Apple Released Safari 5.1 With lots of New Features

Safari 5.1 is now available to download and introduces full screen mode, new multi-touch gestures, Reading List, and a whole lot more. The download is available via Software Update on your Mac or from Apple’s website, and is compatible with Macs running Snow Leopard 10.6.8 and above, and Windows PCs running XP, Vista or Windows 7. It’s been available to developers for some time, so those of you running the Lion beta before its release may already be familiar with its new features.

The update introduces Reading List, Apple’s Instapaper-like service that allows you to save articles, videos, and links to a list that you can access later. The service will also sync with iOS devices with the introduction of iOS 5 this fall.

Safari 5.1 also packs Safari Reader, which allows you to read websites and articles in a “clean, uncluttered space free from blinking, annoying ads.”

Multi-touch gestures allow you to control Safari by simply swiping, tapping and pinching your Magic Trackpad. Swipe forward and backwards to switch back and forth between pages, and double-tap with two fingers or pinch to zoom in and out.

Full screen web browsing allows you to browse your favourite websites without distractions from other applications

This update contains new features including:

- Reading List: Easily add webpages and links to your Reading List to browse when you have time.
- New Process Architecture: Safari has been re-engineered for improved stability and responsiveness.
- Resume: In the General pane of Safari preferences, you can now choose to launch Safari with the windows from your last browsing session.
- Better Privacy: A new Privacy pane in Safari preferences makes it easy to remove data that websites can leave on your system.

Other improvements include:

• - Private AutoFill: Safari lets you fill out forms quickly while keeping your personal information private.

• - Find Option: When you use Find, you can choose whether you want to search for text that contains or starts with the text that you type in the search field.

• - Drag-and-drop Downloads: You can drag items out of the Downloads window in Safari, so you can easily place downloaded files on the Desktop.

• - Advanced Web Technologies: Safari introduces support for full-screen webpages, media caching with the HTML5 application cache, MathML, Web Open Font Format, CSS3 Auto-hyphenation, CSS3 Vertical Text, CSS3 Text Emphasis, Window.onError, and Formatted XML files.

• - New Extension APIs: Developers can take advantage of new Safari Extension support for popovers, menus, new event classes, and interaction with Reader.

Safari 5.1 for Snow Leopard requires Mac OS X 10.6.5 or later.

Apple has also released a minor Safari 5.0.6 update for Mac OS X Leopard, bringing several improvements related to WebSocket web applications, HTML5 annotations, and display of content within frames on sites such as pandora.com.

To download Safari 5.1 Click here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Released Safari 5.1 With lots of New Features"https://www.voiceofgreyhat.com/2011/07/apple-released-safari-51-with-lots-of.html</a>

Apple Closes Security Hole & Released 5.1.4 of Safari Web-browser

Apple Closes Security Hole & Released 5.1.4 of Safari Web-browser 

Apple closes major security hole and released 5.1.4 of its Safari web browser for Windows and Mac OS X. According to Apple, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs. With this release the company also promises an 11 percent boost in JavaScript performance, among other things. A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution. 

Important Changes:-

• Improve JavaScript performance up to 11% over Safari 5.1.3* 
• Improve responsiveness when typing into the search field after changing network configurations, or with an intermittent network connection 
• Address an issue that could cause webpages to flash white when switching between Safari windows
• Address issues that prevented printing U.S. Postal Service shipping labels and embedded PDFs 
• Preserve links in PDFs saved from webpages 
• Fix an issue that could make Flash content appear incomplete after using gesture zooming
• Fix an issue that could cause the screen to dim while watching HTML5 video 
• Improve stability, compatibility, and startup time when using extensions 
• Allow cookies set during regular browsing to be available after using Private Browsing
• Fix an issue that could cause some data to be left behind after pressing the “Remove All Website Data” button

For additional information you can prefer to visit Apple official site. TO Download Safari 5.1.4 Click Here. We also like to give you reminder that last moth Apple released the Mac OS X 10.8 Mountain Lion Developer Preview

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Closes Security Hole & Released 5.1.4 of Safari Web-browser"https://www.voiceofgreyhat.com/2012/03/apple-closes-security-hole-released-514.html</a>

Flashback Trojan Targeting Mac OS X in VMware Fusion

Underscoring the growing sophistication of Mac-based malware, a trojan preying on OS X users has adopted several stealth techniques since it was discovered last month.
Updates to the Flashback trojan, which gets installed by disguising itself as an Adobe Flash update, now prevent the malware from running on Macs that use VMware Fusion. Such virtual machine software is routinely used by security researchers to test the behavior of a malware sample because it's easier to delete a virtual instance when they're finished than it is to wipe the hard drive clean and reinstall the operating system.

According to MAC Security Blog:-

The latest version, Flashback.D, has gotten a bit sneakier. First, it checks to see if the user is running Mac OS X in VMware Fusion. If so, it does not execute. It does this because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier to delete them and start over with clean copies. This means that security researchers analyzing and looking for this malware need to be running regular Macs.
Next, the installer for the malware downloads the payload when running the postinstall script.

Finally, it no longer installs the easy-to-spot ~/Library/Preferences/Preferences.dylib. Instead, it installs the backdoor inside Safari, and does so in two ways. It adds information to Safari’s info.plist file, with the location of the backdoor, and it adds the actual backdoor module at /Applications/Safari.app/Contents/Resources/UnHackMeBuild.

Even if a user removes the above file (UnHackMeBuild), they need to edit Safari’s info.plist file; if not, Safari will look for the backdoor on launch, and, if it is not found, Safari will quit.

