Tag - Vulnerability
A new vulnerability -- albeit one that is extremely unlikely to happen "in the wild" -- has been discovered by security researcher Pedro Vilaca, where a flaw in pre-2014 Macs could conceivably allow an attacker access to a portion of OS X that has access to the Mac's Open Firmware and EFI (what PC users might call the BIOS of the machine) and possibly exploit other vulnerabilities to perhaps overwrite it with malicious firmware.
A flaw in a popular older version of an open-source networking library used by a number of iOS apps could create an exploitable vulnerability, particularly for users who do not keep their apps up-to-date. The issue could allow a hacker to bypass HTTPS security and conceivably steal passwords or other personal data. While the library in question was patched to address the problem three weeks ago, apps which include the older library are still vulnerable. According to SourceDNA, at least 1,500 iOS apps are currently exposed.
Apple on Thursday has updated OS X Yosemite 10.10.2 (only) with a new security update. While details are not available, the update could possibly be the first to address an https vulnerability known as FREAK, which can compromise secure web browsing on a variety of systems and applications. In addition, the company has issued an update for iPhoto to further help with the eventual transition to Photos, as well as clear up a few bugs.
Apple appears to have fixed a flaw in its password security just one day after a hacker announced a new tool that could conceivably breach the existing protection against "brute force" attacks on accounts by taking advantage of an exception. On January 1, a new tool called iDict emerged in a rough state that could bypass repeated password-attempt blocking due to an exception made for iPhones. On January 2, Apple closed that exception and began locking accounts iDict was being used against.
A new USB microcontroller -- roughly the size of a small thumb drive -- has been demonstrated as a proof-of-concept device that leverages a serious and unfixable vulnerability in USB easily take over and install malware on any unlocked computer. Though it requires physical access or tricking the user into inserting the controller into a USB port, the device has worrying implications for any computer left unattended for more than a minute -- the time it takes for the device to gain admin access, change network settings, install a backdoor and remove any obvious sign of intrusion.
Versions of WordPress from 3.0 up to 3.9.2 were discovered to contain a security vulnerability through the comment features on the site, making a large number of installs and servers vulnerable to attack. The bug was discovered by Jouko Pynnonen of the Finnish IT company Klikki Oy, indicating that the bug went unchecked for more than four years since it was introduced with version 3.0 in June 2010.
An Apple spokesperson has reassured Mac users that the "vast majority" of users are not at risk from a serious bug discovered in the UNIX shell Bash that some researchers have called "potentially bigger than the Heartbleed vulnerability." Apple says that only those who have configured "advanced UNIX services" using the Terminal in OS X could be a risk of the flaw -- which would mean that nearly all OS X users would be unaffected. Nevertheless, the company is said to be working on a fix.
A new bug may have a greater potential for harm than April's Heartbleed vulnerability, according to reports. The "Shellshock" vulnerability in Bash, a Unix shell typically used in Linux systems as well as in OS X, apparently allows for code held in environment variables to be executed within the shell as soon as it is invoked, potentially allowing for the control of affected systems to be taken over by another user.
Following an emergency patch issued by Adobe yesterday for a vulnerability in Flash Player and Adobe AIR that the company deemed "critical" for users to upgrade to, Apple is now blocking all un-upgraded versions of the plug-in in Safari, though the warning dialog will take users to the Flash Installer page where they can obtain the patched version. Users of OS X 10.6 and higher must be running version 220.127.116.11 in order for the Flash plug-in to work normally. Windows and Linux users are also affected by the flaw.
Now AAPL Stock: 97.95 ( + 1.52 )
Comixology fires up $6 all-you-can-read service
Amazon-owned Comixology has launched an all-you-can-read comic subscription service. After a 30-day free trial, for $6 a month, subscribers can draw from a large selection of the Comixology library, minus Marvel and DC comics. For now, the service is US-only. http://bit.ly/1WMAOft
QuarkXPress 2016 now shipping
Quark is now shipping QuarkXPress 2016, the newest version of Quark's graphic design and desktop publishing software that now features near-WYSIWYG fixe HTML5 publishing as well as improved operability with InDesign and Illustrator and support for multi-Color Gradient Blends, OpenType Stylistic Sets, a Color Picker (Eyedropper tool), Touchpads for Pinch and Zoom (Mac only) and more. Users on any previous version of QuarkXPress (versions 3-10) can upgrade to version 2016 for $350, while QuarkXPress 2015 users can upgrade to 2016 for $180; new licenses are available for $850 (education licenses are available for $90). http://bit.ly/1OL23Pu
Kanex debuts GoPower USB-C for MacBooks
Kanex today introduced its GoPower USB-C, a portable power solution designed to charge a USB-C MacBook on the go along with an iPhone or iPad simultaneously. Featuring 15,000 mAh of power--capable of charging an iPhone 6s seven times or the USB-C MacBook one full time--the GoPower USB-C Portable Battery features one 3A USB-C port and one 2.4A port for other devices, priority charging detection technology and a pass-thru charging to your devices when the battery is plugged into a power source. http://bit.ly/1TKaf8z
i.am+ EPs earphones are Apple Store exclusive
Musician turned consumer electronics entrepreneur Will.i.am has launched a new pair of Bluetooth wireless earphones, dubbed the i.am+ EPs. The new earphones are an Apple Store exclusive, and feature large 14mm drivers and aptX support for high-quality wireless streaming. The i.am+ EPs support A2DP controls, have a 30-foot range and can last up to six hours on a charge. The design is said to be inspired by the "iconic shape of vinyl records," and are made from spun metal and paired with a woven fabric cord. When not in use, the EPs magnetically click into place around the neck. The iam+ EPs are available now at select Apple Store and Apple.com for $230, are available in gold-on-black or black-on-black. http://bit.ly/1OKVlt2
Ultimate Ears debuts UE Roll 2 speaker
On Tuesday, audio accessory maker Ultimate Ears unveiled a new version of the UE Roll Bluetooth speaker. The new UE Roll 2, which sells for $100, looks identical to the previous version, but gets about 15 percent louder. In addition, the unit now supports a Bluetooth source signal up to 100 feet away, an improvement on the original's 65-foot limit. While both the old and new versions of the UE Roll offer an IPX7 waterproof rating, the company now includes a blow-up "floaty" with the speaker to avoid the risk of prolonged exposure. The new unit will begin general shipping next month. http://bit.ly/1TJWE0Z
Philips launches Hue White Ambiance bulbs
Philips latest HomeKit-compatible Hue light bulbs have hit the market. The new Hue White Ambiance bulbs are designed to allow users to control their color temperature to enhance either focus, or create a more relaxing tone. Combined with the latest update to the Philips Hue app, the new bulbs can be set according to user "routines." The "wake-up" mode gently turns up the brightness of the bulb, while conversely, the "go to sleep" mode gradually reduces the color temperature and brightness. The Philips Hue White Ambiance starter kit retails for $130, while single bulbs sell for $30. http://bit.ly/1TJT3Qn
Pluggable Technologies three-display USB-C dock
Peripheral company Plugable Technologies today launched the industry's first wave of USB-C docking stations with both Power Delivery and DisplayPort Alternate Mode support. The Plugable UD-CA1 Docking Station integrates support for both of these new capabilities, along with the full set of standard USB docking features like wired network, audio, and extra USB ports. Model UD-ULTCDL builds on this, adding support for three total displays using DisplayLink USB virtual graphics technology. The UD-CA1 retails for $129, with the UD-ULTCDL selling for $179, and available soon. http://bit.ly/1TrVVTJ