Apple advocates use of iMessage in wake of SMS bug discovery

Posted by:
Date: Monday, August 20th, 2012, 07:11
Category: iPhone, News, security, Software

Ok, this is going to require a fix.

Following a discovery last week wherein Pod2G uncovered a SMS flaw in iOS that lets someone send a spoofed SMS (in this scenario, the SMS would appear to be from a trusted source, but the response would actually be sent to someone else), the cool cats at Engadget reached out to Apple for comment and received the following reply:

“Apple takes security very seriously. When using iMessage instead of SMS, addresses are verified which protects against these kinds of spoofing attacks. One of the limitations of SMS is that it allows messages to be sent with spoofed addresses to any phone, so we urge customers to be extremely careful if they’re directed to an unknown website or address over SMS.”

Stay tuned for additional details as they become available and with any luck, a fix should be en route soon.

Adobe releases Flash Player 11.3.300.271 update

Posted by:
Date: Tuesday, August 14th, 2012, 15:39
Category: News, security, Software

adobelogo

Late Wednesday, Adobe released Flash Player 11.3.300.271 for Mac OS X, a 11.6 megabyte download via MacUpdate. The new version adds a slew of security fixes outlined here.

Flash Player 11.3.300.271 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback, please feel free to hurl your two cents in via the comments.

Adobe Reader, Adobe Acrobat Pro updated to 10.1.4

Posted by:
Date: Tuesday, August 14th, 2012, 14:20
Category: News, Software

On Tuesday, Adobe released version 10.1.4 of its Adobe Reader and Adobe Acrobat Pro applications. The updates, which can also be snagged through the Adobe Update Utility, adds the following fixes and changes:

- This is a regular quarterly update that provides security mitigations, feature enhancements, and bug fixes.

- Added support for Mac OS X 10.8.

- Safari 5.1 for 10.6.8-10.7, Safari 6.0 for 10.8.

Acrobat Reader 10.1.4 and Acrobat Pro requires an Intel-based processor and Mac OS X 10.5.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Opera web browser updated to 12.01

Posted by:
Date: Thursday, August 2nd, 2012, 06:02
Category: News, Software

operalogo

On Thursday, Opera Software released version 12.01 of its web browser. The new version, a 26.9 megabyte download, boasts the following fixes and changes:

Several general fixes and stability improvements:
- Website thumbnail memory usage improvements.

- Address bar inline auto-completion no longer prefers shortest domain.

- Corrected an error that could occur after removing the plugin wrapper.

- Resolved an issue where favicons were squeezed too much when many tabs were open.

- Fixed a problem where the Adobe PDF plugin is picked up and used by Opera.

Display and Scripting:
- Resolved an error with XHR transfers where content-type was incorrectly determined.

- Improved handling of object literals with numeric duplicate properties.

- Changed behavior of nested/chained comma expressions: now expressing and compiling them as a list rather than a tree.

- Aligned behavior of the #caller property on function code objects in ECMAScript 5 strict mode with the specification.

- Fixed an issue where input type=month would return an incorrect value in its valueAsDate property.

- Resolved an issue with JSON.stringify() that could occur on cached number conversion.

- Fixed a problem with redefining special properties using Object.defineProperty().

Network and Site-Specific:
- Fixed an issue where loading would stop at “Document 100%” but the page would still be loading.

- tuenti.com: Corrected behavior when long content was displayed
https://twitter.com: Fixed an issue with secure transaction errors

- Fixed an issue with Google Maps Labs that occured when compiling top-level loops inside strict evals.

- Corrected a problem that could occur with DISQUS.

- Fixed a crash occurring on Lenovo’s “Shop now” page.

- Corrected issues when calling window.console.log via a variable at watch4you.

- Resolved an issue with Yahoo! chat.

Mail, News, Chat:
- Resolved an issue where under certain conditions the mail panel would continuously scroll up.

- Fixed a crash occurring when loading mail databases on startup.

Security:
- Re-fixed an issue where certain URL constructs could allow arbitrary code execution, as reported by Andrey Stroganov; see our advisory.

- Fixed an issue where certain characters in HTML could incorrectly be ignored, which could facilitate XSS attacks; see our advisory.