-News Source (Intego Blog, The Register)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Flashback Trojan Targeting Mac OS X in VMware Fusion"https://www.voiceofgreyhat.com/2011/10/flashback-trojan-targeting-mac-os-x-in.html</a>

Safari Bug, Another MAC Rumor

Another great scoop from Mac Rumors: All the recent attention iOS 5 has distracted people from the new beta of OS X Lion. Looks like Apple snuck a new feature, "Restart to Safari," into the newest beta, which gives Lion a browser user interface. Gee, kinda like Chrome OS. Perhaps it's no coincidence that both browsers are based on Web Kit.
Nearby is a tough-to-read screen shot from Mac Rumors of what looks like the Guest Login screen for that mode. The mode allows you to boot Lion into Safari and just Safari. Superficially it resembles Chrome OS on a Chromebook, but there's no indication that Apple intends to sell computers that boot only into the browser, as Google is doing.

The point, as MacRumors says, seems to be a restricted web kiosk mode. Unauthorized users can have web surfing access without access to the file system or other programs. Lion also has an auto-save and application restore feature so that returning users will find themselves back at the same place they were before the restart.
Is this a good use of a Mac? It certainly makes no sense to buy a Mac purely for Safari web surfing. You'd do better to get a Chromebook or Netbook or cheap PC and lock it into your choice of browser.
So "Restart to Safari" seems to make sense only for occasional use on a Mac where you want to allow someone only web surfing. <yawn!>

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Safari Bug, Another MAC Rumor"https://www.voiceofgreyhat.com/2011/06/safari-bug-another-mac-rumor.html</a>

Critical Zero-Day Vulnerability In Windows 7 (Exploitable Via Apple's Safari Browser)

Highly critical Zero-day vulnerability found in Windows 7. This security flaws can be exploited via Apple Safari browser.  This was first made public via a twitter user named w3bd3vil 

"<iframe height='18082563'></iframe> causes a BSoD [blue screen of death] on win 7 x64 via Safari. Lol!"

It is reported that vulnerability affects fully patched Windows 7 Professional 64-bit and cautioned that other versions may be affected. The remotely exploitable vulnerability, caused by an error in win32k.sys, enables a hacker to run arbitrary code -- such as malware -- on a victim's machine when he or she visits a specially crafted Web page using Safari. Specifically, the Web page would simply need to contain an iFrame -- an HTML element that is typically used to pull content from other sources onto a Web page -- with an overly large "height" attribute.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Critical Zero-Day Vulnerability In Windows 7 (Exploitable Via Apple's Safari Browser)"https://www.voiceofgreyhat.com/2011/12/critical-zero-day-vulnerability-in.html</a>

NSS Said : IE9 Blocks Virtually all Socially Engineered Malware, Rather Than Other Browsers

A study prepared by NSS Labs concludes that Microsoft's Internet Explorer 9 blocks virtually all socially engineered malware, far more than rival browsers.
The study was designed to examine one aspect of security: how a browser handled a malicious URL, such as one received in a posting on a social network or an email. The NSS goal was to find the browser which identified, warned, and/or blocked malicious URLs from being viewed by the user.
As it did in 2010, Microsoft's IE9 with Smart Screen URL detection and Application Reputation topped the field, blocking 99.2 percent of all malicious emails. Google's Chrome 12 finished far behind, blocking 13.2 percent of all malicious URLs. Apple's Safari 5 and Mozilla Firefox 4 tied at 7.4 percent, with Opera 11 finishing dead last at 6.1 percent.

 

The NSS Labs study showed that, globally, all of the browsers tested showed improvement over an NSS study performed last year, with two exceptions: Safari and Mozilla's Firefox. A year ago, Microsoft IE9 blocked 99 percent of the malicious URLs, followed by Chrome 6 (3%), Safari 5 (11%), Firefox 3.6.15 (19%), and Opera 10 (0%).
NSS attributed Microsoft's success to its Application Reputation technology, which has attempted to categorize applications across the Internet.
"The significance of Microsoft's new application reputation technology cannot be overstated," the NSS report found. "Application reputation is the first attempt by any vendor to create a definitive list of every application on the Internet. This new capability helps users discern malware, and potentially unsafe software from actual good software. The list is dynamically created and maintained, much the same way Google, (or Bing) is continuously building and maintaining a library of content for search purposes."
The NSS tests sliced the potential for malware along one specific axis, socially engineered malware, a distinction Google objected to during the 2010 tests. ""Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities," a spokeswoman said then.
NSS also found that the combination of SmartScreen and Application Reputation means that IE9 blocked new malware in just over half and hour, while Safari 5 and Firefox 4 required 4.91 and 6.07 hours, on average, to detect a new malicious URL. Chrome 12 and Opera 11, by contrast, required 17.7 and 18.4 hours, respectively. Over time, as the malicious URLs changed in response to detection, the browsers maintained their level of protection fairly consistently, NSS found.
"Not only has the effectiveness of the technology improved, but so has the speed at which it is able to identify socially engineered malware," Roger Capriotta, director of Internet Explorer product marketing, wrote in a blog post Monday. "For our Windows customers, this means fewer infections and headaches for you."
In its report, NSS said its findings were independent, and that it had not received funding from any vendor. 

-News Source (PC Mag)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NSS Said : IE9 Blocks Virtually all Socially Engineered Malware, Rather Than Other Browsers"https://www.voiceofgreyhat.com/2011/08/nss-said-ie9-blocks-virtually-all.html</a>

Mac OS X 10.7.2 & Safari 5.1.1 Released (Multiple Security Vulnerability Has Been Fixed)

Apple has released Mac OS X 10.7.2 and, for Mac OS X 10.6.8 Snow Leopard users who have yet to upgrade to Lion, Security Update 2011-006; these updates address a number of security vulnerabilities in the company's desktop and server operating systems. According to Apple, more than 70 holes have been closed by the updates, many of which could be exploited by an attacker to remotely execute code with elevated privileges, gain access to private information, or cause a denial-of-service (DoS).
Mac OS X 10.7.2 and Security Update 2011-006 fix issues in the QuickTime media player, iChat Server, CoreFoundation, CoreMedia, CoreProcesses, CoreStorage, and the kernel, as well as IOGraphics, MediaKit and Open Directory. Other problems addressed by the update include security vulnerabilities in Apache, the Application Firewall, the BIND DNS server, PHP, Python, the SMB File Server, Tomcat and X11. Various root certificates were also added or updated.

