F-Secure identifies new Mac trojan masquerading as Flash Player update

Posted by:
Date: Thursday, October 20th, 2011, 02:28
Category: News, security, Software

Sometimes you get the feeling that that the security war never really ends.

Per Macworld, F-Secure has reported on a new, scarier-than-usual Mac Trojan horse masquerading as a Flash installer. The downside is that if you do fall victim to the Trojan, it disables your Mac’s automatic malware definition updates.

F-Secure, which has a report on the issue, has dubbed the new pest Trojan-Downloader:OSX/Flashback.C; Macworld reported on a previous version of the malware back in September. A Trojan horse works by fooling you into running it; in this case, Flashback disguises itself as an installer package for Flash Player.

The earlier incarnation of the Flashback Trojan horse sent information about your Mac back to a remote server, which was bad enough, but this new version disables the security definition updating mechanism Apple first introduced in Snow Leopard back in May; the same malware protection is included in Lion, too. If you install the rogue software, it prompts you for your administrator password. Enter that, and Flashback.C wipes out files necessary for the malware definition updating process to run properly.

By disabling the malware definitions update, Flashback.C attempts to ensure that your Mac won’t know about any update Apple releases to remove the malicious software. Notably, the Trojan horse bails and deletes itself if you have the Little Snitch app installed.

F-Secure offers removal instructions if you fear you’ve been infected; the fix involves deleting entries from your browsers’ .plist files. Check out F-Secure’s page if you’re concerned, but you only need to worry if you recently installed Flash Player from a download that you didn’t get from Adobe’s website.

If you’ve seen this trojan on your end or have any feedback on it, please let us know in the comments section.

VLC 1.1.12 update released

Posted by:
Date: Monday, October 10th, 2011, 04:01
Category: News, Software

vlclogo.jpg

Video Lan Client, the nigh-indispensable open source media player for multiple audio and video formats (MPEG, MPEG-2, MPEG-4, Divx, ogg, etc.), was updated to version 1.1.12 The new version, a 31.8 megabyte download, adds the following fixes and changes:

- Bug and security fix release with a improvements for audio output on MacOS and with PulseAudio.

- This release was necessary due to a security issue in the HTTP and RTSP server components, though this does not affect standard usage of the player.

VLC 1.1.12 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Google Chrome updated to 14.0.835.202, resolves security, stability issues

Posted by:
Date: Tuesday, October 4th, 2011, 12:26
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 14.0.835.202 for the Mac. The new version, a 40.5 megabyte download, offers the following changes:

- Contains Adobe Flash Player 11 plus stability and security fixes.

Google Chrome 14.0.835.202 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

Microsoft Office 2011 updated to 14.1.3

Posted by:
Date: Tuesday, September 13th, 2011, 17:01
Category: News, Software

It may not be the sexiest update in the world, but here’s hoping it helps.

On Tuesday, Microsoft released its Microsoft Office 2011 14.1.3 update. The update, a 112 megabyte download, adds the following fixes and features:

- Office documents open in all browsers – This update resolves an issue that causes Office documents not to open in certain browsers.

Improvements for Microsoft PowerPoint for Mac 2011:
- Stability is improved in PowerPoint – This update fixes an issue that causes PowerPoint to close unexpectedly. This issue occurs when you press the Command and Tab keys to open another application when you are in Presenter view.

Improvements for Microsoft Excel for Mac 2011:
- Stability is improved in Excel – This update fixes an issue that causes Excel to close unexpectedly in the following situations:
When you move worksheets to a new worksheet or workbook.
When you save some files.

Improvements for Microsoft Word for Mac 2011:
- Citation options in Dutch appear correctly. This update fixes an issue that causes the Dutch version of Word to change the citation options to English after you install Office for Mac 2011 14.1 Service Pack 1.

- PivotTable field setting enabled.This update enables the PivotTable field setting Show Items with no data.

Improvements for Microsoft Outlook for Mac 2011:
- Contact images display in the Contacts Search boxThis update fixes an issue that causes Outlook not to display contact images in the Contacts Search box.

