Intego Warns of Unrepaired Security Vulnerability in Mac OS X

Posted by:
Date: Thursday, May 21st, 2009, 08:48
Category: Software

applelogo1.jpg
Security firm Intego has warned that a critical security vulnerability within the current version of Java has gone unrepaired for months and may place Mac OS X users at risk.
According to the company’s web site, the current version of Java incorporates a serious flaw that could allow local code on a user’s Mac to be executed remotely.
“This can lead to ‘drive-by attacks,’ where users are attacked simply by visiting a malicious web site and loading a web page,” the firm said.
The exploit could allow a third-party to execute code, access or delete files, or run applications on the compromised machine. Combined with other exploits, outside parties could even potentially run system-level processes and gain total access over the affected Mac.
Given that the vulnerability relies solely on Java, no native code is required to execute the flaw, which theoretically exists in all browsers on all platforms that have not been patched. This is the case with Mac OS X 10.5.7 and earlier, meaning the vulnerability affects even the update released just a week ago.
The firm claims that Apple has been aware of the exploit for at least five months, when it was publicly disclosed and fixed by Sun, but has yet to issue a security patch. The exploit was first discovered by Landon Fuller, who has released a proof of concept via his blog that outlines the security hole.
Intego has stated that it has not found any malicious applets in the wild thus far, but the publicity around this vulnerability may entice hackers to target the exploit before Apple issues a security update. The firm’s VirusBarrier X5 already blocks potential malware but unless users are sure they trust the site they’re viewing, simply disabling Java in the browser may provide the best protection while Apple works on a fix.
To disable Java, launch Safari, choose Safari > Preferences, click the Security tab, and uncheck “Enable Java” if it is checked. In Firefox, this setting is found on the Content tab of the program’s preferences. It is safe to leave JavaScript activated, since the vulnerability only affects Java applets.

CrossOver Reaches Version 7.1.2

Posted by:
Date: Wednesday, May 20th, 2009, 08:31
Category: Software

crossoverlogo.jpg
CrossOver, the popular emulation program from CodeWeavers, has been updated to version 7.1.2. The new version, which is available as a demo, offers the following change:

  • Fixed an incompatibility with the quartz-wm packaged in XQuartz 2.3.3.2.
  • CrossOver retails for US$59.95 and requires Mac OS X 10.4 or later and Intel-based hardware to run.

    How-To: Get Around MacBook/MacBook Pro Sleep Issues with Mac OS X 10.5.7

    Posted by:
    Date: Tuesday, May 19th, 2009, 08:46
    Category: How-To

    el17.jpg
    Mac OS X 10.5.7 has been out less than a week and, according to MacFixIt, a number of users have reported sleep issues with MacBook and MacBook Pro notebooks upon installing the updated operating system software.
    Over on the Apple Discussion Board, reader “Roger G” reported the following:

    “The 10.5.7 upgrade (both with Combo and Delta from Safe mode) killed the ability of my white MacBook to sleep via clamshell closing. After a reboot, the system would sleep normally, but awakening the system and then sleeping would result in a system freeze. The monitor light on the case would not wax and wane in brightness but would stay on full. A few minutes later the fans would start spinning at full speed until the battery drained or the machine was rebooted.”

    User “smitty 195″ expressed a similar sentiment with the following:

    “I am having the identical problem as everyone else (freezes on 2nd sleep attempt). I have a MacBook Pro, and upgraded to 10.5.7 yesterday.”

    Per various reports around support forums, the issue appears to be tied into Ethernet settings on the notebooks, as described by “Andreas S.”:

    “It appears that if the Ethernet is not enabled (airport only network settings) that on the MacBook Pro the sleep only works once and crashes the second time.”

