Apple releases QuickTime 7.7 for Mac OS X 10.5, Windows users

Posted by:
Date: Thursday, August 4th, 2011, 06:20
Category: News, Software

quicktimelogo.jpg

Late Wednesday, Apple released the latest version of QuickTime, its multimedia support system for Mac OS X and Windows. The new version, known as QuickTime 7.7, is available as a variably-sized download (depending on version chosen through the download page), and improves security and is recommended for all Mac OS X 10.5.x (“Leopard”) users.

The update requires Mac OS X 10.5 or later to install and run and can be located and snagged via Mac OS X’s built-in Software Update feature.

If you’ve tried the update and have any feedback to offer, let us know in the comments.

Google Chrome updated to 13.0.782.107

Posted by:
Date: Wednesday, August 3rd, 2011, 04:21
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 13.0.782.107 for the Mac. The new version, a 42.1 megabyte download, offers the following the following changes:

- Instant Pages.

- Security fixes and improvements.

Google Chrome 13.0.782.107 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

Apple releases iOS 4.3.5 update

Posted by:
Date: Tuesday, July 26th, 2011, 03:38
Category: iOS, iPad, iPhone, iPod Touch, News, security, Software

On Friday, Apple released iOS 4.3.5, the latest incarnation of its iOS operating system for its iPhone, iPod touch and iPad devices. The updates fix a security vulnerability with certificate validation and arrive in two versions, thanks to the different flavors of the iPhone 4. iOS 4.3.5 applies to the iPad and iPad 2, the third- and fourth-generation iPod touch, the iPhone 3GS, and the iPhone 4 (GSM model); users of the CDMA model of the iPhone 4 instead get iOS 4.2.10.

These updates can be snagged by plugging in your respective iOS device and checking for updates in iTunes.

If you’ve tried the updates and noticed any differences, please let us know in the comments.

Security researcher to illustrate MacBook batteries’ vulnerabilities to malware

Posted by:
Date: Monday, July 25th, 2011, 04:19
Category: battery, News, security

In the category of “weird but interesting and mildly disturbing”, a prominent security researcher has discovered a vulnerability in the batteries of Apple’s MacBook line of portable computers that could allow hackers to ruin the batteries or install malware on them that could corrupt a Mac.

Per Forbes, Charlie Miller, a renowned white-hat hacker who works for security firm Accuvant, plans to reveal and offer a fix next month for a MacBook battery vulnerability he has discovered. Miller uncovered default passwords, which are used to access the microcontroller in Apple’s batteries, within a firmware update from 2009 and used them to gain access to the firmware.

Apple and other laptop makers use embedded chips in their lithium ion laptop batteries to monitor its power level, stop and start charging and regulate heat.

During the course of his tests, the researcher “bricked” seven batteries, rendering them unusable by rewriting the firmware. Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.

“These batteries just aren’t designed with the idea that people will mess with them,” he said. “What I’m showing is that it’s possible to use them to do something really bad.” According to him, few IT administrators would think to check the battery, providing hackers with an opportunity to hide malicious software on a battery that could repeatedly implant itself on a computer.

Miller admitted that he hasn’t tried to blow up any batteries, but he did say it might be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he noted. “If you have all this control, you can probably do it.”

Another researcher, Barnaby Jack, who works for antivirus software maker McAfee, also looked into the battery issue a couple years ago, but said he didn’t get as far as Miller did.

Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue. Despite requests from several other researchers not to proceed, he plans to unveil the vulnerability, along with a fix he calls “Caulkgun,” at the Black Hat security conference next month.

“Caulk Gun” will change a battery’s default passwords to a random string of characters. While the fix will prevent hackers from breaking into the battery, it would also block any future firmware updates from Apple.

Stay tuned for additional details as they become available.

Apple releases Java for Mac OS X 10.5 Update 10, Java for Mac OS X 10.6 Update 5

Posted by:
Date: Wednesday, June 29th, 2011, 03:14
Category: News, Software

applelogo_silver

Late Tuesday, Apple released a pair of Java updates for its Mac OS X 10.5 and 10.6 operating systems. The updates (Java for Mac OS X 10.5 Update 10 and Java for Mac OS X 10.6 Update 5) make the same changes and per Macworld, offer “improved compatibility, security, and reliability.” The specifics on how the updates do this are unclear, however, as the release notes for both the 10.6 and 10.5 updates are a little light on the details.

