XSS Vulnerability Found in Cartoon Network's (CN) Official Website By Dr41DeY
After the successful breach of 'DY365 TV' yet again the hacker going by the name of Dr41DeY from Nigerian Cyber Army targeted another TV network. Guess what, this time he caught even a bigger fish. Unlike defacement or breach this time the hacker did something what it called ethical or can be categorized in white-hat list. Okey now without pulling the intro more longer lets directly come to the story -and that is the official website of Cartoon Network is vulnerable of cross site scripting attack also known as XSS attack. Cartoon Network mostly known as CN is the worlds leader in broadcasting animated programming, ranging from action to animated comedy & many more. This satellite channel is the most preferred channel for the children and teenagers between the ages of 7 to 5 among the whole of the world. So it is quit indisputable that the official website of Cartoon Network (CN) is indeed a valuable website which have large number of traffic everyday. But it is unclear that being such a big and popular brand name, why CN committed such a massacre while leaving XSS vulnerability in their official portal. Dr41DeY shared with VOGH, that the search box in the home page of CN poses non persistent XSS vulnerability. The above screen shots was taken as a proof of the story. I on behalf of Team VOGH has already contacted CN authorities, and knocked them about this issue. Hopefully they will take appropriate steps with out doing any further delay. For updates in this story and also other hot cyber issues, just stay tuned with VOGH.
Several Twitter Accounts of CBS News (60Minutes, 48Hours & CBSDenver) Hacked By Syrian Electronic Army [#twithackery]
Yet again CBS one of the major commercial broadcasting television network of United States faced cyber attack. First it was hacker collective Anonymous who targeted CBS and managed to hack the TV network of CBS in January last year. The attack was done under the banner of Operation Megaupload. And now CBS have fallen victim of what it called twithackery, where hacker managed to gain temporary access of popular twitter accounts and broadcast fake tweets. This Sunday such twithackery targeted and compromised several twitter account of CBS. Infamous hacker community going by the name of Syrian Electronic Army claimed to have hijacked the twitter accounts of CBS, the list of the hijacked accounts include "60 Minutes" and "48 Hours" which is maintained by CBS news program. Later it has been reported that another twitter account @CBSDenver has also been hacked, during this ongoing cyber attack. CBS acknowledged the whole phenomena and later a CBS spokeswoman confirmed that the accounts had been compromised. "PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve." - said the CBS spokesman. Another message from CBS said, "A message that was posted earlier to this account was not written or sent by @60Minutes or its staff."
Here is the list of those fake tweets came from the hijacked accounts of CBS:-
From @60Minutes account we got the following message -
"The US government is hiding the real culprit of the Boston bombing"
"The US government is sponsoring a coup in Venezuela and a terrorist war in Syria"
"Your duty is to protect your nation from the parasites that have taken your government"
"Obama wants to destroy the Syrian and American people. We must stop this beast"
Other messages claimed: "Syrian Electronic Army Was Here via @SyrianCyberArmy" and suggested the action was in response to the suspension of the @Official_SEA account. Tweets sent out on the @48Hours account reportedly included: "General Dempsey calls for #Obama's arrest under new anti-terror laws #48hours" As soon as the issue get spotted, CBS regain those hijacked accounts and immediately deleted those rouge messages. Later the two accounts @60Minutes and @48Hours has been suspended.
Samsung TV & BD Systems are Vulnerable to DoS & Remote Administration
The most recent bug, found in a wide range of high-definition TVs from Samsung, was disclosed on Thursday. Luigi Auriemma an Italy-based researcher who regularly finds security flaws in Microsoft Windows, video games, and so on. While poking around a Samsung D6000 model belonging to his brother, he inadvertently discovered a way to remotely send the TV into an endless restart mode that persists even after unplugging the device and turning it back on.
Vulnerability Description:-
All the current Samsung TV and BD systems can be controlled remotely via iPad, Android and other software/devices supporting the protocol used on TCP port 55000
The vulnerabilities require only the Ethernet/wi-fi network connected to be exploited so anyone with access to that network can do it. I have not tested if there are limitations on Internet or in big WANs. The remote controller feature is enabled by default like all the other services (over 40 TCP ports opened on the TV).