    The following steps are currently being offered as a fix for the issue:

    1. Open System Preferences > Network
    2-1. If you see your Ethernet port in your list of network ports (on the left-side of the window) and it says “Inactive,” activate the port by clicking the gear wheel icon and selecting “Make Service Active.” Click “Apply.”
    2-2. If you do not see your Ethernet port in your list of network ports (on the left-side of the window), click the “+” button in the bottom-left corner.
    3. In the “Interface” drop-down menu, select “Ethernet.”
    4. Enter a name and select “Create.” You should see your new Ethernet connection appear.
    5. Click “Apply.”
    Note: If you are having this issue and your Ethernet port is already enabled, try disabling it (using the gear wheel icon menu > “Make Service Inactive”). Log out or restart your Mac, then enable it. Be sure to “Apply” your changes.

    Once complete, the notebook can be testing by closing the screen and seeing if the sleep function succeeds. Be sure to try this twice, as several reports have pointed to the second attempt at sleep to be the one that causes the issue.

    Adium X Updated to 1.3.4

    Posted by:
    Date: Monday, May 18th, 2009, 07:39
    Category: Software

    adiumducky.gif
    Adium, the open source instant message chat client with support for multiple programs (including AOL Instant Messenger, ICQ, Jabber, MSN, Yahoo! Google Talk, Bonjour, etc.) has been updated to version 1.3.4.
    The new version, a 21.2 megabyte download, adds the following fixes and changes:

  • Facebook fixes:
    Updated to pidgin-facebook 1.5.0, fixing a major bug in which massive amounts of data could be continuously sent and received under certain situations as well as several minor bugs.
    Fixed a bug in which the Facebook numeric ID rather than name could be shown in the contact list (#11676).
    Improved proxy support.
  • Fixed a crash when loading Jabber/XMPP account preferences when the computer’s host name is not set (#11246).
  • Fixed a display issue in message windows when running Safari 4.
  • Updated to libpurple 2.5.6.
  • Adium X is available for free and requires Mac OS X 10.4 or later to run. The program functions as a Universal Binary and runs at native speeds on both PowerPC and Intel-based hardware.

    How-To: First Mac OS X 10.5.7 Problems Reported, Fixes Offered

    Posted by:
    Date: Friday, May 15th, 2009, 08:40
    Category: How-To, Software

    applelogo1.jpg
    Apple’s Mac OS X 10.5.7 update has been released, none of my Macs are on fire and I consider this a good thing.
    Still, there’s bound to be problems and the hep cats at MacFixIt have begun to collect reports on a couple of outstanding issues:

    Blue Screen
    This update may automatically restart your computer up to three times during the update process, and for some people this has not happened but instead has hung on the first restart at the blue screen. Several people have reported waiting for the hang to resolve itself, but that has so far not been successful. When this happens, the fix so far has been to manually reset the computer:
    -Listen to the computer and be sure the hard drive is not being accessed.
    -Press and hold the power button until the computer shuts off.
    -Power on and hold the shift key to boot into safe mode.

    This procedure has apparently helped a few people, and while some did not need to boot into safe mode, for others the computer would continually hang until they tried safe mode.
    Blue screens have occurred via past Mac OS X updates and are generally due to permission and accessibility problems during the update. The likelihood of these can be reduced via the following steps:

    -Don’t use Software Update. Instead, download the standalone “Combo” updater.
    -Reboot into Safe Mode.
    -Run Disk Utility and perform a Permissions fix and hard drive repair.
    -Run the updater.
    -Immediately repair permissions again.

    Other users have reported that their new display resolutions are disappearing, resulting in the computer outputting non-native display resolutions to the monitor. In most cases, instead of being able to choose 1920×1200 as the resolution (the native resolution for many widescreen displays), the computer will only output 1920×1080 (the maximum for HDMI connections). This seems to be a conflict in the drivers, since 1920×1080 is the maximum display resolution for HDMI connections.
    Fixes to this problem include zapping the PRAM (which can be done by holding the options-command-P-R keys all at once at reboot, and holding them down until the computer resets a few times, then releasing them and allowing the computer to boot normally) as well as using a program called SwitchResX, which allows for fine-tuned customization of monitor outputs. The program is a demo, but installing it, setting the screen resolution, and then optionally uninstalling it seems to clear the resolution problem the OS X update.
    Other general troubleshooting tips include the following:

    -Boot into Safe Mode and run a permissions fix with Disk Utility.
    -Reset the PRAM.
    -Reinstall the update using the downloadable “combo” update (not any other), and following the “safe” method of installation mentioned above.

