Category: Apple


Apple patches serious security holes in iOS devices

Apple has shipped a high-priority iOS update to fix multiple security holes affecting the browser used on iPhones, iPads and iPod Touch devices.

The iOS 5.1.1 update fixes four separate vulnerabilities, including one that could be used to take complete control of an affected device.

Here’s the skinny of this batch of updates:

  • A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
  • Multiple security holes in the open-source WebKit rendering engine. These could lead to cross-site scripting attacks from maliciously crafted web sites. These vulnerabilities were used during Google’s Pwnium contest at this year’s CanSecWest conference.
  • A memory corruption issue in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue was discovered and reported by Google’s security team.

This patch is only available via iTunes. To check that the iPhone, iPod touch, or iPad has been updated:

  1. Navigate to Settings
  2. Select General
  3. Select About. The version after applying this update will be “5.1.1″.

Ryan says: As always, do not update to 5.1.1 if your iPhone is unlocked or jailbroken already or if you plan doing this in the future.

Tether: Wireless tethering for only $30 per year

For those of you constantly traveling and unable to access a Wi-Fi connection for your Mac or PC, but unwilling to dish out the $360 a year that some carriers will require for native tethering, you can download Tether’s application for $15 for the first year and $30 for the years following.

While jail breaking is one option for avoiding the cost of tethering, other people may find that paying $30 per-year is worth avoiding the hassle of hacking a phone. Plus, for those of us who have a tendency to drop our phones, voiding the warranty and keep customer support and geniuses at bay is also reason enough to avoid the hack — which is why Tether is such a great service.

Initially launched in November 2011, Tether was originally accepted into Apple’s iTunes App Store. But the app was taken down only a few days later because it violated Apple’s terms. Since then, the team had been creating a workaround. And now, they’ve unveiled the latest version of Tether, built using its patent-pending technology, made possible by HTML5. This time around, the team decided to forgo the app’s submission to Apple altogether, seeing as how acceptance into the iTunes App Store was highly unlikely. Instead, Tether is entirely We-based, letting it bypass Apple’s scrutiny.

The service is available for Blackberry, iPhone and Android, and will currently work for any carrier throughout the world. But it’s a game of cat and mouse. Once the major carriers discern how to distinguish a tethered phone using HTML5 from a non-tethered phone, Tether users will run the risk of being forcibly upgraded to the carrier’s tethering plan, or risk being charged extra for the data sent while being tethered to your computer as per the carrier’s terms of service.

Using Tether isn’t too difficult as the video below will show you. You’ll need to download and install the appropriate software for your operating system, and proceed to create an ad-hoc network on your computer by entering in a password (if desired) for the auto-generated SSID. Note that if once Tether is open on your desktop, your current Wi-Fi connection will be disabled to make way for the tethered connection.

On your phone, find and select the ad-hoc network from list of available Wi-Fi. Then, using your mobile browser, you will be required to log into your paid account on tether.com/web. After logging in, you’re tethered and able to browse the Web on your computer right away.

 

Source: DigitalTrends

Apple wins ‘device destroying’ injunction against Motorola

Apple, which continues to disrupt the mobile space with its patent litigation, has successfully won a case against rival Motorola, in which a photo management patent was infringed.

The German court ruling said that the “zoomed in” mode for viewing photos on Motorola’s Android handsets infringed the Apple-held patent, but not the “zoomed out” mode. EU Patent No. EP2059868 originally derived from another patent, which allowed photos to ‘bounce’ when they are over-scrolled; because people will attempt to claim anything nowadays.

FOSS Patents author Florian Mueller understands that Apple could order the destruction of devices if it chooses so.

“If Apple enforces the ruling, it can even require Motorola to destroy any infringing products in its possession in Germany and recall, at MMI’s expense, any infringing products from German retailers in order to have them destroyed as well.”

Having said that, Motorola played down the fears that devices could be subject to such ghastly ends by saying that doesn’t expect the ruling to affect future sales, and that it has “implemented a new way to view photos”, reports Bloomberg with a spelling mistake.

While Motorola can continue selling the devices, it did not comment on Mueller’s comments that would lead to ultimately the mass graves of Motorola phones. Motorola has said that it has already sought a workaround to prevent its smartphones from infringing Apple’s patent, thus rendering the court’s judgement effectively useless.

It appears from this, that not only is Germany a hot bed of patent activity, litigation — and frankly, trolling — but while one company sues another, the defendant in each case is more often than not forced to simply modify the software of the phones.

