Apple releases OS X bash update 1.0 addressing Shellshock vulnerability

Screen Shot 2014-09-29 at 5.28.58 PM

Apple has just released a new download for users on OS X Mavericks to address the recently-discovered “Shellshock” bug. Apple previously noted that that only a few Macs were actually impacted by the bug and that most users were protected by default. The company promised to release an update shortly to address those who had manually configured their computers in a way that left them exposed.

For users on older versions of OS X, the Mavericks fix will not work. To secure those systems, there are separate downloads for Lion and Mountain Lion. The patch will likely be available through the built-in OS X Software Update mechanism soon. There is currently no patch for machines running the public or developer builds of OS X Yosemite.

3rd-party Lightning cable providers bypass iOS 7 check in new MFI Cat and Mouse game

We were the first to report that iOS7 notifies users that they were using non-certified 3rd party Lightning cables in iPhones and likely iPads and iPods as well. Apple currently still allows these cables to charge and sync data with iOS devices but if Apple can detect these cables, that means they could also disable iOS 7 from using these cables in a future version of iOS.

One third party company called iPhone5mod (coincidentally, the company that made the cable used to demonstrate iOS7 warnings in the images here) says it has a way around Apple’s warnings and theoretically around detection at all… Read more

Apple releases iOS 6.1.2 with fix for Exchange calendar bug

Screen Shot 2013-02-19 at 1.06.21 PM

As expected, Apple just released iOS 6.1.2 with a fix for the Exchange bug in iOS 6.1 that we previously reported. The 107mb update is available OTA and comes with build number 10B146 .We reported earlier this month that AOL had informed its corporate employees via email that it would temporarily disable the ability to manage meetings with Exchange on iOS devices running iOS 6.1. AOL confirmed it was working with Microsoft and Apple to fix the “continuous loop” bug, and many had highlighted the problem on Microsoft’s forums.

Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life.

The release notes only list the Exchange issues, but ArsTechnica looked deeper to see if it also fixed the passcode unlock bug from iOS 6.1. :

We tried the convoluted unlock exploit on our own iPhone and were able to unlock the screen successfully under iOS 6.1.1, and the same process once again unlocked the phone in iOS 6.1.2. Put simply: it doesn’t look like this update fixes the passcode unlock bug, according to our testing.

A previous report from iFun, which predicted today’s release of 6.1.2, claimed enhancements to maps in Japan that Apple introduced in the recent 6.1.1 beta would reach consumers in the coming weeks as iOS 6.1.3.

Adobe releases emergency Flash security update to address malware attacks on OS X

HT5655-Sheet-001-en.

As noted by ArsTechnica, Adobe just released an unscheduled patch to address two vulnerabilities that could be the source of malware attacks on both OS X and Windows. Apple has also issued a KB urging users to update. According to the advisory posted by Adobe, the attacks targeted Firefox or Safari users on Mac:

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

The update is available through Adobe’s website here.