Security researchers locate additional iPhone security hole, publish findings

Posted by:
Date: Thursday, May 27th, 2010, 04:02
Category: iPhone, News, security

3gs.jpg

Even if you feel absolutely secure in entering your PIN every time you unlock your iPhone, there may still be some security shortfalls. Per a blog post by Bernd Marienfeldt, Marienfeldt and fellow security wonk Jim Herbeck have discovered that plugging even a fully up-to-date, non-jailbroken iPhone 3GS into a computer running Ubuntu Lucid Lynx allows nearly full read access to the phone’s storage even when it’s locked.

The belief is that they’re just a buffer overflow away from full write access as well, which would surely open the door to making calls. Bernd believes the iPhone’s lack of data encryption for content is a real problem, and also cites the inability to digitally sign e-mails as reasons why the iPhone is still not ready for prime time in the enterprise.

Still, better that these guys found it and put the evidence in front of Apple than another party locate the security hole.

Stay tuned for additional details as they become available.

Apple releases Java updates for Mac OS X 10.5, 10.6 operating systems

Posted by:
Date: Wednesday, May 19th, 2010, 05:07
Category: News, Software

applelogo_silver

On Tuesday, Apple released a pair of Java updates for its Mac OS X 10.5 and 10.6 operating systems. The updates (Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2) make the same changes and per Macworld, offer “improved compatibility, security, and reliability.” The specifics on how the updates do this are unclear, however, as the release notes for both the 10.6 and 10.5 updates are a little light on the details.

Apple does tell us that the 122MB download for users of OS X 10.5.8 and later updates J2SE 5.0 to 1.5.0_24 and Java SE 6 to 1.6.0_20. As with the Java update released last December, J2SE 1.4.2 remains disabled by default, as it’s no longer being updated.

As for the 78MB Java for Mac OS X 10.6 download, it updates Java SE 6 to version 1.6.0_20. It’s aimed at Mac OS X 10.6.3 and later.

Both downloads are available via Mac OS X’s built-in Software Update feature.

Jobs goes bananas on Adobe Flash in open letter

Posted by:
Date: Friday, April 30th, 2010, 05:59
Category: News

adobelogo

In the wake of several weeks of back and forth between Apple and Adobe regarding Flash, Apple CEO Steve Jobs has posted an open letter explaining Apple’s position on Flash, going back to his company’s long history with Adobe and expounding upon six main points of why he thinks Flash is wrong for mobile devices. HTML5 naturally comes up, along with a few reasons you might not expect.

Per Engadget, here’s the breakdown:

It’s not open: “While Adobe’s Flash products are widely available, this does not mean they are open, since they are controlled entirely by Adobe and available only from Adobe. By almost any definition, Flash is a closed system.” HTML5, CSS, and JavaScript, on the other hand, exist as open web standards.

The “full web”: Steve responds to Adobe’s claim of Apple devices missing out on “the full web,” with an age-old argument (YouTube) aided by the numerous new sources that have started providing video to the iPhone and iPad in HTML5 or app form like CBS, Netflix, and Facebook. Regarding the games argument, he states that “50,000 games and entertainment titles on the App Store, and many of them are free.” If we were keeping score we’d still call this a point for Adobe.

Reliability, security and performance: Steve states that “Flash is the number one reason Macs crash,” but adds another great point on top of this: “We have routinely asked Adobe to show us Flash performing well on a mobile device, any mobile device, for a few years now. We have never seen it.”

Battery life: “The video on almost all Flash websites currently requires an older generation decoder that is not implemented in mobile chips and must be run in software.”

Touch: Steve hits hard against one of the web’s greatest hidden evils: rollovers. Basically, Flash UIs are built around the idea of mouse input, and would need to be “rewritten” to work well on touch devices. “If developers need to rewrite their Flash websites, why not use modern technologies like HTML5, CSS and JavaScript?”

The most important reason: Steve finally addresses the third party development tools situation by writing that “If developers grow dependent on third party development libraries and tools, they can only take advantage of platform enhancements if and when the third party chooses to adopt the new features.”

Jobs concludes in saying that “Flash was created during the PC era – for PCs and mice.”