Apple also released an update for its Safari web browser for Windows and Mac OS X. Version 5.1.1 of Safari corrects a total of 43 security vulnerabilities, most of which are memory corruption issues in the WebKit browser engine that could be exploited to execute arbitrary code. Directory traversal, policy, and uninitialised memory access issues have also been fixed.

To Download Safari 5.1.1 Click Here

To Download Mac OS X Lion 10.7.2

• Server Standard Update

• Server Combo Update

• Client Standard

• Client Combo Update

To Download Security Update 2011-006

• Client 

• Server

-News Source (Apple & The H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Mac OS X 10.7.2 & Safari 5.1.1 Released (Multiple Security Vulnerability Has Been Fixed)"https://www.voiceofgreyhat.com/2011/10/mac-os-x-1072-safari-511-released.html</a>

New Browser-based iOS 'jailbreak' (Based on PDF exploit)

Hackers have once again released a "jailbreak" for iOS devices that can be completed through the Mobile Safari Web browser, taking advantage of an exploit found in the operating system's PDF reader.
The hack can be accomplished by visiting the website jailbreakme.com on an iPhone, iPad or iPod touch. It is compatible with all of Apple's current iOS-powered mobile devices, including the iPad 2 and iPhone 4. The hack was developed by "comex," Grant "chpwn" Paul and Jay "saurik" Freeman, and is compatible with iOS 4.3 through 4.3.3 on all iPads, the iPhone 3GS, GSM iPhone 4, and third- and fourth-generation iPod touch. It also works with iOS 4.2.6 through 4.2.8 for the CDMA iPhone 4.
The official site tells visitors they can jailbreak their iOS device to experience the software "fully customizable, themeable, and with every tweak you could possibly imagine." Jailbreaking is the term used to describe hacking iOS to allow users to install custom software and tweaks not approved by Apple.
The site also refers to jailbreaking as "safe and completely reversible," as users can restore their iPhone or iPad to the original, unaltered iOS software by restoring with iTunes. But jailbreaking is also a warranty-voiding process that Apple has warned users carries security risks. In 2009, a worm spread only on jailbroken iPhones that had enabled SSH for file transfer and did not change the default password.

Last July, the U.S. government affirmed that the process of jailbreaking is considered legal, though Apple is under no obligation to support users who have issues with hacked software.
The new "jailbreakme" site also asks users: "Please don't use this for piracy." While software can be legally downloaded or even sold through the jailbreak-only "Cydia" store, jailbreaking can also be used to pirate software that is sold on Apple's App Store.

This week's new jailbreak method is the second time hackers have exploited a PDF-related security hole in the Mobile Safari browser. The previous hack, issued last August, relied on a corrupt font to crash Safari's Compact Font Format handler.
Ironically, hackers who exploited the PDF security hole in iOS last year also delivered their own security fix to address the very same issue on jailbroken devices. The patch aimed to ensure that dishonest hackers would not be able to utilize the exploit for malicious purposes.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">New Browser-based iOS 'jailbreak' (Based on PDF exploit)"https://www.voiceofgreyhat.com/2011/07/new-browser-based-ios-jailbreak-based.html</a>

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:

Facebook 

• Single sign on for Facebook

• Adds Facebook as an option when sharing links and photos

• See Facebook friends' contact information and profile pictures in Contacts

• Facebook notifications now appear in Notification Center

Game Center

• Share scores to Facebook, Twitter, Mail, or Messages

• Facebook friends are included in Game Center friend recommendations

• Added Facebook "Like" button for games

• Challenge friends to beat your score or achievement

Other new features

• Adds Power Nap support for MacBook Air (Late 2010)

• iMessages sent to your phone number now appear in Messages on your Mac

• You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac

• FaceTime can now receive calls sent to your phone number

• New shared Reminders lists

• New sort options allow you to sort notes by title, the date you edited them, and when you created them

• Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian

• Dictionary app now includes a French definition dictionary

Sina Weibo profile photos can now be added to Contacts

* Requires iOS 6

General fixes

The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:

• Adds an option to discard the changes in the original document when choosing Save As 

• Unsent drafts are now opened automatically when launching Mail

• Receive Twitter notifications for mentions and replies from anyone

• URLs are shortened when sending tweets from Notification Center

• Notifications are disabled when AirPlay Mirroring is being used

• Adds SSL support for Google searches from the Smart Search Field in Safari

• Adds a new preference to have Safari launch with previously open webpages

• Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked

• Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses

• Resolves a video issue with some VGA projectors when connected to certain Mac notebooks

• Addresses an issue that may prevent Active Directory accounts from being locked out

• Resolves an issue that may cause the policy banner to re-appear prior to logging in

• Improvements to SMB

• Addresses an issue with NIS users when auto-login is enabled

• Addresses an issue in which the Keychain may not be accessible

• Ability to pre-authenticate a FileVault protected system

• Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 

Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-

OS X Mountain Lion Update v10.8.2 

 OS X Mountain Lion Update v10.8.2 (Combo) 

-Source (Apple & MacRumors)                             

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center"https://www.voiceofgreyhat.com/2012/09/Apple-Releases-iOS-6-and-Mountain-Lion-10.8.2.html</a>

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 

A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.