- Fixed another issue where small windows could be used to trick users into executing downloads as reported by Jordi Chancel; see our advisory.

- Fixed an issue where an element’s HTML content could be incorrectly returned without escaping, bypassing some HTML sanitizers; see our advisory.

- Fixed a low severity issue, details will be disclosed at a later date.

Opera 12.01 is available for free and requires and Intel-based Mac running Mac OS X 10.5 or later to install and run.

Apple releases Safari 6.0 update

Posted by:
Date: Thursday, July 26th, 2012, 06:11
Category: News, Software

safarilogo.jpg

On Wednesday, Apple released Safari 6.0, an update to its web browser. The new version, a 40.2 megabyte download, includes the following fixes and new features:

- Smart Search Field: Safari now has one field for typing both searches and Web addresses.

- Offline Reading List: Safari saves entire webpages in your Reading List so you can catch up on your reading even when you don’t have an Internet connection.

- Do Not Track: Safari can send the websites you visit a request not to track you online.

- Password pane: Manage your saved website logins with the new Password pane.

- Baidu: The leading Chinese search engine Baidu is now a built-in option for Chinese users.

Safari 6 for OS X Lion also includes improvements to stability, compatibility, usability and security, including changes that:

- Make the swipe to navigate gesture work with PDFs.

- Restore the state of Reading List when Safari is launched.

- Fix an issue that affected full screen video in webpages that have positioned content.

- Restore the user’s previous cookies after Private Browsing without requiring a Safari relaunch.

Safari 6.0 requires an Intel-based Mac running Mac OS X 10.7.4 or later to install and run and can also be located and downloaded via Mac OS X’s Software Update feature. If you’ve tried the new version and have any feedback to offer, please let us know.

Mozilla releases Firefox 14.0.1 update

Posted by:
Date: Wednesday, July 18th, 2012, 05:14
Category: News, Software

elfirefox

On Monday, Mozilla.org released version 14.0.1 of its Firefox web browser. The new version, a 30.7 megabyte download and adds the following fixes and changes:

New:
- Google searches now utilize HTTPS.

- Full screen support for Mac OS X Lion implemented.

- Plugins can now be configured to only load on click (requires an about:config change).

- The Awesome Bar now auto-completes typed URLs.

Changed:
- Improved site identity manager, to prevent spoofing of an SSL connection with favicons.

Developer:
- Pointer Lock API implemented.

- New API to prevent your display from sleeping.

- New text-transform and font-variant CSS improvements for Turkish languages and Greek.

Fixed:
- Various security fixes.

- GIF animation can gets stuck when src and image size are changed (743598).

- OS X: nsCocoaWindow::ConstrainPosition uses wrong screen in multi-display setup (752149).

- CSS :hover regression when an element’s class name is set by Javascript (758885).

Firefox 14.0.1 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Mac OS X 10.7 (Lion) currently impervious to new Java malware, older operating systems remain susceptible

Posted by:
Date: Thursday, July 12th, 2012, 09:43
Category: News, security, Software

Following up on yesterday’s new Java malware story, there’s some good news: if you’re running Mac OS X 10.7 (Lion), you’re in the clear.

Per Macworld, the new Java malware was discovered on a compromised Colombian Transport website, with a bit of social engineering thrown in for good measure: You need to approve the installation of a Java applet, which OS X will warn you is from a root certificate that “is not trusted,” to get infected.

Once authorized, the exploit downloads additional malicious code from the Web. Security firm Sophos says that the malware then attempts to open a backdoor on your computer, through which hackers could remotely access the machine.

Because the Mac version of the malware runs as a PowerPC app, only Macs that can run PowerPC software are at risk. Since Lion (and Mountain Lion) no longer include Rosetta, the technology that allows Intel-based Macs to run PowerPC software, computers running those versions of Mac OS X cannot be infected.

Mac users may not too fondly experience some flashbacks to the insidious Flashback Trojan horse that affected even fully up-to-date Macs, since Apple hadn’t kept up with Java security updates as rigorously as its competitors. Starting in late April, Java developer Oracle began issuing security updates directly to Mac users at the same time those updates became available for other platforms, bypassing Apple.

Stay tuned for additional details as they become available.

