Showing posts with label Apple. Show all posts
Showing posts with label Apple. Show all posts

Apple Brings iOS 7.0.4 [Includes New Features, FaceTime Bug & App Store Purchase Flaw Fixed]

Posted by Avik Sarkar On 11/17/2013 06:32:00 pm

Apple Brings iOS 7.0.4 & iOS 6.1.5 Includes New FeaturesFaceTime Bug  & App Store Purchase Flaw Fixed


California based tech giant Apple Inc has released a new update on their popular iOS software running on iPhone, iPad, and iPod touch devices. This release of of iOS 7.0.4  includes bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail for some users. iPods that are not able to upgrade to iOS 7 have their own version to upgrade to, iOS 6.1.5. The release of iOS 7.04 marks the third update of the iPhone operating system in the short time since Apple pushed out iOS 7 in September. The new OS represented a major change from the older operating systems, both in the look and feel of the software and in its functionality.  There’s much zooming in and out and all about in iOS 7, as well as a blurry background that has drawn quite a bit of criticism. iOS 7 also was a major security release, fixing issues with the iPhone’s certificate trust policy as well as remote code-execution vulnerabilities in the CoreGraphics and CoreMedia components. 

The new update improves iCloud Keychain, which was introduced in iOS 7.0.3, and the latest version of the desktop software, OS X Mavericks. The cloud-based technology keeps the Safari browser's passwords and credit card data in sync across all your Apple devices. Secondly, in Spotlight, the device's internal search engine, Apple has brought back the ability to search Google and Wikipedia from the results. The two services were removed when iOS 7 was first released in mid-September. 
Also on Thursday, Apple released a corresponding update to its Apple TV, updating the set-top box to version 6.0.2.  Users can update to the latest version by accessing the device's Settings, selecting General, then Software Update. In spite of the relatively small size of the update, it's recommended that users use Wi-Fi when updating. To avoid security vulnerabilities every Apple users are highly recommended to update their software. 



-Source (Apple, ZDNet & Threat Post





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Posted by Avik Sarkar On 3/11/2013 02:55:00 am

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED


The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

  1. James Forshaw: Java = $20K
  2. Joshua Drake: Java = $20k
  3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
  4. Nils & Jon: Chrome = $100k
  5. George Hotz: Adobe Reader = $70k
  6. Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 


 -Source (HP, Naked Security) 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hacked By The Same Group Who Attacked Facebook

Posted by Avik Sarkar On 2/20/2013 06:52:00 pm

Apple Hacked, Macintosh Computers Infected  By The Same Group Who Attacked Facebook 

The month of February is not going good for cyber space, specially for giant organization. Last week the social networking giant Facebook fallen victim of a devastating cyber attack which did effected a number of  systems. Facebook admitted that it faced a "sophisticated attack" on computers where it has been found the attackers used a zero-day Java exploit to initiate the attack, but that no user data was compromised. The same thing happened to micro blogging site Twitter and New York Times. And now it was the turn for Apple. The California based multinational company acknowledged that recently their systems has been attacked by hackers who infected Macintosh computers of some employees. Like Facebook here also no data has been effected, "there was no evidence that any data left Apple." -said Apple. 
According to an exclusive report of Reuters -some unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers. The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. The malware was also employed in attacks against Mac computers used by "other companies," Apple said, without elaborating on the scale of the assault. Experts are presuming that all these cyber attacks of February, that is Twitter, New York Times, Facebook & Lastly Apple Inc was originated from China, and executed by the same hacker group. On the other side few experts are also saying that the group responsible for the hack, has been identified as "Unit 61398" of the People's Liberation Army. But so far there is no proof. 
Apple also revealed that it plans to release a software tool later Tuesday that will protect customers against the same type of software that was used against its employees. 

Apple also provided a statement as follows:-
"Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found..."




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Hired Kristen Paget, Renowned Hacker & Former Security Expert of Microsoft