Both updates are available via direct download from their respective web sites or via Mac OS X’s Software Update feature.

The updates require Mac OS X 10.5.8 and Mac OS X 10.6.4 to install and run, respectively.

If you’ve tried the updates and have any feedback to offer, please let us know.

Mozilla releases Firefox 5.0 update

Posted by:
Date: Wednesday, June 22nd, 2011, 03:48
Category: News, Software

elfirefox

Late Tuesday, Mozilla.org released version 5.0 of its Firefox web browser. The new version stands as an 27.8 megabyte download offered the following fixes and changes:

- Added support for CSS animations.

- The Do-Not-Track header preference has been moved to increase discoverability.

- Tuned HTTP idle connection logic for increased performance.

- Improved canvas, JavaScript, memory, and networking performance.

- Improved standards support for HTML5, XHR, MathML, SMIL, and canvas.

- Improved spell checking for some locales.

- Improved desktop environment integration for Linux users.

- WebGL content can no longer load cross-domain textures.

- Background tabs have setTimeout and setInterval clamped to 1000ms to improve performance.

- Fixed several stability issues.

- Fixed several security issues.

Firefox 5.0 requires an Intel-based Mac and Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback, let us know.

Apple patent describes additional security/data scrambling features for lost iPhone handsets

Posted by:
Date: Thursday, June 16th, 2011, 05:11
Category: iPhone, News, Patents

applelogo_silver

If you’re hunting for your lost iPhone, you might have some additional features to work with before long.

Per AppleInsider, Apple has shown interest in giving users the ability to scramble or delete specific data, or even record audio or visual information in the event that an iPhone is lost.

Apple’s new potential security options are detailed in a patent application made public this week. Entitled “Proactive Security for Mobile Devices,” the feature would offer extremely flexible, custom options for security measures on an iPhone.

For example, with specific data such as e-mail, contacts and stored passwords, users could selectively choose to either scramble, delete or ignore the information if the handset is reported stolen or missing.

Users could even choose to deny a potential thief access to certain features of the iPhone, including the ability to make phone calls or access Wi-Fi. Users could also prevent a security breach to a corporate network by having their iPhone automatically change VPN settings once a security risk has been detected.

But a user may also decide to continue to allow some features on a missing device, such as Wi-Fi or GPS, to help track down the handset and identify its location. Keeping that functionality active allows the rightful owner of the device to determine its place on a map.

In one example included in the application, the missing iPhone displays an alert that a secure password must be entered within 60 seconds or location data associated with the handset will be transmitted back to the owner.

If a correct password is not entered in time, the location data will be sent, and the device can also be locked and restricted only to the functionality chosen by the original owner. For example, the device could become password locked, and the only available activity would be to contact the original owner of the iPhone.

Apple’s solution could also utilize the sensors inside of an iPhone to record unusual activity, and alert users that their handset is at security risk, potentially preventing it from being lost forever. Such a system could detect suspicious activities like calls or texts to an unknown number.

If an iPhone is reported stolen, the device could record images and ambient audio. This data could be provided to investigative authorities to help track down the hardware.

These options are more powerful and flexible than the existing Find My iPhone functionality, which late last year Apple made free for all iOS devices. The current service allows users to identify the location of their device, display a message on it, set a passcode lock, or remotely wipe it.

But in its patent application, Apple notes that features like the remote wipe command are an all-or-nothing approach that can be frustrating for users. If a remote wipe is conducted, the user is forced to restore all of the deleted information, which can be inconvenient and time consuming.

Stay tuned for additional details as they become available.

Microsoft releases 14.1.2 update for Office 2011, 12.3.0 update for Office 2008

Posted by:
Date: Wednesday, June 15th, 2011, 03:06
Category: News, Software

On Monday afternoon, Microsoft released version 14.1.2 of its popular Microsoft Office 2011 for Mac suite. The update, a 109 megabyte download, can also be located, snagged and installed via the Microsoft AutoUpdate program, offers the following fixes and changes:

- This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

In an updated security bulletin, the company admitted that a “specially crafted” Excel file could allow unwanted access, thus leading to the updates.

