Critical vulnerabilities in Adobe Flash and Adobe Air are addressed in a security bulletin (APSB09-19) and software updates today:
Critical vulnerabilities have been identified in Adobe Flash Player version 10.0.32.18 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Adobe recommends users of Adobe AIR version 1.5.2 and earlier versions update to Adobe AIR 1.5.3.
The Adobe security patches can be downloaded from the following links:
Apple posted Java security updates for Mac OS X 10.5 (Leopard) and 10.6 (Snow Leopard) today, addressing the following problems (no update was provided for Mac OS X 10.4 “Tiger”):
Multiple vulnerabilities exist in Java 1.6.0_15, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_17. Further information is available via the Sun Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
An expired certificate for a Java applet is treated as valid. This issue is addressed through improved handling of expired certificates.
Java for Mac OS X 10.6 Update 1
Java for Mac OS X 10.6 Update 1 delivers improved reliability, security, and compatibility for Java SE 6. Java for Mac OS X 10.6 Update 1 supersedes the previous Java for Mac OS X 10.6.
This release updates Java SE 6 to version 1.6.0_17. This release is only for Mac OS X 10.6.2 or later versions of Mac OS X 10.6. This release of Java SE 6 is available on Intel-based Macs only.
Java for Mac OS X 10.5 Update 6
Java for Mac OS X 10.5 Update 6 delivers improved reliability, security, and compatibility for J2SE 5.0 and Java SE 6. Java for Mac OS X 10.5 Update 6 supersedes all previous updates of Java for Mac OS X 10.5.
This release updates J2SE 5.0 to 1.5.0_22, and updates Java SE 6 to 1.6.0_17. J2SE 1.4.2 is no longer being updated to fix bugs or security issues and is therefore disabled by default in this update. This release is only for Mac OS X 10.5.8 or later versions of Mac OS X 10.5. This release of J2SE 5.0 supports all Intel and PowerPC-based Macs. Java SE 6 is available on 64-bit Intel-based Macs only
First, for those that don’t know. Psystar is a company that sells “hackintoshes”, IE, pc boxes that run OS X. How is that possible, you say? Well, since Apple’s move to Intel hardware, the Mac is pretty much all typical hardware inside. Just like any Dell, HP, etc. Apple just writes their software to work on said hardware and well you have the latest and greatest multi-core Macs. Well, Psystar decided to sell boxes with OS X on it. Granted, some features were disabled. But some still bought them to save a few dollars. Well you get what you pay for.
Anyhow, Apple sued Psystar and just WON BIG TIME! Here’s an article from MacRumors:
Groklaw reports on the early outcome of the Apple vs. Psystar case from a report filed on Friday. According to the court documents, Apple’s motion for summary judgment on copyright infringement and DMCA violation is granted.
So that means damages ahead for Psystar on the copyright issues just decided on summary judgment, at a minimum. The court asked for briefs on that subject. In short, Psystar is toast. Psystar’s only hope now is Florida, and frankly I wouldn’t bet the house on that one. Judges notice if you were just found guilty of a similar cause of action in another state.
Psystar and Apple have been in legal battle after Psystar began selling Mac clones back in April. Psystar provided modified versions of Mac OS X to run on their generic PC hardware, opening the door for lower-cost Mac clones. Psystar’s efforts generated a massive amount of attention and Apple eventually filed suit in July citing copyright violations.
This judgement appears to end Psystar as a business despite continued efforts to establish a legitimate business on generic Mac OS X computers.
Safari 4.0.4 adds improvements for JavaScript performance, Full History Search performance, and stability for third-party plug-ins, the search field and Yahoo! Mail. It also includes six security fixes (two of which involve Windows only):
libxml
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Windows 7, Vista, XP
Impact: Parsing maliciously crafted XML content may lead to an unexpected application termination
Safari
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP
Impact: Using shortcut menu options within a maliciously crafted website may lead to the disclosure of local information
WebKit
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2, Windows 7, Vista, XP
Impact: Visiting a maliciously crafted website may result in unexpected actions on other websites
WebKit
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 and v10.6.2, Mac OS X Server v10.6.1 and v10.6.2
Impact: Mail may load remote audio and video content when remote image loading is disabled
WebKit
Available for: Windows 7, Vista, XP
Impact: Accessing a maliciously crafted FTP server could result in an unexpected application termination, information disclosure, or arbitrary code execution
ColorSync
Available for: Windows 7, Vista, XP
Impact: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution
Microsoft released Office 2008 for Mac 12.2.3 Update and Office 2004 for Mac 11.5.6 Update to supply fixes “for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” (See bulletins MS09-067 and MS09-068 for details.) The Office 2008 update also includes improvements for stability, compatibility, and performance.
The company also released Microsoft Entourage 2008 for Mac, Web Services Edition 13.0.3, saying “In addition to several calendaring improvements, this new version of Entourage synchronizes notes, tasks, and categories with Exchange Server. This update also enables logging that can be used for diagnostic purposes.”
Security firm Intego reports that it has spotted new malware, termed iPhone/Privacy.A, that is capable of allowing hackers to access personal information stored on certain jailbroken iPhones and iPod touches. Non-jailbroken iPhones are not vulnerable to the malware.
While full details of the tool are not disclosed, it is reported to utilize the same method as the“Rickrolling” worm deployed in Australia late last week, suggesting that the new malware would only affect jailbroken iPhones and iPod touches whose users have installed SSH for remote access capabilities and failed to change the default password. It is unclear the extent to which the tool has been seen in the wild, although Intego currently categorizes the risk of the malware as “low”.
When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone.