- Import from Apple Mail is disabled in Outlook on Mac OS X 10.7 LionThis update disables the option to import from Apple Mail in Outlook because it does not work as expected in Mac OS X 10.7 Lion.

- The “Remove from View” option is enabled for shared calendarsThis update fixes an issue that occurs when the user adds shared calendars and opens the contextual menu for the shared calendar. The Remove from View option is disabled from the contextual menu.

- Free/busy information for Exchange 2003-based mailboxes displays correctlyThis update fixes an issues that causes the display of free/busy information for Exchange 2003-based mailboxes to be off by one hour when scheduling a meeting.

- Time zone information is updated. This update provides updated time zone information.

Microsoft Office 2011 requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple posts two security-related job openings, looks to be closing holes where present

Posted by:
Date: Tuesday, September 6th, 2011, 04:53
Category: iPhone, News, security

applelogo_silver

If you keep losing an incredibly valuable intellectual property, it might be time to give your security a once-over.

Per PCmag.com, Apple posted two job openings on Thursday for managers of “New Product Security.” While it might be a coincidence that the positions opened up when they did, the job descriptions certainly sound like a response to Apple’s troubles of late for losing test gadgets:

“The candidate will be responsible for overseeing the protection of, and managing risks to, Apple’s unreleased products and related intellectual property,” said the post.

Apple representatives did not immediately respond to a request for comment.

Recently, an iPhone was taken into a San Francisco tequila bar in July by an unidentified Apple employee who somehow lost control of the device. The circumstances were strangely similar to an incident in April 2010, when another Apple employee lost an iPhone 4 prototype in a Bay Area beer garden.

San Francisco Police confirmed last Friday that they assisted an Apple security team to search a home in the city’s Bernal Heights neighborhood where Apple had electronically tracked the phone. The device wasn’t found there.

While it was easy to draw parallels between those two events, there were other signs that Apple’s problems went beyond iPhones. Apple is also apparently working to retrieve a prototype laptop that is in the possession of Carl Frega, a North Carolina resident who said he acquired the unreleased device via a Craigslist ad. He bought the machine thinking it was only good for spare parts.

On the same day that Apple posted the job openings, an Apple store customer was given internal company media and documents by accident after taking his computer in for service in Stamford, Conn. The customer said he was given a hard drive in addition to a computer that was being repaired with the spare drive containing a backup of the store’s internal file server.

This is significant because this is Apple, a company that has forged quite a reputation over the years for effectively keeping its secrets and sticking close to its message.

Stay tuned for additional details as they become available.

Apple loses iPhone 5 prototype, manages to locate it within days

Posted by:
Date: Thursday, September 1st, 2011, 03:31
Category: iPhone, News

Ok, this is odd.

Remember when an Apple employee lost an iPhone 4 prototype in a bar last year and the company was, well, mildly upset regarding the aftermath?

It’s happened again.

In a bizarre repeat of a high-profile incident last year, an Apple employee once again appears to have lost an unreleased iPhone in a bar.

Per CNET, the errant iPhone, which went missing in San Francisco’s Mission district in late July, sparked a scramble by Apple security to recover the device over the next few days, according to a source familiar with the investigation.

Last year, an iPhone 4 prototype was bought by a gadget blog that paid US$5,000 in cash. This year’s lost phone seems to have taken a more mundane path: it was taken from a Mexican restaurant and bar and may have been sold on Craigslist for US$200. Still unclear are details about the device, what version of the iOS operating system it was running, and what it looks like.

Apple declined to comment after being contacted this morning. A spokesman for the San Francisco Police Department said the company did not file a police report based on the loss at the bar. Craigslist did not respond to requests for comment.

A day or two after the phone was lost at San Francisco’s Cava 22, which describes itself as a “tequila lounge” that also serves lime-marinated shrimp ceviche, Apple representatives contacted San Francisco police, saying the device was priceless and the company was desperate to secure its safe return, the source said.

