The software genii at Apple have redesigned their OSX software to allow malware makers to make designer micro-software that can infect Macs with rootkits.
Obviously the feature is one that Apple software experts designed specifically for malware writers, perhaps seeing them as an untapped market.
The bug in the latest version of Apple’s OS X allows attackers root user privileges with a micro code which could be packed into a message.
Security researcher Stefan Esser said that this was the security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.
The OS X privilege-escalation flaw stems from new error-logging features that Apple added to OS X 10.10. Plainly the software genii did not believe that standard safeguards involving additions to the OS X dynamic linker dyld applied to them because they were protected from harm by Steve Job’s ghost.
This means that attackers to open or create files with root privileges that can reside anywhere in the OS X file system.
“This is obviously a problem, because it allows the creation or opening (for writing) of any file in the filesystem. And because the log file is never closed by dyld and the file is not opened with the close on exec flag the opened file descriptor is inherited by child processes of SUID binaries. This can be easily exploited for privilege-escalation,” Esser said.
The vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. Importantly, the current beta version of 10.11 is free of the flaw, an indication that Apple developers may already be aware of the vulnerability.
An Apple spokesman said that engineers are aware of Esser’s post of course they did not say they would do anything about it. They will have to go through the extensional crisis involved in realising that their product was not secure or perfect. Then the security team will have to issue orders, signed in triplicate, sent in, sent back, queried, lost, found, subjected to an internal inquiry, lost again, and finally bury it in soft peat for three months and recycled as firelighters.
The promotion launched later this year than in the past: In 2014, for example, Apple started its back-to-school campaign July 1.
Buyers who purchase a qualifying Mac between now and Sept. 18 receive a $199.95 credit toward a a pair of Beats Solo2 On-Ear Headphones, which list for that amount. Alternately, the credit can be applied to a pair of Beats Solo2 Wireless On-Ear Headphones, which run $299.95, making the out-of-pocket expense $100.
The promotion launches today in Apple’s retail stores and participating authorized on-campus stores but won’t appear on the company’s e-store until Aug. 6.
9to5Mac.com first reported on the promotion earlier today.
This year’s back-to-school promotion gives parents of college students and incoming freshmen, and teachers and staff members of all grade levels — including K-12 — the credit when they buy a new iMac, Mac Pro, MacBook, MacBook Pro or MacBook Air. Unlike years past, iPads and iPhones do not qualify.
For the last four years, Apple has handed out gift cards and maxed the amount of the offer at $100. Before that, a more generous Apple gave rebates of up to $300 toward the purchase of an iPod Touch.
Educational discounts on the hardware also apply. MacBooks and MacBook Airs are reduced by $50 for parents of students and for faculty and staff. The discounts on other products are $100 on MacBook Pros, $100 to $200 on Retina 5K iMacs, $50 to $100 on iMacs, and $200 to $300 on Mac Pros.
The flaws could potentially be exploited to execute malicious code on computers when users visit compromised websites or open specially crafted documents. They were reported through Hewlett-Packard’s Zero Day Initiative (ZDI) program.
HP’s TippingPoint division, which sells network security products, pays researchers for information on unpatched high-risk vulnerabilities in popular software. The company uses the information to create detection signatures, giving it a competitive advantage, but also reports the flaws to the affected vendors so they can be fixed.
The ZDI team gives vendors 120 days to develop fixes before making limited information about the flaws reported to the public. That deadline was apparently reached for the four Internet Explorer vulnerabilities this week.
The ZDI advisories describe the type, impact and general location of the flaws, but intentionally leave out technical details that could help attackers create exploits for them. In other words, they don’t classify as full disclosure.
Three of the new ZDI advisories don’t have sufficient information for other researchers or hackers to easily rediscover the issues, said Carsten Eiram, the chief research officer at vulnerability intelligence firm Risk Based Security, via email. The fourth one, however, is a bit more detailed, he said.
That advisory, tracked as ZDI-15-359, covers a vulnerability that was used by security researcher Nicolas Joly during the Mobile Pwn2Own hacking contest organized by ZDI in November last year. As part of the contest rules, researchers disclose the vulnerabilities they use with ZDI, which then shares them with the affected vendors.
