iOS Developers Warned About Taking Shortcuts
Comments Off on iOS Developers Warned About Taking Shortcuts
Slapdash developers have been advised not to use the open source JSPatch method of updating their wares because it is as vulnerable as a soft boiled egg, for various reasons.
It’s FireEye that is giving JSPatch the stink eye and providing the warning that it has rendered over 1,000 applications open to copy and paste theft of photos and other information. And it doesn’t end there.
FireEye’s report said that Remote Hot Patching may sound like a good idea at the time, but it really isn’t. It is so widely used that is has opened up a 1,220-wide iOS application hole in Apple users’ security. A better option, according to the security firm, is to stick with the Apple method, which should provide adequate and timely protection.
“Within the realm of Apple-provided technologies, the way to remediate this situation is to rebuild the application with updated code to fix the bug and submit the newly built app to the App Store for approval,” said FireEye.
“While the review process for updated apps often takes less time than the initial submission review, the process can still be time-consuming and unpredictable, and can cause loss of business if app fixes are not delivered in a timely and controlled manner.
“However, if the original app is embedded with the JSPatch engine, its behaviour can be changed according to the JavaScript code loaded at runtime. This JavaScript file is remotely controlled by the app developer. It is delivered to the app through network communication.”
Let’s not all make this JSPatch’s problem, because presumably it’s developers who are lacking.
FireEye spoke up for the open source security gear while looking down its nose at hackers. “JSPatch is a boon to iOS developers. In the right hands, it can be used to quickly and effectively deploy patches and code updates. But in a non-utopian world like ours, we need to assume that bad actors will leverage this technology for unintended purposes,” the firm said.
“Specifically, if an attacker is able to tamper with the content of a JavaScript file that is eventually loaded by the app, a range of attacks can be successfully performed against an App Store application.
Courteys-TheInq
Can OSX Make Macs Vulnerable To Rootkits?
Comments Off on Can OSX Make Macs Vulnerable To Rootkits?
The software genii at Apple have redesigned their OSX software to allow malware makers to make designer micro-software that can infect Macs with rootkits.
Obviously the feature is one that Apple software experts designed specifically for malware writers, perhaps seeing them as an untapped market.
The bug in the latest version of Apple’s OS X allows attackers root user privileges with a micro code which could be packed into a message.
Security researcher Stefan Esser said that this was the security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.
The OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Plainly the software genii did not believe that standard safeguards involving additions to the OS X dynamic linker dyld applied to them because they were protected from harm by Steve Job’s ghost.
This means that attackers to open or create files with root privileges that can reside anywhere in the OS X file system.
“This is obviously a problem, because it allows the creation or opening (for writing) of any file in the filesystem. And because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege-escalation,” Esser said.
The vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. Importantly, the current beta version of 10.11 is free of the flaw, an indication that Apple developers may already be aware of the vulnerability.
An Apple spokesman said that engineers are aware of Esser’s post of course they did not say they would do anything about it. They will have to go through the extensional crisis involved in realising that their product was not secure or perfect. Then the security team will have to issue orders, signed in triplicate, sent in, sent back, queried, lost, found, subjected to an internal inquiry, lost again, and finally bury it in soft peat for three months and recycled as firelighters.
New Malware Targeting Apple Devices
Comments Off on New Malware Targeting Apple Devices
Palo Alto Networks Inc has uncovered a new group of malware that can infect Apple Inc’s desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.
The “WireLurker” malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables, said Ryan Olson, intelligence director for the company’s Unit 42 division.
Palo Alto Networks said on Wednesday it had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.
The malware spread through infected apps uploaded to the apps store, that were in turn downloaded onto Mac computers. According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.
It’s unclear what the objective of the attacks was. There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books, Olson added.
But “they could just as easily take your Apple ID or do something else that’s bad news,” he said in an interview.
Apple, which Olson said was notified a couple weeks ago, did not respond to requests for comment.
Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs. Olson said it was the first time he had seen it in action. “It’s the first time we’ve seen anyone doing it in the wild,” he added.
HP To Support The iPad
September 30, 2013 by admin
Filed under Consumer Electronics
Comments Off on HP To Support The iPad
Is your iPad out of warranty? Hewlett-Packard to the rescue.
HP updated its SmartFriend support service and will now troubleshoot problems with Windows, Android, Chrome OS, OS X and iOS products, according to a fact sheet describing the service.
“HP is expanding its HP SmartFriend service to provide 1:1 expert support for any brand of PC or tablet,” the company said. The plan previously supported PCs from HP and other vendors, as well as Macs.