Apple electronically traced the phone to a two-floor, single-family home in San Francisco’s Bernal Heights neighborhood, according to the source. When San Francisco police and Apple’s investigators visited the house, they spoke with a man in his twenties who acknowledged being at Cava 22 on the night the device went missing. But he denied knowing anything about the phone. The man gave police permission to search the house, and they found nothing, the source said. Before leaving the house, the Apple employees offered the man money for the phone no questions asked, the source said, adding that the man continued to deny he had knowledge of the phone.

In an interview this afternoon, Jose Valle told CNET that neither the police nor Apple security ever contacted him. Valle, who owns the bar with his family, said however does he remember a man calling multiple times about a lost iPhone about a month ago. He told the man he would call him back if he ever found the phone.
“I guess I have to make my drinks a little less strong,” Valle said.

After last year’s embarrassing loss, Apple reportedly has taken extraordinary steps to protect its prototype devices from leaks. Next-generation iPhones are sent to carriers for testing “inside locked and sealed boxes so that the carriers can carry out checks on their network compatibility in their labs,” according to the Guardian.

Apple developers have been given new iPhones with an upgraded processor — the one that is used in the iPad 2 and is expected to appear in the next-generation iPhone. But the device “is virtually identical to the iPhone 4, and there is no way anyone can tell it’s not an iPhone 4 based on the phone’s exterior,” according to a report at 9to5Mac.com. Even last year’s prototype was enclosed in a case designed to make it look like an iPhone 3GS.

Stay tuned for additional details as they become available.

Mozilla releases Firefox 6.0.1 update

Posted by:
Date: Wednesday, August 31st, 2011, 10:52
Category: News, Software

elfirefox

Late Sunday, Mozilla.org released version 6.0.1 of its Firefox web browser. The new version stands as an 28.1 megabyte download offered the following change:

- Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug 682927 and the security advisory).

Firefox 6.0.1 requires an Intel-based Mac and Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback, let us know.

Apple gives internship to 19-year-old jailbreak prodigy

Posted by:
Date: Friday, August 26th, 2011, 04:46
Category: iPhone, News, security

If you’re a good enough hacker and sort of threaten Apple’s warranties to a certain degree, the company might just give you an internship.

According to his Twitter feed, 19-year old Nicholas Allegra, announced that he will start an internship with Apple “the week after next.” Allegra gained notoriety last year when, as a member of the iPhone Dev Team, he released a web-based JailbreakMe exploit for the iPhone 4.



Jailbreaking refers to the process of hacking iOS to allowed users to install custom software and tweaks without Apple’s permission. Performing a jailbreak can, however, void Apple’s warranty for the device.

Allegra made waves again last month when he released an updated version of JailbreakMe for iOS 4.3.3.

According to a profile on him by Forbes earlier this month, Allegra has been on leave from Brown University since last winter while looking for an internship.

The hacker expressed that he’s not sure why he has such a knack for circumventing Apple’s security measures. “It feels like editing an English paper,” Allegra said. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

Charlie Miller, a former National Security Agency analyst and one of the first people to hack the original iPhone in 2007, was impressed by Allegra’s hack. “I didn’t think anyone would be able to do what he’s done for years,” he said. “Now it’s been done by some kid we had never even heard of. He’s totally blown me away.”

Security researcher Dino Dai Zovi has compared Allegra’s hacking skills to those of government-sponsored “advanced-persistent threat” hackers. “He’s probably five years ahead of them,” he remarked.

Allegra taught himself to program when he was just 9 years old. “By the time I took a computer science class in high school, I already knew everything,” he said. As a self-professed Apple “fanboy,” he confessed that he hacks the iPhone because he likes the challenge.

“I didn’t come out of the same background as the rest of the security community,” he added. “So to them I seem to have come out of nowhere.”

Last year, the U.S. government approved an exemption that made it legal for iPhone owners to jailbreak and carrier unlock their devices.

Apple’s relationship with the jailbreak community has been likened to a game of cat and mouse. The iPhone Dev Team published a post, entitled “The coolest cat,” to their blog on Wednesday with an image of the iconic Tom and Jerry cat and mouse cartoon characters and the note “We loved the chase! Good luck, Steve.” The well-wishes were addressed to Apple co-founder Steve Jobs, who announced on Wednesday his resignation as CEO of the company.

