Oracle releases emergency Java patch, advises users to update to latest version

Posted by:
Date: Tuesday, March 5th, 2013, 08:58
Category: News, security, Software

javaicon

This is why updates were invented.

Per CNET, in response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem.

“These vulnerabilities may be remotely exploitable without authentication, i.e., they may be exploited over a network without the need for a username and password,” Oracle wrote in a security alert on Monday. “For an exploit to be successful, an unsuspecting user running an affected release in a browser must visit a malicious web page that leverages these vulnerabilities. Successful exploits can impact the availability, integrity, and confidentiality of the user’s system.”

Hackers were recently found using one of the vulnerabilities to get into users’ computers and install McRAT malware. Once installed, McRAT works to contact command, control servers, and copy itself into all files in Windows systems.

Only days after scheduling its last zero-day vulnerability in February, Oracle found these two new exploits. Rather than wait to include the patch in its scheduled quarterly April update, Oracle issued the emergency patch on Monday.

“In order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible,” Oracle software security assurance director Eric Maurice wrote in a blog post today.

According to Oracle, the most recent vulnerabilities are only applicable to Java running in Web browsers — they don’t affect Java running on servers, standalone Java desktop applications, or embedded Java applications. They also do not affect Oracle server-based software.

Users can install and update their Java software by going to the Java Web site or through the Java auto update.

Stay tuned for additional details as they become available.

VirtualBox updated to 4.2.8

Posted by:
Date: Monday, March 4th, 2013, 06:17
Category: News, Software

virtualbox.png

VirtualBox, an open source x86 virtualization project available for free has just hit version 4.2.8. The new version, a 109 megabyte download, features the following fixes and changes:
- VMM: fixed guest crash with huge amount of guest RAM on VT-x hosts (bug #11306)

- GUI: fixed a layout bug in the Mac OS X clone VM dialog (bug #10982).

- GUI: not all the translation tags were taken into account during the language switch (bug #11342).

- GUI: take guest screenshot dialog sometimes had no keyboard input available on Windows host.

- Main/Machine: fix generation of spurious event for inaccessible VMs which triggered an endless event generation loop in cooperation with the GUI which became unresponsive (4.2.6 regression, bug #11323).

- Main/Display: fix for an access violation under certain conditions in multi-monitor configurations (bug #10539).

- Main/Metrics: network metrics are now collected for active (up) interfaces only, the state of an interface being evaluated when the associated metric is enabled via setupMetrics.

- Snapshots: reduce the time for merging snapshots under certain conditions.

- Storage: fixed data corruption after resizing a VDI image under certain circumstances (bug #11344).

- Storage: fixed non working online merging of snapshots (4.2.6 regression, bug #11359).

- Storage: fixed crash when connecting to certain QNAP iSCSI targets.

- Storage: fixed incompatibility of VHD differencing images with Hyper-V (bug #5990).

- Bridged Networking: fixed TCP pseudo header checksum computation for IPv6 (bug #9380).

- 3D support: fix Battlefield 1942 game crashes (bug #11369).

- Settings: really sanitize the name of VM folders and settings file, the code was disabled before (bug #10549).

- Settings: allow to change VRDE settings for saved VMs.

- VBoxManage: don’t crash during screenshotpng if there is no display (bug #11363).

- Linux hosts: work around gcc bug 55940 which might lead to wrong kernel module code if gcc 4.7 is used to compile the 32-bit Linux host kernel (bug #11035).

- Linux hosts: fixed inconsistent lock state and deadlock warnings on module load and VM startup when CONFIG_PROVE_LOCKING is enabled (bug #11318).

- Linux hosts: made “]” key work again on Japanese keyboards.

- Mac OS X hosts: don’t crash the kernel during dtrace if the VBox kernel extensions are loaded (10.6 hosts only; bug #11273).

- Solaris / Mac OS X hosts: machine CPU load metrics now report 100% when all cores are fully utilized (used to be a single core).

- Solaris 11 host installer: wait for any services left over from a previous installation to be terminated to avoid confusing SMF.

- Guest Additions: don’t block signals for processes executed via guest control.

- Guest Additions: fixed a small memory leak in VBoxService (bug #10970).

- Windows Additions: fixed shared folder issue with large reads/writes on 64 bit Windows guests (bug #11115).

- Linux Additions: Linux 3.8 compile fixes (bug #11036).

- X11 Additions: fixed blocked SIGALRM in 3D desktop sessions (bug #10987).