If you thought the patent wars were all in Apple’s favour, you would be wrong. It was just over a week ago when Apple pulled the plug on its iCloud and MobileMe push email feature within the borders of Germany, after Motorola won a patent claim of its own.

Source: ZDNet

iOS loophole gives developers access to photos, sources say a fix is coming

Another day, another iOS security concern. Today’s confidence-defeating news comes from Nick Bilton at the New York Times. Bilton writes at the paper’s Bits blog that a loophole has been discovered in iOS which allows third-party developers access to your iPhone, iPad, or iPod touch’s photo and video location data… as well as the actual photos and videos themselves. It appears that if an app asks for photo location data on your device (and you approve the request for permission), that application will also be able to slurp down the photos and videos stored on your phone without any further notification. The Times report mirrors an earlier story from 9to5 Mac which detailed security issues on the platform.

Bilton had an unnamed developer create a dummy application which would replicate the offending functionality, and the developer was able to easily poach location information as well as photos and video from a test device. Other developers — such as Curio co-founder David E. Chen — sounded off on the issue. Chen told the Times that, “The location history, as well as your photos and videos, could be uploaded to a server. Once the data is off of the iOS device, Apple has virtually no ability to monitor or limit its use.” Camera+ developer John Casasanta said that, “It’s very strange, because Apple is asking for location permission, but really what it is doing is accessing your entire photo library.” The article also suggests that this loophole may have been introduced with the release of iOS 4 in 2010.

We reached out to Apple about the issue, but the company declined to comment.

All hope might not be lost, however. We spoke to sources familiar with the situation, and were informed that a fix is most likely coming for the loophole. According to the people we talked to, Apple has been made aware of the issue and is likely planning a fix with an upcoming release of iOS. Those sources also confirmed that the ability to send your photos and videos to a third-party is an error, not an intended feature. If we had to guess, the fix will likely come alongside a patch for Apple’s other recent security issue — the ability for apps to upload your address book information without warning.

This story has clear echoes of that controversy, which came to light when a developer discovered that the app Path was downloading all of your device’s contact information to the company’s servers. In a follow-up report, we discovered that Path wasn’t the only app grabbing your info.

It will be interesting to see how Apple reacts to security breaches of this nature in the future. The company has long made it clear that it’s working to respect user’s privacy; at a glance it looks like these recent slip-ups are exceptions, not the rule.

Source: The Verge

BlackBerry 7 sales sputter after strong start

After some initial excitement for the new line of BlackBerry 7 smartphones and a strong launch–both unusual for RIM for the past year–sales are starting to sputter. That’s according to Canaccord Genuity analyst T. Michael Walkley, who said his checks indicate a slowing trend for BlackBerrys.

It’s likely sales have been blunted by the release of the iPhone 4S, as well as the lower price of the legacy iPhone 4 and 3GS models as well. The coming release of the Galaxy Nexus and phones running on the recently unveiled Android 4.0 Ice Cream Sandwich operating system is expected to provide additional pressure, while Nokia may take some shine off RIM’s growth overseas, Walkley said.

“We anticipate increasing competition across all tiers of RIM’s products in 2012,” he said in a research note sent to clients today.

RIM had hoped for its upgraded BlackBerry 7 operating system to inject some life back into the company’s prospects and get it back on track as it migrates to a slicker next-generation platform. With that platform, BBX, expected to be delayed until the middle of next year, it’s more important than ever for its current BlackBerry 7 phones to have a strong showing.

A RIM representative wasn’t immediately available for comment.

But aside from the flagship Bold 9900 smartphone, which has generally received favorable reviews, its other BlackBerry smartphones haven’t sold so well. RIM was suffering from weaker sales to consumers at Verizon Wireless, T-Mobile, and Sprint Nextel, as sales were dominated by the iPhone and Android devices, Walkley said. Even the Bold has lost its momentum following the launch of the iPhone 4S and subsequent price cuts to the older models, he added.

Overseas, Walkley said he was more bullish on Nokia’s prospects as it prepares to roll out its first Windows Phone devices in a few European markets. He expects Nokia to make more of a run in emerging markets where RIM has seen recent strength, which could cut into RIM’s growth. He added that RIM’s lower-tier BlackBerry devices that had been popular are slowing considerably in the face of new Nokia phones and sub-$200 Android smartphones showing up in Latin America and Eastern Europe. Nokia, meanwhile, is seeing more interest in its Asha series of phones in markets such as India and Indonesia, he added.