Stay tuned for additional details as they become available.

Apple to officially end MobileMe sync for certain features in iCloud transition

Posted by:
Date: Monday, August 8th, 2011, 03:52
Category: News, Software

Apple’s transition to the iCloud is coming and it won’t always be easy…

Per AppleInsider, while many of the features of MobileMe are simply being upgraded in the move to iCloud, Apple has previously noted that Gallery, iDisk and iWeb are on the chopping block. Now, the company has further made it clear that data sync features will also be canceled in its iCloud transition steps.

A key feature of .Mac and later MobileMe was the cloud integration of iSync, Apple’s Mac-centric tool for keeping data in sync among a variety of devices as part of its “digital hub strategy” first unveiled a decade ago. The data sync of .Mac and subsequently MobileMe moved the “truth database” from the user’s Mac into the cloud, making it possible to sync additional types of data between Macs.

MobileMe currently allows a user to sync a variety of settings between Macs, including the layout of Dashboard widgets, Dock items, passwords and credentials saved in the Keychain, email account information including Mail Rules, Signatures and Smart Mailboxes, and System Preferences.

However, all of these features will terminate as soon as a user migrates from MobileMe to the new iCloud, according to Apple’s transition pages at me.com/move.

Other MobileMe features that are not being carried forward into iCloud include Gallery media hosting, iDisk cloud storage and its integrated iWeb web hosting, will be continued for exiting MobileMe subscribers until June 30 of 2012, even after migrating other data to iCloud. These features are easy to maintain independently from iCloud, because there is no direct equivalent in iCloud.

Gallery media hosting is being dramatically reworked as a Photo Stream feature, a push updating feature that presents a user’s photos on the mobile devices, Mac photo albums, and on Apple TV rather than via a web site. Similarly, iDisk is making way for an entirely new type of document and data updating that focuses on a users’ own hardware rather than web-centric hosting.

The iCloud migration process is currently only open to developers, as it requires users to have iOS 5 beta 5 on their mobile devices, Mac OS X Lion 10.7.2 with the iCloud for Os X Lion beta 6 package on their Macs, and the iCloud Control Panel for Windows beta 4 running on any PCs they use.

Apple notes that while Mail, Contacts and Calendars can be migrated from MobileMe to iCloud, shared calendars may be affected in the move, while Bookmarks will simply be imported from a client system. This indicates the reduction in data supported in the transition to iCloud may largely be explained by Apple’s hopes to keep the migration as simple and problem-free as possible, avoiding the issues users had in the move from .Mac to MobileMe.

Another reason for the shift in features between MobileMe and iCloud may be explained by the underlying security changes that differentiate the wide open iDisk from the carefully sandboxed design of iCloud’s Documents & Data.

Currently, data synced to MobileMe by Mac OS X Sync Services is copied into openly accessible folders. It is likely Apple hopes to completely secure all iCloud data to avoid any embarrassing lapses and contain sensitive data from potential malware attacks. Individual apps, such as Keychain Access, Launchpad and System Preferences, may be modified in the future to take advantage of iCloud’s key value data store, duplicating the old MobileMe features in a more secure fashion.

Stay tuned for additional details as they become available.

Apple releases QuickTime 7.7 for Mac OS X 10.5, Windows users

Posted by:
Date: Thursday, August 4th, 2011, 06:20
Category: News, Software

quicktimelogo.jpg

Late Wednesday, Apple released the latest version of QuickTime, its multimedia support system for Mac OS X and Windows. The new version, known as QuickTime 7.7, is available as a variably-sized download (depending on version chosen through the download page), and improves security and is recommended for all Mac OS X 10.5.x (“Leopard”) users.

The update requires Mac OS X 10.5 or later to install and run and can be located and snagged via Mac OS X’s built-in Software Update feature.

If you’ve tried the update and have any feedback to offer, let us know in the comments.