The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  

The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched"https://www.voiceofgreyhat.com/2012/11/iOS6.0.1-Kernel-PasscodeLock-WebKit-Flaws-Patched.html</a>

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED

The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

1. James Forshaw: Java = $20K
2. Joshua Drake: Java = $20k
3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
4. Nils & Jon: Chrome = $100k
5. George Hotz: Adobe Reader = $70k
6. Ben Murphy: Java = $20k

As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 

-Source (HP, Naked Security) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned"https://www.voiceofgreyhat.com/2013/03/Pwn2Own-2013-Result.html</a>

MAC Defender Rogue Anti-Virus Analysis and Removal

SecureMac reports that a new privacy and security threat is targeting computers running Apple's Mac OS X disguised as an anti-virus program called MAC Defender. The rouge anti-virus program will "detect" nonexistent threats as being present on the user's system in an effort to persuade them to hand over their credit card information and purchase a "subscription" to the program. If that doesn't do enough to convince the user to buy the fake anti-virus program, it will start popping up pornographic websites to create an actual problem on the system
The malware, first reported on various discussion boards last week, initially appears in the web browser as a fake anti-virus scan (with graphics from Microsoft Windows) when the user clicks a web link. At the time of our initial analysis, the fake scan sites were appearing after the user clicked an infected link in Google image searches. Initial user reports indicate that a wide variety of keywords will show search results containing infected links. If the user clicks on various links or buttons on the fake scan webpage rather than closing it immediately, the actual malware will be downloaded to the user's system. The fake scan site checks the web browser settings to determine if the user is running Mac OS X or Microsoft Windows, and then downloads the appropriate installer for the user's operating system.
If the user has their web browser to automatically open 'safe' files such as zip archives, the installer for the malware will appear without further user interaction. Once the user runs the installer (and enters their admin password when prompted), the malware is installed to the Applications folder, sets itself as a login item, and starts to run. The malware appears as a menu bar item in OS X, but without a Dock icon or any way to exit the program. The program immediately starts to "scan" the infected system, alerts the user they are infected with various malware, and prompts them to purchase the program in order to remove the threats. If the user decides not to purchase a subscription, the malware will start displaying pornographic websites at random on the infected system.
MAC Defender uses Javascript to display the fake scan webpage and download the installer file, unlike the Boonana malware detected by SecureMac in October 2010, which uses Java as the technology behind infections. While disabling Java in the web browser was an easy solution to avoid Boonana infections, Javascript is used on a large number of websites, and disabling Javascript will result in a significantly degraded web browsing experience. Instead, SecureMac offers the following simple tips to avoid infection by MAC Defender:
Safe Browsing Tips
1. Watch where you surf. By sticking with safe, well-known websites, you will be less likely to visit a site that will attempt to infect you with this malware. When clicking on results from a search engine, be extra vigilant for websites that seem fishy.
2. Watch what you download. Download files only from trusted sources and safe sites. If a file automatically downloads or an installer randomly appears, be sure to determine if it is legitimate instead of blindly installing it. If you are unsure, err on the side of caution and don't install the program without further research.
3. Use the security features in OS X. Disable web browsers from automatically opening "safe" files. In Safari, you can disable this feature by clicking the "Safari" menu, then clicking "Preferences," then uncheck the "Open "safe" files after downloading" checkbox. Turn on the built-in Firewall, and consider legitimate security software, especially when a computer is shared by multiple users.
If you find yourself infected with this new malware, there are a number of alternatives for removal:
Removal Instructions
MacScan users can identify the new malware by running a spyware scan with the latest spyware definitions update, which was release May 2nd, 2011. A 30-day demo of MacScan can be downloaded from SecureMac at macscan.securemac.com. To update spyware definitions from within the program, click the "MacScan" menu and then click "Check for updates." Once the malware has been detected and isolated, users should drag the "MacScan Isolated Spyware" folder from their Desktop to the Trash in order to remove MAC Defender from their system.
For manual removal users should follow either of these two methods:
Method One
1. Open Activity Monitor from the Utilities folder. Make sure the drop-down menu is set to "all processes."
2. Use the search field in Activity Monitor to search for MacDefender.
3. Click on the MacDefender process. Click the "Quit Process" button. Click "Force Quit."
4. Drag the MacDefender program (installed in the Applications folder by default) to the Trash. Empty the Trash.
5. Remove MacDefender from the Login Items for your Account in the OS X System Preferences (if it exists).
Method Two (Advanced)
1. Open the Terminal application from the Utilities folder.
2. Type the following command in the terminal (without quotes) and hit the return key: 'ps -ax | grep -i MacDefender'
3. Note the process ID associated with the MacDefender program (the first digits listed in the result).
4. Type the following command in the terminal (without quotes, and substituting the process ID noted above for XXXX) and hit the return key: 'kill XXXX'
At this time the MAC Defender program will no longer be running. Continue with steps 4 and 5 from Method One for removal.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">MAC Defender Rogue Anti-Virus Analysis and Removal"https://www.voiceofgreyhat.com/2011/05/mac-defender-rogue-anti-virus-analysis.html</a>

Malware targeting OS X users

If you ever see a message or window in Safari or your e-mail client about your system's security being compromised, ignore it! Malware developers and scammers are increasingly focusing on OS X and working to trick Mac users with highly developed Trojan horse attempts, using both software and ominous-looking messages generated in Web browsers and e-mail clients. Recently some rather sophisticated Trojan horse scam software called Mac Defender was discovered for OS X, and a similar attempt has surfaced with a Web-based malware-detection facade that tries to get you to download and install malware on your system.

