Skip to Content
-A A +A

Mac OS X v10.6.5 and Security Update 2010-007 now available

Wed, 11/10/2010 - 3:03pm — boelder

Apple today has released Mac OS X 10.6.5 and Security Update 2010-007, addressing numerous security vulnerabilities in the components that make up Mac OS X 10.5.8 and Mac OS X 10.6.x. The updates are available from Apple, and can be downloaded using the Software Update option under the Apple menu.

, , ,

Apple: Update iPhoto '11 to 9.0.1 before upgrading library

Mon, 11/01/2010 - 3:36pm — boelder

Apple recommends updating iPhoto '11 to 9.0.1 before attempting to import or upgrade an existing iPhoto library. Some users reported issues when attempting to update older photo libraries prior to the release of iPhoto '11 9.0.1.

Apple updates Java for Mac OS X 10.5.8, 10.6.4

Thu, 10/21/2010 - 9:42pm — boelder

Java for Mac OS X 10.6 Update 3 has been released for Mac OS X 10.6.4, and

Security Update 2010-006 addresses vulnerability in AFP

Mon, 09/20/2010 - 11:42am — boelder

Apple has released Security Update 2010-006, an update that addresses a highly critical password bypass vulnerability in AFP (Apple Filing Protocol). The update is available for Mac OS X 10.6.4 and an immediate installation is recommended for systems on which file sharing is utilized.

Security Update 2010-006

  • AFP

    CVE-ID: CVE-2010-1820

    Available for: Mac OS X v10.6.4, Mac OS X Server v10.6.4

    Impact: A remote attacker may access AFP shared folders without a valid password

    Description: An error handling issue exists in AFP Server. A remote attacker with knowledge of an account name on a target system may bypass the password validation and access AFP shared folders. By default, File Sharing is not enabled. This issue does not affect systems prior to Mac OS X v10.6. Credit to Richard Noll for reporting this issue.

, , , ,

iOS 4.1 released for iPhone and iPod touch

Wed, 09/08/2010 - 8:23am — boelder

Apple today has released iOS 4.1 - an update that addresses issues reported since the release of iOS 4.0, including a number of important security updates to various components of the mobile device operating system.

The security content of iOS 4.1 includes:

iOS 4.1 for iPhone and iPod touch

  • Accessibility

    CVE-ID: CVE-2010-1809

    Available for: iOS 3.0 through 4.0.2 for iPhone 3GS and later, iOS 3.0 through 4.0.2 for iPod touch (3rd generation)

    Impact: An application's use of location services may not be announced through VoiceOver

    Description: A user interface accessibility issue exists in the settings panel for Location Services. VoiceOver does not announce the presence of the location services icon that is shown next to an application that has requested the user's location within the last 24 hours. This issue is addressed by ensuring that VoiceOver announces the presence of the icon. Credit to Robin Kipp of Forever Living Products Europe for reporting this issue.

  • FaceTime

    CVE-ID: CVE-2010-1810

    Available for: iOS 2.0 through 4.0.2 for iPhone 3G and later, iOS 2.1 through 4.0.2 for iPod touch (2nd generation) and later

    Impact: An attacker in a privileged network position may be able to redirect FaceTime calls

    Description: An issue in the handling of invalid certificates may allow an attacker in a privileged network position to redirect FaceTime calls. This issue is addressed through improved handling of certificates. Credit to Aaron Sigel of vtty.com for reporting this issue.

  • ImageIO

    CVE-ID: CVE-2010-1811

Safari 5.0.2 & Safari 4.1.2 released

Tue, 09/07/2010 - 2:45pm — boelder

Apple today released Safari 5.0.2 and Safari 4.1.2, addressing security issues in the WebKit-based browser. The update addresses security concerns in both the Mac and Windows versions of the popular browser:

Safari 5.0.2 and Safari 4.1.2

  • Safari

    CVE-ID: CVE-2010-1805

    Available for: Windows 7, Vista, XP SP2 or later

    Impact: Opening a file in a directory that is writable by other users may lead to arbitrary code execution

    Description: A search path issue exists in Safari. When displaying the location of a downloaded file, Safari launches Windows Explorer without specifying a full path to the executable. Launching Safari by opening a file in a specific directory will include that directory in the search path. Attempting to reveal the location of a downloaded file may execute an application contained in that directory, which may lead to arbitrary code execution. This issue is addressed by using an explicit search path when launching Windows Explorer. This issue does not affect Mac OS X systems. Credit to Simon Raner of ACROS Security for reporting this issue.

  • WebKit

    CVE-ID: CVE-2010-1807

    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2 or later, Mac OS X Server v10.6.2 or later, Windows 7, Vista, XP SP2 or later

    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

iTunes 10 introduces Ping, AirPlay

Wed, 09/01/2010 - 11:06am — boelder

iTunes 10 will be available today - the update to iTunes integrates a new music-oriented social networking component called Ping and features AirPlay, a "wireless music playback to listen to your music on remote speakers using Apple’s AirPort Express® base station. In addition, AirPlay now works without AirPort Express, using speakers, receivers and stereo systems from companies including Bowers & Wilkins, JBL, Denon and iHome, so you can enjoy your entire iTunes music library wirelessly from any room in the house with no extra gear required."

,

Apple redesigns iPod family

Wed, 09/01/2010 - 10:28am — boelder

Apple has revamped their iPod family of devices, including a newly redesigned iPod nano and iPod touch. The new iPod touch has FaceTime for video chatting, along with an HD video camera. Check out the new designs!

Apple introduces 2nd generation Apple TV

Wed, 09/01/2010 - 9:11am — boelder

Apple today has introduced the second generation of Apple TV - a tiny box that is one quarter the size of the current version. The new Apple TV is stream-based, and has no 'storage management'. Along with the Apple TV hardware update, Apple also announced a rental-only agreement with media providers Fox and ABC to rent commercial free content for $.99 per show. The device also streams content from Netflix & YouTube.

Apple to stream September 1st announcement

Tue, 08/31/2010 - 8:45pm — boelder

press release from Apple indicates that, "Apple® will broadcast its September 1 event online using Apple’s industry-leading HTTP Live Streaming, which is based on open standards. Viewing requires either a Mac® running Safari® on Mac OS® X version 10.6 Snow Leopard®, an iPhone® or iPod touch® running iOS 3.0 or higher, or an iPad™. The live broadcast will begin at 10:00 a.m. PDT on September 1, 2010 at www.apple.com."

Syndicate content