Microsoft Office 2011 updated to 14.1.4

Posted by:
Date: Tuesday, December 13th, 2011, 13:03
Category: News, Software

It’s still not the sexiest update in the world, but it might help a bit.

On Tuesday, Microsoft released its Microsoft Office 2011 14.1.4 update. The update, a 112 megabyte download, adds the following fixes and features:

- This update fixes critical issues and also helps to improve security.

- It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2011 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases Java updates for Mac OS X 10.6, 10.7 operating systems

Posted by:
Date: Wednesday, November 9th, 2011, 04:27
Category: News, Software

applelogo_silver

The fixes, they tend to help.

Late Tuesday, Apple released Java update for Mac OS X 10.6 brings Java SE 5 to 1.6.0_29, providing “improved compatibility, security, and reliability.” The 75.45MB download requires Mac OS X 10.6.4 to install and run.

The company also released Java for OS X Lion Update 1, which updates Java SE 6 to 1.6.0_29 with improved compatibility security and reliability. The download comes in at 62.53MB and requires OS X 10.7 or later to install and run.

Apple has said that the version of Java “that is ported by Apple, and that ships with Mac OS X,” is deprecated. As Apple phases out support, Oracle is expected to step in to maintain Java, which it obtained when it acquired Sun.

The updates can be located, downloaded and installed via Mac OS X’s Software Update feature. If you’ve tried the new versions and have any feedback to offer, please let us know in the comments.

Security researcher Charlie Miller outs iOS code signing flaw, security hole

Posted by:
Date: Tuesday, November 8th, 2011, 05:46
Category: iOS, News, security, Software

It’s hard to say if it’s discouraging to see the iOS get spotted on assorted security failures or reassuring to see that security experts manage to notice these and bring them to the public’s attention.

According to Forbes, Mac hacker and researcher Charlie Miller has reportedly found a way to sneak malware into the App Store and subsequently onto any iOS device by exploiting a flaw in Apple’s restrictions on code signing, allowing the malware to steal user data and take control of certain iOS functions.

Miller explains that code signing restrictions allow only Apple’s approved commands to run in an iOS device’s memory, and submitted apps that violate these rules are not allowed on the App Store. However, he has found a method to bypass Apple’s security by exploiting a bug in iOS code signing that allows an app to download new unapproved commands from a remote computer.

“Now you could have a program in the App Store like Angry Birds that can run new code on your phone that Apple never had a chance to check,” Miller said. “With this bug, you can’t be assured of anything you download from the App Store behaving nicely.”

The flaw was introduced when Apple released iOS 4.3, which increased browser speed by allowing javascript code from the internet to run on a much deeper level in a device’s memory than in previous iterations of the OS. Miller realized that in exchange for speed, Apple created a new exception for the web browser to run unapproved code. The researcher soon found a bug that allowed him to expand the flawed code beyond the browser, integrating it into apps downloaded from the App Store.

Miller created a proof-of-concept app called “Instastock” to showcase the vulnerability, which was submitted to and approved by Apple to be distributed via the App Store. The simple program appears to be an innocuous stock ticker, but it can leverage the code signing bug to communicate with Miller’s server to pull unauthorized commands onto the affected device. From there the program has the ability to send back user data including address book contacts, photos and other files, as well as initiate certain iOS functions like vibrating alerts.

The app has since been pulled and according to his Twitter account, Miller has reportedly been banned from the App Store and kicked out of the iOS Developer Program.

Miller, a former NSA analyst who now works for computer security firm Accuvant, is a prominent Apple researcher who previously exposed the MacBook battery vulnerability and a security hole in the mobile version of Safari.

The researcher has refused to publicly reveal the exploit, reportedly giving Apple time to come up with a fix, though he will announce the specifics at the SysCan conference in Taiwan next week.

Stay tuned for additional details as they become available.

Apple releases second beta of iOS 5.0.1 to developer community, focuses on iPhone 4S battery fix

Posted by:
Date: Friday, November 4th, 2011, 11:16
Category: iPhone, News

The fix, it’s in the works…

Now it’s time for the developers to help out a bit.

Per AppleInsider, Apple is apparently working quickly to publicly release iOS 5.0.1, as evidenced by the company’s second beta in two days released on Friday.

Sources familiar with the latest build made available to iOS developers said it is known as “9A404.” It is available as a download from Apple’s developer site, or as an over-the-air update for those already running the first iOS 5.0.1 beta.

The first iOS 5.0.1 beta was issued on Wednesday with a few hiccups, as some developers said they were unable to activate their devices when updating to the pre-release software. Some developers were incorrectly given the message: “This device is not registered as part of the iPhone Developer Program.”

Apple is working quickly to issue iOS 5.0.1 publicly after the company acknowledged this week that flaws iOS 5 have cause battery life issues for some users. The company said that “a small number of customers” were experiencing the issue, which would be patched through the forthcoming software update.

