A renowned security researcher has discovered that the micro-controller that monitors the power level of an Apple laptop can be compromised to allow a hacker to run code on it, potentially even cause the battery to explode.
Security expert Charlie Miller, notorious for his hacking feats against Apple systems, reportedly examined the batteries in several MacBooks, MacBook Pros and MacBook Airs, and found an alarming vulnerability.
The researcher has found that the batteries’ micro-controller chips ship with default passwords. Once a hacker learns that password, they can learn to control the chips’ firmware and potentially hijack them.
Bad scenarios proposed by Miller include permanently ruining they battery, implanting it with hidden malware that infects the computer regardless of what is contained on the hard drive, and even potentially cause the battery to heat up, or catch fire.
iOS 4.3.4 can be downloaded and installed to any currently supported iOS-based devices by connecting to iTunes and choosing to update. Apple has characterized the latest software as a security update, and does not contain any new features or fixes.
The update is available for the GSM iPhone 4, iPhone 3GS, iPad 2, iPad, and third- and fourth-generation iPod touch. Another firmware, iOS 4.2.9, is also available for the CDMA iPhone 4 for Verizon users.
via AppleInsider | Apple releases iOS 4.3.4 to address PDF security hole.
Posted in App, Apple, iOS, iPad, iPhone, iPod, Mac, Security
Tagged 4.3.4, Apple, iOS, Mac, PDF
You can watch all open network connections for both incoming and outgoing transfers using a free command line utility called open_ports.sh. Open_Ports is much more useful than using lsof to list open internet connectionsbecause it provides extensive network information in a very easy to read format, including what program or process is opening the connection, which port and user, the number of connections per process, the hostname being connected to, the country, and even the city.
Additionally, open_ports shows you all of your open ports listening for connections, again with information about the application, user, port number and name, and even the service IP range. All of the output is color coded, a red background signifies the process is owned by root, red text means the IP address doesn’t correspond to a domain name, blue means the IP matches several domain names, and green text means the protocol is encrypted.
A Brooklyn-based artist is being investigated by Apple and the Secret Service after installing spy camera software on New York Apple Retail Store computers that took pictures of customers and sent them to a remote server.
Kyle McDonald initiated the project, entitled People Staring at Computers, in June, using software to capture the expressions of customers using demo Macs in Apple Stores around New York, Mashable reports.
If you’re one of the proud and the brave who have sampled the latest wares of the crew behind JailbreakMe on your iPad, you’d be well advised to not update your TWCable TV app. We received the above screenshot from the latest version of said software, an update that aprevents it running on jailbroken tablets. What do to? Well, you could restore your device to “factory defaults” — or you could watch a little Netflix or Hulu instead and use this as yet another reason to “cut the cable.”
iOS, Apple’s mobile operating system that powers the company’s iPhone and iPad, has more protection than its rival Android, security experts at Symantec recently reported.
This week, the security company Symantec published “A Window Into Mobile Device Security,” a 23-page publication that details Apple and Google’s security approaches in their mobile operating systems. The publication also features a close look at possible security holes that are found in the Android and iOS platforms.
The long awaited iPad 2 jailbreak is finally here, albeit unofficially, due to a leaked beta version of comex’s JailbreakMe 3.0 utility. Like the original version of JailbreakMe, the jailbreak exploits a bug in how Mobile Safari handles PDF’s, so the process of installing the jailbreak is surprisingly easy and just a matter of opening a PDF from the Safari browser on your iPad 2.
“A computer hacker admitted Thursday to writing code that was used to breach AT&T Inc.’s servers last year and gather email addresses and other personal information of about 120,000 users of Apple Inc.’s iPad,” Chad Bray reports for The Wall Street Journal.
“Daniel Spitler, 26 years old, a computer hacker from San Francisco, pleaded guilty to identity theft and conspiracy to gain unauthorized access to computers. He faces up to five years in prison on each count,” Bray reports. “Sentencing is set for Sept. 28.”
“Along with Mac OS X 10.6.8 for Snow Leopard users, Apple released Security Update 2011-004 for Leopard users on Thursday. The update improves protection against the Mac Defender Trojan Horse and other potential security issues.”
“The update includes the same security fixes from the Snow Leopard 10.6.8 update along with improved AirPort network security, a fixes for maliciously crafted ColorSync profiles, maliciously crafted PDFs that take advantage of a CoreGraphics issue, and a Windows ID flaw in Samba, all of which could let an attacker run arbitrary code on the victim’s Mac.”
“Security Update 2011-004 is available for Leopard and Leopard Server via the Software Update application, or as a downloadable installer at the Apple Support Web site.”
Apple Releases Security Update 2011-004 for Leopard | News | The Mac Observer.