    Apple Releases Mac OS X 10.5.7 Update

    Posted by:
    Date: Wednesday, May 13th, 2009, 09:32
    Category: Software

    applelogo1.jpg
    After months of anticipation, Apple has released Mac OS X 10.5.7, the latest update for its Leopard operating system. According to Macworld, the update includes more than 20 major updates as well as security fixes.
    Included within the fixes are additional RAW image support for third-party digital cameras, improved performance of video playback for recent Macs with Nvidia graphics chips, and resolution for an issue with the Dvorak keyboard layout in 10.5.6.
    The update also features fixes to help resolve third-party network services such as improved reliability in syncing contacts with Yahoo and a fix for issues that could occur when logging into Google’s Gmail. The update also improves the reliability and accuracy of several of OS X’s Dashboard widgets, like Unit Converter, Weather, Stocks, and Movies.
    Apple-specific fixes within the update include improved reliability for iCal’s CalDav, better syncing with MobileMe, improved Notes syncing within Apple Mail and a bug fix where Apple Mail’s BCC field populated incorrectly in certain cases. Apple also improved consistency with Parental Controls and fixed a bug with the system when using full-screen games and Fast User Switching, and also fixed several printing issues, including adding the ability for non-admin users to add and remove printers.
    Other fixes include a number of security fixes in the update for the Apache Web server, PHP, CoreGraphics, as well as patches for three separate vulnerabilities discovered as part of Tipping Point’s Zero Day Initiative, which appear to be the same ones demonstrated at the CanSecWest security conference last March. The fixes address issues in Apple Type Services, QuickDraw Manager, and WebKit, each of which could lead to arbitrary code execution.
    Apple also released Mac OS X Server 10.5.7 Update, which rolls out fixes for a number of systems, including Client Management, Directory Services, AFP Server, System Image Utility, and more. The update also includes improved kernel stability and a number of security enhancements which had not been detailed at this writing.
    The Mac OS X 10.5.7 update is available via Mac OS X’s built-in Software Update feature and is recommended for all users running Mac OS X Leopard. A combo updater, weighing in at a hefty 729MB download, is also available for those upgrading from versions of Leopard previous to 10.5.6.
    Finally, if you’ve installed Mac OS X 10.5.7 and have any feedback, positive or negative to offer about it, let us know and we’ll see that it’s published by Friday.

    Google Releases Picasa 3.0.5 Update

    Posted by:
    Date: Tuesday, May 5th, 2009, 07:24
    Category: Software

    picasaicon.jpg
    Late Monday, software giant Google released Picasa 3.0.5, the latest version of its photo organization program for the Mac.
    Once installed, Picasa imports (without moving or copying) photos from the iPhoto library as well as other folders and external hard drives on your Mac. The program also includes assorted editing tools for straightening, text generation, red eye removal, collage creation and Photoshop-like effects and adjustments.
    The new version, a 17.6 megabyte download, offers the following fixes and changes:

  • Added support for several new RAW file formats.
  • Now you can upload videos larger than 100MB.
  • Better previews when using Sharpen, Glow, or Film Grain.
  • Improvements for syncing to Picasa Web Albums.
  • Various minor bug fixes and stability improvements.
  • Picasa 3.0.5 requires Mac OS X 10.4 or later to install and run.

    VirtualBox 2.2.2 Out the Door

    Posted by:
    Date: Tuesday, April 28th, 2009, 10:51
    Category: Software

    virtualbox.png
    VirtualBox, an open source x86 virtualization project available for free has just hit version 2.2.2. The new version, a 57.9 megabyte download, sports the following fixes and changes:

