Tag - Gatekeeper
Security firm Synack and the researcher who originally uncovered a serious (albeit largely unexploited) security flaw in Apple's protective Gatekeeper technology has revealed that the patch issued by Apple doesn't completely fix the problem, and that Macs are still vulnerable to "man-in-the-middle" type attacks until the company provides a full patch as it promised it would. Director of Research for Synack, Patrick Wardle, will demonstrate at a security conference how Mac users are still potentially vulnerable.
A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.
Despite recent claims, a Dev Center security breach may not be why developers are being asked to re-sign Mac apps using OS X Mavericks, sources say. An alternative reason for the switch hasn't been mentioned, but unnamed sources are countering reports yesterday from other unnamed sources. In the earlier rumors, it was claimed that one or more hackers had managed to obtain not only Gatekeeper keys but "virtually every key Apple used for everything."
Apple has posted a new beta of OS X 10.9.5 for developers and AppleSeed participants, identified as build 13F18. Testing areas remain largely the same -- including Safari, graphics, Thunderbolt, and USB/USB smart cards -- but with the addition of a significant change to Gatekeeper, Apple's app-signing security feature. "Signatures created with OS X version 10.8.5 or earlier ('v1 signatures') are obsoleted and will no longer be recognized by Gatekeeper," Apple reminds the developer audience. "To ensure your apps will run on updated versions of OS X, they must be signed using the codesign tool on OS X version 10.9 or later ('v2 signatures')."
A upcoming change in the way the OS X security feature Gatekeeper works is essentially going to force developers to re-build and re-"sign" their applications and submit updates to Apple for programs that need to run in Mavericks or Yosemite. The upcoming change for security purposes only affects those running the forthcoming 10.9.5 or later, but cause cause apps that aren't updated to "break" (not launch) except through bypassing Gatekeeper, which most users will be loathe to do. The change will not force users to update their OS versions.
Complementing the release of OS X 10.8.2, Apple has also posted OS X 10.7.5, an update for Lion users. The software mainly retrofits Lion with Gatekeeper, the security technology built into Mountain Lion. By default Gatekeeper rejects unsigned apps, although restrictions can be loosened if necessary.
Apple is changing the way it rolls out OS X and even press events, a Daring Fireball report reveals. Beginning with the newly-announced Mountain Lion, OS X is moving to an annual update schedule. Apple has traditionally waited at least two years between major updates, but may want to keep pace with Windows, as well as iOS, the latter of which has always been updated once a year.
In a surprise step, Apple on Thursday gave developers a preview version of OS X Mountain Lion, the next significant update to the core OS. The new version is directly influenced by iOS 5 and includes Notification Center, Reminders, Notes, Game Center, and Twitter integration, with iCloud syncing where it's relevant. AirPlay Mirroring is also new to the Mac and shares exactly what's on screen through an Apple TV.
Now AAPL Stock: 100.35 ( -0.06 )
Trade-up program expands in Europe
Smartphone users in France, Italy, and Spain will have until at least August of this year to trade in old iPhone, Windows Phone, or Android models at Apple Stores, and put the reward towards a new iPhone -- thanks to an expansion of Apple's trade-in program into those countries. The money given for the trade-in must be applied towards a new iPhone on a two-year payment plane, and traders must qualify under a credit check as part of the program. Interested customers can apply for the trade-in at their nearest Apple Store. http://bit.ly/1qPsldD
NBCUniversal adds Bravo, Syfy, E! to Apple TV
NBCUniversal has launched three new apps channels for Apple TV users. Bravo Now, Syfy Now and E! Now brings users access full seasons of current and past episodes of most of NBCUniversal's catalog. The Bravo Now app includes shows like "The Real Housewives of New York Cit," "Below Deck Mediterranean," comedy "Odd Mom Out" and "Top Chef." The Syfy Now app offers up shows like "The Magicians," thriller "12 Monkeys" and the reality show "Face Off." The E! Now app serves up shows like "Keeping Up with the Kardashians," "Botched," "#RichKids of Beverly Hills," Caitlyn Jenner's "I Am Cait," and "WAGS." While some content is free, most content requires users to authenticate via their cable satellite or telco TV provider. http://bit.ly/20K4Pea
Apple rolls out Arabic version of Apple.com
Apple has rolled out a new version of its Apple.com website for Arabic language users in the United Arab Emirates. The site utilizes a right-to-left reading format where it has been updated, although the upgrade is still in progress with a number of page links still in the original English language left-to-right format. Of particular note is that the site debuts an all-new custom Arabic font created by the Tarek Atrissi Design agency, giving it a highly contemporary look and feel. The new support for Arabic on its host website follows the introduction of full support for right-to-left languages in iOS 9, and the addition of Arabic support to Siri late last year. http://apple.co/20JHGIM
Adobe previews Photoshop content-aware crop
Adobe has previewed a new 'content-aware crop' feature from the next version of its Photoshop CC. The new feature is similar to its 'content-aware fill' from the current version of Photoshop CC, and potentially saves users time when cropping photos in a way that might otherwise leave blank white space in the frame. Adobe's 'content-aware' tech automatically assesses the blank space and seamlessly fills the blank space with the nearest related content in the space when a photo is expanded or rotated without the need to manually clone that part of the image. The feature allows users to move a horizon by adding more sky or ground, change the aspect ratio by adding content around the edges of the image and fill in the corners of an image when rotated during a crop. Adobe says the feature is coming soon and will be automatically available to Creative Cloud subscribers. http://adobe.ly/20JDFEu
Markzware updates Q2ID for QuarkXPress 12 files
Graphic design file conversion tool maker Markzware has launched a new version of its Q2ID tool. The InDesign plugin enables users to open QuarkXPress files within a new InDesign (INDD) document, without rebuilding the QXP document from scratch -- the new version includes support for QuarkXPress 12 files. Q2ID Subscription members can download the new version as part of their annual plan. A single-user can purchase the plugin for $200, with other licensing options available. http://bit.ly/1Z4dS9t
PopChar X 7.5 arrives
Ergonis Software has released PopChar X 7.5, an improved version of the company's tool for finding and inserting special characters and exploring fonts. PopChar X 7.5 adds support for combined emojis in the Apple Color Emoji font, enhances the "Font Info" view, and adds many further enhancements that improve overall speed and stability. PopChar X 7.5 retails for €30 ($34), and is free for anyone who owns a license for PopChar X 7 or purchased a license for PopChar X 6 on or after March 1, 2014 [4.5MB]
Safari Technology Preview release 5 arrives