The first beta of iOS 5.0.1 was labeled build “9A402.” It included a number of improvements listed by Apple:

- Fixes bugs affecting battery life.

- Resolves bugs with Documents in the Cloud.

- Improves voice recognition for Australian users during dictation.

- Contains security improvements.

- iOS 5.0.1 beta introduces a new way for developers to specify files that should remain on device, even in low storage situations.”

Stay tuned for additional details as they become available and if you’ve had a chance to play with the beta on your end, please let us know in the comments.

DevilRobber trojan horse for Mac OS X discovered, controls GPU, steals user data

Posted by:
Date: Tuesday, November 1st, 2011, 04:42
Category: News, security, Software

While there may not be that many viruses out there for the Mac, there are still Trojan horse apps to make life a little bit harder.

Here’s another.

Per AppleInsider, a new Trojan horse hidden in a Mac OS X application can steal sensitive user data and take control of the computer’s GPU to generate Bitcoins, a form of currency used online.

In a report released on Saturday, security firm Sophos reported that DevilRobber, a Trojan horse that can steal sensitive user data, was found hidden inside copies of Graphic Converter 7.4 downloaded from bit-torrent file-sharing sites.

DevilRobber, also known as “OSX/Miner-D,” can steal usernames and passwords and is capable of spying on users by taking screenshots of their activity and sending the images online. In addition, the Trojan is able to run scripts that can copy information “regarding truecrypt data, Vidalia (TOR plugin for Firefox), your Safari browsing history, and .bash_history” to a dump.txt file.

The malware has also been found to search for “pthc” files, a term that is used to describe pre-teen hardcore pornography. It is not known at this time whether one of the secondary features of DevilRobber is to find traces of child abuse on affected computers.

Another unusual feature for the new Trojan is its capability of taking over a Mac’s GPU in order to generate Bitcoins, a digital currency that can be used to perform online instant payments without the oversight of a banking authority.

Users generate Bitcoins on personal computers after installing Bitcoin Miner, an application that’s compatible with Mac, Windows and Linux systems. Once obtained, Bitcoins are stored in the user’s digital wallet and can be used for future online payments. Bitcoins can also be exchanged for actual currency with the current exchange rate reportedly valuing one Bitcoin at US$3.20.

In addition to harnessing the power of the GPU to generate more Bitcoins, DevilRobber can also steal the user’s existing Bitcoin wallet if it finds the appropriate files.

Sophos suggests users be aware of signs that point to a malware attack. For example, a malware attack can result in the slowdown of overall computing performance, with affected users reporting sluggishness as the Trojan steals GPU resources for mining purposes.

In order to avoid unwanted DevilRobber installations, Mac users are advised to refrain from downloading software via untrusted sources, even if they appear to be legitimate. It is not known at this time whether other Mac applications available on torrent sites come bundled with the new Trojan horse.

Apple has yet to acknowledge the new threat, though common anti-virus programs are able to detect DevilRobber.

The new malware is the most recent in a wave of programs targeting an increasing number of Mac owners. Apple recently cleared a threat from a non-functional Chinese Trojan horse that disguised itself as a PDF download.

Recently various instances of a different, more advanced malware program emerged. “Flashback” posed as an Adobe Flash installer, with a later upgraded version programmed to disable the default OS X anti-malware protection thus leaving systems vulnerable to subsequent attacks.

Stay tuned for additional details as they become available.

F-Secure identifies new Mac trojan masquerading as Flash Player update

Posted by:
Date: Thursday, October 20th, 2011, 02:28
Category: News, security, Software

Sometimes you get the feeling that that the security war never really ends.

Per Macworld, F-Secure has reported on a new, scarier-than-usual Mac Trojan horse masquerading as a Flash installer. The downside is that if you do fall victim to the Trojan, it disables your Mac’s automatic malware definition updates.

F-Secure, which has a report on the issue, has dubbed the new pest Trojan-Downloader:OSX/Flashback.C; Macworld reported on a previous version of the malware back in September. A Trojan horse works by fooling you into running it; in this case, Flashback disguises itself as an installer package for Flash Player.

The earlier incarnation of the Flashback Trojan horse sent information about your Mac back to a remote server, which was bad enough, but this new version disables the security definition updating mechanism Apple first introduced in Snow Leopard back in May; the same malware protection is included in Lion, too. If you install the rogue software, it prompts you for your administrator password. Enter that, and Flashback.C wipes out files necessary for the malware definition updating process to run properly.

By disabling the malware definitions update, Flashback.C attempts to ensure that your Mac won’t know about any update Apple releases to remove the malicious software. Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you’ve been infected; the fix involves deleting entries from your browsers’ .plist files. Check out F-Secure’s page if you’re concerned, but you only need to worry if you recently installed Flash Player from a download that you didn’t get from Adobe’s website.

If you’ve seen this trojan on your end or have any feedback on it, please let us know in the comments section.