The troubled PlayBook

Walkley was also bearish on the prospects of the PlayBook, saying he only expects “soft sales” of the device. The PlayBook has been heavily discounted in recent weeks, with Black Friday specials pulling the price down to $200, but sales have still been anemic. The missing core features of the device–e-mail access, messenger services, and calendar–won’t arrive until an update next year. Walkley dropped his fiscal 2012 estimate for unit sales to 900,000 from 1.5 million units. In total, RIM has only sold 700,000 units to its retail partners through the August quarter, an extremely disappointing number.

The competition is only going to get worse with the $199 Kindle Fire out and Ice Cream Sandwich-powered tablets hitting the market in the coming months.

All of this bodes poorly for RIM, which has a rough year. Even its traditional stronghold of enterprise customers is vulnerable. A recent study by iPass found more corporate users on an iPhone than a BlackBerry. IPass was quick to note that the change in market share may be more due to the extreme growth of iOS, as opposed to RIM losing customers.

But it can’t be good if iPhone is beating RIM at its own game.

Source: CNET

Apple security expert finds apps-software bug

A software flaw in Apple Inc’s iPhones and iPads may allow hackers to build apps that secretly install programs to steal data, send text messages or destroy information, according to an expert on Apple device security.

Charlie Miller, a researcher with Accuvant Labs who identified the problem, built a prototype malicious program to test the flaw. He said Apple’s App Store failed to identify the malicious program, which made it past the security vetting process.

There is as yet no evidence that hackers have exploited the vulnerability in Apple’s iOS software. But Miller said his test demonstrated that there could be real malware in the App Store.

“Until now you could just download everything from the App Store and not worry about it being malicious. Now you have no idea what an app might do,” Miller said.

Miller said he proved his theory by building a stock-market monitoring tool, InstaStock, that was programed to connect to his server once downloaded, and to then download whatever program he wants.

Apple did not respond to requests for comment.

Miller, who in 2009 identified a bug in the iPhone text-messaging system that allowed attackers to gain remote control over the devices, said that he had contacted the company about the vulnerability.

“They are in the process of fixing it,” he said.

Miller is scheduled to present his detailed research at the SyScan ’11 security conference in Taiwan next week.

 

 

Source: Reuters

Apple Has 1,000 Engineers Working On Chips For The Post-PC Era

As we ponder what will happen to Apple without Steve Jobs, I keep coming back to a conversation I had a few weeks ago with a veteran Silicon Valley CEO who knew Jobs. This was just after Jobs had resigned as CEO of Apple. We got to talking about why Apple is so well-positioned in the post-PC era, and this executive zeroed in on something you don’t hear too often. “Steve Jobs told me he has 1,000 engineers working on chips,” he said. “Getting low power and smaller is the key to everything.”

The number was startling when I first heard it. I knew that Apple started building its own chip design team in 2009, but figured it had to be a few hundred people at most, not 5 percent of Apple’s non-retail workforce. (Apple employs more than 50,000 people worldwide, 30,000 of them in its retail stores). Apple started designing its own chips because Intel and AMD were still stuck in the PC era. Apple needs chips that are powerful enough, but also very low power.

Battery life is one of the most important features of a mobile device. Apple’s latest A5 processor, which first appeared in the iPad 2, will now power the iPhone 4S as well. Not only is the A5 twice as fast as the A4 in the current iPhone 4, but it slightly improves the battery life with 8 hours of talk time (versus 7 hours).

Not only are Apple’s processors extremely power efficient, but Apple is also removing the hard drives from its products and replacing them with flash memory chips. It’s not just iPhones and iPads, the MacBook Air’s storage is also flash. All of Apple’s products are moving in this direction. When you combine these two fundamental changes at the silicon level, “form factor no longer becomes an issue,” explained the Silicon Valley CEO.

You can put a computer into anything. Mobile phones and tablets, certainly. TVs, perhaps. But what else? It is only limited by the imagination of Apple’s engineers and what makes sense from a product point of view.

When Jobs retired, TechCrunch writer MG Siegler cautioned against focusing too much on the next iPhone. Jobs left Apple knowing that a string of post-PC products will be introduced in the years ahead. MG wrote:

It’s the longer roadmap that should really be the grand finale in the Jobs’ fireworks show.

Talking to sources in recent months, there has been one common refrain: that the things Apple is working on right now are the best things the company has ever done. These are things that will “blow your mind”, I’ve been told.