Microsoft Office 2011 requires Mac OS X 10.5.8 or later to install and run and is available for US$149.99 and up depending on the suite purchased.

If you’ve tried the update and noticed any major changes, please let us know.

In other news, Microsoft also released version 12.3.0 of its Office 2008 suite for Mac. The update, a 333 megabyte download, adds the following fixes and changes:

- Improves stability. In addition, it includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2008 12.3.0 requires Mac OS X 10.4 or later to install and run and
Microsoft Office 2008 with Service Pack 1. The update can, of course, be located and installed with the Microsoft AutoUpdate tool.

If you’ve tried the new version and have any comments, let us know in the comments or feedback section.

New “MAC Defender” malware variant surfaces, works way around recent security update

Posted by:
Date: Thursday, June 2nd, 2011, 04:10
Category: News, security, Software

Only one day after Apple released a security update for Mac OS X to address the “MAC Defender” malware, a new variant of the bogus antivirus software has been spotted in the wild.

Per ZDNet, the new variation of MAC Defender, named “Mdinstall.pkg,” has been crafted to bypass the new malware-blocking code made available by Apple. That update for Mac OS X, Security Update 2011-003, was released on Tuesday.

“The file has a date and time stamp from last night at 9:24PM Pacific time,” Bott wrote. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.

“As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple.”

Security Update 2011-003 included changes to the File Quarantine feature found in Mac OS X 10.6 Snow Leopard. It includes anti-malware definitions within the operating system itself, and examines external files downloaded within Mail, iChat, Safari, or other quarantine-aware applications.

The MACDefender malware first gained attention in early May, when it was spotted by an antivirus company. The program automatically downloads in Web browsers through JavaScript and originally required users to enter an administrator password, but a more recent variant does not ask for a password.

Some reports have suggested that the “MAC Defender” malware has spread quickly, with Bott earlier citing an anonymous AppleCare representative that apparently said the “overwhelming majority” of recent calls to Apple were related to the malware. Last week, Apple posted instructions on its site informing users on how to remove the malware.

Stay tuned for additional details as they become available.

New version of “Mac Defender” malware found, lacks administrator password requirement

Posted by:
Date: Thursday, May 26th, 2011, 03:05
Category: News, security, Software

Somewhere, the guys who created this program really DO have a bridge to try and sell you…

Per security firm Intego, a new, more dangerous variant of “MAC Defender,” dubbed “Mac Guard,” has been discovered, the new malware variant lacking the requirement of an administrator password to install.

The discovery was announced on Wednesday, the company commenting that “the first part is a downloader, a tool that, after installation, downloads a payload from a web server,” the security firm said.

“As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted web site,” the firm continued.

No administrator’s password is required to install the application, and if users have Safari’s “Open ‘safe’ files after downloading option checked, the package will open Apple’s Mac OS X installer, and users will see a standard installation screen. However, at this point users must still agree to install the “MAC Defender” malware.

The second part of the malware is a new version called “MacGuard.” The avRunner application automatically downloads “MacGuard,” which, like its predecessor, aims to trick users into providing credit card numbers in exchange for supposedly ridding a users’ systems of “infected” files for a given license fee.

This week, Apple posted a support document on its web site explaining how to remove the “MAC Defender” malware. The company also revealed it will release an update to its Mac OS X operating system that will automatically find and remove the malware.

Some reports have suggested that the “MAC Defender” malware has spread quickly, with one anonymous AppleCare representative claiming that the “overwhelming majority” of recent calls to Apple were related to the malware. The software was first discovered early this month, also by Intego.

While the original variant was categorized as a “low” threat because it requires users to type in an administrator password, the latest version is considered more dangerous, and was ranked with a “medium” risk.

The malware has spread through search engines like Google via a method known as “SEO poisoning.” Using this technique, phony sites are designed to game search engine algorithms and show up when users search for certain topics.