Apple patent describes additional security/data scrambling features for lost iPhone handsets

Posted by:
Date: Thursday, June 16th, 2011, 05:11
Category: iPhone, News, Patents

applelogo_silver

If you’re hunting for your lost iPhone, you might have some additional features to work with before long.

Per AppleInsider, Apple has shown interest in giving users the ability to scramble or delete specific data, or even record audio or visual information in the event that an iPhone is lost.

Apple’s new potential security options are detailed in a patent application made public this week. Entitled “Proactive Security for Mobile Devices,” the feature would offer extremely flexible, custom options for security measures on an iPhone.

For example, with specific data such as e-mail, contacts and stored passwords, users could selectively choose to either scramble, delete or ignore the information if the handset is reported stolen or missing.

Users could even choose to deny a potential thief access to certain features of the iPhone, including the ability to make phone calls or access Wi-Fi. Users could also prevent a security breach to a corporate network by having their iPhone automatically change VPN settings once a security risk has been detected.

But a user may also decide to continue to allow some features on a missing device, such as Wi-Fi or GPS, to help track down the handset and identify its location. Keeping that functionality active allows the rightful owner of the device to determine its place on a map.

In one example included in the application, the missing iPhone displays an alert that a secure password must be entered within 60 seconds or location data associated with the handset will be transmitted back to the owner.

If a correct password is not entered in time, the location data will be sent, and the device can also be locked and restricted only to the functionality chosen by the original owner. For example, the device could become password locked, and the only available activity would be to contact the original owner of the iPhone.

Apple’s solution could also utilize the sensors inside of an iPhone to record unusual activity, and alert users that their handset is at security risk, potentially preventing it from being lost forever. Such a system could detect suspicious activities like calls or texts to an unknown number.

If an iPhone is reported stolen, the device could record images and ambient audio. This data could be provided to investigative authorities to help track down the hardware.

These options are more powerful and flexible than the existing Find My iPhone functionality, which late last year Apple made free for all iOS devices. The current service allows users to identify the location of their device, display a message on it, set a passcode lock, or remotely wipe it.

But in its patent application, Apple notes that features like the remote wipe command are an all-or-nothing approach that can be frustrating for users. If a remote wipe is conducted, the user is forced to restore all of the deleted information, which can be inconvenient and time consuming.

Stay tuned for additional details as they become available.

Microsoft releases 14.1.2 update for Office 2011, 12.3.0 update for Office 2008

Posted by:
Date: Wednesday, June 15th, 2011, 03:06
Category: News, Software

On Monday afternoon, Microsoft released version 14.1.2 of its popular Microsoft Office 2011 for Mac suite. The update, a 109 megabyte download, can also be located, snagged and installed via the Microsoft AutoUpdate program, offers the following fixes and changes:

- This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

In an updated security bulletin, the company admitted that a “specially crafted” Excel file could allow unwanted access, thus leading to the updates.

Microsoft Office 2011 requires Mac OS X 10.5.8 or later to install and run and is available for US$149.99 and up depending on the suite purchased.

If you’ve tried the update and noticed any major changes, please let us know.

In other news, Microsoft also released version 12.3.0 of its Office 2008 suite for Mac. The update, a 333 megabyte download, adds the following fixes and changes:

- Improves stability. In addition, it includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2008 12.3.0 requires Mac OS X 10.4 or later to install and run and
Microsoft Office 2008 with Service Pack 1. The update can, of course, be located and installed with the Microsoft AutoUpdate tool.

If you’ve tried the new version and have any comments, let us know in the comments or feedback section.

New “MAC Defender” malware variant surfaces, works way around recent security update

Posted by:
Date: Thursday, June 2nd, 2011, 04:10
Category: News, security, Software

Only one day after Apple released a security update for Mac OS X to address the “MAC Defender” malware, a new variant of the bogus antivirus software has been spotted in the wild.

Per ZDNet, the new variation of MAC Defender, named “Mdinstall.pkg,” has been crafted to bypass the new malware-blocking code made available by Apple. That update for Mac OS X, Security Update 2011-003, was released on Tuesday.

“The file has a date and time stamp from last night at 9:24PM Pacific time,” Bott wrote. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.

“As PC virus experts know, this cat-and-mouse game can go on indefinitely. Your move, Apple.”

Security Update 2011-003 included changes to the File Quarantine feature found in Mac OS X 10.6 Snow Leopard. It includes anti-malware definitions within the operating system itself, and examines external files downloaded within Mail, iChat, Safari, or other quarantine-aware applications.

The MACDefender malware first gained attention in early May, when it was spotted by an antivirus company. The program automatically downloads in Web browsers through JavaScript and originally required users to enter an administrator password, but a more recent variant does not ask for a password.