Intego notes that the tool works by being installed onto a computer and then scanning the computer’s network to find vulnerable iPhones.
This hacker tool could easily be installed, for example, on a computer on display in a retail store, which could then scan all iPhones that pass within the reach of its network. Or, a hacker could sit in an Internet café and let his computer scan all iPhones that come within the range of the wifi network in search of data. Hackers could even install this tool on their own iPhones, and use it to scan for jailbroken phones as they go about their daily business.
While antivirus software can protect computers from serving as hosts for the malicious software, Intego also notes that because no software is installed on the iPhone or iPod touch during the process, no external protection for users who are vulnerable to the malware can be deployed. Vulnerable users must change their default SSH passwords in order to thwart access attempts.
A lot of people don’t realize it, but when you jail break your iPhone, you aren’t just allowing yourself to run additional applications and do other things. You are actually removing security features that are built in by Apple to protect you, your data, and your phone.
Well, low and behold, looks like a worm has been released and it’s affecting jailbroken phones in Australia. Expect it to hit your area. If you say, nah, it never will, well then I await your phone call so you can pay me to fix your phone!
Microsoft has not halted Apple’s momentum, according to Net Applications’ October report
If Microsoft (MSFT) was hoping that the launch of Windows 7 would halt the erosion of its operating system market share — and curb further inroads by Apple (AAPL) — there is no evidence that it’s working yet.
In fact, preliminary data released overnight Sunday by Net Applications show Mac OS X’s Internet share growing by 2.73% in October, from 5.12% to 5.26%.
Windows’ Internet presence, meanwhile, fell from 92.77% to 92.54% — its ninth loss in 12 months. Windows 7’s share, however, was more than 2% even before its Oct. 22 general release, thanks to widespread use of early release versions. By Oct. 30 the Windows 7 portion was 2.85%, largely at the expense of Windows XP, according to a separate Net Applications report.
Net Applications, it must be noted, is not measuring share of market in the sense of sales revenue or unit sales. Rather it tracks the presence of various operating systems on the Internet by sampling browser data from visits to its clients websites — some 160 million hits per month. It’s a methodology that tends to favor devices that make it easy to navigate the Web, which explains the relatively high “market share” of the iPhone in the firm’s monthly surveys.
I’m happy to say my friends over at Panda Cub Productions have just released their first iPhone/iPod Touch app, called iMoo!
I was lucky enough to beta this this awsome little program and I must say, it’s a treat! Remember those old cans that you could turn upside down and it would go “Mooooooo”?
Well, this is that can, reinvented, and I must add, even better! You can record your own sounds, tink the can and it even works with the built in accelerometer so you can turn the phone around and around! Written by Steve Riggins, this is a app you must check out!
My young daughter recorded her voice and hasn’t stopped spinning the phone around! Really cool app, definitely check it out!
“Our first application, iMoo, has just debuted on the iTunes store. It’s our flagship product – an iPhone version of the little can you tip over to make a moo-cow sound. Yes! We are promoting cow-tipping with this fun little gem! And it is CHEAP, as in 99 cents cheap.
Amazon has discounts on the brand-new Mac Mini models plus the new iMacs and new MacBook, not to mention the iPod Touch. AppleCare is discounted, too, and you save a bunch on MobileMe. Amazon also saves you money on the MacBook Pro, Mac Pro and MacBook Air and offers deep discounts on Snow Leopard. Photoshop Elements 8 is on sale, too (with an extra rebate), […]
The U.S. Patent and Trademark Office today published over 20 newly-released patent applications from Apple, and AppleInsider highlights two of the more interesting ones covering tamper-resistant labels for detecting unauthorized opening of devices an...
The Wall Street Journal reports (subscription required) that Taiwanese LCD manufacturer Chi Mei Optoelectronics has agreed to pay a $220 million fine to address criminal charges stemming from extensive price fixing in the LCD industry from 2001 throu...
The Wall Street Journal claims that Apple is looking at an "overhaul of the way it sells and stores music" and how to extend that service into the web. According to "people familiar with the matter", Apple is considering using Lala's recently acquir...
Despite some paltry sales during the first weekend, China Unicom announced today that they have now sold more than 100,000 iPhones since the October 30th launch in China. These results indicate sales picked up since the opening weekend...
Through job listings and and interview comments, it's clear that Apple has finally taken an active interest in the gaming market. The company has been positioning the iPod touch as a gaming device in their advertisements both on the web and on tele...
SunSpider JavaScript Benchmarks of Mac Browsers (Shorter bars represent faster performance) One of the touted features of Google's Chrome browser, which finally saw the release of an official beta version for Mac yesterday, has ...
Silicon Alley Insider reports on a research note from Piper Jaffray analyst Gene Munster, who cites fellow analyst Chris Larsen as giving Apple a 70% chance of launching an iPhone on Verizon sometime next year. According to Silicon Alley Insider, th...
Patently Apple points to a new trademark application from Apple filed on November 30th regarding the "Think Different" advertising slogan used by the company from 1997 until 2002. While the application follows close on the heels of a renewal of an e...
TechCrunch reports that Apple has rolled out a new feature through its iTunes Facebook page allowing users to create customizable digital gift cards. The feature, which is currently limited to U.S. iTunes Store customers, allows gift givers to choos...
The Wall Street Journal reports that AT&T Mobility CEO Ralph de la Vega noted at an investor conference today that the company is continuing to work to address network issues in Manhattan and San Francisco, areas with high densities of iPhone and oth...
Posted by Matt 
Posted by Matt 
Posted by Matt 
I’m happy to say my friends over at 
