Tag - Vulnerability
A new vulnerability -- albeit one that is extremely unlikely to happen "in the wild" -- has been discovered by security researcher Pedro Vilaca, where a flaw in pre-2014 Macs could conceivably allow an attacker access to a portion of OS X that has access to the Mac's Open Firmware and EFI (what PC users might call the BIOS of the machine) and possibly exploit other vulnerabilities to perhaps overwrite it with malicious firmware.
A flaw in a popular older version of an open-source networking library used by a number of iOS apps could create an exploitable vulnerability, particularly for users who do not keep their apps up-to-date. The issue could allow a hacker to bypass HTTPS security and conceivably steal passwords or other personal data. While the library in question was patched to address the problem three weeks ago, apps which include the older library are still vulnerable. According to SourceDNA, at least 1,500 iOS apps are currently exposed.
Apple on Thursday has updated OS X Yosemite 10.10.2 (only) with a new security update. While details are not available, the update could possibly be the first to address an https vulnerability known as FREAK, which can compromise secure web browsing on a variety of systems and applications. In addition, the company has issued an update for iPhoto to further help with the eventual transition to Photos, as well as clear up a few bugs.
Apple appears to have fixed a flaw in its password security just one day after a hacker announced a new tool that could conceivably breach the existing protection against "brute force" attacks on accounts by taking advantage of an exception. On January 1, a new tool called iDict emerged in a rough state that could bypass repeated password-attempt blocking due to an exception made for iPhones. On January 2, Apple closed that exception and began locking accounts iDict was being used against.
A new USB microcontroller -- roughly the size of a small thumb drive -- has been demonstrated as a proof-of-concept device that leverages a serious and unfixable vulnerability in USB easily take over and install malware on any unlocked computer. Though it requires physical access or tricking the user into inserting the controller into a USB port, the device has worrying implications for any computer left unattended for more than a minute -- the time it takes for the device to gain admin access, change network settings, install a backdoor and remove any obvious sign of intrusion.
Versions of WordPress from 3.0 up to 3.9.2 were discovered to contain a security vulnerability through the comment features on the site, making a large number of installs and servers vulnerable to attack. The bug was discovered by Jouko Pynnonen of the Finnish IT company Klikki Oy, indicating that the bug went unchecked for more than four years since it was introduced with version 3.0 in June 2010.
An Apple spokesperson has reassured Mac users that the "vast majority" of users are not at risk from a serious bug discovered in the UNIX shell Bash that some researchers have called "potentially bigger than the Heartbleed vulnerability." Apple says that only those who have configured "advanced UNIX services" using the Terminal in OS X could be a risk of the flaw -- which would mean that nearly all OS X users would be unaffected. Nevertheless, the company is said to be working on a fix.
A new bug may have a greater potential for harm than April's Heartbleed vulnerability, according to reports. The "Shellshock" vulnerability in Bash, a Unix shell typically used in Linux systems as well as in OS X, apparently allows for code held in environment variables to be executed within the shell as soon as it is invoked, potentially allowing for the control of affected systems to be taken over by another user.
Following an emergency patch issued by Adobe yesterday for a vulnerability in Flash Player and Adobe AIR that the company deemed "critical" for users to upgrade to, Apple is now blocking all un-upgraded versions of the plug-in in Safari, though the warning dialog will take users to the Flash Installer page where they can obtain the patched version. Users of OS X 10.6 and higher must be running version 184.108.40.206 in order for the Flash plug-in to work normally. Windows and Linux users are also affected by the flaw.