- X11 Additions: fixed an unresolved reference in vboxvideo_drv for X.org 6.8 guests and before (e.g. RHEL4; 4.2.0 regression).

- X11 Additions: fixed screen automatic resizing for guests with X.org 1.3 or older (4.2.0 regression).

VirtualBox 4.2.8 is available for free and requires an Intel-based Mac running Mac OS X 10.6 or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback, please let us know.

Dropbox 1.7.7 beta released

Posted by:
Date: Tuesday, February 26th, 2013, 07:53
Category: News, Software

You can’t knock a steady stream of update-based goodness.

On Tuesday, Dropbox released a public beta of version 1.7.7 of its cloud-based storage client for Mac OS X. The new version, a 21.9 megabyte download (via MacUpdate), which adds the following fixes and changes:
- Fix a bug where notifications may enter a bad state without the ability to recover.

- Clicking a shared folder invitation now opens the invitation inbox.

- Re-enabled Notification Center on OS X 10.8.

- Fixed a bug where the popup would remain visible while the tray icon was hidden while quitting the application.

- Improved performance when acknowledging notifications.

- Fixed a bug where notifications would sometimes fail to appear on Windows.

- Other small fixes and polish.

Dropbox 1.7.7 requires Mac OS X 10.4 or later to install and run.

If you’ve tried the new beta and have any feedback to offer, please let us know in the comments.

Microsoft quietly increases Office 2011 for Mac price by 10 to 17%

Posted by:
Date: Tuesday, February 19th, 2013, 07:03
Category: News, Software

Well, this is mildly sadistic.

Per CNET, Microsoft has quietly increased the prices of its Office for Mac 2011 by as much as 17 percent, putting it on price par with Office 2013 for Windows.

The company has also quit selling multi-license packages, which allowed customers to purchase multiple copies of the application suite at a discounted rate.

The single-license Office for Mac Home & Student now retails for US$140, an increase of about 17 percent from the previous price of US$120. Meanwhile, Microsoft raised the price of Office for Mac Home & Business, which includes Outlook, to US$220, a 10 percent increase over the previous US$200 price.

Microsoft doesn’t seem to have publicized the price increase, so it’s not clear when it actually took effect. However, Computerworld, which first reported the increase, estimates it occurred around January 29, the same day that Microsoft Office 2013 and Office 365 were launched.

In addition to the price increase, Microsoft ceased sales of multi-license editions.

The multi-user packs are still for sale on Amazon (while supplies last) at a significant discount, but the listing notes that the software is an older edition.
The moves are apparently intended to redirect customers toward Office 365, which costs US$100 for an annual subscription. The new offering is part of effort by Microsoft to bring its suite of Office server tools and collaboration work flows into the cloud.

Stay tuned for additional details as they become available.

Evasi0n hack now over 7 million downloads, updated version available for iOS 6.1.1

Posted by:
Date: Wednesday, February 13th, 2013, 08:16
Category: Hack, iOS, iPad, iPhone, iPod Touch, News, Software

evasi0n-icon

You can’t knock a good hack.

Per Redmond Pie, the Evad3rs team on Tuesday rolled out an update for the Evasi0n untethered jailbreak tool, fixing bugs found in the initial software while adding support for the Apple’s iOS 6.1.1 mobile operating system just one day after its release.

After launching last week, version 1.3 of the Evasi0n jailbreak is now available to the public, allowing iPhone, iPad and iPod touch owners to liberate any device running iOS 6, 6.1 and 6.1.1.

Multiple reports noted that Evasi0n was downloaded over seven million times in four days, making the so-called liberation tool the most popular in iOS history.

Apple’s release of iOS 6.1.1 on Monday broke compatibility with the software hack, but version 1.3 brings back support for all iOS devices, including the iPhone 5 and iPad mini. Apple’s iOS release targeted battery life and 3G issues seen by some iPhone 4S users, and was not meant to patch the Evasi0n exploit.

Available on OS X, Windows and Linux, the untethered hack allows users to jailbreak their devices without having to connect to a computer.

It should be noted that the process of jailbreaking is legal, but will void the supplied Apple warranty as it leverages exploits in the iOS software to run unauthorized code.

If you’ve run the Evasi0n hack on your iOS device and have any feedback to offer, please let us know via the comments.

Opera web browser updated to 12.13.1734

Posted by:
Date: Wednesday, January 30th, 2013, 08:16
Category: News, Software

operalogo

Late Thursday, Opera Software released version 12.13.1734 of its web browser. The new version, a 20.3 megabyte download via MacUpdate, boasts the following fixes and changes:

General and User Interface:
- Fixed an issue where Opera gets internal communication errors on Facebook.

- Fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet.

- Fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com).

Linux and Windows:
- A new stand-alone update-checker, as part of a planned upgrade of the auto-update system.

Windows:
- Improved protection against hijacking of the default search, including a one-time reset.

Security:
- Fixed an issue where DOM events manipulation might be used to execute arbitrary code, as reported by Arthur Gerkis; see our advisory.

- Fixed an issue where use of SVG clipPaths could allow execution of arbitrary code, as reported by anonymous via the iSIGHT Partners GVP Program; see our advisory.

- Fixed a low severity security issue; details will be disclosed at a later date.

- Fixed an issue where CORS requests could omit the preflight request, as reported by webpentest; see our advisory.

Opera 12.13.1734 is available for free and requires an Intel-based Mac running Mac OS X 10.5.8 or later to install and run.

Microsoft announces Office 365 Home Premium for Macs, PCs and Windows tablets, points to February 27th release date

Posted by:
Date: Tuesday, January 29th, 2013, 08:05
Category: News, Software

microsoftlogo.jpg

If you were wondering when Office 2013 would find its way to the Mac, it’s on its way come February 27th.

And in a subscription model.

Per CNET, after existing in preview form since last summer, Office 2013, the next version of Microsoft’s productivity software, is now available for download.

The company has begun offering users Office Home and Student 2013 with all the familiar apps like Word and Excel for a one-time fee of US$139. Since this stand-alone package won’t entitle you to any subsequent upgrades, Microsoft is also offering a more complete subscription model for US$99 per year that delivers the various updates over the coming months and years.

The package offers the following:
- The latest and most complete set of Office applications: Word, Excel, PowerPoint, OneNote, Outlook, Publisher and Access.

- One license for the entire household to use Office on up to five devices, including Windows tablets, PCs or Macs, and Office on Demand available from any Internet-connected PC.

- An additional 20 GB of SkyDrive cloud storage, nearly three times the amount available with a free SkyDrive account.

- 60 free Skype world calling minutes per month to call mobile phones, landlines or PCs around the world.

- Future upgrades, so you always use the latest time-saving technology.

Microsoft also announced today the cloud-connected Microsoft Office Home and Business, though you won’t be able to snatch it up until February 27. You can get it for a one-time fee of US$219 or as a subscription for US$150 per year.

And along with the new software, Microsoft’s Office.com Web site has received a refresh in both look and functionality. The Web site lets you manage your account, set up and check the status of your subscription, and download the Office software to your computer.

Office 365 Home Premium for the Mac requires the following specs to install and run:
-1 GHz or faster x86 or 64-bit processor with SSE2 instruction set (PC); Intel processor (Mac).

-1 GB RAM (32-bit or Mac) /2 GB RAM (64-bit).

-3.0 GB of available disk space (PC); 2.5 GB HFS+ hard disk format (Mac).

-1024×576 or higher resolution monitor.

- Windows 7, Windows 8, Windows 2008 R2 with .NET 3.5 or later (PC); Mac OS X 10.5.8 or later (Mac).

- Graphics hardware acceleration requires DirectX10 graphics card with 1024 x 576 resolution.

- Microsoft Internet Explorer 8, 9, or 10; Mozilla Firefox 10.x or later; Apple Safari 5; or Google Chrome 17.x.

A full 30 day trial can be found and downloaded from here.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Rumor: Apple may incorporate fingerprint sensor into iPhone “Home” button for next-gen models

Posted by:
Date: Friday, January 25th, 2013, 08:34
Category: Apple TV, Hardware, iPad, iPad mini, iPhone, iPod Touch, Rumor

This could be interesting.

Per AppleInsider, Apple is expected to launch a new iPhone this year with a fingerprint sensor hidden beneath the home button — an intuitive design that could be difficult for competing Android and Windows Phone devices to copy.

Analyst Ming-Chi Kuo of KGI Securities expects Apple’s acquisition of AuthenTec to pay off this year with the so-called “iPhone 5S,” the company’s anticipated next-generation handset. He believes Apple will find a way to integrate the fingerprint sensor into the home button, allowing Apple to retain its “minimalist design.”

In contrast, many Android and Windows Phone devices have more than one button below the display, and those buttons frequently lack the mechanical push of Apple’s home button. As a result, attempts to integrate fingerprint scanning on competing devices would be less intuitive, and could frustrate users, Kuo said.