Bugs
When the controller packet is received on the device it displays a message on the screen for telling the user that a new "remote" device has been found and he must select "allow" or "deny" to continue. The message includes also the name and MAC address specified in the received packet, they are just normal strings (there is even a field containing the IP address for unknown reasons). For additional information click here
"It wasn't even planned," Auriemma told Ars, referring to the most damaging of his two attacks, which rendered the device useless for three days, until he finally found a way to restore it to normal operation. "I wanted only to show a message on the TV when my brother was watching it. He selected the 'deny' choice and boom."
The TV was connected by ethernet cable to a home network, so Auriemma thought it would be funny to use a computer connected to the same network to send it a message that contained a series of custom headers. Without warning, the TV spiraled into an endless loop of restarts. For about five seconds, the device would appear to work correctly, but then would stop responding to commands entered by remote control or through the panel. A few seconds later, the TV would restart and repeat the process. Unplugging the power cord or ethernet cable did nothing. Auriemma had just stumbled upon a crippling denial-of-service attack.
Auriemma said he sees no reason the attack couldn't be carried out over the Internet if the TV had a public IP address and used no filters. His discovery came two weeks after a separate researcher reported a DoS vulnerability in Sony Bravia TVs. Using the publicly available hping networking tool, Gabriel Menezes Nunes said he was able to seriously disrupt its operation.
"The World Tomorrow" - Wikileaks Founder Julian Assange TV Show
Do you want to catch Wikileaks founder Julian Assange, if the answer is yes then a golden opportunity is coming for you. In a CNN report it has been come to light that Julian Assange plans to debut a talk show, "The World Tomorrow," on Russia's state-funded television network next week. Assange and RT, an English-language international satellite news channel, would not release the guest lineup in advance, but hinted that the first interview would be controversial. WikiLeaks has asked followers on Twitter if they can guess the show's first guest. "Any bets on who The World Tomorrow's first mystery guest(s) are?" it tweeted. "You've been waiting and we've been teasing," said RT's website of the show, which will also be released online. The talk show set for launch Tuesday is creating a stir in global media circles. Commentators outside Russia have questioned the apparent link the show creates between Assange and the Kremlin, given RT's government-funded status.
It is unclear how or from where Assange, who is under house arrest in the United Kingdom while fighting extradition to Sweden, will present the show. Assange, in the online trailer, says that the experience of interviewing guests -- described by RT as opinion formers, some of them dissidents -- while under house arrest brings a different dimension to the process. "RT is rallying a global audience of open-minded people who question what they see in mainstream media and we are proud to premiere Julian Assange's new project,"Editor-in-Chief Margarita Simonyan said in a statement on the television network's website.
"We provided Julian a platform to reach the world and gave him total editorial freedom. He is absolutely the right person to bring alternative opinions to our viewers around the globe." "The World Tomorrow" will be broadcast [simultaneously] on three RT channels, in English, Arabic and Spanish. The WikiLeaks website for "The World Tomorrow" said Friday there would be 12 shows in total, each featuring a 26-minute edited interview. "RT is the first broadcast licensee of the show, but has not been involved in the production process. All editorial decisions have been made by Julian Assange," the website said.
Last two big bang from Wikileaks was Spy Files where he said that Govt is using Malware For Surveillance. Spy Files—includes confidential brochures and slide presentations that companies use to market intrusive surveillance tools to governments and law enforcement agencies. The documents published by Wikileaks include 287 files that describe products from 160 companies. Few months ago Wikileaks released 5 Million emails from Stratfor Global Intelligence, which was named GI Files(Global Intelligence Files)
Airtel 4G LTE - India's First Fourth Generation Mobile Service
Bharti Airtel on Tuesday announced the launch of the country’s first ever fourth generation (4G) mobile services in Kolkata. Airtel will shortly roll them out in the other three circles of Karnataka, Punjab and Maharashtra (excluding Mumbai). "We will launch the 4G LTE service in Bangalore this month, followed by Pune and Chandigarh," Bharti Airtel Chairman Sunil Mittal said.
