Apple releases Safari 7.0.3 with push notification changes, security improvements, and more

 

Screen Shot 2014-04-01 at 5.58.17 PM

After updating iWork for iCloud and its Mac and iOS counterparts, Apple has pushed out a new Safari update as well. The new version is 7.0.3 and contains mostly bug and security fixes. Apple has been beta testing this update with developers for the past few weeks. The two biggest parts of this update are changes to push notifications and the way URLs are handled.

For users who don’t want to be asked about push notifications from any site, there’s now a checkbox in the notification preferences that disables them entirely. Unchecking the box for “Allow websites to ask for permission to send push notifications” (seen above) will block all notification prompts in the future.

The second big change enables Safari to recognize new generic top-level domains (the .com bit at the end of the URL). The organization responsible for managing these has recently created several new ones for generic terms (like “.pizza”). Safari will now recognize these and go to the correct URL rather than trying to search for the term. Read more

Contestants at Pwn2Own take down Safari, but said OS X security is better than other systems

As usual, the annual Pwn2Own contest featured many hackers targeting the latest operating systems and browsers from the major vendors, including Apple. Threatpost reports that the “Keen Team” focused Safari on Thursday and exploited it with relative ease.

The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.

The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.

Read more

Nuance announces Dragon Dictate 4, with pre-recorded transcription features and Gmail integration

Nuance has just announced the next major version of its Mac dictation software, Dragon Dictate 4. The new version improves recognition accuracy as well as several new features, including the ability to machine transcribe from a pre-recorded audio file. You no longer have to be recording a voice live to get transcription.

Screenshot 2014-03-04 08.07.43We’ve had a quick play with the software and the accuracy is almost scary good compared to older versions of the software. Speaking in a normal voice gives you almost 100% accuracy and even mumbling seems to work. While Mavericks uses the same Nuance speech engine, Dictate 4 has a better interface for transcription and tons of extra features as outlined in the videos above and below.

Dragon Dictate software has also been updated for modern system architectures — it is a 64-bit app now.  This results in better performance and better memory management over its predecessors. The company says it has drastically reduced latency when interpreting speech.

Read more

Apple patched a major SSL bug in iOS yesterday, but OS X is still at risk

SSL-Bug-OSX

Update: Apple says an OS X fix is coming soon.

Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV  that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for.

Researchers from CrowdStrike described the bug in a report:

“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),”

Adam Langley, a senior software engineer at Google, also wrote about the flaw on his blog ImperialViolet and created a test site to check if you have the bug (pictured above): Read more

Apple releases Mavericks OS X 10.9.1 with improved Gmail support, Shared Link improvements, more

Apple has released OS X 10.9.1 for Mac via the Mac App Store today. The update includes a number of Mail related fixes including improved support for Gmail as well as numerous bug fixes. The update also fixes a VoiceOver issue that prevented sentences with emoji characters from being read…

Read more

Apple readies iBooks, Safari, Remote Desktop, and Mail bug fix updates for Mavericks

Screen Shot 2013-11-04 at 11.30.57 AM

In addition to the incoming OS X Mavericks Mail Update that we reported on previously, sources say that Apple is readying a slew of performance and bug fix updates for several other OS X Mavericks applications. According to the updates seeded today to Apple employees, Apple is preparing updates for iBooks, Safari, and the Remote Desktop Client apps:

Read more