Stay tuned for additional details as they become available and let us know what you think in the feedback section.

Mozilla releases Firefox 3.6.3 update

Posted by:
Date: Monday, April 5th, 2010, 03:47
Category: Software

elfirefox

Late last week, Mozilla.org released version 3.6.3 of its Firefox web browser. The new version, an 18.6 megabyte <a href=”http://www.mozilla.com/products/download.html?product=firefox-3.6.3&amp;os=osx&amp;lang=en-US”>download</a>, sports the following major change:

- Fixes a critical security issue that could potentially allow remote code execution.

Firefox 3.6.3 is available in more than 70 different languages and requires a G3, G4, G5 or Intel-based Mac, Mac OS X 10.4 or later and 128MB of RAM to install and run. If you’ve snagged the new version and have any feedback to offer about it, let us know in the comments.

Mozilla releases Firefox 3.6.2 update

Posted by:
Date: Tuesday, March 23rd, 2010, 04:33
Category: Software

elfirefox

On Tuesday, Mozilla.org released the long-awaited 3.6.2 version of its Firefox web browser.
The new version, an 18.6 megabyte download, sports the following fixes and changes:

- Fixed a critical security issue that could potentially allow remote code execution (see bug 552216).
- Fixed several additional security issues.
- Fixed several stability issues.

Firefox 3.6.2 is available in more than 70 different languages and requires a G3, G4, G5 or Intel-based Mac, Mac OS X 10.4 or later and 128MB of RAM to install and run.

If you’ve snagged the new version and have any feedback to offer about it, let us know in the comments.

Apple Posts Second Private Mac OS X 10.6.3 Developer Beta, Final Release Seems Imminent

Posted by:
Date: Friday, March 19th, 2010, 04:29
Category: News

snowleopard

Late Thursday Apple posted the second private beta of its Mac OS X 10.6.3 update in as many days, a move that suggests that the software is rapidly approaching a release candidate.

The latest pre-release carries build number 10D572, just one complete compile removed from build 10D571, which was seeded to software developers on Tuesday.

Apple typically seeds external betas of Mac OS X updates at such a rapid frequency only when the software is entering a final candidate stage, or if a serious and potentially-hazardous glitch was discovered with the preceding build.

Per AppleInsider, sources close to the story have said that Apple is now asking developers to focus their testing efforts around Mail, images, security certificates and photos, in addition to graphics drivers and QuickTime, both of which have remained a priority throughout the better part of the beta program.

An emphasis on fonts and iCal that accompanied Tuesday’s beta was reportedly dropped with the distribution of build 10D572. Meanwhile, an issue with recurring events in iCal’s interaction with Exchange server was repaired.

The 10.6.3 update is also said to include an update to QuickTime X that improves security and compatibility while also enhancing overall reliability of the media software.

The update will also include tweaks that enhance the performance of Apple’s 64-bit Logic pro audio suite and deliver better compatibility with third-party printers and OpenGL-grounded applications.

Other fixes baked into the release target issues with mail messages displaying the incorrect background color and problems copying files to a shared Windows volume.

The latest distributions weigh in at just shy of 790MB in Combo Update form and 725MB as a barebones Delta image.

If you’ve played with the build and have any comments about it, please let us know.

Suburban Philadelphia School District Denies Accusation of Spying on Students with MacBook Cameras

Posted by:
Date: Friday, February 19th, 2010, 05:18
Category: Legal, MacBook, News

143393-09macbook386_original

A suburban Philadelphia school district has denied it spied on students by remotely activating the cameras on their school-issued MacBook notebooks.

Per Macworld UK, in a statement released late on Thursday, Christopher McGinley, the superintendent of Lower Merion School District of Ardmore, Pa., admitted that the MacBooks’ cameras could be turned on without the user’s knowledge, but said that the functionality was part of a security feature.

“Laptops are a frequent target for theft in schools and off-school property,” said McGinley. “The security feature was installed to help locate a laptop in the event it was reported lost, missing or stolen so that the laptop could be returned to the student.” When switched on, the feature was limited to taking snapshots of whomever was using the notebook and capturing the computer’s current screen.

