Apple

The H-Security: Business appears to be booming for those who trade in unpatched (zero-day) security holes: according to a report by Forbes magazine, a US company that works for the US government recently paid $250,000 for a vulnerability in Apple’s iOS operating system. The report says that the deal was arranged by a hacker who goes by the name of “the Grugq” and who has brokered agreements between those who discover vulnerabilities and government agencies over the last year. If negotiations are successful, the hacker retains a 15 per cent commission; he’s reportedly on track to earn about a million US dollars this year with his brokerage business. ...

SophosLabs: Only hours after the launch of Apple’s newest iPad we are beginning to see spammers trying to use the excitement over its release to ensnare innocent people into their scams. The scammers are sending out emails with the subject “Where do we send your Free iPad 3, just Test & Keep! See details”. The email contains an image with the text “TEST & KEEP an iPad 3 FREE – Click here”. ...

Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs. A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution. ...

It is widely anticipated that Apple will announce a new version of its iPad tablet computer in San Francisco on March 7th. An invitation sent to journalists, inviting them to an event organized by Apple, has fueled speculation even further as it appears to show a close-up of someone using an iPad. Could it be the new iPad with a much lusted for improved display and souped-up processor? Only time will tell.. ...

The H-Online: Google and other advertising companies have been found to be deliberately evading the privacy controls of Apple’s Safari browser. The evasion was revealed in a report in the Wall Street Journal and was based on work by Stanford researcher Jonathan Mayer. He found that the “+1” button code added to DoubleClick advertisements also allowed a Google DoubleClick tracking code to be installed on desktop Safari on 22 of the top 100 web sites. The same happened with 23 of those 100 sites when using Safari on the iPhone. ...

The H-Online: A developer preview of Mac OS X 10.8 is now available to registered Mac developers after Apple announced the new version, named Mountain Lion, and previewed a number of its features. Among those features is Gatekeeper which Apple says “helps prevent you from unknowingly downloading and installing malicious software”. The Gatekeeper feature has three levels of security for running applications downloaded from the Internet; “Mac App Store”, “Mac App Store and identified developers” and “Anywhere”. The first setting only runs applications downloaded from the Mac App Store, in a style similar to the iPhone only running apps from the App Store. Unlike the iPhone though, Gatekeeper lets users allow applications from other sources. The “Mac App Store and Identified Developers” option only allows applications from the store and from developers who have signed their program with an Apple-issued Developer ID, while “Anywhere” allows any program to be downloaded and run. It is unclear how Gatekeeper interacts with software loaded from other media, such as a USB memory stick or CD/DVD. ...

The H-Security: Apple has released Mac OS X 10.7.3 and, for Mac OS X 10.6.8 Snow Leopard users who have yet to upgrade to Lion, Security Update 2012-001; these maintenance and security updates addresses a number of vulnerabilities in the company’s desktop and server operating systems. According to Apple, the updates close more than 50 holes, many of which could be exploited by an attacker to, for example, remotely execute arbitrary code on a victim’s system, gain access to private information or cause a denial-of-service (DoS). ...

SophosLabs: A fascinating new example of Mac malware has been discovered, that appears to be adopting an old Windows-style disguise to fool users into running it. Despite the numerous times that cybercriminals have created boobytrapped PDF files that exploit vulnerabilities to infect unsuspecting users, many people still think that PDF files are somehow magically safer to open than conventional programs. The OSX/Revir-B Trojan plays on this by posing as a PDF file. ...

Business Insider: A new poll in France says 7 out of 10 people think Microsoft did more to change the world than Apple. We think we would have similar results in other countries, if only because a lot more people (still!) use Microsoft products than Apple products, at least for personal computing which is (still!) the most important part of computing. ...

SophosLabs: Steve Jobs has now done what many of us thought would happen sooner or later – stepped off the very prestigious CEO plinth, taking a less taxing role as chairman of the Apple board. The new CEO will be Jobs’ right-hand man Tim Cook. Despite Jobs having been on medical leave since January this year, the markets were all a tumble once the news of his resignation hit the markets, with Apple share prices dipping at one point by 5%. ...