VLC 1.1.12 update released

Posted by:
Date: Monday, October 10th, 2011, 04:01
Category: News, Software

vlclogo.jpg

Video Lan Client, the nigh-indispensable open source media player for multiple audio and video formats (MPEG, MPEG-2, MPEG-4, Divx, ogg, etc.), was updated to version 1.1.12 The new version, a 31.8 megabyte download, adds the following fixes and changes:

- Bug and security fix release with a improvements for audio output on MacOS and with PulseAudio.

- This release was necessary due to a security issue in the HTTP and RTSP server components, though this does not affect standard usage of the player.

VLC 1.1.12 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Google Chrome updated to 14.0.835.202, resolves security, stability issues

Posted by:
Date: Tuesday, October 4th, 2011, 12:26
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 14.0.835.202 for the Mac. The new version, a 40.5 megabyte download, offers the following changes:

- Contains Adobe Flash Player 11 plus stability and security fixes.

Google Chrome 14.0.835.202 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

Microsoft Office 2011 updated to 14.1.3

Posted by:
Date: Tuesday, September 13th, 2011, 17:01
Category: News, Software

It may not be the sexiest update in the world, but here’s hoping it helps.

On Tuesday, Microsoft released its Microsoft Office 2011 14.1.3 update. The update, a 112 megabyte download, adds the following fixes and features:

- Office documents open in all browsers – This update resolves an issue that causes Office documents not to open in certain browsers.

Improvements for Microsoft PowerPoint for Mac 2011:
- Stability is improved in PowerPoint – This update fixes an issue that causes PowerPoint to close unexpectedly. This issue occurs when you press the Command and Tab keys to open another application when you are in Presenter view.

Improvements for Microsoft Excel for Mac 2011:
- Stability is improved in Excel – This update fixes an issue that causes Excel to close unexpectedly in the following situations:
When you move worksheets to a new worksheet or workbook.
When you save some files.

Improvements for Microsoft Word for Mac 2011:
- Citation options in Dutch appear correctly. This update fixes an issue that causes the Dutch version of Word to change the citation options to English after you install Office for Mac 2011 14.1 Service Pack 1.

- PivotTable field setting enabled.This update enables the PivotTable field setting Show Items with no data.

Improvements for Microsoft Outlook for Mac 2011:
- Contact images display in the Contacts Search boxThis update fixes an issue that causes Outlook not to display contact images in the Contacts Search box.

- Import from Apple Mail is disabled in Outlook on Mac OS X 10.7 LionThis update disables the option to import from Apple Mail in Outlook because it does not work as expected in Mac OS X 10.7 Lion.

- The “Remove from View” option is enabled for shared calendarsThis update fixes an issue that occurs when the user adds shared calendars and opens the contextual menu for the shared calendar. The Remove from View option is disabled from the contextual menu.

- Free/busy information for Exchange 2003-based mailboxes displays correctlyThis update fixes an issues that causes the display of free/busy information for Exchange 2003-based mailboxes to be off by one hour when scheduling a meeting.

- Time zone information is updated. This update provides updated time zone information.

Microsoft Office 2011 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple posts two security-related job openings, looks to be closing holes where present

Posted by:
Date: Tuesday, September 6th, 2011, 04:53
Category: iPhone, News, security

applelogo_silver

If you keep losing an incredibly valuable intellectual property, it might be time to give your security a once-over.

Per PCmag.com, Apple posted two job openings on Thursday for managers of “New Product Security.” While it might be a coincidence that the positions opened up when they did, the job descriptions certainly sound like a response to Apple’s troubles of late for losing test gadgets:

“The candidate will be responsible for overseeing the protection of, and managing risks to, Apple’s unreleased products and related intellectual property,” said the post.

Apple representatives did not immediately respond to a request for comment.

Recently, an iPhone was taken into a San Francisco tequila bar in July by an unidentified Apple employee who somehow lost control of the device. The circumstances were strangely similar to an incident in April 2010, when another Apple employee lost an iPhone 4 prototype in a Bay Area beer garden.

San Francisco Police confirmed last Friday that they assisted an Apple security team to search a home in the city’s Bernal Heights neighborhood where Apple had electronically tracked the phone. The device wasn’t found there.

While it was easy to draw parallels between those two events, there were other signs that Apple’s problems went beyond iPhones. Apple is also apparently working to retrieve a prototype laptop that is in the possession of Carl Frega, a North Carolina resident who said he acquired the unreleased device via a Craigslist ad. He bought the machine thinking it was only good for spare parts.

On the same day that Apple posted the job openings, an Apple store customer was given internal company media and documents by accident after taking his computer in for service in Stamford, Conn. The customer said he was given a hard drive in addition to a computer that was being repaired with the spare drive containing a backup of the store’s internal file server.

This is significant because this is Apple, a company that has forged quite a reputation over the years for effectively keeping its secrets and sticking close to its message.

Stay tuned for additional details as they become available.