Microsoft releases Office 2004 11.6, Office 2008 12.2.6, Open XML Converter 1.6 updates

Posted by:
Date: Wednesday, August 11th, 2010, 05:45
Category: News, Software

microsoftlogo.jpg

Late Tuesday, Microsoft released version 11.6.0 of its Microsoft Office 2004 suite and version 12.2.6 of its Microsoft Office 2008 suite as well as version 1.6 of its XML Converter utility. The Office updates, which weigh in at 192 and 332 megabytes, respectively, focus on improving security for both suites, fixing vulnerabilities that could allow malicious code to overwrite portions of your Mac’s memory and run arbitrary commands.

The updates are free and available through the AutoUpdate programs and require Mac OS X 10.2 or later to run Office 2004 and Mac OS X 10.4 or later to run Office 2008.

If you’ve installed the updates and have any feedback to offer, let us know.

Mozilla releases Firefox 3.6.7 update

Posted by:
Date: Wednesday, July 21st, 2010, 03:17
Category: News, Software

elfirefox

Late Tuesday, Mozilla.org released version 3.6.7 of its Firefox web browser. The new version, an 18.7 megabyte download, sports the following major change:

- Version 3.6.7 is a security and bug-fixing release.

Firefox 3.6.7 is available in more than 70 different languages and requires a G3, G4, G5 or Intel-based Mac, Mac OS X 10.4 or later and 128MB of RAM to install and run. If you’ve snagged the new version and have any feedback to offer about it, let us know in the comments.

Adobe releases Acrobat Reader, Pro 9.3.3 versions, patches security holes

Posted by:
Date: Wednesday, June 30th, 2010, 04:36
Category: News, Software

Late Tuesday, Adobe released a long-awaited patch that addresses a number of vulnerabilities in versions of its Acrobat Pro and Reader offerings.

Per Macworld, the fix addresses 18 different vulnerabilities, some of which are critical, are corrected by the update.

Adobe has released new versions of both Acrobat Professional and Acrobat Reader for Mac. The former comes in a Universal package, while the latter comes in separate packages for Intel and PowerPC architectures.

Both Acrobat 9.3.3 Pro and Adobe Reader 9.3.3 address what Adobe calls �critical vulnerabilities� in earlier versions of the software. According to an Adobe security bulletin, the vulnerability could cause either Acrobat or Reader to crash, potentially allowing an attacker to take control of your computer. Earlier this month, Adobe patched a similar vulnerability in its Flash software.

Acrobat Reader 9.3.3 and Acrobat Pro requires an Intel or PowerPC-based processor and Mac OS X 10.4 or later to install and run.

Google Chrome 5.0.375.86 released

Posted by:
Date: Thursday, June 24th, 2010, 03:33
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 5.0.375.86 for the Mac. The new version, an 25.4 megabyte download, offers the following the following changes:

- Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery.

- Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team.

- High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar).

- High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE.

Google Chrome requires Mac OS X 10.5 or later and an Intel-based Mac to install and run.

If you’ve played with it and have an opinion, let us know what you think in the comments.

Mozilla releases Firefox 3.6.4 update

Posted by:
Date: Wednesday, June 23rd, 2010, 03:52
Category: News, Software

elfirefox

Late last week, Mozilla.org released version 3.6.4 of its Firefox web browser. The new version, an 18.6 megabyte download, sports the following major changes:

- Version 3.6.4 makes four critical security fixes. Unlike the Windows version, it does not introduce the Out-of-Process Plug-in sandboxing feature. That is expected for Mac users in Firefox 4.

Firefox 3.6.4 is available in more than 70 different languages and requires a G3, G4, G5 or Intel-based Mac, Mac OS X 10.4 or later and 128MB of RAM to install and run. If you’ve snagged the new version and have any feedback to offer about it, let us know in the comments.

iPad hacker faces multiple drug charges, spotty past following FBI arrest

Posted by:
Date: Thursday, June 17th, 2010, 05:16
Category: iPad, News

Some hackers just have no luck.

Per CNET, one of the hackers in the group that snatched more than 100,000 iPad owner email addresses from AT&T’s servers was arrested Tuesday on felony drug charges after the FBI searched his Arkansas, US home.

Andrew “Escher” Auernheimer was arrested by Fayetteville, Ark., police and was booked into the Washington County Detention Center Tuesday afternoon, where he is being held on bonds totaling US$3,160.

Auernheimer, 24, faces four felony charges of possession of a controlled substance and one misdemeanor drug charge. During the raid, police reportedly found drugs that included cocaine, ecstasy, LSD, and Schedule 2 and 3 pharmaceuticals when they searched his home.

Auernheimer, who also goes by the hacker nickname “weev,” is one of 10 members of Goatse Security, a hacking group that used an automated script to collect 114,000 iPad email addresses from AT&T through a public feature of the carrier’s Web site.

Goatse revealed its e-mail harvesting after AT&T closed the hole, then defended its actions as “responsible disclosure” (the term given to security revelations made public only after a vendor has patched a bug). In a letter to customers apologizing for the email address disclosure, however, AT&T said the group “maliciously exploited” its Web site and promised it would “prosecute violators to the fullest extent of the law.”

