential OS X security issues following the aftermath of the largest malware outbreak on the platform.

Kaspersky has begun analyzing the OS X platform at Apple’s request, the company’s chief technology officer, Nikolai Grebennikov, said in an interview with Computing. The Kaspersky executive has publicly called Apple out for not taking security seriously enough.

“Mac OS is really vulnerable, and Apple recently invited us to improve its security,” Grebennikov said. We’ve begun an analysis of its vulnerabilities, and the malware targeting it.”

As one specific security issue with OS X, he noted that Apple has blocked Oracle from directly updating Java on the Mac. Instead, Apple handles the updates, and they typically arrive months after Oracle issues its own patches.

Mac-centric Java development is set to move to Oracle following the latest runtime updates built in-house at Apple. Apple dropped Java from the default installation of OS X 10.7 Lion after the company announced its plans to deprecate the software’s release from the Mac platform.

In April, Oracle released its first Java Development Kit and JavaFX Software Development Kit for Mac users. They arrived one and a half years after Apple announced the depreciation of its own edition of Java for Mac.

Kaspersky’s newfound partnership with Apple comes on the heels of the Flashback malware botnet, which was believed to have infected hundreds of thousands of Macs at its peak. The presence of Flashback was greatly diminished after Apple released a series of software updates to squash the malware, including a Java update and a separate removal tool.

Grebennikov cited the Flashback malware as “a huge sign that Apple’s security model isn’t perfect.” He also predicted that the first malware targeting Apple’s iOS mobile operating system, which powers the iPhone and iPad, will arrive in the next “year or so.”

Stay tuned for additional details as they become available.