The company said high-speed wireless broadband "has the potential to transform India" and to provide a platform for "building the country's digital economy." 4G is expected to be five times quicker than 3G services. It would offer services such as high-definition mobile TV and video conferencing. Bharti and its rivals paid a total Rs 38,543 crore ($7.5 billion) to buy fourth-generation (4G) wireless broadband spectrum in a 2010 auction, which saw bids at much higher prices than initially expected. Bharti managed to win 4G spectrum in just four of India's 22 telecoms zones in the auction, paying Rs 3,314 crore for spectrum in the Maharashtra, Karnataka, Kolkata and Punjab zones. The company was allocated 20 Mhz of BWA spectrum in 2.3 Ghz frequency band which is considered suitable for transmitting signals for operating 4G services.
The network for rolling out Airtel's 4G LTE services in the city had been built by Chinese telecom equipment maker ZTE. Airtel is the first mobile operator to launch 4G services in the country. Bharti Airtel has already awarded the contract for building and operating its 4G network in Maharashtra to Nokia Siemens Networks. Currently, Airtel’s 4G pricing in Kolkata starts at Rs 999 with a usage of 6GB. Wi-fi devices (indoor CPE) are priced at Rs 7,750 while 4G multi mode dongles are priced at Rs 7,999. To know more about Airtel 4G click Here
Syrian PresidentBashar Assad's E-mail-Id Hack Could Lead To "Cyber Warfare"
Earlier in a operation called #OpSyria hacker collective Anonymous has targeted the Syrian Cyber fence. First they hacked and defaced the Syrian Ministry of Defence then TV Network Of Syrian Pro-Government & finally Syrian president Bashar Assad been targeted by the hacker. Anonymous gained access to 78 different e-mail accounts at the Syrian Ministry of Presidential Affairs, including that of the Minister of Presidential Affairs, Mansour Fadlallah Azzam, and Assad's media adviser, Bouthaina Shaaban. Sadly, it's clear that no one bothered to give Assad's office a lesson in basic computer security, because several of the accounts apparently had the password 12345. Britain's newspaper Guardian gathered 3,000 emails passed on by a source in the Syrian opposition reveals a wealth of private information – including family photographs and videos, a scan of the president's identity card and a birth certificate belonging to a family member – that would be difficult for even the best resourced hoaxer or intelligence agency to gather or fabricate. The sam@alshahba.com and ak@alshahba.com accounts that activists say were used by Bashar al-Assad and his wife, Asma, communicate regularly and in affectionate terms with the wider family and advisers, some of whose email addresses are easily verified. Events and speeches mentioned in the emails tally with the timings of real events. The "sam" and "ak" accounts were also monitored contemporaneously by activists who say the protagonists reacted in real time to events on the ground in Syria.
Review:-
Cyber warfare in coming years, experts increasingly believe, could be as much about trying to protect or disseminate particularly sensitive pieces of information as about plotting cyber attacks on essential national infrastructure. "It's the first time insurgents have gained access to a regime's high-level communications during an uprising," says John Bassett, a former senior official at British signals intelligence agency GCHQ and now a senior fellow at the Royal United Services Institute. "That could possibly be a significant turning point in the development of cyber warfare."
Some security experts doubt Syria's fragmented opposition would have had the capacity to access the e-mails without outside help, but others say those in power in Damascus may simply have been careless. The Syrian opposition say they were given details of the passwords by an internal regime source. It is a tool that could become increasingly popular. According To Guardian:- There are several email conversations in which "Sam" and Bashar are clearly identified as the same person. In November, for example, Hadeel al-Ali, Assad's press assistant, emailed sam@alshahba.com about an interview Assad had given to a student activist, Hussam Arian, six months earlier. She attached a picture of Arian with Assad, and screenshots of the student's Facebook page, which featured the article. She said to "Sam": "I took many shots of the page of Hussam Arian and the article he wrote about you." Another email to the address from Asma relates: "Fares closed all your twitter accounts!" Fares Kallas is Asma al-Assad's assistant, and other emails in the chain show that he had asked Twitter to close several fake accounts purporting to belong to Bashar. In Asma's case, there are a host of emails sent between ak@alshahba.com and Asma al-Assad's family which offer compelling proof. Many emails sent to "ak" from her family begin "Hi Asma", and one of her family's email header lists ak@alshahba.com as Asma Akhras, Asma al-Assad's maiden name. There are many other examples of family members sending affectionate emails to Asma at the "ak" account. On 21 November 2011, one of her brothers sent her photos of their father's recent birthday party, with the subject line "Dad's birthday 2011". The photos show Asma together with identifiable family members standing in a kitchen. The brother also circulated the photos to her other brother.