Microsoft said in an emailed statement that it would take “appropriate steps” to protect its customers, but noted that no attacks had been reported so far.
The biggest U.S. wireless service provider added 1.1 million wireless retail postpaid subscribers – those who pay each billing cycle based on usage – on a net basis in the second quarter, in line with estimates from analysts polled by market research firm FactSet StreetAccount.
Customer defections, also known as churn in the telecommunications industry, for Verizon’s wireless postpaid business dipped to 0.90 percent versus the 0.99 percent estimated by FactSet.
Revenue from Verizon’s FiOS high-speed Internet, TV and phone service rose 10 percent to $3.4 billion, while tablet sign-ups totaled 852,000 in the quarter.
Wireless carriers have been offering heavy promotions and discounts on tablets as they look to boost crucial subscriber growth numbers and limit customer churn.
Verizon is gearing up to launch its online video service to unlock new revenue streams as competition in the wireless industry from smaller players such as T-Mobile US Inc and Sprint Corp heats up.
The company bought AOL Inc in June in a $4.4 billion bet that a push into mobile video and targeted advertising can help it find new growth avenues.
Verizon said it added 842,000 4G smartphones to its postpaid customer base in the quarter.
Google will begin closing down the service on Aug. 1 on Android, with the Web and iOS devices to follow soon after.
For a time, Google touted the service as a key element in Google+, with a range of editing tools and image enhancement technologies rolled out over the years.
But Google hinted that its days might be numbered when the company rolled out its new Google Photos service at Google I/O in May.
The closure of Google+ Photos is likely to prompt more questions about the future of Google+, which has struggled to rival the success of Facebook.
Photos and videos stored in Google+ Photos will be moved to Google Photos. People who don’t want to use the new service can download their images using Google Takeout, the company said.
Google Photos provides free, unlimited photo and video storage in Google’s cloud, along with tools to organize the media.
Qualcomm is preparing to axe several thousand employees following a glut of problems and stiff competition in a tough market.
A report on The Information citing sources “inside and outside the company” said that Qualcomm could announce the laying off of up to 10 percent of its 30,000-strong workforce when it releases its quarterly results on Wednesday.
However, it’s still unknown which departments will be affected by the prospective job cuts.
If the rumour is true, the move to drop such a substantial amount of its workforce could be down to increasing competition from chip firms such as MediaTek, Samsung, which recently dropped Qualcomm in favour of its own Exynos chip for the Galaxy S6, and other small Chinese companies that specialise in making chips for budget phones.
Qualcomm reported a 46 percent drop in Q2 profits in April, and the sources said that the company could shift more research and development activities to low-cost countries such as China and India to save money.
Whether that’s true or not, it’s clear that Qualcomm is going to have to make some major changes to its strategy, and quick, because the company’s outlook becomes progressively worse as the months roll on.
Qualcomm debunked chatter in April that LG ditched its octa-core Snapdragon 810 chip for the G4 owing to overheating problems. Many scoffed at the firm’s decision to go with Qualcomm’s hexa-core Snapdragon 808 chip, instead of the latest and greatest Snapdragon 810 offering.
This re-fuelled speculation that Qualcomm’s Snapdragon 810 chip has been suffering problems. Qualcomm denied the overheating claims, saying that LG’s decision to stuff the G4 with a Snapdragon 808 chip was made “over a year ago” and had nothing to do with the persistent rumours surrounding the 810.
However, a few months later, in June, Sony admitted that its latest Xperia Z3+ is overheating owing to problems with the 810 chip.
Sony acknowledged the overheating after it was detected in tests run by GSMinfo in the Netherlands, which found that the camera app crashed after a few minutes of video recording and that an unusual amount of heat was felt on the rear of the device.
The Japanese firm said that it will release a software fix in the summer to tackle the fault, which is a known problem seen in other handsets powered by the processor.
