Saturday, June 30, 2012

Researcher publishes proof-of-concept exploit for iTunes

from http://www.infosecurity-magazine.com
A researcher with Zero Science Lab in Macedonia has published a proof-of-concept exploit of an iTunes flaw that allows remote code execution by an attacker.

The vulnerability is the result of a boundary error in iTunes’ processing of a playlist file. It can be exploited by an attacker to cause a heap buffer overflow when a user opens the specially crafted .m3u file, explained Gjoko Krstic in a blog post.

By exploiting the vulnerability, an attacker could execute arbitrary code on the affected node to gain control of the device, he explained.

Apple patched the vulnerability with the latest version of iTunes, 10.6.3, which it released last week. According to the security update, iTunes 10.6.3 fixes a heap buffer overflow in the handling of .m3u playlists; “importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution.” Apple acknowledged the assistance of Krstic in finding and fixing this flaw.

In addition, the latest version of iTunes plugged a memory corruption issue in WebKit. If the user visited a maliciously crafted website, this could lead to an unexpected application termination or arbitrary code execution.

According to Lysa Myers with Intego, no malware has been found that exploits the iTunes vulnerability identified by Krstic. “But it’s often just a matter of time before malware writers incorporate this code into their creations to get onto computers without you knowing, much like Flashback did with its Java exploit”, Myers wrote on the Mac Security blog.
--------------------------------------------------------------------------------------------------------
Of course, if this does develop into something, the sad thing is most Mac users would not be prepared for it.

Sunday, June 24, 2012

Apple Acknowledges Malware Vulnerability of its Operating Software


The belief that Mac OS X isn't vulnerable to malware doesn't hold good anymore ever-since Apple itself posted a different security message on its Internet site, published sdtimes.com dated June 18, 2012.
Earlier Apple's website message stated that Mac-computers weren't vulnerable to innumerable viruses which inflicted Windows-PCs because of the built-in safeguards within its OS X operating system, which maintained security of the end-user devoid of any action from his end.
But very recently, Apple altered its statement. It posted that built-in safeguards within the OS X maintained security of the end-user against inadvertent take downs of malware on his Mac. Apple as well altered the saying that 'OS X didn't receive computer viruses' to 'OS X was created to be secured.'
When enquired regarding its message's alteration, Apple refrained from responding then as also now. Security specialists think the company possibly is engaged with the malware-writers' focus on it of late. Surely, Apple won't allow the risk of its reputation of providing safe modules tarnished. That means, Apple has become aware that people will little believe its claims given that its "hack-proof" computers were currently confirmed being simply as malware-vulnerable as other systems.
For example, only some months back, it was found that the Flashback malicious program had contaminated around 600,000 Mac PCs worldwide of which 274 were from Cupertino (USA) the homeland of Apple.
Senior Technology Consultant Graham Cluley for Sophos states that it's nowadays a reality to have Mac malware, with routine end-users discovering infections on their PCs. While the issue mayn't be similarly great like Windows infections, nonetheless, it's there, he continues. Scmagazine.com.au published this dated June 18, 2012.
Cluley further states that Sophos of late analyzed that 1 in 36 Mac PCs became contaminated with OS X malicious software therefore the problem is genuine. According to him, Apple appears as getting slightly more intrepid towards admitting it, adding that Apple marketing unit's drive for the altered messages is certain significant baby-steps.
Expectedly, Apple products' consumers will give little credence to the company's exaggerated supremacy regarding its operating system and instead practice adopting standard security rules such as loading anti-virus software.

Friday, June 15, 2012

Apple sued after Time Capsule backup loses photos

from cbcnews.com

A Surrey, B.C., man is suing the Apple computer company for $25,000 after his Time Capsule backup drive crashed, taking with it a year of photographs including those showing the birth of his first child.

In his suit filed in B.C.'s small claims court, Perminder Tung says he bought the Apple Time Capsule in June 2009 and used it to back up two MacBooks and an iPhone.

It failed last month, he alleges, and when he took it back to the Apple Store, he was told the data was lost and irretrievable.

Tung alleges he was also told at the store that the product had numerous issues related to defects in the design and the power supply.

He says he was told Apple had issued a recall notice for the Time Capsule, but his particular model was outside of the recall's time frame.

Tung, who is a lawyer, says he's since learned of many other Time Capsule failures, which have spawned online forums, a memorial register and dubious fix-it yourself videos.

In his claim, Tung is suing Apple Canada for just over $25,000 to replace the hardware and to compensate him for the loss of recorded memories like the birth of his first child.

"The defect with the Time Capsules, which invariably destroyed the stored data, amounts to a fundamental and total breach of contract. The alleged 'Time Capsule' did not encapsulate and protect the information it was intended to secure. The breach destroyed the workable character of the thing sold," says Tung in his claim.

Back up your backups
Apple Canada did not return calls from the CBC, but technology guru Tod Maffin says the suit is just proof computer users need to back up data multiple times.

"Really, it's incumbent on the user to protect their data, especially if that data is important from a business or a really personal point of view," says Maffin.

He notes that precious mementoes in life are no longer as durable as they once were.

"It used to be that the products we would make were industrial era, they were physical things, and increasingly in this information economy what we produce as a society doesn't exist in physical form."

"It exists in bits and bytes, so it is even more important that we use many of these services, some of which are even free these days, to back up your computer."

Wednesday, June 13, 2012

New MacBook Pro makes DIY upgrades and repairs tough


from technolog.com
A teardown of the new MacBook Pro reveals that it is difficult to repair or upgrade.
The new MacBook Pro is one absolutely amazing laptop. It's sleek, fast, and has an impressive Retina display.

But such a tight design meant locking out tinkerers and third-party repair people. Non-Apple personnel will find the laptop difficult to repair or upgrade.

The people at iFixit, who collaborate to draft repair manuals for all sorts of gadgets, emphasized this particular downside when they tore apart one of the new MacBook Pro laptops.

"This is, to date, the least repairable laptop we've taken apart," wrote iFixit's Kyle Wiens.

The device uses proprietary screws (which mean that you'll need a special screwdriver just to open the bottom cover), the RAM is soldered to the logic board, and there is no traditional hard-drive enclosure, just an array of proprietary flash storage.

What's more, the battery is glued — rather than screwed — into the case, and the display assembly is completely fused.


iFixit
Good luck upgrading the new MacBook Pro laptop's proprietary SSD.
This means that anyone attempting to take apart their laptop may well damage it, and even Apple is recommending that new MacBook Pro buyers plan ahead when it comes to internal storage, as upgrading it is not currently an option. (You will be able to update RAM on the new model, according to an Apple Store specialist we spoke to.)

Let's not even think too much about what'll happen if the display needs repair. You'd have to "replace the entire (extremely expensive) assembly," writes Wiens.

Why is all of this such a big deal?

"Laptops are expensive," Wiens begins to explain. "It's critical that consumers have the option to repair things that go wrong, as well as upgrade their own hardware to keep it relevant as new technologies roll out. On top of being glued together, the new MacBook Pro is virtually non-upgradeable — making it the first MacBook Pro that will be unable to adapt to future advances in memory and storage technology."

No doubt Apple Stores will adapt to the needs of customers, but this is certainly yet another example of Apple hardware design requirements coming before the interests of do-it-yourselfers.