Metasploit 4.2.0Released WithIPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.
Brief About Metasploit:-
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
DiyaTV & Few Other Pakistani WebsitesHacked By Yash (Team Nuts)
Yash an Indian hacker from Team Nuts again hit the Pakistan cyber fence. In this attack he blown the official website of a well known TV network of Pakistan named DiyaTV. The website has a high Alexa rank in Pakistan. Not only that but also more 25 other Pakistani sites get penetrated by Yash & Team Nuts. The list of those hacked sites and mirror links can be found on a pastebin release by the hacker group. Earlier this group has hack few Pakistani sites among them National Highway Authority of Pak Govt and many other sites. We all are aware of the ongoing cyber war between Bangladesh & India where BD hackers have blown massive Indian sites including Govt, NIC, Media, Stock Market and many more. But one thing is truly irrelevant and that instead of protecting Indian cyber fence or stand against BD hackers Team Nuts hit Pak cyber fence!!!!
Anonymous Take Down CIA- Central Intelligence Agency Website
The official website of CIA- Central Intelligence Agency faced massive cyber attack on the last Friday. Hacktivist Anonymous took responsibility if the cyber attack. At approximately 3:10 p.m. Eastern time one of twitter accounts related to the hackers' group announced "cia.gov DOWN. #UMAD?#Anonymous." And also claimed that this is yet another biggest denial of service attack of this year. This attack was the part of Anon's traditional #FuckFriday boom. The last Friday Anonymous released sensitive conference call between FBI & Scotland Yard. Earlier for #OpMegaupload they have bring down Federal Authorities, US Govt, Brazil Govt, Ireland's Dept of Finance & Justice, CBS TV Network, UFC.com and many more.
Syrian President Bashar Assad's E-mail-Id Hacked By Anonymous (#OpSyria)
In Operation Syria (#OpSyria) not only the TV Network of Pro-Government get penetrated but also Syrian president Bashar Assad been targeted by the hacker. Late on Sunday night, Anonymous gained access to 78 different e-mail accounts at the Syrian Ministry of Presidential Affairs, including that of the Minister of Presidential Affairs, Mansour Fadlallah Azzam, and Assad's media adviser, Bouthaina Shaaban. Sadly, it's clear that no one bothered to give Assad's office a lesson in basic computer security, because several of the accounts apparently had the password 12345.
The e-mails from Assad's press advisers suggest the president knew otherwise, and coached Assad on specific ways to deflect common American criticisms:
"It is hugely important and worth mentioning that 'mistakes' have been done in the beginning of the crises because we did not have a well-organized 'police force.' American psyche can be easily manipulated when they hear that there are 'mistakes' done and now we are 'fixing it.' It's worth mentioning also what is happening now in Wall Street and the way the demonstrations are been suppressed by policemen, police dogs and beatings."
Some of those hacked Emails can be read for this link (Posted by The Israeli news organizationHaaretz)
Pro-Government TV news Network of Syria has been compromised. Syria's state broadcaster confirmed this on Sunday that the text message news service of a separate, pro-government TV station had been hacked. A headline displayed on state Syria tv said: "The administration of Addounia draws the attention of its subscribers to the fact that it has temporarily halted its SMS service, and calls citizens to be wary of the false messages being sent now."
Separate headlines on Addounia cautioned against a text message asking people "to avoid public squares for security reasons," and advised that its subscribers ignore all SMS messages on its service until further notice. The station was the target of European Union sanctions imposed on Syria in September, in response to President Bashar al-Assad's bloody crackdown on mass protests - and, increasingly, an armed insurgency - against his rule.
Few days ago Anonymous has hacked the CBS Broadcasting of US. They managed to gain access on CBS Server and deleted everything.
#OpIreland- Department Of Foreign Affairs Ireland Hacked By Anonymous
Protest against controversial act called SOPA, PIPA & ACTA continues. Anonymous hackers from Sweden stated a campaign named "#OpIreland" and mounted DDoS attacks against the websites of the aforementioned politician and junior minister Seán Sherlock, and the Departments of Finance and Justice last week, and sent them offline for certain time. Last night this hacker group turned their sights towards a number of websites tun by the Department of Foreign Affairs, but this time they took it upon themselves to do more damage. As a result the have breached the security and stolen senstivie data such as Full Name, Email-id, Password. All the leaks are posted on a pastebin release by the hacker group. In a twitter release @AnonOpsSweden took responsibility of this security breach.