Posted by Avik Sarkar On 12/11/2012 05:53:00 pm

Apple Hired Kristen PagetRenowned Hacker & Former Security Expert of Microsoft 

 To become  the very best along with that to maintain and hold your position, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. For that we have to gather the very best guy with as. The above fact took place again, when Apple hired a renowned computer security researcher who helped Microsoft to rid Windows Vista from glaring exploits. I think, you already started guessing, let me tell you that yes you are absolutely right. Kristen Paget formerly known as Chris Paget who was part of an elite team of security experts of Microsoft has now been hired by Apple to lend her expertise to securing the company's operating systems. Apple, slowly, has been trying to make inroads into the security community. This summer, an Apple engineer spoke at the Black Hat security conference for the first time. So it is a bit predictable that why Apple is looking for security experts. Paget's exact charge at Apple is still somewhat of a mystery, with company representatives declining to comment on the specifics of what she'll be working on. After leaving Microsoft and prior to her move to 1 Infinite Loop, Paget was employed by security firm Recursion Ventures. According to sources, this past July, she'd departed stating that she wished to focus on developing security-related hardware.  
According to a report by Wired - Paget’s work at Microsoft had been similarly secretive. She’d been forbidden from speaking about it for five years after her work there ended.
But in 2011, the NDA expired, and she spilled the beans on her Vista hacking at the Black Hat Las Vegas conference. In short: Microsoft’s security team had expected Vista to be pretty clean when Paget got her hands on it, but they were wrong.
“We prevented a lot of bugs from shipping on Vista,” Paget said, according to a recording of her talk. “I’m proud of the number of bugs we found and helped get fixed.” Paget and company’s bug-hunt was so successful, in fact, that it forced Microsoft to push back Vista’s ship date. When the work was done, the hackers received special T-shirts, signed by Microsoft Vice President of Windows Development Brian Valentine. They read: “I delayed Windows Vista.” 
Until this past summer, Paget had been chief hacker at Recursion Ventures, a company that specializes in hardware security. When she left in July, she said she was looking for a break from bug-finding, hoping to find a job that involved building “security-focused hardware.”
“I’ve done too much breaking of things, it’s time to create for a change,” she said on Twitter. She was hired in September as a core operating system security researcher at Apple, according to her Linkedin Profile. 
Paget made headlines in 2010 when she built her own cellphone-intercepting base station at the Defcon hacker conference. Back then, Paget was known as Chris. She switched genders last year.

While talking about hiring geniuses by giant firms, we would like to remind you that very recently Apple has hired search guru Bill Stasior to oversee Apple's Siri voice-activated personal assistant. Along with this, few months ago social networking giant Twitter had appointed famous whitehat hacker Charlie Miller, to boost up its security.  Also in late 2011 Nicholas Allegra, the world-famous hacker known as "Comex", creator of JailbreakMe.com comes was also hired by Apple.


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Posted by Avik Sarkar On 11/05/2012 05:08:00 am

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 
A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.
The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  
The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

AT&T Locker: Offering Free Cloud Storage For iOS & Android Users

AT&T a leader in telecommunication services, announced a brand new service which calls "AT&T Locker" that will allow iPhone and Android smartphone customers of AT&T to store 5GB worth of videos and photos for free in AT&T's cloud. The most interesting thing is that, the service is available through a free app in the Apple App Store or the Google Play store. And it allows users to store roughly 5,000 average sized photos in the cloud. The app requires subscribers use either an iPhone 3GS or newer device. And Android users must be on version 2.1 or higher of the Android OS. Users can choose to upload new photos and video via Wi-Fi, AT&T's cellular network or both. Customers can manage those photos and share them through the app on the smartphone or on the AT&T Locker web page. AT&T plans to incorporate additional features in future versions of AT&T Locker. And the company didn't say whether higher storage options will be available.
This service is exactly similar to Apple's iCloud service also allows up to 5GB of free storage. And it also offers Photo Stream, which allows its iPhone users to automatically store photos in Apple's cloud and share them across multiple iOS devices as well as share them with other people. The service stores up to 1,000 pictures automatically and this storage doesn't count against the iCloud storage limits. Google also offers storage in its Google Drive service. This service also offers up to 5GB of free storage. You can store anything here from pictures to documents to music. Of course there are also other options for storing photos and other digital content including Dropbox and Microsoft's SkyDrive which is also a very handy option. 



Brief Description:-

AT&T Locker™ allows you to Store, sync and share your photos, videos and documents in one convenient place. AT&T Locker is an app that lets you store, sync and share your data in one safe, convenient place. Your content is easy to access on your computer and phone from virtually anywhere. Photos and videos can be backed up automatically from your phone. It's also easy to share to email, Facebook and Twitter. First 5 GB of storage is free. Additional storage is available for the low monthly price of just $3.99 for 30GB or $9.99 for 100GB.

• Photos and videos can be automatically uploaded to your AT&T Locker from your phone
• Easily access your photos, videos and documents from your phone and computer
• Easy to share to email, Facebook and Twitter
• First 5 GB of storage is free. Additional storage is available.
• Your content is secure and backed up in the cloud
• Store your favorite memories in a safe and convenient place
• Store music from your computer to your AT&T Locker