Some reports have suggested that the “MAC Defender” malware has spread quickly, with Bott earlier citing an anonymous AppleCare representative that apparently said the “overwhelming majority” of recent calls to Apple were related to the malware. Last week, Apple posted instructions on its site informing users on how to remove the malware.

Stay tuned for additional details as they become available.

New version of “Mac Defender” malware found, lacks administrator password requirement

Posted by:
Date: Thursday, May 26th, 2011, 03:05
Category: News, security, Software

Somewhere, the guys who created this program really DO have a bridge to try and sell you…

Per security firm Intego, a new, more dangerous variant of “MAC Defender,” dubbed “Mac Guard,” has been discovered, the new malware variant lacking the requirement of an administrator password to install.

The discovery was announced on Wednesday, the company commenting that “the first part is a downloader, a tool that, after installation, downloads a payload from a web server,” the security firm said.

“As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted web site,” the firm continued.

No administrator’s password is required to install the application, and if users have Safari’s “Open ‘safe’ files after downloading option checked, the package will open Apple’s Mac OS X installer, and users will see a standard installation screen. However, at this point users must still agree to install the “MAC Defender” malware.

The second part of the malware is a new version called “MacGuard.” The avRunner application automatically downloads “MacGuard,” which, like its predecessor, aims to trick users into providing credit card numbers in exchange for supposedly ridding a users’ systems of “infected” files for a given license fee.

This week, Apple posted a support document on its web site explaining how to remove the “MAC Defender” malware. The company also revealed it will release an update to its Mac OS X operating system that will automatically find and remove the malware.

Some reports have suggested that the “MAC Defender” malware has spread quickly, with one anonymous AppleCare representative claiming that the “overwhelming majority” of recent calls to Apple were related to the malware. The software was first discovered early this month, also by Intego.

While the original variant was categorized as a “low” threat because it requires users to type in an administrator password, the latest version is considered more dangerous, and was ranked with a “medium” risk.

The malware has spread through search engines like Google via a method known as “SEO poisoning.” Using this technique, phony sites are designed to game search engine algorithms and show up when users search for certain topics.

Apple posts support document describing how to remove Mac Defender phishing software

Posted by:
Date: Wednesday, May 25th, 2011, 05:13
Category: News, Software

Apple has posted a support document explaining how to “avoid or remove” the infamous Mac Defender program and stated it would release an update to Mac OS X to automatically find and remove the malware.

The new support document describes the malware as a phishing scam that redirects users from legitimate websites to “fake websites which tell them that their computer is infected with a virus.”

The websites then offer phony antivirus software for a license fee between US$59.95 and US$79.95 to solve the problem, under the names Mac Defender, Mac Protector and Mac Security, often with MAC spelled in all caps.

Per AppleInsider, Apple’s removal steps detail quitting the offending app and deleting it from the Utilities folder it is installed into by default. The primary damage caused by the malware is to nag the user for their credit card information in an attempt to sell them a solution to a nonexistent problem.

Windows PC pundits, have made highly publicized reports of the Mac Defender malware, suggesting it is evidence that Macs are now experiencing malware and virus problems comparable to those experienced by Windows users over the past two decades.

Security expert Charlie Miller, who has regularly won security contests demonstrating Mac exploits, has downplayed that real threat of the few Mac malware titles that have surfaced, recently noting in an interview that “Microsoft recently pointed out that 1 in 14 downloads on Windows are malicious. And the fact that there is just one piece of Mac malware being widely discussed illustrates how rare malware still is on the Mac platform.”

Miller explained that while antivirus software can help protect your system from being infected, he also countered that “it’s expensive, uses system memory and reduces battery life,” stating, “At some point soon, the scales will tip to installing antivirus, but at this point, I don’t think it’s worth it yet for most people.”

Apple recommends that Mac users “should exercise caution any time they are asked to enter sensitive personal information online” and notes that it “provides security updates for the Mac exclusively through Software Update and the Apple Support Downloads site.”

The Mac Defender scam presents a phony website scanner with an appearance modeled after iTunes, and depicts itself as being an “Apple security center,” apparently modeled after the “Windows Security Center” Microsoft added to its own product.

Because the phony web page and its popups are tied to the browser, they do not look native alerts from Mac OS X. The scam site is also unable to install the malware without the user supplying an administrative password. Even so, hundreds of users have been duped by the scam, although the outbreak appears to be more of a nagware annoyance than a serious security problem.

In other news, the developers of Mac Defender also have a bridge they’d like to sell you…

Orange CEO divulges details, says next-gen iPhone to be smaller and thinner

Posted by:
Date: Tuesday, May 24th, 2011, 08:44
Category: iPhone, News

If you’re wondering as to the specs of the next-generation iPhone…it’ll be smaller and thinner.

