Category: Mac


Hey Everyone,

It’s been a very busy start to the new year for our shop, we have been doing a tremendous amount of iMac and Macbook Repair over the last year and we would like to let everyone know who keeps asking, we DO repair all iMac and Macbook computers and ALL Apple products including iPod (All Models) and iPad.  Ask about getting you iMac Hard Drive replaced to a Solid State Drive (SSD) and a full tune up including internal and external cleaning.  If you’ve had your mac longer then 3 years chances are its super dusty inside and will need to be cleaned internally!

We offer a complete Mac-Tune-Up Package with Sierra OS installed and your option of a 120GB, 240GB, 480GB or 1TB SSD upgrade which will make your computer  respond much faster (apps open quicker, shorters boot/reboot times) + a HUGE LIST of apps to choose from!

We hope everyone has an awesome 2017 – All the best to you and your loved ones! – Ryan

Upgrading RAM on the new iMac is practically impossible

The electronics website iFixit on Friday downgraded the new 21.5-inch iMac’s repair score to 3 out of a possible 10, calling servicing the computer “an exercise in disappointment.”

The website urged do-it-yourselfers to look for a leftover 2011 model instead. “Hackers, tinkerers, and repairers be forewarned: Get last year’s model if you’d like to alter your machine in any way,” said Miroslav Djuric, iFixit’s chief information architect, in an email announcing the site’s teardown of the newest iMac.

Apple started selling the redesigned 21.5-inch iMac on Friday at its retail and online stores. The larger, more expensive 27-in. iMac is to ship later this month.

After disassembling the iMac, iFixit assigned the all-in-one desktop a repair score of just 3 out of 10; The 2011 version of the same-sized iMac sported a more DIY-friendly score of 7 out of 10.

The iMac’s new score is in the same low range as Apple’s 15- and 13-inch Retina-equipped MacBook Pro laptops, which earned a 1 and 2, respectively, this summer and fall. In June, iFixit called the 15-inch MacBook Pro “the least-repairable laptop we’ve taken apart.”

Explaining the iMac’s low score, iFixit cited the copious amounts of “incredibly strong” adhesive that bonds the LCD and front glass panel to the frame. Earlier iMacs fixed the display in place with magnets rather than the hard-to-dislodge glue, which is even harder to replace.

Just as damning was an Apple design decision that makes it practically impossible for users to upgrade the iMac’s RAM. The 21.5-in. iMac comes standard with 8GB of memory – and can be upgraded to 16GB – but because the RAM is buried beneath the logic board, owners must “take apart most of the iMac just to gain access,” iFixit said.

Older 21.5-inch iMacs had four external RAM slots that were easily accessed by users.

Apple mentions the impracticality of memory upgrade only in a side note hidden on the iMac’s options page. There, Apple said: “Every 21.5-inch iMac comes with 8GB of memory built into the computer. If you think you may need 16GB of memory in the future, it is important to upgrade at the time of purchase, because memory cannot be upgraded later in this model.”

The not-yet-available 27-inch iMac will continue to sport four external memory slots. Customers can boost the RAM at the time of ordering to 16GB (for an extra $200) or 32GB ($600), but those prices are exorbitant compared to third-party RAM that users install themselves. An additional 8GB of memory – which would raise the iMac’s total to 16GB – costs just $40 at Crucial.com, for example.

iFixit spotted several other changes to the iMac, including a larger, single fan rather than several smaller fans; dual microphones, likely a noise cancellation move for FaceTime video calls; and a vibration-dampening housing around the laptop-sized 2.5-in. hard disk drive.

The teardown also exposed the location where Apple places a “Fusion Drive,” the option that combines 128GB of flash storage with a standard platter-based hard drive.

The new iMacs are priced between $1,299 and $1,999 – $100 more than their precursors – and can be purchased or pre-ordered at Apple’s online and retail stores.

iFixit reduced the repair score of Apple’s iMac from 7 to 3 (out of 10), citing screen-to-chassis glue and the impracticality of upgrading RAM or swapping drives.