A spokesman for the Department of Foreign Affairs confirmed the breach but said that other servers belonging to the Department were not compromised. The Irish Aid website is still down as the Department's IT specialists are investigating the matter.
AnonymousVows To Shutdown CNN.com (#OpDebateBlackout)
The protest against Internet censorship by Anonymous continues. Now they have called another operation named #OpDebateBlackout. According to a YouTube video Anon vows to shutdown famous media CNN during yesterday night debate. Anon said:- "Shut down CNN.com during the Florida debate. In response to the establishment media blackout of Ron Paul, and specifically to the lack of equal time given to him in the debates, we the people will be blacking out the responses of all candidates except Ron Paul in the upcoming CNN debate in Jacksonville Florida on Thursday, January 26 at 8PM eastern standard time. This is a call to all who are willing and able to join this effort to show the establishment media that we will not tolerate the continued media blackout of Ron Paul, and that we will, in return, shut down the cnn website and their live stream of the debate."
CBS TV Network Hacked By Anonymous (#OpMegaupload)
Operation Megaupload is going higher and higher. 1st Anonymous bring down US Dept. Of Justice, FBI and some other federal authorities website. Then the attacked was moved to Brazil Govt. and there Anon shut down websites of Brazil's federal district, Tangara da Serra city & the website of popular Brazilian singer Paula Fernandes.Not only Anonymous its about the mass. The whole world contributed in this operation. Statistic is saying that more than 66,500 people from different part of the world have downloaded LOIC and taken part in #OpMegaupload. And this attack was considered as the "Largest Attack Ever".
Now anonymous targeted CBS Broadcasting completely knocked out CBS.com and are continuing their revenge spree. The CBS takedown wasn't your regular DDoS attack because if you went to CBS.com at the time Anon attacked it, there was nothing except an index page with a single file. Basically, Anonymous gained access to CBS.com and deleted everything. As shown in the figure below.
Truth Alliance Network and 20 other Churches websites Hacked By XtReMiSt of Muslim Liberation Army. According to the officials of MLA the object of these deferments are "To Raise A Voice Against Quran Burning Day and Illegal occupation of Israel and India in Palestine and Kashmir.. and to show why Muslims are raising their voice against America."
Hacked Sites:-
Truth Alliance Network (24 Hour Daily Newspaper) (Shot) truthalliance.net
Apple on Monday released a new build of its iOS 5 beta software to developers. The new build — iOS 5 beta 3 — is available for all applicable iOS devices including the iPhone 4, iPhone 3GS, iPad 2, iPad, Apple TV, and third and fourth-generation iPod touch devices. Apple also released the third beta of iTunes 10.5 alongside the new iOS release of course, and it will be necessary for developers to install iTunes 10.5 beta 3 in order to load the new iOS beta on their devices. Hit the break for the full change log included with this release.
Notes and Known Issues
The following issues relate to using the 5.0 SDK to develop code.
Accounts
When creating an iCloud account you can use any Apple ID provided it is a full email address and not a MobileMe account. If you have a MobileMe account, you can copy data from that account to an iCloud account to use during testing. You can find more information on iCloud at: http://developer.apple.com/icloud
When setting up an iCloud or MobileMe account using the setup assistant and leaving Find My iPhone on, it might actually turn Find my iPhone off after the setup. Please verify in Settings/Mail, Contacts, Calendar/YourAccount that Find my iPhone is toggled On after leaving the setup assistant.
There is a problem finding a device using Find My iPhone on the MobileMe website (www.me.com) when switching from iCloud back to MobileMe. To workaround this issue:
On the device go to Settings->Mail, Contacts, Calendar-><your_account>@me.com and Toggle Find My iPhone off and back on. Now the device should show up on MobileMe website.
It is recommended that you disable Bookmarks on multiple accounts. If they are enabled, the results might be undefined.
NEW: In this beta the option of “Choosing a security question” is not working during an iCloud account setup.
Air Play
Starting in iOS 5, video content in applications and websites are AirPlay-enabled by default.
iOS 5 supports AirPlay of video via AV Foundation.