Google Chrome updated to 20.0.1132.57

Posted by:
Date: Wednesday, July 11th, 2012, 11:56
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 20.0.1132.57 for the Mac. The new version, a 40.7 megabyte download, offers the following changes:

- Along with security fixes, this build contains an update to Flash player, v8 (3.10.8.20) and couple of stability/bug fixes.

Google Chrome 20.0.1132.57 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Java malware goes live, begins affecting, Mac OS X, Windows, Linux systems

Posted by:
Date: Wednesday, July 11th, 2012, 10:47
Category: News, security, Software

On the plus side, this keeps a security department employed.

Per F-Secure, a new form of browser-based cross-platform malware can give hackers remote access to computers running Apple’s OS X, Microsoft’s Windows, and even Linux.

The multi-platform backdoor malware was disclosed this week by security firm F-Secure. It was originally discovered on a Colombian Transport website, and relies on social engineering to trick users into running a Java Archive file, meaning it is not likely to be a major threat.

However, its cross-platform design is unique. If users grant permission to the Java Archive, the malware will secretly determine whether the user is running a Mac, a Windows PC, or a Linux machine. When running on a Mac, the malware will remotely connect to an IP address through port 8080 to obtain additional code to execute.

Anti-virus maker Sophos said on Wednesday that the new malware has the potential to affect a higher number of people because of its multi-platform strategy. Typically, malware and viruses target Windows PCs, as they represent the overwhelming majority of computers.

“Once it has found out which operating system you are running, the Java class file will download the appropriate flavor of malware, with the intention of opening a backdoor that will give hackers remote access to your computer,” explained Graham Cluley, senior technology consultant with Sophos.

On a Mac, the new malware is defined as “Backdoor:OSX/GetShell.A. According to F-Secure, it is a PowerPC binary, which means users running a modern, Intel-based Mac must also have Rosetta installed.

While rare, cross-platform malware attacks are not unheard of. In 2010, a Trojan known as “trojan.osx.boonana.a” was a Java-based exploit that affected both Macs running OS X, as well as Windows PCs.

As Apple’s Mac platform has grown in popularity and outpaced the PC market as a whole, the OS X platform has become a bigger target for hackers. Last month, Apple opted to tone down promotional language on its website that once claimed the Mac “doesn’t get PC viruses.” Apple’s website now says that OS X is “built to be safe.”

That change was made just a few months after more than 600,000 Macs were estimated to have been infected by a trojan horse named “Flashback.” More than half of the Macs believed to be infected by the botnet were found in the U.S. alone before Apple aggressively released a series of software updates to quash the malware.

Stay tuned for additional details as they become available.

Upcoming OS X 10.8 (Mountain Lion) to feature automatic security updates

Posted by:
Date: Tuesday, June 26th, 2012, 06:26
Category: News, security, Software

If you don’t click “Software Update” that often, Apple will do it for you come Mountain Lion.

On Monday, Apple indicated that the company’s upcoming OS X Mountain Lion will feature an automatic security check feature that will ensure users have the most up-to-date software protection amid a growing number of Mac-targeted malware.

As reported by AppleInsider, an update to the Mountain Lion Developer Preview shows a new automated system that runs a daily check with Apple’s servers to make sure OS X 10.8 users have the most current security patches and protections against known malware and viruses.

Called “OS X Security Update Test 1.0,” the automated feature will run either daily or whenever a Mac restarts and has the ability to download and install updates in the background, making the task of manually performing checks less of a necessity.

The new feature also creates a “more secure connection” to Apple’s servers possibly hinting to new encryption technology or more stringent default settings. Also included are the usual stability and general updates for the operating system set for launch in July.

Apple is making security a priority in the next iteration of OS X to counter new threats that continue to crop up as Macs gain a larger user base. In April the highly-publicized Flashback trojan used a Java exploit to spread onto an estimated 600,000 Macs around the world prompting Apple to release both a Java disabler for Safari and a standalone malware uninstaller.

In a related action, Apple notedly toned down the language of its OS X web page, changing the statement that the Mac “doesn’t get PC viruses” to “It’s built to be safe.”

Coming exactly one week after OS X Mountain Lion Developer Preview 4 was released, the new Security Update is available through the Mac App Store and comes in at 1.15 GB.

Stay tuned for additional details as they become available.