But that’s not the end of Qualcomm’s problems. Earlier this month, the chipmaker found itself under the watchful eye of the European Commission which launched two investigations into the US chipmaker’s alleged anticompetitive practices.
The first investigation will examine whether Qualcomm abused its dominant market position by offering financial incentives to customers on the condition that they order its baseband chips exclusively.
The second will look at whether Qualcomm engaged in “predatory pricing” by selling 3G chips well below cost in a bid to force competitors out of the market.
Costco Wholesale Corp , Sam’s Club and several other large retailers have disabled their online photo printing stores in recent days, over concerns about a possible data breach at PNI Digital Media, which manages and/or hosts photo services sites.
Last week CVS Health Corp disabled its CVSphoto.com site, and the week before Walmart Canada’s walmartphotocentre.ca took a similar action after it was informed that customer credit card data had been potentially compromised.
Other photo printing sites that might have been recently affected included Rite Aid Corp and British supermarket chain Tesco’s.
“We take the protection of information very seriously. PNI is investigating a potential credit card data issue, and outside security experts are assisting in the investigation,” said Kirk Saville, vice president, global communications at Staples Inc, which bought Vancouver-based PNI last year.
Some websites said they had been advised by PNI of a potential breach, while others said they acted because of recent reports.
Costco Canada and Rite Aid noted that PNI has limited access to customer information since it does not process credit cards, but the photo service sites were temporarily taken down as a precaution.
CVS and Walmart Canada asked customers to monitor their credit card transactions closely for unauthorized charges.
Tesco’s page simply said it was it was unavailable for routine maintenance.
The retailers’ main websites and other services were not affected by the potential breach.
Microsoft has decided that there is no point putting Windows 10 on a DVD and insisting that people install from a Flash drive.
Windows 10 will be shipped on USB drives rather than traditional DVDs, although you might be able to find one on DVD if you ask Microsoft very nicely.
USB versions of Windows 10 Home and 10 Pro are listed for pre-order on Amazon already, running $120 and $200 respectively.
It is all fairly obvious. Most cheap PCs ship without a drive these days which has made home-made USB installation drives the only option. We can still remember the outcry when people complained about the number of floppy disks it took to install Windows 95.
Windows 98 came out on a CD drive to cut down the numbers. Now it seems that DVDs are now going the way of the dodo too.
The news is important because it sells chip making equipment to fabs so if it is doing well so are they.
ASML’s forecasts are closely watched by investors for clues to how key clients Samsung, Intel and TSMC are building the next generation of chips for computers, smartphones, auto and industrial products.
The Dutch outfit reported second-quarter net profits fell 7.2 percent to 369.7 million euros on a 0.6 percent increase in sales to 1.65 billion euros. That was broadly in line with the consensus analyst estimates of 361 million euros, which ranged broadly from 344 million euros to 413 million euros.
It forecast third-quarter sales of between 1.5 billion and 1.6 billion euros, in line with or slightly above what the cocaine nose jobs of Wall Street expected.
Chief Executive Peter Wennink said was jolly pleased with the news.
“We’re suspending the availability of Windows 10 builds briefly while we prepare for [using the official roll-out process], and the next build that we flight to you will be delivered using the production channels,” said Gabriel Aul, engineering general manager for Microsoft’s OS group, in a revised blog yesterday. “We’re very close to our public release and we’re working very hard to get everything just right.”
Aul promised that the suspension would be short, but that disk images — large files in .iso format that testers can use to do a “clean” install of the OS — would also be deferred. “We really need Insiders to be using, stressing, and validating our distribution and upgrade processes,” Aul said in explaining the .iso pause.
Pre-release activation keys will no longer validate the previous preview builds shipped as .iso files, Aul added. He did not say whether activation codes would be provided at some future point for those who wanted to test Windows 10 after the official launch, and do a fresh install rather than an in-place upgrade from Windows 7 or 8.1.
If new activation keys are not offered down the line, people who wanted to dive through a loophole — one acknowledged and apparently approved by the Redmond, Wash. company — to obtain a free copy of Windows 10, even if they didn’t qualify for the free upgrade, may be out of luck.