FIXED: The Apple TV screen saver may degrade mirroring performance over AirPlay. The screen saver can be disabled in Apple TV settings.
Apple TV
Apple TV Software beta enables users to mirror the contents of an iPad 2 to an Apple TV (2nd generation) using AirPlay. This beta software also enables Photo Stream on Apple TV so users can access photos stored in iCloud. Apple TV Software beta is being provided to test the latest AirPlay functionality with your iOS 5 apps and web sites. If you wish to install Apple TV Software beta on your device, you must first register your device UDID in the iOS Developer Program Portal.
Audio
Using voice chat in iOS 5 requires setting the kAudioSessionMode_VoiceChat mode on the Audio Session, or setting the AVAudioSessionModeVoiceChat mode on the AVAudioSession object.
CalDav
FIXED: After creating a recurring event locally on the device, the device stops syncing after hitting an error on merge. Removing and re-adding the account acts as a workaround for this.
Calendar
All MobileMe calendars were duplicated after turning calendar syncing off and back on.
If you launch or manually refresh Calendars on an iPad, your calendars might disappear and you will have to tap “Show All Calendars” to display them again.
NEW: Restoring from a Seed 1 backup or earlier will cause MobileMe/iCloud calendars not to sync. Subscribed calendars will show up in Calendars but none of your event calendars will appear in MobileCal. To workaround the problem please remove and re-add the account.
Game Kit
Match data for turn based matches is currently limited to 4 KB of data.
Game Center
If you have an existing Game Center account which has not yet gone through the first-time Game Center flow in iOS 5, you will encounter a crash when signing into a game’s login alert directly. The workaround for this is to launch Game Center to complete the first-time flow.
i-Books
iBooks 1.2.2 may fail to display some text or images in books. Please update to iBooks 1.3 in the App Store.
i-Cloud Backup
As this is beta software, it is recommended that you do not use the iCloud services to store any critical data or information. If you enable iCloud Backup, automatic backup with iTunes when syncing will be disabled. We suggest you also manually back up your device with iTunes.
In the iOS 5 beta, support for data protection in iCloud Backup is unavailable. Apps that have protected files will not have any of their data or metadata backed up as a result.
After restoring, you may not be able to back up again because the device still thinks it’s restoring. To workaround this issue try syncing apps or media that are missing form iTunes or try deleting your iCloud account and adding it back.
If you delete your backup, the feature will be disabled but settings may still indicate that it is enabled and you will have to toggle the BackUp to Cloud switch in Settings.
For compatibility reasons, this version of the iOS 5 beta requires that all files be backed up again, instead of only those files that have changed since your last backup. This may cause a warning that your account is over quota. In case the warning occurs, you can delete your oldest backup to free up space and then initiate a backup.
i-Cloud Storage
During the iOS 5 beta period, any documents stored on the servers might be purged periodically before GM. Therefore, it is highly recommended that you do not store any critical documents or information on the servers.
If your application is using the NSMetadataQuery class, you must set a predicate, even though the predicate itself is ignored.
The Foundation framework doesn’t include the team ID when looking for an app’s mobile documents container. The Team ID must be included at the beginning of the identifier string passed to theURLForUbiquityContainerIdentifier: method.
In this beta, the setSortDescriptors: method of NSMetadataQuery is not supported.
In this beta, if you want to use iCloud, you have to manually specify various container identifiers (your application’s Display set) within an Entitlements file for both of your Mac OS X and iOS projects.
There are issues using the Cloud Storage document API in conjunction with protected data which can lead to data corruption.
In this beta, document-based applications cannot always detect when files change, move, or are deleted out from underneath them.
NEW: In this beta, file presenters (objects that adopt the NSFilePresenter protocol) do not receive some of the messages that they’re supposed to receive, especially:
presentedItemDidChange
presentedSubitemDidAppearAtURL:
presentedSubitemDidChangeAtURL:
You can workaround this by implementing the relinquishPresentedItemToWriter: method and checking to see if the writer actually wrote when your file presenter reacquires. You can also use FSEvents to observe file system changes
In this beta, messages about changes to files in a directory are not getting delivered to objects that adopt the NSFilePresenter protocol.