If you ever see a message or window in Safari or your e-mail client about your system's security being compromised, ignore it! Malware developers and scammers are increasingly focusing on OS X and working to trick Mac users with highly developed Trojan horse attempts, using both software and ominous-looking messages generated in Web browsers and e-mail clients. Recently some rather sophisticated Trojan horse scam software called Mac Defender was discovered for OS X, and a similar attempt has surfaced with a Web-based malware-detection facade that tries to get you to download and install malware on your system.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Malware targeting OS X users"https://www.voiceofgreyhat.com/2011/05/malware-targeting-os-x-users.html</a>

Apple Fixes OSX Revir-B Trojan Vulnerability

Apple has updated the bare-bones antivirus protection included with Mac OS X to detect a Trojan horse that poses as a PDF document. That Trojan, named "Revir.A" by Finnish security company F-Secure but "Revir.B" by others, masquerades as a PDF file . Unwary users who download and open the fake PDF actually start a malware chain reaction that infects a Mac with multiple pieces of attack code, including a "backdoor" designed to listen to a hacker-controlled server for further instructions. 

Apple added a signature for Revir on Friday to the detection engine called XProtect included with Mac OS X 10.6, aka Snow Leopard, and Mac OS X 10.7, better known as Lion. Since May, when Apple fought a weeks-long battle with makers of phony Mac security software -- usually called "scareware" or "rogueware" -- XProtect checks daily for new signature updates.
The new signature will detect Revir if a user downloads the fake PDF document using Safari, iChat or Mail -- Mac OS X's native email client -- and then displays a warning urging the user to toss the file into the Trash. On Monday, however, Mac-centric security company Intego said it had spotted a new piece of Mac malware disguised as an Adobe Flash installer.
Tagged "Flashback" by Intego, the Trojan installs itself when the fake Flash file is run, then deactivates the Mac outbound firewall Little Snitch , likely as an attempt to hide communication between the malware and its remote command-and-control server.
Flashback uses the same phony Flash distribution tactic as a Trojan horse named "QHost.WB" found by F-Secure in early August. Apple updated XProtect to detect QHost on Aug. Intego speculated that hackers may think the Flash installer trick will be effective because Lion, unlike earlier Mac OS X editions, does not come with the Adobe software pre-installed.
The French antivirus firm recommended that users download Flash Player only from Adobe's website, and if they're using Safari, to uncheck the box marked "Open 'safe' files after downloading" under the General tab to prevent fake installers like Flashback from running automatically. 

-News Source (Network World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple Fixes OSX Revir-B Trojan Vulnerability"https://www.voiceofgreyhat.com/2011/09/apple-fixes-osx-revir-b-trojan.html</a>

Vulnerability in Apple MacBooks Which Could ruin Batteries

One prominent security researcher has discovered a vulnerability in the batteries of Apple's MacBook line of portable computers that could allow hackers to ruin the batteries or install malware on them that could corrupt a Mac.
Charlie Miller, a renowned white-hat hacker who works for security firm Accuvant, plans to reveal and offer a fix next month for a MacBook battery vulnerability he has discovered, Forbes reports. Miller uncovered default passwords, which are used to access the microcontroller in Apple's batteries, within a firmware update from 2009 and used them to gain access to the firmware.

Apple and other laptop makers use embedded chips in their lithium ion laptop batteries to monitor its power level, stop and start charging and regulate heat.
During the course of his tests, the researcher "bricked" seven batteries, rendering them unusable by rewriting the firmware. Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.

“These batteries just aren’t designed with the idea that people will mess with them,” he said. “What I’m showing is that it’s possible to use them to do something really bad.” According to him, IT few administrators would think to check the battery, providing hackers with an opportunity to hide malicious software on a battery that could repeatedly implant itself on a computer.

Miller admitted that he hasn't tried to blow up any batteries, but he did say it might be possible. "You read stories about batteries in electronic devices that blow up without any interference,” he noted. “If you have all this control, you can probably do it.”
another researcher, Barnaby Jack, who works for antivirus software maker McAfee, also looked into the battery issue a couple years ago, but said he didn't get as far as Miller did.

Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue. Despite requests from several other researchers not to proceed, he plans to unveil the vulnerability, along with a fix he calls "Caulkgun," at the Black Hat security conference next month.
"Caulk Gun" will change a battery's default passwords to a random string of characters. While the fix will prevent hackers from breaking into the battery, it would also block any future firmware updates from Apple.

In spite of the battery vulnerability that he uncovered, Miller believes Mac OS X security is better than ever before. According to him, Apple engineers made few security-related changes in the jump from Leopard to Snow Leopard, but they made substantial improvements in Mac OS X 10.7 Lion, which was released on Wednesday.
"Now, they've made significant changes and it's going to be harder to exploit,” he said, as noted by The Register.
“It's a significant improvement, and the best way that I've described the level of security in Lion is that it's Windows 7, plus, plus,” said noted security consultant Dino Dai Zovi.
Apple offered security researchers, including Miller and Dai Zovi, an unprecedented early look at Lion in order to get their feedback.
According to researchers, Lion's biggest security improvement is Lion's support for Address Space Layout Randomization. ASLR randomizes the location of critical system components to reduce the risk of attack. Apple also added sandboxing security measures in Safari that will isolate potential bugs or malware. Finally, the newly revamped File Vault now allows an entire drive to be encrypted.

-News Source (Appleinsider)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Vulnerability in Apple MacBooks Which Could ruin Batteries"https://www.voiceofgreyhat.com/2011/07/vulnerability-in-apple-macbooks-which.html</a>

Another OS X Malware App Pops Up, But Danger is Still Limited

Cyber criminal community's interest in attacking Apple users is growing, but still lacks discipline
According to a handful of dedicated hackers of Apple, Inc.'s (AAPL) computer operating system, OS X, the OS is actually less secure than Microsoft Corp.'s (MSFT) Windows.  But thanks to the OS's small market share (traditionally 5 percent or less) most cybercriminals haven't felt it worthwhile to target the platform.  Also, some hackers have misgivings about attacking Unix-like operating systems (e.g. Linux, OS X).


Still, Apple's growing market share and boastful claims of security have lead to an increased interest in attacks and some OS X malware has been popping up of late.