In recent interview, Auernheimer argued that Goatse’s attack was “ethical” and denied that they did anything illegal . “We love America and did this in the public interest,” Auernheimer said at the time.

Wednesday, the Fayetteville Police Department declined to comment on the charges against Auernheimer, instead referring all questions to the FBI.

Special Agent Bryan Travers of the FBI’s Newark, N.J., division confirmed that the agency had served a search warrant at Auernheimer’s home, but declined to answer any other questions, including whether agents removed computers from Auernheimer’s residence. “This remains an open investigation,” Travers said in an email.

The FBI launched an investigation into the Goatse attack last week, saying then that it was trying to determine if the group broke any laws.

Auernheimer is no stranger to drugs, according to Brian Krebs, a former reporter for the Washington Post and now the author of the Krebs on Security blog. In 2006, said Krebs, Auernheimer started a talk at a security conference by telling the audience that he was tripping on acid.

He has also regularly posted anti-Semitic statements on his LiveJournal blog, where he has claimed that the FCC is “Jewish-run” and that Jews “have long made a sham of the nobel [sic] prize.”

Auernheimer was arrested last March, according to a report by Fayetteville television station KHBS-TV , which noted that city police said he had given them a false name when they responded to a parking complaint.

A court hearing is scheduled for Friday morning in Washington County Circuit Court.

Stay tuned for additional details as they become available.

Apple releases Security Update 2010-04 for Mac OS X 10.5.x users

Posted by:
Date: Wednesday, June 16th, 2010, 07:05
Category: News, Software

applelogo_silver

Late Tuesday, Apple released Security Update 2010-04 for Mac OS X 10.5.x (“Snow Leopard”). The update, a 218.6 megabyte download, adds a slew of security fixes and changes, as summarized here.

The update requires Mac OS X 10.5 or later to install and run and can be snagged via Mac OS X’s Software Update feature.

If you’ve tried the new update and have any feedback to offer, let us know.

FBI to investigate AT&T/iPad security breach

Posted by:
Date: Friday, June 11th, 2010, 09:33
Category: iPad, News

When embarrassingly hacked, call the FBI.

Per Reuters, the Federal Bureau of Investigation said Thursday that it has begun a probe into an AT&T security breach that exposed the email address of over 100,000 registered iPad owners.

“The FBI is aware of these possible computer intrusions and has opened an investigation to address the potential cyber threat,” FBI spokesman Jason Pack said.

The move comes one day after AT&T acknowledged that a security flaw on its website made it possible for hackers to query its database and uncover the email addresses of customers who had registered to use its mobile broadband service on their iPhone 3G.

“This issue was escalated to the highest levels of the company and was corrected by Tuesday,” the carrier said. “We are continuing to investigate and will inform all customers whose e-mail addresses may have been obtained.”

The attack on AT&T’s web servers resulted in at least 114,000 iPad 3G users’ emails being leaked to Goatse Security hackers when batches of iPad ICC-IDs were entered via specially formatted HTTP requests.

The group automated requests of the email address information for a wide swath of ICC-ID serial numbers using a script. Although the exploit revealed the addresses of several prominent government and corporate officials, no other information was revealed as part of the breach.

A representative for Goatse Security stated that it ‘hasn’t heard from law enforcement and that it didn’t do anything illegal, so doesn’t see why it would.’

Stay tuned for additional details as they become available.

Adobe releases Flash Player 10.1.53.64

Posted by:
Date: Friday, June 11th, 2010, 03:52
Category: News, Software

adobelogo

Late Thursday, Adobe officially released Flash Player 10.1.53.64, the newest version of its multimedia software for Mac OS X. The new version, a 7.4 megabyte download, offers a slew of security fixes detailed here with full (and extensive) release note changes documented here.

The new version is available for free and requires Mac OS X 10.5 or later to install and run.

Google Chrome 5.0.375.70 out the door

Posted by:
Date: Thursday, June 10th, 2010, 04:50
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 5.0.375.70 for the Mac. The new version, an 25.2 megabyte download, offers the following the following changes:

- Medium: Cross-origin keystroke redirection. Credit to Michal Zalewski of Google Security Team.

- High Cross-origin bypass in DOM methods. Credit to Sergey Glazunov.

- High: Memory error in table layout. Credit to wushi of team509.

- High: Linux sandbox escape. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Bitmap stale pointer. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Memory corruption in DOM node normalization. Credit to Mark Dowd under contract to Google Chrome Security Team.

- High: Memory corruption in text transforms. Credit to wushi of team509.

- Medium: XSS in inner HTML property of text area. Credit to sirdarckcat of Google Security Team.

- High: Memory corruption in font handling. Credit: Apple.

- High: Geolocation events fire after document deletion. Credit to Google Chrome Security Team (Justin Schuh).

- High: Memory corruption in rendering of list markers. Credit: Apple.

Google Chrome requires Mac OS X 10.5 or later and an Intel-based Mac to install and run.

If you’ve played with it and have an opinion, let us know what you think in the comments.