While reporting a bug related to the iCloud storage interfaces, please include the logs collected during your debugging session. To generate these logs, you must install a special debug profile on your device.The debug profile can be obtained from http://connect.apple.com. This profile enables the generation of debug logs that are needed to diagnose any problems using iCloud storage. The instructions to collect the logs are:
Install the profile. (The easiest way to do this is to mail it to yourself and open the attachment on their device.)
Reproduce the bug.
Sync with iTunes to pull the logs off your device.
Attach the logs to your bug report. You can find the logs in ~/Library/Logs/CrashReporter/MobileDevice/DeviceName/DiagnosticLogs.
These logs can grow large very quickly, so you should remove the profile after you have reproduced the problem and pulled the logs for the bug report.
i-Message
NEW: i-Message beta 3 will be unable to communicate with iMessage users on beta 1. It works between beta 3 and beta 2.
NEW: Modal alerts don’t appear for iMessages.
iTunes
The version of iTunes that comes with beta 3 cannot sync devices that have the beta 2 software installed. To avoid this problem, do the following:
Sync any devices that have beta 2 installed to the version of iTunes that came with beta 2.
Upgrade iTunes to the version that comes with beta 3.
Connect the device and install the beta 3 software. (Understand that you might see a failure to sync error when you first connect the device.)
After installing the beta 3 software, restore from your the backup you made in step 1.
Videos purchased from the iTunes Store do not play on a 2nd generation AppleTV over AirPlay with iTunes 10.5.
MMS
Sending an MMS of large videos does not work.
Photo Adjustments
If you apply red-eye adjustments in iOS, and import your image into the iPhoto seed build, the red-eye adjustments will not appear on that image in iPhoto. As a result, subsequent syncing of your image back to the iOS device from iPhoto will not show the red-eye adjustments.
Reminders
FIXED: The Reminders application does not send notifications for reminders that are based upon the entry (and/or exit) of a location if there is no date associated with the reminder.
Settings
The “Back Up Now” button is enabled without the backup data class being enabled for the account.
FIXED: If you bring up the keyboard of the terms in Settings->General->Software Update, you cannot dismiss it. You have to force quit Settings to get out.
NEW: In this beta FaceTime icon is missing in Settings on the iPhones.
Simulator
NEW: Location services are not functional in iOS 4.3 simulator running on Mac OS 10.7 with Xcode 4.2.
Springboard
Push and local notifications for apps appear in the new Notification Center in iOS 5. Notification Center displays notifications that are considered “unread”. In order to accommodate push and local notifications that have no “unread” status, developers can use their application badge count to trigger a clearing of notifications from Notification Center. When an application clears its badge count (by setting it to zero), iOS 5 will clear its notifications from Notification Center.
Twitter
NEW: When tweeting your location from Safari and exiting before the location can be established, the location arrow will stay in the status bar. The arrow can be removed by killing Safari from the task switcher.
UI Automation
NEW: In iOS 5 beta 3, the first execution of a script after a reboot or erase install will likely fail. Subsequent attempts should succeed until the device is rebooted again.
The play and record buttons in the Automation instrument script editor may not work properly after targeting an application that was launched by a trace session and has ended. They may also not work if you target an application that was suspended. If you run into this problem and it persists, you may need to close and reopen the trace document to get back into a functional state.
When capturing actions into a script using the Automation instrument, interfaces with web views or table cells that contain a high number of off screen elements may take an extremely long time before returning with an expression.
The lock() and unlock() functions of UIATarget have been replaced with the lockForDuration(<seconds>) function.
Instruments overwrites the loaded automation script, even if another program is editing it.
Starting iOS 5 beta 2, you can now trigger the execution of an UI Automation script on an iOS device from the host terminal by using the instruments tool. The command is:
NEW: Starting in iOS 5 beta 3, the exclusiveTouch property of UIControl has returned to its original default value of NO.
Returning nil from the tableView:viewForHeaderInSection: method (or its footer equivalent) is no longer sufficient to hide a header. You must override tableView:heightForHeaderInSection: and return0.0 to hide a header.
In the iOS 5 beta, the UITableView class has two methods to move one cell from one row to another with defined parameters. These APIs are:
moveSection:toSection:
moveRowAtIndexPath:toIndexPath:
Using the UIWebView class in Interface Builder, setting transparent background color is possible in iOS 5. Developers compiling against the new SDK can check their XIB for the UIWebView transparent setting.