Source: TechWorld

Half a million Mac computers ‘infected with malware

More than half a million Apple computers have been infected with the Flashback Trojan, according to a Russian anti-virus firm.

Its report claims that about 600,000 Macs have installed the malware – potentially allowing them to be hijacked and used as a “botnet”.

The firm, Dr Web, says that more than half that number are based in the US.

Apple has released a security update, but users who have not installed the patch remain exposed.

Flashback was first detected last September when anti-virus researchers flagged up software masquerading itself as a Flash Player update. Once downloaded it deactivated some of the computer’s security software.

Later versions of the malware exploited weaknesses in the Java programming language to allow the code to be installed from bogus sites without the user’s permission.

Dr Web said that once the Trojan was installed it sent a message to the intruder’s control server with a unique ID to identify the infected machine.

“By introducing the code criminals are potentially able to control the machine,” the firm’s chief executive Boris Sharov told the BBC.

“We stress the word potential as we have never seen any malicious activity since we hijacked the botnet to take it out of criminals’ hands. However, we know people create viruses to get money.

“The largest amounts of bots – based on the IP addresses we identified – are in the US, Canada, UK and Australia, so it appears to have targeted English-speaking people.”

Dr Web also notes that 274 of the infected computers it detected appeared to be located in Cupertino, California – home to Apple’s headquarters.

Java’s developer, Oracle, issued a fix to the vulnerability on 14 February, but this did not work on Macintoshes as Apple manages Java updates to its computers.

Apple released its own “security update” on Wednesday – more than eight weeks later. It can be triggered by clicking on the software update icon in the computer’s system preferences panel.

The security firm F-Secure has also posted detailed instructions about how to confirm if a machine is infected and how to remove the Trojan.

Although Apple’s system software limits the actions its computers can take without requesting their users’ permission, some security analysts suggest this latest incident highlights the fact that the machines are not invulnerable.

“People used to say that Apple computers, unlike Windows PCs, can’t ever be infected – but it’s a myth,” said Timur Tsoriev, an analyst at Kaspersky Lab.

Apple could not provide a statement at this time.

Ryan: Download Apple’s security update for the Flashback Trojan here.

Source: BBC News

Fake FlashPlayer for Mac OS X leads to site redirection attacks

Researchers at F-Secure have intercepted a new malicious threat for Apple’s Mac OS X — a Trojan that redirects users to fake Google web sites.

The Trojan is currently being delivered via fake a Adobe Flash Player (FlashPlayer.pkg) update, F-Secure said in a blog post.

Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands.

The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site.

“Even though the [Google] page looks fairly realistic, clicking on any of the links does not take the user to any other sites. Clicking on the links does however open new pop-up pages, which are all pulled from a separate remote server,” F-Secure said, nothing that this attack may be aimed at serving ads to infected Mac OS X machines.

Apple has struggled recently with scareware attacks on its platform and the latest sighting is further proof that the increase in Mac OS X market share has attracted the attention of malware writers.

Source: ZDNet

Apple releases ‘Mac Defender’ security update

Apple has just released a security update for Mac OS X that is designed to detect and remove Mac Defender malware. But unless you’re running the latest ‘Snow Leopard’ version, you’re outta luck.

Apple security update 2011-003 (only for Snow Leopard) consists of three components:

File Quarantine
Malware detection definitions for OSX.MacDefender.A has been added to the File Quarantine system.

Automatic Updates
The system will check daily for updates to the File Quarantine malware definition list. An opt-out is available.

Malware Removal
The update will scan and remove Mac Defender and known variants.

This update is available for Mac OS X v10.6.7 and Mac OS X Server v10.6.7 (if you’re using an earlier version of Mac OS X, tough, Apple doesn’t love you) via Software Updates or via Apple Downloads. No reboot required.

Hello Mac OS X users, welcome to the world of daily malware signature updates.

Source: ZDNet

Apple acknowledges Mac Defender malware, promises software update

Apple has decided to publicly acknowledge the Mac Defender malware that seems to be creeping onto Mac users’ computers. The company posted an online support document Tuesday evening that outlines how to identify and get rid of the program, which attempts to trick users into handing over their credit card information. The company also promised to issue a software update soon that will specifically hunt out and remove Mac Defender and its variants.