The build and .iso suspensions signal that Microsoft will soon declare Windows 10 at the “release to manufacturing” (RTM) milestone, an important waypoint because that code will be handed to device makers for pre-loading on new hardware. Earlier rumors had pegged RTM for last week, but that didn’t happen.
Security gurus at Malwarebytes have been working on anti-malware software for Macs to ensure that Apple computers are protected from the latest online threats.
In what is perhaps more evidence that Macs should no longer be viewed as immune from malware, the release of Anti-Malware for Mac represents Malwarebyte’s first product dedicated to what the firm calls “underserved Mac user communities”.
The new product is designed to detect and remove malware, adware and potentially unwanted programs, capabilities that Malwarebytes said have been repeatedly requested by customers.
The release also sees Malwarebytes acquiring AdwareMedic by The Safe Mac, which will see AdwareMedic creator and owner Thomas Reed joining the company as director of Mac offerings. The security firm said that this will lead to a growing team of Mac developers and researchers.
“We’ve had repeated requests from our customers and community for malware protection on the Mac, and are now proud to unveil the first version of Malwarebytes Anti-Malware for Mac,” said Chad Bacher, VP of products for Malwarebytes.
“Our vision is to provide protection across all devices, regardless of type or operating system.”
Macs have traditionally been seen as immune from viruses, but Malwarebytes seems to think it’s pretty important that they are protected.
The firm said that there has been a proliferation of new adware in the past two years, including Genieo, Conduit and VSearch, that inject ads and pop-up hyperlinks in web pages, change the user’s homepage and search engine, and insert unwanted toolbars into the browser.
Other features of the Malwarebytes software include the removal of malware, including Trojans, quick virus scanning and simple program management.
Malwarebytes Anti-Malware for Mac 1.0 is available as a free consumer download from today. Small business and enterprise versions will be unveiled later this year, the firm said.
Skylake will show its face in August, for both the notebook and desktop markets, and we have some new information about the upcoming desktop parts.
Two cheapest desktop parts in the Core i5 league are called the Core i5 6500 and Core i5 6400. The Core i5 6500 will replace the Core i5 4590 processor and the new Skylake part will work at 3.2GHz. With the help of turbo it will reach 3.6 GHz with at least one of its cores. This is still a quad-core, four thread processor and it comes with 6MB of cache memory.
The processor supports both DDR4 2133 and DDR3L 1600 RAM, and its graphics core works at up to 1050 MHz. This is a 65W TDP part, which is significantly better than 84W TDP with Core i5 4590.
The Core i5 4590 has four cores 6MB cache and is clocked to 3.3GHz by default, and up to 3.6GHz with turbo. We expect that Core i5 6500 ends up at $202 for the box version and $192 for the tray version without a cooler.
The slowest Core i5 version of Skylake is called Core i5 6400 and this one works at 2.7GHz, with turbo capability up to 3.3GHz. It still has 6MB of cache and supports DDR4 2133 and DDR3L 1600 but its graphics core is slowed down to 950MHz. This is still a 65W TDP processor that will end up even cheaper in retail. The Core i7 and Core i5 Haswell processors are expected to launch in Q3 2015, followed by Core i3 and Pentium version in Q4 2015.
Forrester predicted that tablets used for enterprises will grow to 20% of the entire market by 2018, up from 6% in 2010. These include Apple iPads as well as Windows and Android tablets that are generally purchased and managed by a company on behalf of workers, either for solo use or shared with others.
That level of growth is impressive compared to the recent sales dip for the iPad, which sold 12.62 million iPads in the second quarter, a drop of 23% compared to the same period a year ago, Forrester analyst JP Gownder noted in a blog.
“Clearly, all is not well in tablet-land,” Gownder said.
In a separate report, Gownder noted a nose-dive in Android tablet prices, which recently went from below $200, then to less than $100 and even under $50 — “stripping away profit margins.”
Forrester and other analyst firms have noted the general tablet decline, attributed mainly to consumers keeping older tablets and to the growth of bigger smartphones with displays that are larger than 5-in., sometimes called “phablets,” that reduce the need for smaller tablets. The Galaxy Note 4 and iPhone 6 Plus are examples of such smartphones.
