Apple Thoughts - News & Reviews on all things Apple

"According to a Microsoft security bulletin, seven privately reported vulnerabilities in Excel could allow remote code execution if a user were to open a specially-crafted file. By exploiting those vulnerabilities, an attacker could gain the same user rights as a local user."

So in order to fix this, Microsoft released two updates, Microsoft Office 2008 for Mac 12.2.4 Update and Microsoft Office 2004 for Mac 11.5.8 Update. These updates will, as described by Microsoft, take care of “vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.” The updates will also improve stability and slow performance.

Microsoft also brought out two other updates: Microsoft Entourage 2008 for Mac, Web Services Edition 13.0.4 (which will now allow you to synchronize notes, tasks, and categories with Exchange Server), and Microsoft Open XML File Format Converter for Mac 1.1.4 (which lets you convert Open XML files created in Office 2008 for Mac or Office 2007 for Windows).

"The application provides its users with real-time information on travel warnings, including terrorist threats, disease outbreaks and natural disasters."

iTravelAlert is normally $1.99 USD but is available now in the iTunes Store for $0.99 USD. According to the developer, iTravelAlert is the "only application offering complete, real-time news and information for international travel safety and health." It seems to cover all the bases, providing data and alerts from Homeland Security News, Emergencies and Disasters News, H1N1 Pandemic and various other communicable disease news sites and current travel alerts and warnings.

I don't see that it has Push Notifications however, and that would be a valuable quality for an application such as this one.

"Arten Science has announced that its MonitorMyMac software will now be offered as a free download. The application can be set up to take timed images, which can be stored locally or uploaded to an FTP server or MobileMe account."

You can take the snapshots from your webcam, screenshot your computer screen or do both. Then it automatically uploads to your designated online storage. This offer is only for parents, with the intent of helping you monitor their usage and keeping them safe from all the dangers on the Internet. But all you have to do is give them your name and email and they send you a key so it is based on the honor system. They also give you the option to donate if you wish. You can get more info at the MonitorMyMac website.

"Agile Web Solutions has announced 1Password 3.0.4, an update to its award-winning password and identity manager for the Mac. This deceptively minor update adds over 60 new features, changes, and fixes, and is available free to registered users."

Some new features with 3.0.4 such as Quick Look which lets you see file attachments for 10.6 Snow Leopard users to better organize and view files that were saved in 1Password. They also added tagging, improved the Wi-Fi syncing process (thank you very much) and improved importing options for those switching from other programs to 1Password. This is a paid upgrade but if you have purchased 1Password 2 on or after February 1 2009, you get free license upgrades to the new version. If you are outside that free upgrade period, you can still get a deal with single license upgrade at $24.95 USD and family upgrade for $34.95 USD, 17% and 30% savings respectively.

"Mac OS X and iPhones that haven't been jailbroken fare pretty well (although vulnerabilities exist, there's not been a lot of exploitation). Apple does come in for criticism for 'time to fix' known vulnerabilities. Jailbroken iPhones are a mess. The biggest risk to Macs are Trojan horses, often from pirated software."

Interesting that one of the biggest complaints in the report is how Apple handles reports of problems with the security of OS X, which unfortunately is very slowly. Even after acknowledging that OS X could be vulnerable, and placing an anti-malware feature in Snow Leopard, the report states that "as of January 2010, this anti-malware feature has not been updated, and still scans for the same two Trojan horses and nothing else."

If you are interested, you can download the full report here.

"Back at the dawn of the Web, the most popular account password was "12345." Today, it's one digit longer but hardly safer: '123456.'"

Image Credit: Dilbert, UFS, Inc.

I had to laugh when I read the list, my first guess was "password" as the most popular but it lost out to 123456, followed by 12345 and 123456789. Incredible.

"Apple on Tuesday released Security Update 2010-001 for Mac OS X Snow Leopard as well as versions for both client and server releases of its predecessor, Mac OS X Leopard. These updates improve the security of Mac OS X are recommended for all users of the respective versions."

Image Credit: jonathan-hardesty.com

The cat is upset you haven't updated yet, as it fixes some security problems associated with Adobe Flash. What are you waiting for?? Check them out here or just use your software update option. Or you can always go to Apple's support download page here.