“A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus,” Apple wrote in its support document. “In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.”

The much-welcome acknowledgement from Apple comes less than a week after it came out that real users were beginning to see this malware in the wild a little more often than usual. When we investigated the issue, we were told by several Apple Store Geniuses that they had also seen a spike—one Genius at a large Apple Store said he had seen malware reports in his store go from approximately 0.2 to percent to 5.8 percent in a matter of weeks, with the large majority of those being Mac Defender or its variants, often known as Mac Security or Mac Protector. (Smaller, third-party support folks were somewhat split on whether there had been a spike in malware reports.)

At the time, one of the more controversial aspects of Apple’s reaction was that there was none—Apple had instructed its AppleCare and retail staff not to even acknowledge Mac Defender’s existence, and not to remove it from users’ infected computers.

Now, however, the company has apparently had a change of heart. In the support doc, Apple says to trash the app immediately if you haven’t installed it yet, but if you have, there’s a series of steps to follow in order to get rid of it. And, of course, there’s also the lazy route: if you have Mac Defender installed but haven’t given it your credit card information yet, you could just wait for Apple to issue its software update and have it removed automatically. Or, you can use the Mac Defender removal tool from Icrontic.

Source: Ars Technica

Untethered Jailbreak for iOS 4.3.3 Now Available

If you recently upgraded to iOS 4.3.3 that fixed Locationgate woes, you’ll be delighted to know that untethered jailbreak and unlock for iOS 4.3.3 is now available. The iPhone Dev-team have updated their PwnageTool and redsn0w programs so it’s now possible to jailbreak iOS 4.3.3 using Mac and Windows in a way that doesn’t require connecting the device to a computer each time it’s rebooted.

The iOS 4.3.3 untethered jailbreak is based on the exploit created by @i0nic for iOS 4.3.1. The updated redsn0w tool also allows you to turn on multitasking gestures, the team noted in a blog post. If you wish to unlock your device for use with any carrier, there’s an app for that.

To unlock an iOS 4.3.3 device, use the ultrasn0w tool. Remember that ultrasn0w at the time of this writing only worked with iPhone 4 baseband 1.59.00 and iPhone 3G/3GS basebands 4.26.08, 5.11.07, 5.12.01, 5.13.04 and 6.15.00. Use a custom IPSW to update to 4.3.3 in order to avoid updating your baseband. You may wanna use excellent ipswDownloader for Mac to easily find and download any iOS firmware build. This app also figures out your baseband version and tells you whether your iOS version can be jailbroken and unlocked. If you’re on Windows, download the f0recast app that checks whether your device is unlockable or tethered with a USB connect.

If you just want to perform an untethered iOS 4.3.3 jailbreak, I recommend handy step-by-step guides for redsn0w or PwnageTool. The below video shows how easy it is to perform an untethered jailbreak of iOS 4.3.3 via redsn0w 0.9.6rc15. For newbies, iClarified.com provides a wealth of jailbreaking and unlocking guides. And if you need a reason to jailbreak, Cydia creator Saurik has a few.

As for the iPad 2 jailbreak, it’s still pending per a note over at the iPhone Dev-team blog.

The iPad2 jailbreak remains under development. As you may know, the original exploit @comex developed in the first week of the iPad2 release was mysteriously fixed by Apple within days of its development. Partly because of this, don’t expect much public discussion of the iPad2 jailbreak until it’s actually finished and ready for release (and please avoid asking about it). In all liklihood, it will be a userland exploit like the first (unreleased) one, not dependent on bootrom dumps. The first one can’t be released even for those with the original 4.3 firmware due to legal (distribution) reasons.

 

Download the Untethered Jailbreak for iOS 4.3.3 Mac OS X version, here.

Download the Untethered Jailbreak for iOS 4.3.3 for Windows XP/Vista/7 here.

The PwnageTool Official BitTorrent Release, via BitTorrent, here.