Users can avail of the service to address general hardware, software and malware issues. HP says its agents can “remove viruses, improve PC performance, solve software errors, and connect devices to a wireless network with enhanced security.” The support is provided by phone or over the Internet, so don’t expect a technician to trot in and fix your iPad in person. But HP notes it can save you from driving to a store.
Unlike Best Buy’s Geek Squad service, HP’s service does not include hardware repairs. It can be tricky to change the battery or storage in tablets, so for iPads, the Genius Bars at Apple Stores may still be the best option for some repairs.
HP didn’t immediately comment on exactly what support it will provide for the iPad. HP printers offer wireless printing from iPads and iPhones. HP sells primarily Windows PCs and Android tablets, though on last Thursday it announced the Pavilion 14 laptop with Google’s Chrome OS.
While SmartFriend includes support for iOS devices, the service seems focused mainly on Windows products. Its technicians include “Microsoft Application Trainers, Microsoft Product Specialists, A+/MCP/MCSE Certified Professionals, Network Administrators and HTML Developers,” according to the fact sheet.
The service starts at US$9.99 per month and users can sign up for a pre-paid, monthly or yearly support plan. A “Complete Plan” supports two devices, while a “Family Plan” supports up to four devices.
Apple Squashes Rumors
February 21, 2013 by admin
Filed under Around The Net
Comments Off on Apple Squashes Rumors
Apple will not develop a new, inexpensive iPhone just for the sake of offering a cheaper alternative, Apple CEO Tim Cook said in a speech on Tuesday.
The company’s focus is on creating great products, and it will not make a smartphone that does not past the quality test, Cook said during a webcast from the Goldman Sachs Technology and Internet conference, which is being held in San Francisco.
“There are other companies that do that, that’s not who we are,” Cook said. “Our North Star is great products.”
Instead, the company is now dropping prices on the older iPhone models. That has been successful, and the demand for iPhone 4 models in December was greater than supply, Cook said.
“It surprised us as to the level of demand we have for it,” Cook said.
Lowering the price on older models is just one of the approaches Apple is taking to reach out to price-sensitive buyers. It’s not easy to balance quality and price, and that’s when innovation comes into play and new products could be created to meet consumer demand, Cook said.
“Sometimes you can take the issue … and you can solve it in different ways,” Cook said.
For example, the first iPod that shipped in 2001 was priced at $399, and now users can buy an iPod Shuffle for $49. There was also a big demand in the past to drop the price of Macs to under $500, and Apple tried and couldn’t do it, so it created the iPad tablet.
Is Apple Hiding Billions?
February 4, 2013 by admin
Filed under Around The Net
Comments Off on Is Apple Hiding Billions?
According to Apple’s Q4 corporate filings, the company channeled $11 billion into tax havens in a single quarter. The Sunday Times claims the company is sheltering a total of $94 billion in tax havens. However, Apple’s activities are completely legal and the IRS can’t do anything about it.
But Apple’s tax avoidance strategy is not limited to the US. The company is avoided an estimated £550 million in tax in Britain back in 2011. A different analysis suggests a £550 million tax bill. Let’s not forget Kate Middleton is about to have a baby, and babies tend to cost money, so shame on you Apple.
American politicians, from both sides of the political spectrum, like to have their photos taken next to anything Apple. The company is often viewed as an American success story, as it managed to reinvent itself and come back from the brink to become the world’s second most valuable company.
Apple Previews New Operating System
Comments Off on Apple Previews New Operating System
Apple today released a preview version of Mac OS X 10.7, also known as Lion, to developers, who can download the new operating system from the Mac App Store.
The preview is developers’ first look at the upgrade scheduled to reach consumers sometime this summer.
Included in the preview, and to be bundled with the operating system when it ships, is Lion Server, Apple’s new server software. One analyst saw that move as an admission by Apple that it hasn’t been able to make inroads into the corporate server market.
“They’ve recognized they’re not going to break into the data center,” said Ezra Gottheil of Technology Business Research. “They’re admitting that what server sales they’ve made in the past have been to very small businesses.”
Currently, Mac OS X Snow Leopard Server is sold separately from the general-purpose edition for $499.
Late last year, Apple killed its Xserve line of rack servers, halting sales of the hardware on Jan. 31, 2011. Instead, Apple now steers customers toward Mac Pro and Mac Mini systems with Leopard Server pre-installed. The bundling of Lion Server with Mac OS X 10.7 will save customers hundreds of dollars, said Gottheil, assuming Apple sticks to its traditional $129 price point for Lion next summer.
“A very small server should cost about $700 [this summer], not the $1,000 [a server-equipped Mac Mini] costs now,” said Gottheil.