Laptop cameras have only been activated for that purpose, McGinley continued. “The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever,” he said.

This Tuesday, a high school student and his parents sued the district, claiming that the student’s MacBook had been used to spy on him in his home. According to the lawsuit, Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November after their son Blake was accused by a Harriton High School official of “improper behavior in his home” and shown a photograph taken by his laptop.

Doug Young, a spokesman for the school district, declined to answer questions as to whether Blake Robbins’ computer camera had been activated, and if so, under what circumstances. “I can’t speak to the lawsuit,” Young said.

The lawsuit speaks for itself, said Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation. “This is utterly shocking, and a blatant violation of [the students'] constitutional rights,” Bankston said Thursday, citing the Fourth Amendment after reviewing the Robbins’ complaint. “The school district would have no more right to [use the laptop's webcam] than to install secret listening devices in the textbooks that they issued students.”

Bankston suggested that students should tape over the lens of their laptops’ cameras when not in use.

McGinley confirmed that the district had disabled the camera activation feature on Thursday, and would not switch it back on without the written consent of students and families. The Robbins’ lawsuit alleged that the district had not told students or their families of the activation feature when it handed out the MacBooks. All 2,300 students at the district’s two high schools have been given notebooks.

The district intends to contest the lawsuit, said Young.

Mark Haltzman of the law firm Lamm Rubenstone, and the Robbins’ attorney, did not return a call for comment on Thursday.

The Robbins family has asked for unspecified compensatory and punitive damages, and requested that the case be granted class-action status so other students in the district can join the suit.

Adobe Reader 9.3.1 Out the Door

Posted by:
Date: Wednesday, February 17th, 2010, 03:27
Category: News, Software

readerlogo

Late Tuesday, Adobe released version 9.3.1 of Acrobat Reader, the company’s Portable Document Format reader and creation utility.

Adobe Systems has updated Reader to version 9.3.1 and the update is available through the Adobe Updater application or for download through Adobe’s Web site.

The new versions address a number of customer workflow issues, security vulnerabilities, and offer additional stability.

Adobe Reader 9.3.1 requires Mac OS X 10.4 or later to install and run and is available for free.

Apple Releases iPhone OS 3.1.3 Update for iPhone, iPod Touch

Posted by:
Date: Wednesday, February 3rd, 2010, 06:18
Category: iPhone, iPod Touch, Software

3gs.jpg

Late Tuesday, Apple released version 3.1.3 of its iPhone OS firmware. The update, which weighs in at over 200 megabytes and can be downloaded by attaching your iPhone or iPod touch to your Mac or PC, clicking the device in iTunes, then clicking the “Check for Update” button, adds the following fixes and changes:

- Improves accuracy of reported battery level on iPhone 3GS.
- Resolves issue where third-party apps would not launch in some instances.
- Fixes bug that may cause an app to crash when using the Japanese Kana keyboard.
- Full list of security updates listed here.

If you’ve installed iPhone OS 3.1.3 and noticed any changes, please let us know.

Details Emerge for Expected Mac OS X 10.6.3 Changes

Posted by:
Date: Friday, January 22nd, 2010, 15:28
Category: News, Software

snowleopard

Mac OS X 10.6.3 will include significant enhancements to QuickTime X while also focusing on printing and Logic performance.

Per AppleInsider, sources close to the story have stated that build 10D538, which arrived roughly two weeks after the company issued build 10D522, included support for OpenGL 3.0 as well as an update to QuickTime X that, when finalized, will improve security and compatibility while simultaneously enhancing overall reliability. The release will also include tweaks that aim to enhance the performance of Apple’s 64-bit Logic pro audio suite. Other planned improvements include better compatibility with third-party printers and OpenGL-grounded applications, those same people say.

In addition to those areas, Apple is reportedly asking developers to focus their evaluation efforts on a few other core system components, such as AirPort, VoiceOver and graphics drivers.

A single issue related to photo albums viewed via the company’s Front Row media center software is said to be plaguing the latest beta.

The 665+ megabyte release is expected to be made public sometime in the next six weeks.