In the iOS 5 beta, the UINavigationBar, UIToolbar, and UITabBar implementations have changed so that the drawRect: method is not called on instances of these classes unless it is implemented in a subclass. Apps that have re-implemented drawRect: in a category on any of these classes will find that the drawRect: method isn’t called. UIKit does link-checking to keep the method from being called in apps linked before iOS 5 but does not support this design on iOS 5 or later. Apps can either:
Use the customization API for bars that in iOS 5 and later, which is the preferred way.
Subclass UINavigationBar (or the other bar classes) and override drawRect: in the subclass.
The indexPathForRow:inSection:, section, and row methods of NSIndexPath now use NSInteger instead of NSUInteger, so that these types match with methods defined on UITableView.
There is a known issue with presenting a UIVideoEditorControllerobject where it doesn’t show the selected video, which appears blank instead. In certain cases it may also crash.
Touch events are not getting forwarded to the view in the cameraOverlayView property of UIImagePickerController.
The imagePickerController:didFinishPickingMediaWithInfo: method of UIImagePickerController is not returning a URL to the video when recording is complete.
NEW: When creating a new appointment in calendar app on a device using 24 hr clock, you cannot select an hour value greater than 12. The date-time picker value sets current weekday to be the same as previous day (e.g: a An appointment on Tuesday will be set as Monday).
FIXED: We have changed the behavior of scrollToRowAtIndexPath:atScrollPosition:animated: such that UITableViewScrollPositionTop and UITableViewScrollPositionBottom now adjust for the top and bottom portions of the contentInset property.
WebKit
NEW: In iOS 5 beta 2, a new inherited CSS property, -webkit-overflow-scrolling: value, is available. The value touch allows the web developer to opt in to native-style scrolling in an overflow:scrollelement. The default value for this property is auto.
The WebKit framework has picked up a newer WebKit engine, which closely matches Safari 5.1. Some areas to be aware of with the new WebKit framework on iOS:
There is a new HTML5-compliant parser.
Text layout width may change slightly because word-rounding behavior now has floating-point-based precision.
There is improved validation of the <input type=number> form field, which includes removing leading zeros and number formatting.
Touch events are now supported on input fields.
window.onerror is now supported.
There is a new user agent that does not have locale information in the User Agent string.
WiFi Syncing
In iOS 5 beta 2, wireless syncing is available for the Mac. It requires iTunes 10.5 beta 2 and OS X 10.6.8 or Lion. You will see an option to enable wireless syncing when you connect your device to iTunes with the USB cable. It is recommended you perform your initial sync with a cable after restoring your device.
Wireless syncing is triggered automatically when the device is connected to power and on the same network as the paired computer. Or, you can manually trigger a sync from iTunes or from Settings -> General -> iTunes Sync (same network as paired computer required). Be sure your device is plugged into a power source when performing wireless syncs.
If you find issues with apps, media and/or photos synced to your device, you can reset then resync. From Settings -> General -> Reset, choose Erase all Content and Settings. Then reconnect to iTunes and sync again.
FIXED: In this beta, iTunes may incorrectly report Photos as “Other” in the capacity bar. Photo syncing otherwise works as expected.
NEW:In some cases, your device may fail to sync contacts, calendars and account settings, or back up to iTunes. If this happens, reboot your device and re-sync.
NEW:In some cases, syncing photos may result in only thumbnails on your device. If this happens, unsync Photos then re-sync again.
Xcode
In this beta, device restores using XCode are disabled. Please use iTunes only to back up and restore your device.
In some cases, Xcode 4.2 Organizer does not display a device that is in restore mode. As a workaround you can use iTunes to restore.
FIXED: On some desktop machines, Xcode’s memory usage inflates incredibly fast while restoring a device or copying an IPSW. As a workaround use iTunes to restore.
FIXED: In this beta, crash logs (either unsymbolicated or symbolicated) do not appear in Xcode Organizer. To make them appear in the Xcode Organizer, you will have to rename the device.
In iOS 5 beta 2, the iOS Simulator is not compatible with previous releases of the iCloud Developer Seed for OS X. It is highly recommended that you update to the latest iCloud Developer Seed to ensure compatibility.
iOS 5.0 SDK supports both iOS 4.3 and iOS 5.0 simulators.