-Source (AT&T, Cnet)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri

Posted by Avik Sarkar On 10/20/2012 12:07:00 pm

Search Guru Bill Stasior CEO of Amazon’s A9 Unit, Hired By Apple To Oversee Siri

To be the very best, you need to deliver your hundred percent even some times more than hundred percent, and this race continues. As a result Apple has hired 'search guru' Bill Stasior, CEO of Amazon.com’s A9 search and advertising search unit, to oversee Apple's Siri voice-activated personal assistantStasior, who joined Amazon in 2003 as director of search and navigation, founded A9.com in May 2004 and then became CEO of the wholly owned subsidiary in February 2006, according to his LinkedIn profile. Stasior, who holds undergraduate and graduate degrees from the Massachusetts Institute of Technology, describes A9.com as a “company with a mission to create groundbreaking technologies in search, advertising, and mobile that power customer centric, Internet businesses.” Apple confirmed his hire but didn't provide any comment. Stasior has an impressive pedigree (you can read his resume and see a really geeky binary image he posted of himself here). The MIT PhD has taught there, too, and has done stints at Oracle, Netcentives and AltaVista. 
 Siri, Apple's famous voice-activated personal assistant program, was acquired in April 2010 to launch a big stake in voice-activated search. Since Apple kicked Google Maps to the curb in iOS 6, the only remaining tie with Google is search. Will Apple eventually do its own search network? Who knows. Stasior’s background in search will certainly be of value if the time ever comes. While Siri has had a high profile in the iPhone range, Apple has lost some of the talent who created it. Adam Cheyer, who co-founded the voice recognition software, recently left the company. CEO Dag Kittlaus departed in October 2011. 
Here we want to remind you that last month Twitter hired famous whitehat hacker Charlie Miller, to boost up its security. Here its Apple who hired Stasior presumably, strengthening Apple’s search and search advertising technology in the wake of its increasing competition with Google. While talking about the news of hiring geniuses then the name of Nicholas Allegra, the world-famous hacker known as "Comex", creater of JailbreakMe.com comes. He was also hired by Apple in 2011. 


-Source (AllThingsD) 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

Posted by Avik Sarkar On 9/23/2012 12:05:00 am

Apple Releases iOS 6 With 200+ New Features & Mountain Lion 10.8.2 With Facebook Integration & Game Center

As expected, here comes double bang from Apple. Apple has also released  iOS 6 along with OS X Mountain Lion 10.8.2 and made available for public. In case of users of recent iPad, iPhone, and iPod touch models can obtain the update either by connecting their devices to iTunes and clicking the "Check for Update" button or checking for over-the-air updates on their devices. iOS 6 adds over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. It will also ship on the iPhone 5, which launches on Friday, and on the fifth-generation iPod touch launching next month. The operating system arrives as the golden master build 10A403 for existing devices, and Apple has also posted a special 10A405 build for the iPhone 5 and a 10A406 build for the upcoming fifth-generation iPod touch.

With iOS Apple quietly pushed out 10.8.2, the second minor update to Mountain Lion since it was released in July. The update is currently available via the Software Update functionality in the Mac App Store. The update includes a number of enhancements, most notably Facebook integration and Game Center. It also includes support for several features integrating with iOS 6, such as Passbook passes and  iMessage/FaceTime access via phone number. 

This update is recommended for all OS X Mountain Lion users, and includes new features and fixes:
Facebook 
• Single sign on for Facebook
• Adds Facebook as an option when sharing links and photos
• See Facebook friends' contact information and profile pictures in Contacts
• Facebook notifications now appear in Notification Center



Game Center
• Share scores to Facebook, Twitter, Mail, or Messages
• Facebook friends are included in Game Center friend recommendations
• Added Facebook "Like" button for games
• Challenge friends to beat your score or achievement



Other new features
• Adds Power Nap support for MacBook Air (Late 2010)
• iMessages sent to your phone number now appear in Messages on your Mac
• You can now add passes to Passbook (on your iPhone or iPod touch) from Safari and Mail on your Mac
• FaceTime can now receive calls sent to your phone number
• New shared Reminders lists
• New sort options allow you to sort notes by title, the date you edited them, and when you created them
• Dictation now supports additional languages: Mandarin, Cantonese, Spanish, Korean, Canadian English, Canadian French, and Italian
• Dictionary app now includes a French definition dictionary
Sina Weibo profile photos can now be added to Contacts

* Requires iOS 6


General fixes
The OS X Mountain Lion v10.8.2 update also includes general operating system fixes that improve the stability, compatibility and security of your Mac, including the following fixes:


• Adds an option to discard the changes in the original document when choosing Save As 
• Unsent drafts are now opened automatically when launching Mail
• Receive Twitter notifications for mentions and replies from anyone
• URLs are shortened when sending tweets from Notification Center
• Notifications are disabled when AirPlay Mirroring is being used
• Adds SSL support for Google searches from the Smart Search Field in Safari
• Adds a new preference to have Safari launch with previously open webpages
• Resolves an issue that may cause the "Enable Autodiscover" checkbox to always remain checked
• Enables access to the Mac App Store when Parental Controls are enabled Support for @icloud.com email addresses
• Resolves a video issue with some VGA projectors when connected to certain Mac notebooks
• Addresses an issue that may prevent Active Directory accounts from being locked out
• Resolves an issue that may cause the policy banner to re-appear prior to logging in
• Improvements to SMB
• Addresses an issue with NIS users when auto-login is enabled
• Addresses an issue in which the Keychain may not be accessible
• Ability to pre-authenticate a FileVault protected system
• Addresses an issue that may cause Xsan to not automatically start after migrating from Mac OS X Snow Leopard 


Direct downloads of OS X 10.8.2 is also available through Apple's site form the following links-



-Source (Apple & MacRumors)                             




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search