The latest malware to target OS X is dubbed "MACDefender".  Attack pages for the new malware exploit the way Apple's default Safari browser handles Javascript, running a script that auto-initiates the download of a script file.  If the user has opted to open "safe" files, the archive will then auto-open and initiate an install dialogue.

The risk is minimal as users must approve of this dialogue and enter an administrative password to complete the installation.  Still it may be a bit more widespread as the attack pages have boosted themselves to near the top of many search results, thanks to search engine optimization (SEO) poisoning.

It is unclear what the software does when active, though it appears to be logging user activities.  Users who accidentally installed the software can still delete it by killing its process and dragging it from the Applications folder to the Trash bin.

Members of the Apple Support community first noted the malware last Saturday.

On Monday, security firm Intego released an advisory, calling the risk of the malware "low".  Intego writes:

When a user clicks a link after performing a search on a search engine such as Google, this takes them to a web site whose page contains JavaScript that automatically downloads a file," Intego said. "In this case, the file downloaded is a compressed ZIP archive, which, if a specific option in a web browser is checked (Open 'safe' files after downloading in Safari, for example), will open.

The malware unfortunately shares its name with a legitimate OS X software firm.  MacDefender is a small software firm that makes geocaching software, including GCStatistic and DTmatrix.  The company has released a statement emphatically saying that it is not affiliated with the rogue software.

The company writes:

IMPORTANT NOTE: As it seams (sic) someone wrote a virus/malware application named mac defender (MacDefender.app) for OS X. If you see an application named like this DO NOT DOWNLOAD/INSTALL it. I would never release an application named like this.

In recent months botnet-forming worms and trojans have targeted OS X.  Most of these pieces of malware have been amateurish efforts, though, or works in progress.  Nonetheless it remains a very real possibility that Apple could one day see a serious attack.

For its part Apple has suggested users get an antivirus program, though it still claims in advertisements that its platform does not suffer from malware like Windows.  Apple has refused to provide customers with free antimalware software like Microsoft does, so security firm Sophos Plc. has picked up the ball offering free basic protection to Mac users.  Some other smaller firms also offer free Mac antimalware suite

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Another OS X Malware App Pops Up, But Danger is Still Limited"https://www.voiceofgreyhat.com/2011/05/another-os-x-malware-app-pops-up-but.html</a>

Apple releases iOS 5 beta 3

 

Apple on Monday released a new build of its iOS 5 beta software to developers. The new build — iOS 5 beta 3 — is available for all applicable iOS devices including the iPhone 4, iPhone 3GS, iPad 2, iPad, Apple TV, and third and fourth-generation iPod touch devices. Apple also released the third beta of iTunes 10.5 alongside the new iOS release of course, and it will be necessary for developers to install iTunes 10.5 beta 3 in order to load the new iOS beta on their devices. Hit the break for the full change log included with this release.

Notes and Known Issues

The following issues relate to using the 5.0 SDK to develop code.

Accounts

• When creating an iCloud account you can use any Apple ID provided it is a full email address and not a MobileMe account. If you have a MobileMe account, you can copy data from that account to an iCloud account to use during testing. You can find more information on iCloud at: http://developer.apple.com/icloud
• When setting up an iCloud or MobileMe account using the setup assistant and leaving Find My iPhone on, it might actually turn Find my iPhone off after the setup. Please verify in Settings/Mail, Contacts, Calendar/YourAccount that Find my iPhone is toggled On after leaving the setup assistant.
• There is a problem finding a device using Find My iPhone on the MobileMe website (www.me.com) when switching from iCloud back to MobileMe. To workaround this issue:
  • On the device go to Settings->Mail, Contacts, Calendar-><your_account>@me.com and Toggle Find My iPhone off and back on. Now the device should show up on MobileMe website.
• It is recommended that you disable Bookmarks on multiple accounts. If they are enabled, the results might be undefined.
• NEW: In this beta the option of “Choosing a security question” is not working during an iCloud account setup.

Air Play

• Starting in iOS 5, video content in applications and websites are AirPlay-enabled by default.
• iOS 5 supports AirPlay of video via AV Foundation.
• FIXED: The Apple TV screen saver may degrade mirroring performance over AirPlay. The screen saver can be disabled in Apple TV settings.

Apple TV

• Apple TV Software beta enables users to mirror the contents of an iPad 2 to an Apple TV (2nd generation) using AirPlay. This beta software also enables Photo Stream on Apple TV so users can access photos stored in iCloud. Apple TV Software beta is being provided to test the latest AirPlay functionality with your iOS 5 apps and web sites. If you wish to install Apple TV Software beta on your device, you must first register your device UDID in the iOS Developer Program Portal.

Audio

• Using voice chat in iOS 5 requires setting the kAudioSessionMode_VoiceChat mode on the Audio Session, or setting the AVAudioSessionModeVoiceChat mode on the AVAudioSession object.

CalDav

• FIXED: After creating a recurring event locally on the device, the device stops syncing after hitting an error on merge. Removing and re-adding the account acts as a workaround for this.

Calendar

• All MobileMe calendars were duplicated after turning calendar syncing off and back on.
• If you launch or manually refresh Calendars on an iPad, your calendars might disappear and you will have to tap “Show All Calendars” to display them again.
• NEW: Restoring from a Seed 1 backup or earlier will cause MobileMe/iCloud calendars not to sync. Subscribed calendars will show up in Calendars but none of your event calendars will appear in MobileCal. To workaround the problem please remove and re-add the account.

Game Kit

• Match data for turn based matches is currently limited to 4 KB of data.