"The MHA, a Kentucky-based software company with a name that can be tough to work into sentences, released Airlock on Tuesday. Airlock unlocks your Mac when you approach it, and locks it again when you walk away, using the magic of Bluetooth to detect your proximity by looking for your iPhone (or later-gen iPod touch). Always assuming you don't forget your phone at your desk, of course."

This is something I'm interested in trying out, since I have to really be diligent on locking my laptop at work as my fellow employees are practical jokers that love to mess with an unprotected laptop, or iPhone for that matter. The program costs $7.77 USD and can be used on up to 3 Macs. There is also the failsafe manual password option in case your iPhone or iPod Touch runs out of juice. They do note, however, that there has been a recent compatibility issue with the wireless mouse and keyboard, and are working with Apple to correct it. More info can be found at the MHA website.

"When you normally delete your files in Mac OS X, the operating system is only forgetting where those particular files are placed, while the data still physically remains on the drive. Beginning with Mac OS 10.3, Apple enhanced its security by introducing the Secure Empty Trash feature, which follows the U.S. DoD pattern of overwriting data seven times."

Edenwaith created Permanent Eraser and it uses what they say is an even stronger level of deletion by using the Gutmann Method. Basically it overwrites the data 35 times along with some other modifications so that it can't be read via traditional means. This can also erase your CD-RWs and DVD-RWs. It is free Universal Binary and requires OS X 10.3.9 or later.

"iPhone and iPhone 3G users hit a roadblock last week trying to login to Exchange 2007 servers after upgrading to iPhone OS 3.1. Because the problems began with the latest update, it may seem reasonable to assume that the update is to blame, but it's not. In fact, everything is working exactly how it's supposed to be, according to Apple."

The problem is not with the iPhone 3GS, which still works fine, it is with the iPhone and the 3G versions. iPhone 3.1 fixed a glitch in 3.0 that didn't identify itself properly with Exchange, so now that it does, it requires hardware encryption but you can only do that with the 3GS. The only work around is with your IT admin, making sure they don't require the hardware encryption for your device. That is a simplistic explanation of the problem, but this one is out of my area of expertise. However, there is another article over at Apple Insider that goes into great detail on the problems with iPhone 3.1 and Exchange 2007, if you are inclined to learn more about this situation.

"Apple's Snow Leopard puts users at risk by installing an older version of Adobe's Flash player."

According to the blog post, "The initial release of Mac OS X 10.6 (Snow Leopard) includes an earlier version of Adobe Flash Player than what is available from Adobe.com. We recommend all users update to the latest, most secure version of Flash Player (10.0.32.18)." Woops, best get that upgraded if you have installed Snow Leopard!

"Apple's commercials may give the impression that Macs are virus-free but the company isn't taking any chances with the newest Mac OS X refresh."

I've never had a problem with malware or viruses either, but it is nice to know this is part of the package. Certain forms of malware have been found in some Mac products, albeit pirated ones, so it is good Apple is acknowledging the possibility, even if they are doing it below the radar.

"At the same time that Apple released Mac OS X 10.5.8, the company also dropped four security updates for users of OS X 10.4."

Don't worry Tiger users, if there are any of you left, Apple hasn't forgotten about you! The four updates are security updates that affect PowerPC Tiger and Tiger Server, as well as the Intel versions of both. This does require that OS X 10.4.11 be installed.

The Claim: "SafeWallet is a secure storage application designed to help you manage all your private information in one secure solution! Use SafeWallet to store all kinds of information, such as: credit cards information, online passwords, bank account info, registration codes, ATM PINs, emergency contacts, addresses, serial numbers and create your own card templates for your own custom information! SafeWallet uses 256-bit AES encryption, in accordance with the standard adopted by the U.S. government, to ensure the safety of your sensitive information!"

The App: SBSH SafeWallet is one of the premiere digital wallet applications for Windows Mobile, Symbian S60 and BlackBerry Handhelds. Will their latest release of their first iPhone app hold up to the reputation of its predecessors? Read on to find out! Read more...

"The new iPhone 3GS includes hardware-based encryption, giving the impression that your data is more secure than on previous models. A well-known iPhone security expert shows, however, that the data is just as easy to grab using simple hacking tools."