He believes that with the addition of a fingerprint sensor below the iPhone’s home button, Apple will be able to replace the use of usernames and passwords, allowing users to authenticate in a more efficient manner. He also expects that the fingerprint scanner will integrate with applications such as Passbook to enhance their functionality.

Kuo has a particularly strong track record in predicting Apple’s future product pipeline. Last year, the analyst accurately forecast the company’s entire fall lineup, including the taller design of the iPhone 5 and iPod touch, thinner iMacs, the iPad mini, and the fourth-generation iPad with Lightning connector.

Beyond the “iPhone 5S,” Kuo expects a new handset based on the iPhone 5 design will also launch this year. Kuo’s comments are in line with recent rumors, that have pegged Apple as planning to release a more affordable iPhone model this year targeted at emerging markets.

Kuo believes the less expensive iPhone 5 will feature a new design, including a plastic casing, to cut costs and expand Apple’s iPhone lineup.

The analyst has also predicted that the iPad mini will gain a Retina display in 2013, while the full-size iPad will sport a lighter and thinner design with a smaller bezel. He also expects new Retina MacBook Pros with cheaper prices, the discontinuation of the legacy MacBook Pros, and a refresh to the Apple TV set-top box — but no full-fledged television set this year.

CrossOver updated to 12.1

Posted by:
Date: Thursday, January 24th, 2013, 08:09
Category: News, Software

CrossOver, the popular virtualization program from CodeWeavers, has been updated to version 12.1. The new version, a 75.7 megabyte download, is available as a demo, offers the following fixes and changes:

WHAT’S NEW:
- We have fixed a bug where certain users who chose “Register for all users of this computer” during CrossOver’s registration would receive an error claiming their bottle had “expired” and could not be used, despite the user having a valid CrossOver license.

- We have added a preference setting allowing the user to control what CrossOver does with an unknown Windows .exe file when it is launched. Using this preference, the user can tell CrossOver either to treat the unknown .exe file as an application installer, or to simply run it.

- CrossOver will now auto-update CrossTie files if the user has permitted auto-updates of CrossOver itself via Sparkle.

- Fixed a bug where automatic updates via Sparkle would fail for some users on Mac OS X 10.6.8 Snow Leopard.

- Fixed a bug which caused several games to fail when running in fullscreen mode.

- Games which should be improved include StarCraft, Fallout, and, we hope, many others.

- Fixed a bug which prevented some users from logging into World of Tanks servers.

- CrossOver no longer ships Wine-Mono, an open-source replacement for .Net, by default. We had started doing this for CrossOver 12 but the large increase in download size and disk space usage proved too much. CrossOver can still download and install Wine-Mono as-needed.

- We have fixed a bug which caused CrossOver to print unnecessary error messages when launching Windows applications, complaining that certain icon files could not be found.

- New translations for Polish & Chinese (China), and a partial translation for Italian.

Application Support:
- Fixed connection errors with Outlook 2007 and Outlook 2010 when connecting to hosted Exchange servers.

- Fixed a bug which caused adding a table of contents to a Microsoft Word document to fail.

- Fixed an issue where Quicken failed to download WebConnect and QFX files.

- Fixed an issue where Quicken crashed viewing investment details.

- Fixed an issue where Quicken crashed when expanding columns in reports.

- Fixed a bug which caused clicking on a promotional offer in Quicken to crash.

- Fixed some connection failures with Quicken 2011.

- Fixed an issue where rotated text was garbled in PowerPoint 2010.

- Fixed a bug selecting shapes in Visio 2010.

- Fixed a crash on launch in HCFA-1500.

CrossOver 12.1 retails for US$59.95 and requires Mac OS X 10.6 and or later and an Intel-based Mac to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple releases MacBook Air EFI Firmware Update 2.6 for mid-2012 MacBook Air notebooks

Posted by:
Date: Thursday, January 10th, 2013, 07:13
Category: MacBook Air, News, Software

You can’t knock a useful firmware update.

Late Wednesday, Apple released its MacBook Air EFI Firmware Update 2.6 for its mid-2012 MacBook Air notebooks. The update, a 5 megabyte download, offers the following fixes and changes:

- Fixes a color issue with HDMI displays connected to MacBook Air.

- Resolves an issue with Windows which can prevent MacBook Air from booting properly.

- Resolves an issue where unplugging a Thunderbolt device may cause the system to freeze when waking from standby.

The update, which can be snagged via the Software Update feature, requires a mid-2012 MacBook Air and OS X 10.8.2 or later to install and run.

If you’ve tried the new firmware and have any feedback to offer, please let us know in the comments.