Source: 9 to 5 Mac

Fake security software takes aim at Mac users

Scammers are distributing fake security software aimed at the Mac by taking advantage of the news that al-Qaeda leader Osama Bin Laden has been killed by U.S. forces, a security researcher said today.

A security firm that specializes in Mac software called the move “a very big step forward” for malware makers targeting Apple’s users.

Phony antivirus software, dubbed “rogueware” by security experts, has long plagued people running Microsoft Windows, but this is the first time scammers have targeted the Mac with a sophisticated, professional-looking security application, said Peter James, a spokesman for Intego, a Mac-only antivirus company headquartered in France.

“This is indeed a very big step forward for Mac malware,” said James.

The program, dubbed MAC Defender, is similar to existing “rogueware,” the term for bogus security software that claims a personal computer is heavily infected with malware. Once installed, such software nags users with pervasive pop-ups and fake alerts until they fork over a fee to purchase the worthless program.

Until now, rogueware has been exclusively targeting Windows PCs.

That’s changed, according to Kurt Baumgartner, a senior malware researcher with Moscow-based Kaspersky Lab, who today said that one group distributing MAC Defender has also been actively spreading Windows rogueware.

“They have been revving up for this for months,” said Baumgartner of the work to prep MAC Defender.

Last month, Baumgartner had reported that “.co.cc” domains — which are often used to spread malware and host attack code-infected Web sites — had begun to host fake security sites and deliver the “Best AntiVirus 2011” rogueware.

During his early-April sweep through the .co.cc domains, Baumgartner found a URL explicitly aimed at Macs: “antispyware-macbook(dot)co(dot)cc”.

“It is very odd that this group is marketing ‘Fast Windows Antivirus 2011’ from ‘macbook’ domains,” Baumgartner said at the time in a blog post.

Today, Baumgartner said that a group using .co.cc domains was serving up fake security software for Macs as part of a broader campaign to trick Windows users into downloading and installing phony programs.

That campaign is currently exploiting the hot news topic of Bin Laden’s death to get people to click on links that redirect their browsers to the rogueware downloads. The scammers have used “black hat” SEO (search engine optimization) tactics to push links to rogueware higher on Google Images’ search results.

But that’s not the only way Mac owners have been duped into installing MAC Defender.

On Saturday — the day before President Obama announced the killing of Bin Laden — messages from infected users began appearing on Apple’s support forums.

“What is macdefender and why is it trying to install itself on my computer?” asked someone identified as “wamabahama” on April 30.

“FYI, my daughter said the program started after clicking on a ‘hair style photo,'” added “Mr. Fix It Home Services” on the same support thread. Others reported stumbling upon MAC Defender after searching for images of prom tuxedos or for pictures of a character in the movie “Princess Bride.”

On Monday, Intego published a detailed advisory about MAC Defender, noting that that it was “very well designed, and looks professional.”

Intego spotted MAC Defender and acquired samples on Saturday, said James, who pointed out that users must enter their administrative password to install the program. “So there’s still a social engineering angle here,” he said.

In fact, users see a generic Windows-oriented page when they first click a link to the rogueware. “They’re not even getting a Mac-specific page,” James said.

But unless users have Safari set not to automatically open files after downloading, MAC Defender’s installation screen opens without any user action. That’s been enough to con some into approving the install by typing their administrative password.

The program also relies on an unusual technique to make users pay up.

“Every few minutes, it opens a porn page in the browser,” said James of MAC Defender. “We think they’re doing this because most people will assume that that means they’ve got a virus on their Mac, and they need to get rid of it by paying for the program.”

MAC Defender demands $60-$80, depending on whether users select a one-year, two-year or lifetime “license.”

Ironically, there are only eight to 10 serial numbers that MAC Defender accepts, said James, and those are tucked into the binary file — unencrypted — where advanced users may be able to root them out.

James also called out the MAC Defender’s look and feel as an indicator that the criminals are serious about reaping profits from Mac users. “This was done by a very sophisticated Mac interface developer,” James said. “It’s an obvious sign that [scammers] are starting to target Macs. Earlier [scams], such as 2008’s MacSweeper just didn’t bother trying to look professional.”

