O'Grady's PowerPage

Tag: plugin

  • After a decade in beta, Quicksilver 1.0.0 out the door

    quicksilvericon

    10 years is a long time to be in beta.

    For those of you who know it and love it, Quicksilver, the epic app-launching tool by Patrick Robertson, hit version 1.0.0 today. The new version, a 6.8 megabyte download, offers the following (extensive) list of fixes and changes:

    What’s New:
    – Preliminary support for retina displays (#1044, #1378).

    – Many internal images have been upscaled.

    – Icons and images are no longer downscaled in the interface.

    – Assign the same trigger to different actions in different applications (#1201).

    – Add files and folders to the catalog using the Add To Catalog action (#1276).

    – AppleScript Action enhancements – http://qsapp.com/wiki/AppleScript_Actions (#1023, #1048).

    – Assign an alternate name to something by creating a synonym (#1325).

    – Plugin documentation is now accessible from the plugin’s preferences (#999, #1364).

    – Plugin documentation is accessible directly from the list of plugins via a button in the bottom-right (#1364, #1384).

    – Trigger type can be specified in the third pane for the Add Trigger action (#1345).

    – Clipboard history will omit “transient” data (#1213).

    – New localizations for Korean, Catalan, Chinese (Hant, China) and Spanish (Mexico).

    Fixed:
    – Names and labels for files should be determined faster and more accurately (#1263, #1288).

    – Catalog entry names won’t override file names (#730, #1240).

    – Docking window controls behave correctly (#1247).

    – Recent Commands and the Last Command proxy are working (#722, #1207).

    – Fixed the missing default application for the Open With… action (#1360, #1361).

    – The Find With action (for web searches) works with Current Selection (#1311).

    – Fixed the Add Trigger action (#515, #1345, #1390).

    – Prevent changes to the catalog before it finishes loading (#1216).

    – Fixed the “Delay” settings for triggers (#583, #914, #1201).

    – Fixed the generic “Computer” icon (#1298).

    – Avoid redrawing icons for files unnecessarily (#1297).

    – Prevent catalog entries from disappearing in the preferences (#893, #1313).

    – Prevent lock ups when scanning the catalog on startup (#1339).

    – Correctly switch to text mode in the third pane when spacebar behavior is “Jump to Argument Field” (#1357).

    – Text items in the third pane no longer show up as empty with details underneath (#1346).

    – The count at the bottom of the results list is updated correctly (#1346).

    – Only show folders when saving a command to a file (#1357).

    – Change “plug-in” to “plugin” in the Setup Assistant (#1357).

    – Only show catalog related actions with a single item selected (#1276).

    – Internal improvements to the Assign Abbreviation… action (#1374).

    – Set a default string ranker to prevent meaningless notifications (#1380).

    – Prevent a crash when changing row height immediately after choosing a new interface (#1383).

    – Fixed an exception when right-arrowing into applications with iCloud documents (#1396, #1398).

    – Changed the process for displaying the Dock icon (#1152, #1414).

    – More reliable file type detection (#1427, #1428, #1430).

    – Internal optimizations, stability improvements, and fixes (#1335, #1346, #1385, #1390, #1401, #1371, #1403, #1388, #1410).

    Changed:
    – Simplify Services and set the “Command Window with Selection” trigger to use ⌘⎋ by default (#409, #1295, #1416, #1418).

    – The Current Selection proxy object appears quicker (#1295).

    – Better auto-detection of URLs in text entry mode (#1312, #1346, #1376).

    – If files are omitted from the catalog, they will still be available when browsing the filesystem (#1195, #1322).

    – Handlers preferences are grouped with other preferences for the core application (#1182, #1253).

    – Disable settings for predefined catalog entries (#1341).

    – Improved localization for Advanced Preferences (#1338).

    – Release Notes have some style (#1228).

    – Updated localizations.

    Development:
    – Developers don’t need to understand and track the relationship between name and label (#1263).

    – Passing options to string rankers is more efficient (#1212).

    – Support bundle version requirements for plug-ins (#1261).

    – Allow actions to specify whether they want to see proxy objects, or only the resolved object (#1342, #1343).

    – Removed some unused code related to Event Triggers (#1300).

    – Better logging of exceptions in Debug mode (#1201, 1357).

    Quicksilver is available for free and requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

    If you’ve tried version 1.0.0 and have any feedback to offer, please let us know in the comments.

  • Apple includes Yontoo trojan on XProtect.plist database

    With any luck, the Yontoo trojan won’t be around on the Mac OS X platform for long.

    Per the Intego Security Blog and MacRumors, shortly after news emerged of a new adware trojan targeting OS X web browsers, Apple updated its malware and adware detections list to block Yontoo.

    The company has apparently updated its “XProtect” anti-malware system. XProtect.plist will now recognize Yontoo and warn users that attempt to install the software on their computers.

    Intego’s post notes that the XProtect detection “is very specific and potentially location-dependent.” The extra specificity, Intego supposes, may be there in order to stop only indirect installations of the file.