Now AAPL Stock: 93.4 ( -2.7 )
WhatsApp now handles over 100M calls daily
WhatsApp is celebrating that it is being used for over 100 million calls every day. In a brief notice, the Facebook-owned messaging platform advises the voice-calling feature it rolled out to its users last year now deals with an average of over 1,100 calls initiated per second. Earlier this year, it increased the security of its calls and other messages, by introducing end-to-end encryption on all platforms. http://bit.ly/292HqCX
Adele's '25' album now streaming
Recording artist Adele has "pulled a Kanye" after saying that her current album "25" would not be available for streaming. The seven-month-old record, which has yielded a number of hit singles, is now available for streaming on all the major streaming services, such as Apple Music and Spotify, as of today in most major markets, with worldwide distribution to come. Reportedly, the singer had demanded streaming be limited to paid subscribers -- a condition that has hurt some streamers with artists, who aren't paid royalties for free or trial listens . Apple pays performers its normal royalty rates during its free trial, avoiding the issue -- and having repeated success in both signing up exclusives and placing those exclusives into the top of the charts. http://ti.me/28U7NOu
SanDisk iXpand case has battery, storage
A new iPhone 6 and iPhone 6s case from SanDisk appears to be the "holy grail" of accessories: a stylish and protective case that offers both extra storage as well as the option of extra battery power as well. The iXpand Memory case offers either 32GB, 64GB, or 128GB of additional storage incorporated into the case, and an optional add-on battery pack (sold separately) adds up to an extra day or more of charge. Through the associated iXpand app, camera photos and videos can be automatically stored on the extra storage, optionally password-protected, The cost for the case is (in order of storage capacity) $60, $100, and $130. The battery pack's release data has not yet been announced, but the add-on should retail for an additional $30. http://bit.ly/291epHu
Fifth Hong Kong store to open June 30
The 46th official Apple store in what the company calls the "Greater China" region will open at 10AM local time in Hong Kong's New Town Plaza in the Sha Tin district on Thursday, June 30, according to a new page on Apple's retail website. Despite slowing growth due to economic turmoil in China, the country is still Apple's fastest-growing market. The new story will be the fifth for Hong Kong, a lucrative market for Apple thanks to the high concentration of wealth there and a thriving "gray" market. Normal store hours for the new store will be 10AM to 10PM every day. http://apple.co/291diaT
Apple Music bug bites very short songs
There appears to be a reproducible bug in the current version of iTunes -- version 12.4.1, running on OS X 10.11.5, both the current non-beta versions of the respective software -- that causes a streamed song to become "stuck" in endless buffering if the streamed item just before this happened was 60 seconds or less in length. The problem appears to stem from code in iTunes that signals the next track to start downloading one minute before the currently-playing track is done, and thus songs shorter than one minute don't trigger the download. Locally-stored music is unaffected by the bug, and the problem does not appear to exist in either the macOS Sierra developer beta or versions of iTunes earlier than 12.4, and does not affect the iOS Music app at all. http://bit.ly/291cN0l
Walmart Pay expands to 15 states
Walmart, one of the key progenitors of the failed CurrentC mobile payment system that was distinguished from Apple Pay by its ability to collect and share customer financial and buying data among its participants, has expanded the soft rollout of its alternative solution "Walmart Pay" to an additional 15 US states following a pilot program in Arkansas and Texas last month. Walmart continues to resist adding Apple Pay. The system, built into the Walmart app for iOS and Android, works with a complicated system of the camera scanning a purchase code at the register, then generating a QR code which is then scanned by the register. The system is available now in Alabama, Georgia, Indiana, Iowa, Kentucky, Louisiana, Michigan, Mississippi, Missouri, Nebraska, North Carolina, North Dakota, South Carolina, South Dakota, Tennessee, Virginia, and Washington, DC. http://apple.co/28SqZfu
Amazon refreshes entry-level Kindle
Amazon has added a new Kindle to its ebook reader range, one that is thinner and lighter than the previous entry-level model. Offering a six-inch 167-dpi touchscreen display, a doubled 4GB of storage, and an option for a white casing, the new model also adds in the ability to export highlights and notes to an email account as a PDF. Two versions of the all-new Kindle are available, priced at $80 including "Special Offers" and $100 without. http://amzn.to/28Q4c3R