Game Center

• If you have an existing Game Center account which has not yet gone through the first-time Game Center flow in iOS 5, you will encounter a crash when signing into a game’s login alert directly. The workaround for this is to launch Game Center to complete the first-time flow.

i-Books

• iBooks 1.2.2 may fail to display some text or images in books. Please update to iBooks 1.3 in the App Store.

i-Cloud Backup

• As this is beta software, it is recommended that you do not use the iCloud services to store any critical data or information. If you enable iCloud Backup, automatic backup with iTunes when syncing will be disabled. We suggest you also manually back up your device with iTunes.
• In the iOS 5 beta, support for data protection in iCloud Backup is unavailable. Apps that have protected files will not have any of their data or metadata backed up as a result.
• After restoring, you may not be able to back up again because the device still thinks it’s restoring. To workaround this issue try syncing apps or media that are missing form iTunes or try deleting your iCloud account and adding it back.
• If you delete your backup, the feature will be disabled but settings may still indicate that it is enabled and you will have to toggle the BackUp to Cloud switch in Settings.
• For compatibility reasons, this version of the iOS 5 beta requires that all files be backed up again, instead of only those files that have changed since your last backup. This may cause a warning that your account is over quota. In case the warning occurs, you can delete your oldest backup to free up space and then initiate a backup.

i-Cloud Storage

• During the iOS 5 beta period, any documents stored on the servers might be purged periodically before GM. Therefore, it is highly recommended that you do not store any critical documents or information on the servers.
• If your application is using the NSMetadataQuery class, you must set a predicate, even though the predicate itself is ignored.
• The Foundation framework doesn’t include the team ID when looking for an app’s mobile documents container. The Team ID must be included at the beginning of the identifier string passed to theURLForUbiquityContainerIdentifier: method.
• In this beta, the setSortDescriptors: method of NSMetadataQuery is not supported.
• In this beta, if you want to use iCloud, you have to manually specify various container identifiers (your application’s Display set) within an Entitlements file for both of your Mac OS X and iOS projects.
• There are issues using the Cloud Storage document API in conjunction with protected data which can lead to data corruption.
• In this beta, document-based applications cannot always detect when files change, move, or are deleted out from underneath them.
• NEW: In this beta, file presenters (objects that adopt the NSFilePresenter protocol) do not receive some of the messages that they’re supposed to receive, especially:
  • presentedItemDidChange
  • presentedSubitemDidAppearAtURL:
  • presentedSubitemDidChangeAtURL:
  You can workaround this by implementing the relinquishPresentedItemToWriter: method and checking to see if the writer actually wrote when your file presenter reacquires. You can also use FSEvents to observe file system changes
• In this beta, messages about changes to files in a directory are not getting delivered to objects that adopt the NSFilePresenter protocol.
• While reporting a bug related to the iCloud storage interfaces, please include the logs collected during your debugging session. To generate these logs, you must install a special debug profile on your device.The debug profile can be obtained from http://connect.apple.com. This profile enables the generation of debug logs that are needed to diagnose any problems using iCloud storage. The instructions to collect the logs are:
  1. Install the profile. (The easiest way to do this is to mail it to yourself and open the attachment on their device.)
  2. Reproduce the bug.
  3. Sync with iTunes to pull the logs off your device.
  4. Attach the logs to your bug report. You can find the logs in ~/Library/Logs/CrashReporter/MobileDevice/DeviceName/DiagnosticLogs.
  These logs can grow large very quickly, so you should remove the profile after you have reproduced the problem and pulled the logs for the bug report.

i-Message

• NEW: i-Message beta 3 will be unable to communicate with iMessage users on beta 1. It works between beta 3 and beta 2.
• NEW: Modal alerts don’t appear for iMessages.

iTunes

• The version of iTunes that comes with beta 3 cannot sync devices that have the beta 2 software installed. To avoid this problem, do the following:
  1. Sync any devices that have beta 2 installed to the version of iTunes that came with beta 2.
  2. Upgrade iTunes to the version that comes with beta 3.
  3. Connect the device and install the beta 3 software. (Understand that you might see a failure to sync error when you first connect the device.)
  4. After installing the beta 3 software, restore from your the backup you made in step 1.
• Videos purchased from the iTunes Store do not play on a 2nd generation AppleTV over AirPlay with iTunes 10.5.

MMS

• Sending an MMS of large videos does not work.

Photo Adjustments

• If you apply red-eye adjustments in iOS, and import your image into the iPhoto seed build, the red-eye adjustments will not appear on that image in iPhoto. As a result, subsequent syncing of your image back to the iOS device from iPhoto will not show the red-eye adjustments.

Reminders

FIXED: The Reminders application does not send notifications for reminders that are based upon the entry (and/or exit) of a location if there is no date associated with the reminder.

Settings

• The “Back Up Now” button is enabled without the backup data class being enabled for the account.
• FIXED: If you bring up the keyboard of the terms in Settings->General->Software Update, you cannot dismiss it. You have to force quit Settings to get out.
• NEW: In this beta FaceTime icon is missing in Settings on the iPhones.

Simulator

• NEW: Location services are not functional in iOS 4.3 simulator running on Mac OS 10.7 with Xcode 4.2.

Springboard

• Push and local notifications for apps appear in the new Notification Center in iOS 5. Notification Center displays notifications that are considered “unread”. In order to accommodate push and local notifications that have no “unread” status, developers can use their application badge count to trigger a clearing of notifications from Notification Center. When an application clears its badge count (by setting it to zero), iOS 5 will clear its notifications from Notification Center.

Twitter

• NEW: When tweeting your location from Safari and exiting before the location can be established, the location arrow will stay in the status bar. The arrow can be removed by killing Safari from the task switcher.