IDC noted the tablet slowdown last October, and predicted slowing growthfrom 2016 through 2018.
The bright spot — tablets purchased by companies — is being driven by various factors, Gownder said, including a vendor focus on enterprise services and apps. Microsoft and Dell, among other partners, will benefit with Windows 10 on tablets, while the Android for Work initiative will help address Android security concerns with tablets, he said. And Apple has partnered with IBM to provide iOS apps for tablets that matter in workplaces.
The desire by workers to use tablets and bring their own devices to work has helped push company purchases, he said. The tablets are being used in various ways by different workers, including package delivery drivers, sales associates and field technicians and even by restaurant customers to review menus at their tables.
Microsoft will continue making smartphones for its Windows 10 Mobile operating system, but the company has squashed the device strategy pursued by its former CEO and will probably give up entirely unless Windows 10 reverses years of missteps in mobile, analysts said.
After Microsoft wrote down $7.6 billion of its investment in Nokia and again reorganized, it will turn to a revamped, two-part strategy, one piece older, the other relatively new, the experts argued.
Microsoft’s smartphones will follow the trailblazing of the more successful Surface tablet line, which after two years with little return hit its stride in 2014 with the debut of the Surface Pro 3. “We are moving from a strategy to grow a standalone phone business to a strategy to grow and create a vibrant Windows ecosystem that includes our first-party device family,” CEO Satya Nadella told employees in an all-hands email recently.
In plain English, the Lumia line will be relegated to a peripheral position — the spot the Surface Pro 3 now occupies in comparison to the broader personal computing device market and best exemplified in smartphones by Google’s “hero” Nexus handsets.
“Microsoft will have something very similar to where the Surface line is now,” said Patrick Moorhead, principal analyst at Moor Insights & Strategy, in a Friday interview. “The idea will be to create inspiring hardware that motivates their ecosystem. They’ll go after the ‘halo’ effect.”
Windows phones will not disappear. Not yet. “I am committed to our first-party devices including phones,” asserted Nadella, showing that, at least for now, Microsoft won’t scrub Windows smartphones from its portfolio.
The reality, however, is stark: Even with billions poured into mobile, Windows powered just 2.7% of the handsets shipped worldwide last year, down from 3.3% in 2013, according to IDC. And because Microsoft was responsible for more than 95% of all Windows smartphones in 2014, a pull-back by the firm means there’s little chance of changing the OS’s fortunes.
Apple rolled out mobile payments in Britain on Tuesday, hoping to make a splash with consumers familiar with using cards for tap-and-go purchases, as resistance from hold-out banks and stores appeared to evaporate.
Starting Tuesday, Apple Pay became available in 250,000 sites, from Tube stations to coffee shops, supermarkets and travel services, making it more widely available than when it was first introduced in the United States nine months ago.
Users first load their credit and debit card details into an app on their Apple phones or watches. To pay, customers hold the device near a contactless terminal with the user’s fingerprints confirming their identity.
The service is one of Apple’s biggest bets, a way of binding customers more tightly to its phones and new smart watches, as well as taking a small slice of every retail transaction.
Apple Pay will eventually be supported by all major British banks. The last hold-out, Barclays, confirmed on Tuesday its debit card users and Barclaycard credit card customers will be able to use Apple Pay in the future.
However, there also were some first-day teething problems. Another major bank, HSBC Holdings said it was having technical problems that will lead to a two-week delay before its clients in the United Kingdom can sign up to the service.
Morning subway commuters in the capital were greeted by advertisements from several major banks encouraging the fraction of their customers with the latest-model Apple phones, tablets and smartwatches to link their payment cards to Apple Pay.
Tube-operator Transport for London and big retailers Boots, the British pharmacy business of Walgreens Boots Alliance; Costa Coffee, a part of Whitbread; supermarkets Marks and Spencer and Waitrose all lined up to support Apple Pay.
So far, Apple has been reported to be working to introduce its mobile payments service in China, South Korea and Canada.