Jobs himself said when he resigned, “I believe Apple’s brightest and most innovative days are ahead of it.” Now we get to see what he meant by that. Jobs rebuilt Apple from the silicon up. It is the company itself which is his greatest product. And like all of his products, everything fits together: the chips, the hardware, the software, the industrial design, the developer platform, the tightly controlled manufacturing, the marketing, the retail stores.

This machine is proving adept at making and selling mobile computers—phones and tablets. But remember also that we are just at the beginning of the post-PC era. The iPhone launched 4 years ago, the iPad only a year and a half ago. It is becoming practical to put a computer into anything. Of course, just because you can, doesn’t mean you should. And if anything, Apple is very disciplined about choosing what not to do (another Steve Jobs trait). But if you believe that post-PC devices will include more than just phones and tablets, it is not such a crazy idea that one day Apple will be churning them out as well.

Source: TechCrunch

Android climbs to 43% in US, iPhone still at 28%

Android is still growing in the US, but is taking all its share from non-iPhone rivals, Nielsen found on Monday. Google was up from 40 percent in July to 43 percent in August, but Apple was still at the 28 percent it has held since June. Most of that decline came from Microsoft, which took the “other” category down from 13 percent to 11 percent.

RIM’s BlackBerry also lost a point to 18 percent. It may have been helped by a slew of BlackBerry 7 phones shipping the same month, such as the Bold 9900 and 9930.

Google still had added momentum in the Nielsen research. Among those who had bought a smartphone in the past three months, 56 percent were buying Android. Apple still wasn’t under threat with a static 28 percent, but there had been extra pressure on Microsoft and RIM, which collapsed to about six and nine points. Both audiences may have been in holding patterns for most of the summer as they either waited for later BlackBerry 7 launches or for Windows Phone 7​.5 (Mango) in October.

Android may see a rare share reversal in October. The year so far has been unusual as Apple’s first where a new iPhone didn’t ship in the summer. Possibilities exist that iphone sharecould start growing again as Apple fills pent-up demand, most of all if a Sprint iPhone 5 ships and eliminates another shelter for Android.

Smartphones should also still be on track to become the dominant cellphones in the US, researchers said. They were now up to 43 percent of total ownership and at 58 percent among those who had bought in the past three months. Ownership is expected to cross the 50 percent mark before the end of the year as the iPhone 5, and more Android devices like the Galaxy S II tip the balance.

Source: Electronista

Adobe Gives Up on Flash for iPhone and iPad

The Flash plug-in for browsers has been the de facto king of Web video, interactive websites and annoying ads that get in your face since it was owned by Macromedia. So when it was announced the iPhone would be shipping without Flash — and wouldn’t ever have Flash on it — a lot of people freaked out. Why was Steve Jobs being so mean? Android phones are getting Flash!

As the owner of one of those Android phones that has the Flash player installed, though, I can tell you why the iPhone’s not getting Flash: It’s awful. It runs horribly, and horribly slow. It’s a crapshoot whether it works at all, on my phone from last year, and that’s just to play a Web video. And Flash games like Robot Unicorn Attack? Right out.

Fortunately, a lot of these games and videos are available through apps like the YouTube one. That’s how iPhone owners watch them. And it seems Adobe has finally accepted that.

Introducing the Flash Media Server

Don’t be fooled by the headline on Boy Genius Report’s article. Adobe’s not bringing Flash anything to iPhones or iPads. Instead, website owners can buy these Flash Media servers for upward of $995, and they’ll convert Flash movies into a form that iGadgets can use.

There are a number of downsides with this plan. One, it doesn’t work on all websites; only the ones with owners who paid Adobe hundreds or thousands of dollars. And two, it costs hundreds or thousands of dollars. How many bloggers and restaurant owners are going to want to shell out $995 to $4,500 just so iPhone owners can watch ads in their web browsers instead of YouTube?

If anything, Adobe’s given people a reason to use HTML 5 video, or movies that play outside of Flash Player. Flash was fun while it lasted, but it’s going the way of the dinosaur. This “media server” thing is just an expensive kludge to artificially extend its lifespan, by milking businesses that are addicted to it.

But iPhones can’t browse the full web!

Actually, iPhone owners will have a better web browsing experience than most Android phone owners. Instead of having their battery life drained by a choppy Flash video — one that would just crash low-end smartphones like mine — they’ll get web movies in a format their iPhone can play without breaking a sweat.