UI Automation

• NEW: In iOS 5 beta 3, the first execution of a script after a reboot or erase install will likely fail. Subsequent attempts should succeed until the device is rebooted again.
• The play and record buttons in the Automation instrument script editor may not work properly after targeting an application that was launched by a trace session and has ended. They may also not work if you target an application that was suspended. If you run into this problem and it persists, you may need to close and reopen the trace document to get back into a functional state.
• When capturing actions into a script using the Automation instrument, interfaces with web views or table cells that contain a high number of off screen elements may take an extremely long time before returning with an expression.
• The lock() and unlock() functions of UIATarget have been replaced with the lockForDuration(<seconds>) function.
• Instruments overwrites the loaded automation script, even if another program is editing it.
• Starting iOS 5 beta 2, you can now trigger the execution of an UI Automation script on an iOS device from the host terminal by using the instruments tool. The command is:
  • instruments -w <device id> -t <template> <application>

UIKit

• NEW: Starting in iOS 5 beta 3, the exclusiveTouch property of UIControl has returned to its original default value of NO.
• Returning nil from the tableView:viewForHeaderInSection: method (or its footer equivalent) is no longer sufficient to hide a header. You must override tableView:heightForHeaderInSection: and return0.0 to hide a header.
• In the iOS 5 beta, the UITableView class has two methods to move one cell from one row to another with defined parameters. These APIs are:
  • moveSection:toSection:
  • moveRowAtIndexPath:toIndexPath:
• Using the UIWebView class in Interface Builder, setting transparent background color is possible in iOS 5. Developers compiling against the new SDK can check their XIB for the UIWebView transparent setting.
• In the iOS 5 beta, the UINavigationBar, UIToolbar, and UITabBar implementations have changed so that the drawRect: method is not called on instances of these classes unless it is implemented in a subclass. Apps that have re-implemented drawRect: in a category on any of these classes will find that the drawRect: method isn’t called. UIKit does link-checking to keep the method from being called in apps linked before iOS 5 but does not support this design on iOS 5 or later. Apps can either:
  • Use the customization API for bars that in iOS 5 and later, which is the preferred way.
  • Subclass UINavigationBar (or the other bar classes) and override drawRect: in the subclass.
• The indexPathForRow:inSection:, section, and row methods of NSIndexPath now use NSInteger instead of NSUInteger, so that these types match with methods defined on UITableView.
• There is a known issue with presenting a UIVideoEditorControllerobject where it doesn’t show the selected video, which appears blank instead. In certain cases it may also crash.
• Touch events are not getting forwarded to the view in the cameraOverlayView property of UIImagePickerController.
• The imagePickerController:didFinishPickingMediaWithInfo: method of UIImagePickerController is not returning a URL to the video when recording is complete.
• NEW: When creating a new appointment in calendar app on a device using 24 hr clock, you cannot select an hour value greater than 12. The date-time picker value sets current weekday to be the same as previous day (e.g: a An appointment on Tuesday will be set as Monday).
• FIXED: We have changed the behavior of scrollToRowAtIndexPath:atScrollPosition:animated: such that UITableViewScrollPositionTop and UITableViewScrollPositionBottom now adjust for the top and bottom portions of the contentInset property.

WebKit

• NEW: In iOS 5 beta 2, a new inherited CSS property, -webkit-overflow-scrolling: value, is available. The value touch allows the web developer to opt in to native-style scrolling in an overflow:scrollelement. The default value for this property is auto.
• The WebKit framework has picked up a newer WebKit engine, which closely matches Safari 5.1. Some areas to be aware of with the new WebKit framework on iOS:
  • There is a new HTML5-compliant parser.
  • Text layout width may change slightly because word-rounding behavior now has floating-point-based precision.
  • There is improved validation of the <input type=number> form field, which includes removing leading zeros and number formatting.
  • Touch events are now supported on input fields.
  • window.onerror is now supported.
  • There is a new user agent that does not have locale information in the User Agent string.

WiFi Syncing

• In iOS 5 beta 2, wireless syncing is available for the Mac. It requires iTunes 10.5 beta 2 and OS X 10.6.8 or Lion. You will see an option to enable wireless syncing when you connect your device to iTunes with the USB cable. It is recommended you perform your initial sync with a cable after restoring your device.
  • Wireless syncing is triggered automatically when the device is connected to power and on the same network as the paired computer. Or, you can manually trigger a sync from iTunes or from Settings -> General -> iTunes Sync (same network as paired computer required). Be sure your device is plugged into a power source when performing wireless syncs.
  • If you find issues with apps, media and/or photos synced to your device, you can reset then resync. From Settings -> General -> Reset, choose Erase all Content and Settings. Then reconnect to iTunes and sync again.
• FIXED: In this beta, iTunes may incorrectly report Photos as “Other” in the capacity bar. Photo syncing otherwise works as expected.
• NEW:In some cases, your device may fail to sync contacts, calendars and account settings, or back up to iTunes. If this happens, reboot your device and re-sync.
• NEW:In some cases, syncing photos may result in only thumbnails on your device. If this happens, unsync Photos then re-sync again.

Xcode

• In this beta, device restores using XCode are disabled. Please use iTunes only to back up and restore your device.
• In some cases, Xcode 4.2 Organizer does not display a device that is in restore mode. As a workaround you can use iTunes to restore.
• FIXED: On some desktop machines, Xcode’s memory usage inflates incredibly fast while restoring a device or copying an IPSW. As a workaround use iTunes to restore.
• FIXED: In this beta, crash logs (either unsymbolicated or symbolicated) do not appear in Xcode Organizer. To make them appear in the Xcode Organizer, you will have to rename the device.
• In iOS 5 beta 2, the iOS Simulator is not compatible with previous releases of the iCloud Developer Seed for OS X. It is highly recommended that you update to the latest iCloud Developer Seed to ensure compatibility.

iOS 5.0 SDK supports both iOS 4.3 and iOS 5.0 simulators.
 

-News Source (BGR)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Apple releases iOS 5 beta 3"https://www.voiceofgreyhat.com/2011/07/apple-releases-ios-5-beta-3.html</a>