Or at least according to The CEO of France Telecom, who, as cited in an article on All Things Digital, stated that Apple will use a new, smaller SIM card in order to reduce the size of the handset.

Orange has hinted that Apple wanted to use smaller SIM cards before but apparently the network operator has managed to persuade Apple not to adopt an e-SIM system.

The e-SIM would be an embedded chip within the handset that would not be removeable – something that Orange and other network operators were unhappy with. The new, smaller SIMs are a compromise.

“All of us told them it was a bad idea because the SIM card is a critical piece of the security and authentication process. It would be very difficult for a telco or carrier to manage the customer relationship. I think that they understood this point. We had a very constructive exchange and dialogue with them,” said France Telecom CEO Stephane Richard.

“We are going to work with them in order to standardize a new format of SIM which takes into account our needs with security and authentication and also is compatible with their wishes in terms of size. I understood that the next iPhone would be smaller and thinner and they are definitely seeking some space,” he continued.

Richard is also wary of the power the Apple wields with its App Store. Other handset manufacturers allow Orange to pre-load its apps on to mobile phones sold on its network, though this is not possible with Apple.

“We still are in a position to bring those apps to our customers through the app stores, provided clearly we have access to the App Store. The problem is the day when Apple says ‘I don’t want this one’,” he said.

The interview is unusually frank and may lead to some consequences, as network operators have been punished by Apple in the past for giving away information about the company’s future plans.

Skype updated to 5.1.0.935, resolves security flaw

Posted by:
Date: Tuesday, May 10th, 2011, 04:56
Category: News, Software

skypelogo.jpg

On Monday, version 5.1.0.935 of Skype went public. The new version, a 20.2 megabyte download, resolves a security issue that could allow hackers to gain control of a Mac via a maliciously crafted Skype message. The vulnerability made headlines last week when a security researcher publicized the issue. In response, Skype promised that an update would come early this week.

Skype 5.1.0.935 requires Mac OS X 10.5.8 or later to install and run.

Mozilla releases Firefox 4.0.1 update

Posted by:
Date: Friday, April 29th, 2011, 04:53
Category: News, Software

elfirefox

Late Tuesday, Mozilla.org released version 4.0.1 of its Firefox web browser. The new version stands as an 26.8 megabyte download offered the following fixes and changes:

- Fixed several security issues.

- Fixed several stability issues.

Firefox 4.0 requires an Intel-based Mad and Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback, let us know.

Adobe Reader, Adobe Reader Pro updated to 10.0.3

Posted by:
Date: Thursday, April 21st, 2011, 09:50
Category: News, Software

On Thursday, Adobe released version 10.0.3 of its Adobe Reader application. The update, which can also be snagged through the Adobe Update Utility, adds the following fixes and changes:

- Addresses critical security vulnerabilities while providing more stability. Adobe always recommends that you install the latest security updates.

Acrobat Reader 10.0.3 and Acrobat Pro requires an Intel-based processor and Mac OS X 10.4 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Rumor: iOS 4.3.2 to feature FaceTime, Verizon iPad, WebKit fixes and changes

Posted by:
Date: Tuesday, April 12th, 2011, 03:31
Category: iPhone, Rumor, Software

If iOS 4.3.1 is driving you mildly nuts, there’s hope down the line.

Per Boy Genius Report, Apple is rumored to issue its next mobile operating system update, iOS 4.3.2, for the iPhone and iPad in the next week, addressing problems with FaceTime and connectivity issues related to the Verizon iPad 2.

The web site allegedly obtained an early copy of the iOS 4.3.2 software and loaded it on an iPhone, but apparently didn’t notice any standout changes with the incremental software update. Even so, a tipster reportedly said that the new software will pack a fix for FaceTime, as well as security fixes for WebKit vulnerabilities, among other minor changes.

The update is also said to resolve connectivity issues with the Verizon CDMA iPad 2. Last Friday, Apple said in a statement that it is looking into connection problems users have reported with the 3G-capable Verizon iPad 2. The issues have not been reported by users of the AT&T-compatible 3G iPad 2.

Rumors of an iOS 4.3.2 update first surfaced earlier this month. It was said that the security and maintenance update would include bug fixes, but no additional details were given at the time.

iOS 5.0 is expected to be unveiled at the Worldwide Developers Conference, scheduled to kick off June 6 in San Francisco, Calif. Apple has said that this year’s conference will be used to “unveil the future of iOS,” and rumors have indicated that Apple will preview iOS 5, but will not announce a new iPhone as it has done in years past.

Stay tuned for additional details as they become available.