    News of the Yontoo trojan emerged recently when a Russian anti-virus company pointed out its existence. Yontoo asks users if they want to install a browser plugin, media player, download accelerator, or other video-oriented program. Upon agreeing to the download, the plugin begins transmitting browsing data to an off-site server. User browsing data is processed, and the server sends back a file embedding third-party code into webpages visited by the user. The viewing or clicking of embedded ads then generates ad affiliate network profits for the criminals behind the adware.

    Stay tuned for additional details as they become available.

  • Advertising-based trojan goes into wild on Mac OS X, Windows platforms

    The available list of Mac malware (and jerks creating it) just grew a bit.

    Per MacNN, a new Mac trojan is inserting ads into Safari, Chrome, and Firefox, says a Russian security firm, Doctor Web. Nicknamed “Trojan.Yontoo.1,” the malware is so far being distributed through movie trailer pages, which prompt people to download a browser plugin, a media player, a video enhancer, or a download accelerator. When launched, the malware asks to be installed under a name such as “Free Twit Tube.”

    In reality, the installer inserts a plugin into the aforementioned browsers, which transmits data about the websites a person visits to a remote server, and inserts ads into places in sites where they wouldn’t otherwise exist. Visiting the official Apple page for the iPad mini, for instance, may trigger an ad for unrealistically low iPad discounts. Doctor Web notes that the attackers could potentially swap out the plugin for different or updated code.

    The malware is targeting Windows systems as well, but Doctor Web comments that hackers are increasingly targeting Mac owners, and that such ad schemes generate money regardless of the platform they’re on. The hackers likely receive money for each ad impression, and more if a person actually clicks on an ad. There doesn’t appear to be any defense against the trojan in OS X at the moment, short of rejecting the installation; Apple may, however, be able to create a safeguard by updating the OS’ blacklist.

    Stay tuned for additional details as they become available.

  • Apple releases Java for Mac OS X 10.6 Update 10, Java for OS X Lion 2012-005

    applelogo_silver

    If there’s a Java update out there, it might be worth snagging.

    Per the cool cats at The Mac Observer, Apple updated Java for OS X Lion and Mountain Lion Wednesday with the release of Java for OS X 2012-005 along with the release of Apple Java for Mac OS X 10.6 Update 10. The updates, which vary in terms of download size given the version used, tweak Java controls by automatically turning the Java plugin off when no Java applets have been run for an extended period of time.

    Apple’s patch notes also specify that if users hadn’t installed the previous version of Java (Java for for OS X Lion 2012-004), that the Java plugin will be disabled immediately.

    The releases add the following fixes and changes:

    – Delivers improved security, reliability, and compatibility by updating Java SE 6 to 1.6.0_35.

    The updates can be located, snagged and installed with Mac OS X’s Software Update feature.

    Java for Mac OS X 10.6 Update 10 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run while the Java for OS X Lion 2012-005 update requires an Intel-based Mac running Mac OS X 10.7 or later to install and run.

    If you’ve tried the updates and have any feedback to offer, please let us know in the comments.

  • Analyst: Java 1.7 zero-day less likely to affect Mac users due to lack of current installed base on platform

    Yesterday, we posted as to a new Java vulnerability that could open the gates for additional malware on the Mac.

    Today, there’s some better news regarding this.

    Per The Unofficial Apple Weblog, online backup service CrashPlan co-founder Matthew Dornquist had the following to offer about the new Java vulnerability and what it could mean for the Mac.

    In a recent study of a random sample of 200K recent users; Dornquist’s numbers showed that the overwhelming majority of CrashPlan’s Mac users are on Java 1.6 (92%) and a small minority on the older 1.5 version. The percentage on the 1.7 version targeted by the malware? Approximately zero.

    Research shop FireEye identified a Java zero-day exploit this weekend that is already targeting fully patched versions of the Java JRE version 1.7 running on Windows machines. The exploit attempts to install a dropper executable (Dropper.MsPMs) on the machines it attacks. In theory, a separate dropper could be crafted to attack Mac or Linux systems, although none has yet been observed in the wild.

    That’s a reason for Mac users to rest a little more easily, but it’s not the big one. As noted by CNET, the vulnerable edition of the JRE — 1.7 — isn’t installed by default in a stock configuration of OS X. The Java that Apple delivers on Snow Leopard, Lion and Mountain Lion is JRE 1.6 (and on Lion and Mountain Lion, it’s only installed on demand when needed to run Java applications); in order to be on 1.7 and be theoretically susceptible, you’d have to install the Oracle beta build manually.

    If you did install the Oracle build and you’re concerned about the new exploit, you can disable the Java plugin in each of your browsers individually, or uninstall 1.7 entirely. While it bears repeating that there is no evidence of a Mac payload for this exploit at this time, if you don’t have a specific reason to run the new version then it’s probably safest to stick with JRE 1.6 instead (or turn off Java completely if you don’t need it). In response to past exploits including Flashback, Apple’s Java web plugin is now set to auto-disable when it isn’t used for some time, further reducing the attack surface for Mac users.

    So, yeah, try to avoid manually updating to Java 1.7 on your Mac until this is sorted out and we’ll have additional details as they become available.