Tag - Vulnerabilities
A new exploit has been developed that could threaten Mac security by leveraging vulnerabilities in firmware rather than software, making the worm nearly impossible to remove. While sounding more ominous than any threat since the original firmware-based Thunderstrike (which was limited to a proof-of-concept with no reported attacks), leading security experts say this new threat is also very low-risk.
Adobe has updated Flash to version 184.108.40.206 for Windows and Mac in an effort to close yet another batch of security flaws. While no active use of the exploits had been discovered, the company had been notified earlier this week that some of the exploits had been discovered to be known by Hacking Team, a group of commercial security attackers that has sold such secrets and flaws to government agencies around the world.
Apple announced on Friday that it had implemented a server-side partial security update earlier this week to help protect Mac and iOS users against a "series of high-impact security weaknesses" discovered by researchers now collectively known as XARA vulnerabilities, that could potentially be used to obtain data being passed between sandboxed applications, such as passwords. No known cases of the exploits have been seen "in the wild," and Apple says it is working with researchers on a longer-term fix.
Microsoft is asking for the online security community to better coordinate on the disclosure of vulnerabilities in code, after a publication of a flaw in Windows 8.1 by Google. The search company released details about the vulnerability in the operating system yesterday as part of Project Zero, two days before Microsoft was to offer up a fix in its well-known Patch Tuesday schedule.
Google is increasing the rewards in its bug bounties program, as it tries to make its software more secure. The search company is updating its reward pricing range to between $500 and $15,000 per bug, up from the previous maximum of $5,000 for a high-quality report, with an increased focus on discovering potential vulnerabilities within the Chrome browser.
Microsoft is teaming up with Facebook to offer more bounties for bugs and flaws in software used to by a vast majority of websites. The Internet bug bounty, HackerOne, sees the two companies paying cash prizes of between $300 and $5,000 in exchange for details for vulnerabilities in server-based software and frameworks such as PHP, Ruby, Rails, OpenSSL, and Apache httpd.
For the fifth time this year, Apple has had to issue an update to Java for all three supported versions of OS X: Snow Leopard (10.6), Lion (10.7) and Mountain Lion (10.8). As has become the norm, the update was issued due to the discovery of "multiple vulnerabilities" in Java 1.6.0_51. The cross-platform development technology has been updated to version 1.6.0_65, and is referred to in Software Update as "Java for Mac OS X 10.6 Update 17" for Snow Leopard and "Java for OS X 2013-005" for newer systems.
On Tuesday, Microsoft issued a new security patch for all versions of its Microsoft Office for Mac 2011 edition, including academic, Standard and Home & Business editions and all the main applications contained therein. The update "fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code." The fix is intended for Intel Macs running OS X 10.5.8 or later.
IBM's security research and development group, X-Force, has released an annual report that suggests Mac is the most vulnerable operating system. The percentage of patched vulnerabilities compared to the total number of disclosed vulnerabilities was used for the rankings, with Mac OS X and OS X Server each leaving 14.3 percent of the problems unresolved. IBM gave the highest score to its own AIX platform, claiming to have fixed over 96 percent of the vulnerabilities, while Microsoft failed to patch between 5.5 percent and 4.1 percent of the reported issues for its Windows operating systems.
Apple on Monday unveiled Security Update 2008-006, detailing the various security fixes patched between it and the Mac OS X 10.5.5 update. The updates both resolve a vast number of issues, mostly relating to the remote execution of arbitrary code, many issues resolved were related to performance and password security. Several vulnerabilities could have allowed malicious users to gain access to a list of authenticated users, or to change the password of an unattended station through the login screen.
Now AAPL Stock: 100.41 ( + 0.79 )
Markzware updates Q2ID for QuarkXPress 12 files
Graphic design file conversion tool maker Markzware has launched a new version of its Q2ID tool. The InDesign plugin enables users to open QuarkXPress files within a new InDesign (INDD) document, without rebuilding the QXP document from scratch -- the new version includes support for QuarkXPress 12 files. Q2ID Subscription members can download the new version as part of their annual plan. A single-user can purchase the plugin for $200, with other licensing options available. http://bit.ly/1Z4dS9t
PopChar X 7.5 arrives
Ergonis Software has released PopChar X 7.5, an improved version of the company's tool for finding and inserting special characters and exploring fonts. PopChar X 7.5 adds support for combined emojis in the Apple Color Emoji font, enhances the "Font Info" view, and adds many further enhancements that improve overall speed and stability. PopChar X 7.5 retails for €30 ($34), and is free for anyone who owns a license for PopChar X 7 or purchased a license for PopChar X 6 on or after March 1, 2014 [4.5MB]
Safari Technology Preview release 5 arrives
Parallels Access 3.1 updated for iPad Pro
Virtualization software Parallels Access 3.1 has been updated with support for the 12.9-inch iPad Pro, including Apple Pencil support. The software allows remote access to your PC or Mac from anywhere to control desktop applications from iOS or Android tablets and phones, with native touch gestures, as well as from any computer with an HTML5 web browser. Featuring three resolution choices for your mobile device ("Best for your Device," "More Space," and "Same as Computer") and 3D Touch support for the iPhone 6s and 6s Plus, the update also adds a new Tablet Mode in Windows 10, which makes it easier to interact without a mouse or keyboard. http://bit.ly/1OWZqjg
Hyundai brings CarPlay to more 2016 models
Along with its previously-announced support for adding CarPlay technology to the 2016 Sonata, 2017 Elantra, and 2017 Ioniq, a leaked memo to dealers has revealed that CarPlay-supporting software updates will be available today that bring the infortainment tech to the 2015 and 2016 non-hybrid Sonata models, the 2016 hybrid Sonata, the 2015 and 2016 Genesis Sedan, the 2016 Tucson, the 2017 Santa Fe, and the 2017 Ioniq. Owners can upgrade the system themselves by visiting the Hyundai website, and will need a Mac or PC with either an SD card slot or SD card reader to transfer the update to the vehicle. http://bit.ly/1YZqkqS
Google Paris HQ raided by investigators
Google's Paris headquarters has been raided by dozens of French police. The Tuesday raid was part of an ongoing investigation into possible tax-avoidance practices, stoked by widespread dissatisfaction with the way multinationals like Google are structuring their business operations. Although trading in many countries around the globe, Google reports its international sales only in tax-friendly Ireland, similar to a practice adopted by Apple. According to French law, if it completes any of its sales contracts in France and not Ireland alone, it could be in breach of its laws. Google, for its part, denies any wrongdoing, and said that it is fully compliant with French law. http://reut.rs/1Udk2T9
Apple TV extends universal search to NBC
Apple has extended its universal search function on the Apple TV to now include NBC shows in its results, provided the user has installed the NBC tvOS app. The search results can be generated either through Siri, or through the Search app, and includes support for searches by title, genre, and actor, among other queries. NBC joins CBS, more recently, among other channels including: Disney Channel; Disney Jr; Disney XD; FOXNOW; FXNOW; HBO GO; HBO NOW; Hulu; Nat Geo TV; Netflix; PBS; PBS Kids; SHOWTIME; SHOWTIME Anytime; Starz, and Watch ABC, all of which are supported by universal search. http://apple.co/25lGi5R