O'Grady's PowerPage

Tag: plugins

  • Microsoft researchers located, highlighted potential “Sploitlight” vulnerability within macOS’ Spotlight feature

    Microsoft researchers located, highlighted potential “Sploitlight” vulnerability within macOS’ Spotlight feature

    You can call it ironic until the cows come home, but Microsoft appears to have identified a vulnerability in Apple’s macOS Spotlight feature.

    Per MacRumors and Microsoft’s blog, Microsoft Threat Intelligence found a Spotlight-related vulnerability that could allow attackers to steal private file data. The issue was outlined in a blog post on Monday, with Microsoft’s threat team calling the exploit “Sploitlight” because it uses Spotlight plugins.

    Microsoft identified the vulnerability as a Transparency, Consent, and Control (TCC) bypass that can leak sensitive info cached by Apple Intelligence. Were it to be exploited, attackers could have used it to get precise location data, photo and video metadata, face recognition data from the Photo Library, search history, AI email summaries, user preferences, and more.

    Although TCC is designed to prevent apps from accessing personal information without user consent, the current build of Spotlight plugins allow files to appear in search that have been sandboxed by Apple as well as restricted from accessing sensitive files. Microsoft’s researchers appear to have found a way around that and tweaked the app bundles that Spotlight pulls in, leaking file contents.

    Microsoft shared details of the bypass with Apple, which Apple addressed in the macOS Sequoia 15.4 and iOS 15.4 updates, which were released on March 31. The vulnerability was never actively exploited, because Apple was able to fix it before it was disclosed.

    Apple’s security support document for the update said that the problem was addressed through improved data redaction. Apple fixed two other vulnerabilities that were credited to Microsoft at the same time, with improved validation of symlinks and improved state management.

    Stay tuned for additional details as they become available.

    Via MacRumors and Microsoft

  • Oracle offers a warning about macOS Sonoma 14.4 update, says Java processes could terminate unexpectedly

    Oracle offers a warning about macOS Sonoma 14.4 update, says Java processes could terminate unexpectedly

    Late last week, developer Oracle warned that Apple’s recently released macOS Sonoma 14.4 update can cause Java processes to “terminate unexpectedly.”

    In a blog post on Friday, Oracle’s Senior Director of Product Management Aurelio Garcia-Ribeyro recommended that Apple silicon Mac users who rely on Java avoid updating to macOS 14.4 until Apple resolves the issue.

    Per the blog post:

    “An issue introduced by macOS 14.4, which causes Java process[es] to terminate unexpectedly, is affecting all Java versions from Java 8 to the early access builds of JDK 22. There is no workaround available, and since there is no easy way to revert a macOS update, affected users might be unable to return to a stable configuration unless they have a complete backup of their systems before the OS update.”

    The post and bug report also include more technical details about the issue.

    Oracle has stated that it has notified Apple about the issue. Apple, in turn, has not publicly commented about the issue.

    Reports have also surfaced that the macOS Sonoma 14.4 update has compatibility issues with audio plugins protected by PACE/iLok.

    If you’ve tried the update, please let us know about your experience in the comments.

    Via MacRumors, blogs.oracle.com, and bugs.oracle.com

  • Apple changes App Store rules and policies, eases the path for game streaming app creation for developers

    Apple changes App Store rules and policies, eases the path for game streaming app creation for developers

    If you’re looking to use game streaming apps on your Apple devices, the rules have just become a bit less restrictive to do so.

    Apple is updating its App Store policies to relent on a longstanding ban on game streaming apps. Developers are now allowed to submit a single app that can contain a catalog of games, where the game code is running off a server. This allows for services such as Xbox Cloud Gaming to finally release native apps for the iPhone and iPad.

    Before this, Apple required developers to submit a separate app for each game individually, which created an enormous amount of work and was seen as largely untenable. The change itself applies globally, and while game streaming apps must conform to the usual laundry list of the other traditional App Store rules, the path is now clear for them to exist on the App Store at all.

    Apple has also lent new capabilities to help enhance the discovery of streaming games and other mini-apps like chatbots or plugins. These changes will also accommodate supporting separate in-app purchases for the first time, such as a subscription to an individual chatbot.

    Prior to these changes, the Xbox Cloud Gaming app was previously only available through the iOS Safari web browser, due to Apple’s rules. Following the changes, developers like Microsoft, Nvidia, and Netflix) will be able to create a native app.

    Stay tuned for additional details as they become available.

    Via 9to5Mac

  • Apple releases updates to Mail and iBooks into the wild

    maverickslogoEarly on Thursday, Apple released Mail Update for Mavericks 1.0 and iBooks Update 1.0.1. iBook got the usual “security and stability improvements”, which isn’t much, but it did add a .1 to the version number. Mail, on the other hand, only inched from version 7.0 build (1816) to 7.0 build (1822). While the number treatment makes this seem like a minor patch to Mail, it will probably be a big deal to anyone who has been wrestling with Mavericks’ Mail program and their Gmail accounts.

    (more…)

  • MailTags and MailActOn OS X 10.9 Prerelease Builds

    MailTags iconIf you are an OS X Mail.app user, make use of Indev Software‘s awesome plug-ins MailTags or MailActOn, and have been holding off upgrading to Mavericks because these plug-ins aren’t compatible, there is good news and mildly less good news. Indev has been making the betas of both plug-ins available to the public so that Mountain Lion users can jump on the Mavericks bandwagon, and so they can get some feedback on the new plug-ins’ operability. Please note that standard beta software warnings apply, as stated on Indev’s own website.

    “Use at your own risk! Keep a a backup of critical data.”

    “These builds are not fully tested and may contain stability issues and other bugs. We will try to document known issues and fixes as they occur.”

    (more…)