Apple

H-Security Online: Version 7.7 of QuickTime is now available for users running Windows XP SP2 or later and Mac OS X v10.5.8 Leopard. The maintenance and security update addresses a total of 14 security vulnerabilities in the multimedia application. QuickTime 7.7 closes holes on both platforms that could be used by an attacker to, for example, crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a victim must first open a specially crafted file or a malicious web site. A cross-origin issue that may lead to the disclosure of video data from another web site has also been fixed. The company notes that, for Mac OS X 10.6 users, these holes have already been addressed in 10.6.8; the latest version of Mac OS X, 10.7 Lion, is not affected. ...

Gizmodo: OS X Lion is coming to the Mac App Store, ushering in a new era of digital distribution for their desktop operating system. And rumors are flying that iOS devices will soon receive over-the-air updates. If we had to smash these two pieces of information together and speculate about the future a little bit, we’d say Apple is heading down a path to automatic background updates for all of their operating systems. Hardcore nerds would hate this to be sure, but for the average user, it’s a good thing. ...

Avira TechBlog: Today some updates need attention – they fix critical security issues and should be installed immediately! The update reign starts off with Apple. Critical security vulnerabilities are closed within the Safari web browser 5.0.5 – they allowed cyber criminals to smuggle in malware. For Mac users, additionally a security update is available for the Snow Leopard operating system. It fixes an issue with stolen certificates which arose a three weeks ago at Comodo and is amazingly tiny for an Apple security update, only 4 MByte. And then for iPhone, iPad and iPod Touch users the update to iOS 4.3.2 is available which basically closes the same security holes for the mobile devices as well. ...

Avira TechBlog: Today is a busy day for those who want to keep their computers secure: Many updates are available, from Adobes Flash Player over Apples Mac OS X operating system to the Firefox web browser. There is a security vulnerability in Flash player which became public as a zero day vulnerability a week ago. It has been attacked in a limited fashion. Now Adobe released this security update which users can download from the website of the company. As this security vulnerability already gets actively exploited, users and administrators should apply the update immediately. ...

Sophos Labs Blog: If you’re interested in computer security, you’ve probably heard of PWN2OWN. It’s a competition which has become an annual fixture at the annual CanSecWest conference in Vancouver, British Columbia. The competition gets its name because, as the CanSecWest organizers explain, “If you can execute arbitrary code (PWN) on these [laptops or mobile phones] through a previously undisclosed browser (Firefox, IE, Safari) exploit, you can go home with one (OWN).” ...

Safari just got served. At this year’s Pwn2Own conference, security firms and enthusiasts are doing their very best to discover and deploy exploits to some of the world’s most popular browsers. Chrome, Firefox, Internet Explorer, and Safari, they’re all on the menu for conference attendees and some have definitely faired better than others. Google issued a challenge, promising $20,000 to any person or team that could crack Chrome on the conferences opening day, but the two teams scheduled to take a swing backed down. Firefox is, for the time being, still standing, and, per usual, Microsoft’s Internet Explorer was taken down without much fuss. But which browser faired the worst? That would be Apple’s Safari. A French security research firm named Vulpen managed to break into Safari running on a MacBook Air in a cool five seconds. The company noted that the Safari update issued by Apple yesterday — version 5.0.4 — fixes some of the vulnerabilities, but not all. The takedown of Safari 5.0.3 used exploits that are still available in the updated code base. Go ahead Apple detractors, have a little fun in the comments section. ...

This week Apple announced the availability of QuickTime 7.6.9 for OS X 10.5 and Windows platforms. This release fixes 13 vulnerabilities in QuickTime for OS X Leopard and 15 vulnerabilities on the Windows platform. Keep in mind that if you use iTunes it requires that you install QuickTime as well, so be sure to check for updates. Apple has provided a direct download link for IT folks at http://www.apple.com/quicktime/download/. All 13 vulnerabilities for OS X can cause unexpected application termination (what you and I call a crash, but you can’t say crash on a Mac) or arbitrary code execution (make QuickTime run programs… BAD). ...

An iPad 2 could hit shelves as early as next year, according to at least one source. An Apple iPad 2 will go into production beginning in December – and hit shelves as soon as Q1 of 2011. That’s the news this week from Economic News Daily, an English-language Taiwanese paper. According to News Daily staff, the new iPad will include FaceTime functionality, fresh display tech, a pair of cameras – one forward-facing – and a USB port. ...

Remember that peppy aftermarket 256GB SSD upgrade from PhotoFast that easily smoked (on paper anyway) the SSD found in Apple’s latest MacBook Air? It’s been halted upon Apple’s request before it ever went on sale, similarly to those HyperMac batteries before it. 9to5Mac first reported the news based on a source close to the company and we just confirmed it directly with the PhotoFast GM2_SFV1_Air product manager. The risk of losing access to Apple’s product licensing program was just too grave a threat to ignore. So, enjoy your 160MBps max SSD transfer rate and 128GB top-end capacity MBA 11 owners, you’ll get your storage and 250MBps sequential read/write speed bumps only when Apple’s good and ready to provide it themselves — possibly sooner, we’re told, if PhotoFast is given the green light to start sales after Toshiba’s SSD modules (Apple’s MBA partner) are available for purchase. ...

Yesterday, Apple pushed out the much anticipated update to its mobile operating system – iOS 4.2. Although most of the headlines have focused on new functionality Apple has introduced, such as bringing folders and multi-tasking to the iPad, there’s a much more important reason why you should be considering updating your Apple iPhone, iPod Touch or iPad. Security. According to an Apple knowledgebase article, iOS 4.2 includes more than 40 security fixes designed to better protect iPhone, iPod Touch and iPad users. ...