  • Host and guest clipboard: fixed a number of issues affecting hosts and guests running the X window system.
  • Guest Additions: make sure the virtual mouse autodetection works on first reboot after installing the Additions on X.Org server 1.5 and later.
  • Guest Additions: properly report process identity number of running services.
  • Guest Additions: clean up properly if the X Window server terminates.
  • Linux Additions: fixed installation path for OpenGL libraries in some 64-bit guests (bug #3693).
  • Solaris Additions: fixed installation to work when X.Org is not installed on the guest.
  • Solaris Additions: fixed a bug that could panic the guest when unmounting a busy shared folder.
  • Windows Additions: fixed mouse pointer integration of some Windows guests (2.2.0 regression, bug #3734).
  • Windows Additions: fixed installation on Windows Server 2008 Core (bug #2628).
  • Main: do not try to use older versions of D-Bus (Linux hosts only, bug #3732).
  • VMM: fixed out-of-memory conditions on Windows hosts (bug #3657).
  • VMM: fixed occasional hangs when attaching USB devices during VM startup (2.2.0 regression; bugs #3787).
  • VMM: fixed guru meditation related to memory management (software virtualization only).
  • Virtual disks: fix possible data corruption when writing to diff images, incorrect detection of redundant writes.
  • GUI: reworked network settings dialog.
  • GUI: properly show the detailed settings dialog of NAT networks (bug #3702).
  • GUI: HostKey could not be changed (2.2.0 regression, bug #3689).
  • GUI: fixed memory textfield size (Windows hosts only; bug #3679).
  • GUI: fixed crash when selecting a shared folder path (Windows hosts only; bugs #3694, #3751, #3756).
  • VBoxManage modifyhd –compact: implemented again for VDI files, and now supports relative paths (bug #2180, #2833).
  • VBoxManage snapshot discard: made it work again (2.1.0 regression; bug #3714).
  • NAT: on some Windows host, the guest didn’t receive a DHCP lease (bug #3655).
  • NAT: fixed release assertion during poll() (bug #3667).
  • Clipboard: fixed random crahes (X11 hosts only, bug #3723).
  • Shared Folders: fixed incorrect permissions for Solaris guests.
  • Shared Folders: fixed wrong file sizes with Solaris guests.
  • CBindings: fixed possible memory leak while releasing the IVirtualBox and ISession Objects.
  • Solaris hosts: fixed host-only network interface incompatibility with nwam/dhcpagent (bug #3754).
  • Windows installer: fixed several install and uninstall issues (bugs #3659, #3686, #1730, #3711, #3373, #3382, #3701, #3685, #3710).
  • Mac OS X hosts: preliminary support for Snow Leopard.
  • VirtualBox 2.2.2 requires Mac OS X 10.4 or later and an Intel-based Mac to install and run.

    Garmin Releases WebUpdater 2.0.6

    Posted by:
    Date: Monday, April 27th, 2009, 08:06
    Category: Software

    garminlogo.jpg
    Over the weekend, GPS accessory company Garmin released version 2.0.6 of its firmware for its family of devices.
    The update, a 4.0 megabyte download (courtesy of VersionTracker), fixes issues with detecting certain Zumo models.
    The update requires Mac OS X 10.4 or later to install and run.

    (more…)

    Apple Releases Updated Mac OS X 10.5.7 Developer Beta, Build 9J56

    Posted by:
    Date: Thursday, April 23rd, 2009, 14:48
    Category: News, Software

    applelogo1.jpg
    The Mac OS X 10.5.7 update, which appears to be close to release, went through yet another pre-release build late last week with developers working out additional tweaks for the operating system.
    According to AppleInsider, build 9J56 focuses on “Bluetooth compatibility and stability fixes” per sources familiar with the software.
    A number of recent Mac mini purchasers have complained about intermittent Bluetooth connection problems on their new systems, though similar problems are believed to be plaguing a variety of Macs.
    Another fix in the latest build targets an issue with Personal File Sharing and AFP volumes not being properly recognized as Time Machine shares. However, the other three fixes were relatively minor, two of which add once-missing descriptive information to certain crash logs.
    The Mac OS X 10.5.7 update is expected to offer more than 110 code corrections spanning over two dozen areas of the operating system. Earlier this month, Apple added Help Viewer to the list of key software components where beta testers should focus their testing efforts.
    Though its believed that Mac OS X 10.5.7 remains close to release, Apple still notes that the software is incompatible with the public beta of Safari 4 — the OS update’s lone known issue.