Intego spotted MacSweeper, a fake Macintosh system cleaning program, in January 2008.

MAC Defender has also created some collateral damage: The rogueware uses the same name as a legitimate German company that develops Mac software.

“A new malware application named MAC Defender (MacDefender.app) for OS X surfaced a few days ago,” warned the MacDefender site. “If you see an application/installer named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application named like this.”

The rogueware’s name choice was probably a twist on “PC Defender” and “Windows Defender,” phrases used in the titles of numerous Windows-based fake AV programs, said James.

Mac users running Safari can prevent MAC Defender from automatically opening after it downloads by unchecking the box marked “Open ‘safe’ files after downloading” at the bottom of the General tab in the browser’s Preferences screen.

Source: ComputerWorld

Apple patches Pwn2Own iPhone OS vulnerabilities

Apple has released a critical update for its flagship iOS mobile operating system to fix several gaping security holes, including a few that were used in successful exploits at this year’s CanSecWest Pwn2Own contest.

The new iOS 4.3.2 software update, which is available for download via iTunes, provides cover for five documented security problems, including vulnerabilities exploited by Charlie Miller (iPhone) and a team of researchers who broke into RIM’s BlackBerry smartphone.

The raw details:

  • QuickLook: A memory corruption issue existed in QuickLook’s handling of Microsoft Office files. Viewing a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. Credit to Charlie Miller and Dion Blazakis working with TippingPoint’s Zero Day Initiative.
  • WebKit: An integer overflow issue existed in the handling of nodesets. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Credit to Vincenzo Iozzo, Willem Pinckaers, Ralf-Philipp Weinmann, and an anonymous researcher working with TippingPoint’s Zero Day Initiative.
  • WebKit: A use after free issue existed in the handling of text nodes. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Credit to Vupen Security working with TippingPoint’s Zero Day Initiative, and Martin Barbella.

The iOS update also fixes the Comodo certificate trust policy problem that allowed an attacker with a privileged network position to intercept user credentials or other sensitive information.   This issue was also fixed in separate Safari and Mac OS X updates.

Source: ZDNet

Adobe warns of new Flash Player zero-day attack

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

This latest Flash Player zero-day attack comes just weeks after EMC’s RSA Division was hit with a malware attack that used a rigged Flash (.swf) file embedded in a Microsoft Excel document.

In both cases, the attacks are being used to steal corporate secrets.

Here’s the gist of the latest Flash Player zero-day:

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Adobe says it is in the process of finalizing a schedule for delivering patches for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.

Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe plans to fix this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Source: ZDNet

Boxee, Apple announce plans to change the mobile video streaming landscape

It’s time to put down your remote, because in the ongoing fight between traditional television and video streamed via mobile devices, traditional media has been dealt a knockout blow. In an interview with Pocket-lint this week, Andrew Kippen, Vice President of Marketing for Boxee, discussed how a new Boxee iPad app will allow users to stream content from their tablets to any device running Boxee software.

Previously, the publication announced that streaming required a Boxee Box, but now it seems any PC or Mac running Boxee desktop software will be able to stream videos. The app is compatible with both new and old iPads.

Apple (AAPL) also revealed this week that it is considering expanding its AirPlay audio service to feature streaming video from an iPhone or iPad to television sets. Bloomberg noted that the company is seeking to expand beyond the limited success of Apple TV, and to have a greater presence in people’s living rooms via wider use of Apple’s services and devices.

These developments are just a few of the latest in a wave of apps and new technology that are changing where and how consumers view video. Netflix (NFLX) has, for some time, allowed users to stream TV episodes and movies on their iPads, but now it seems others are seeking to further bridge the gap between mobile devices and video content.

Startups such as Sunnyvale, Calif.-based Zediva are now crowding Netflix’s space with a new way to stream video online cheaply. Meanwhile, Twitter has jumped in the mobile device video streaming ring too with an updated iPad app that supports the camera on the iPad 2.

Traditional video is certainly not down for the count. Few are ready to throw their TVs out the window just yet, but it seems only a little time on the clock remains before any video content a consumer desires is just a mobile app away.

Source: Appolicious