This is an interesting article about encryption on the iPhone, and for the casual user it seems you don't have much to worry about. However if you become the target of a serious hacker, you could be in trouble. Not too likely in my circumstances, but I suppose it could happen if I were an enterprise user and kept sensitive data on my iPhone. I do keep some sensitive data but I use the normal password feature plus 1Password for that extra peace of mind. And I also have the option of the remote wipe if it came right down to it as a MobileMe subscriber. Anyone worried about your iPhone being hacked?

"With Apple's release of Safari 4, Agile Web Solutions has updated its 1Password software to 2.9.19, adding support for the new version of the Web browser. It's a free update for version 2.x users, and costs $40 for a new license."

This is a handy program, one you can use on your Mac or your iPhone, and now there is an update so it works with Safari 4. I have actually been using it with the beta version of Safari and it has worked fine. This is version 2.9.19 and requires Mac OS X 10.4 or later. It's $39.95 USD for a single license, $69.95 for a family license of 5 computers, and of course it is a free update if you already own it.

"A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system. A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493)."

Several versions of the software are affected but Adobe is offering updates to fix new and old. If you have Adobe Reader 9.1 and Acrobat 9.1, or earlier standard or pro versions, head on over to Adobe and download the fix. They have downloads to fix Windows, OS X and Unix systems all on the same page so you folks that have multiple systems can get the right fix from one page, or at least get directed to the right page.

"Some days it seems the entire world is waiting with bated breath for the eventual fall from grace of the long-vaunted Macintosh security. From industry publications to the mainstream press, even the slightest Mac security hiccup spurs an onslaught of articles, debates, and even the occasional cable news headline. Some stories declare us invulnerable to attacks, while others give the impression that by the time you jump up from your armchair and rush to your Mac, it will already be infected and funneling your life's savings and family photos to Nigerian spammers. For us Mac users it can be difficult to discern the lines between truth, hype, and outright fantasy."

Great article, and frankly as a Mac user you need to have a pretty good BS detector when it comes to security stories. As of right now there are zero viruses in the wild for the Mac. If you engage in high-risk behavior such as downloading warez, you're going to be the victim of malware and other maladies just like you would on any platform. The difference is that there just isn't the volume of danger for Mac users, yet. Despite the best efforts of "security experts" to paint things otherwise, one or two Mac infections does not even come close to what our Windows brethren put up with.

That's not opinion, it's fact. Read the article for help in honing your BS detector; I found these tips particularly good for new switchers who don't really know how different things really are.

"The recent Conficker virus scare had me warning relatives to protect their PCs, while also simultaneously gloating about how lucky I am to not be affected, since I'm a Mac user. You could say it bordered on the obnoxious, and you'd be right. But it looks like I may have to eat some humble pie now that a bug has been found in VMware Fusion that could potentially allow malicious code to be run on your Mac using a virtualized Windows machine as a conduit. Obviously, Windows is still the weak link here, but it doesn't make your Apple machine any less vulnerable."

This is a good reminder that just because it is a Mac, it doesn't mean that it is safe. Especially if you are running Windows on your machine. The flaw in question was discovered by Immunity Inc. exploit researcher Kostya Kortchinsky, and it allows the virtual machine display function to read and write code in the host operating system.

According to the article "Kortchinsky demoed the flaw using a Vista machine running a guest OS of Windows XP, but said the flaw is just as easy to exploit in OS X running Fusion, though they hadn't yet actually run live tests of such a scenario." Luckily, VMware is on top of things and have posted a software update to fix the problem.

The AppleBlog did a comparison of four security programs from last fall for the Mac in case you are interested in checking out a few ways to protect your Mac.

"A patent application shows that Apple is considering adding a security mechanism to the iPhone that would cause it to automatically phone a security agency after being stolen. Upon detecting a force exceeding a predetermined threshold, the device would enter a prevention mode, causing it to send a security transmission in the form of a telephone call or email containing it's GPS coordinates."

In the patent application, it discusses how this would be activated such as sudden movements beyond a certain vibration threshold, pre-determined standby time, etc. Seems to me it should be a lot simpler than that, like logging into a website that you have registered with previously and activating it that way. Or perhaps by calling your phone and punching in a code. I just think this sounds too complicated, but I'm glad they are at least trying to come up with something like this since I've been the victim of an iPhone theft previously and this would have been handy!