Let’s face it: It’s been four years since the iPhone came out, and roughly three years since the first Android phone did. Adobe has had plenty of time to make Flash do its thing, and/or beg, plead, and cajole Apple into putting Flash on the iPhone. The Flash Media Server products show that it’s given up, at least on the “persuade Apple” part. And the poor quality of the Flash experience on Android smartphones and tablets suggests that it may be wise for Adobe to give up there as well.

Source: Yahoo! Contributor Network

5 Reasons Droid Bionic Will Steal the iPhone 5’s Throne

The smart phone war is far from over. When the iPhone broke into the scene back in January 2007, it was clear it intended to remain there. However, the recent onslaught of high-quality and low-cost Android-fueled phones to make it to the market in the last year are leaving some skeptical. In fact, with Steve Jobs now out of the picture, many can’t help but ask: Is the iPhone’s time up?

That is where the new Droid Bionic from Motorola comes in. The Droid Bionic, released Thursday, is no weak contender in this fight to the top. Running on Android 2.3.4, the phone is miles ahead of even some of the most far-stretched rumors of the iPhone 5’s capabilities. With that being said, there are five reasons the Droid Bionic will be taking over the throne:

Price:

When the Bionic hits shelves early Thursday morning, it will not be undersold. With prices confirmed, such as $280 at Costco with free accessories, this phone is coming out swinging. As always, Apple plans to keep its customers in the dark, so no pricing is confirmed. However, knowing Apple’s past release of iPhone 4, one can expect a minimum $600 price tag.

Battery:

Anyone who has ever owned an iPhone knows one thing: There is no such thing as charging your iOS-powered phone too much. The Droid Bionic will operate using state of the art Lithium Ion battery with a capacity of 1,735 mAh, which is 315 more than the last iPhone released. Due to this, talk time is clocked in at 10.83 hours and stand a whopping 200 hours!

Flash:

Steve Jobs’ campaign against Flash compatibility has been a fight against what the people want. Bionic comes equipped to handle Flash and Flash-enabled software. This means no more sacrificing Web browsing or staring at error boxes where the flash content should be!

Music:

You would think that coming from having roots in an MP3 player the iPhone would have much more muscle in this field. However, the Droid Bionic once again outdoes Apple with the ability to handle formats such as WMA, eAAC+, AMR, and OGG. These formats, especially eAAC+, are some of the highest-quality, lowest-loss music media to date in the digital world.

Memory:

With no word from Apple yet on the iPhone 5’s ability to hold microSD cards, it is safe to assume the Droid Bionic is at the very top of its class. The microSD cards are already known for being some of the cheapest and most efficient ways to store data and Droid Bionic makes use of this. In fact, the new Motorola Smart Phone will be able to hold up to 32 GB of additional microSD or microSDHC memory!

The days of Apple’s rule over the kingdom are over. The new smart phone on the block, the Droid Bionic, is going to clean the floor with the lagging iPhone 5.

Source: Yahoo! / Engadget

Microsoft quietly finding, reporting security holes in Apple, Google products

Researchers at Microsoft have been quietly finding — and helping to fix — security defects in products made by third-party vendors, including Apple and Google.

This month alone, the MSVR (Microsoft Security Vulnerability Research) team released advisories to document vulnerabilities in WordPress and Apple’s Safari browser and in July, software flaws were found and fixed in Google Picasa and Facebook.

The MSVR program, launched two years ago, gives Microsoft researchers freedom to audit the code of third-party software and work in a collaborative way with the affected vendor to get those issues fixed before they are publicly compromised.

The team’s work gained prominence in 2009 when a dangerous security hole in Google Chrome Frame was found and fixed but it’s not very well known that the team has spent the last year disclosing hundreds of security defects in third-party software.

Since July 2010, Microsoft said the MSVR team identified and responsibly disclosed 109 different software vulnerabilities affecting a total of 38 vendors.

More than 93 percent of the third-party vulnerabilities found through MSVR since July 2010 were rated as Critical or Important, the company explained.

“Vendors have responded and have coordinated on 97 percent of all reported vulnerabilities; 29 percent of third-party vulnerabilities found since July 2010 have already been resolved, and none of the vulnerabilities without updates have been observed in any attacks,” Microsoft said.

This week’s discoveries:

  • A vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.
  • A vulnerability exists in the way that WordPress previously implemented protection against cross site scripting and content-type validation. An attacker could exploit this vulnerability to achieve script execution.

Source: ZDNet