patch Stories July 20, 2015

iTunes Connect experiencing multi-day outage for many users, here’s a fix

A noticeably large number of users are reporting issues logging into iTunes Connect, Apple’s developer portal for managing and distributing apps and other content to the App Store and iTunes. The outage appears to only be affecting a subset of users (we’ve had success logging in, for instance), but a growing number of developers have publicly voiced complaints online. Some users report not being able to access the service for going on four days:

Apple currently has yet to report any issues for iTunes Connect on its System Status page that tracks and reports downtime for its developer services.

Some users have reported success logging in after tweaking VPN settings, while another user posted the following workaround fix that others have used to patch what appears to be a Javascript issue at least temporarily until Apple officially addresses it:

We’ve reached out to Apple about the downtime, and we’ll update here if we hear back.

patch Stories September 29, 2014

Screen Shot 2014-09-29 at 5.28.58 PM

Apple has just released a new download for users on OS X Mavericks to address the recently-discovered “Shellshock” bug. Apple previously noted that that only a few Macs were actually impacted by the bug and that most users were protected by default. The company promised to release an update shortly to address those who had manually configured their computers in a way that left them exposed.

For users on older versions of OS X, the Mavericks fix will not work. To secure those systems, there are separate downloads for Lion and Mountain Lion. The patch will likely be available through the built-in OS X Software Update mechanism soon. There is currently no patch for machines running the public or developer builds of OS X Yosemite.

patch Stories February 4, 2014

Adobe releases critical security update for Flash exploit

Adobe released a critical security update to its Flash Player plug-in (version 12.0.0.44) on Tuesday that addresses an exploit that put machines at risk of being remotely accessed by attackers. You can grab the latest version of Flash Player here (OS X and Windows) or check for updates in the System Preferences app… or you could remove Flash altogether with Adobe’s uninstaller.

patch Stories November 6, 2013

Mac Developers also have access to upcoming OS X Mavericks Mail update

Last week, we reported that Apple had provided its employees with an update to the Mavericks Mail app that solves several issues relating to Gmail account compatibility. While this has seemed to stay under the radar, Apple has also provided the update to registered Mac Developers. Apple says that the update became available on October 31st, but we have not heard any sightings of this update until now. The update should be available for all users in the coming weeks. Thanks, Hunter!

patch Stories June 23, 2013

We were the first to report that iOS7 notifies users that they were using non-certified 3rd party Lightning cables in iPhones and likely iPads and iPods as well. Apple currently still allows these cables to charge and sync data with iOS devices but if Apple can detect these cables, that means they could also disable iOS 7 from using these cables in a future version of iOS.

One third party company called iPhone5mod (coincidentally, the company that made the cable used to demonstrate iOS7 warnings in the images here) says it has a way around Apple’s warnings and theoretically around detection at all… expand full story

patch Stories February 19, 2013

Screen Shot 2013-02-19 at 1.06.21 PM

As expected, Apple just released iOS 6.1.2 with a fix for the Exchange bug in iOS 6.1 that we previously reported. The 107mb update is available OTA and comes with build number 10B146 .We reported earlier this month that AOL had informed its corporate employees via email that it would temporarily disable the ability to manage meetings with Exchange on iOS devices running iOS 6.1. AOL confirmed it was working with Microsoft and Apple to fix the “continuous loop” bug, and many had highlighted the problem on Microsoft’s forums.

Fixes an Exchange calendar bug that could result in increased network activity and reduced battery life.

The release notes only list the Exchange issues, but ArsTechnica looked deeper to see if it also fixed the passcode unlock bug from iOS 6.1. :

We tried the convoluted unlock exploit on our own iPhone and were able to unlock the screen successfully under iOS 6.1.1, and the same process once again unlocked the phone in iOS 6.1.2. Put simply: it doesn’t look like this update fixes the passcode unlock bug, according to our testing.

A previous report from iFun, which predicted today’s release of 6.1.2, claimed enhancements to maps in Japan that Apple introduced in the recent 6.1.1 beta would reach consumers in the coming weeks as iOS 6.1.3.

patch Stories February 15, 2013

Update (Feb 21st): This has been fixed according to a reader. The iTunes and App Stores use HTML on the backend so Apple can “push” updates via backend code changes:

As of this morning, the bug is gone! No update required! Looks like the somehow they pushed the update! I can no longer change the account in the App Store or iTunes store! This reminds me when I was beta testing 6.0 and Apple changed the behavior of downloading updates not requiring a password (they also allowed free apps with no password for a short while). That didn’t need an update to change either. They seem to have ways of fixing App Store behavior without needing to update iOS. I’m still running 6.1 on my devices, haven’t gone to 6.1.2 yet.

Would be nice for an official answer from Apple, but so far, it’s working correctly! Also, I see redeem and send gift are grayed out also, at the bottom of the App Store. Same for iTunes Store.

For those unaware, iOS 6 received some beefed up Restriction settings when it was released that allowed users to select “Don’t Allow Changes” for an entire account linked to an iOS device. This option was particularly useful for schools and organizations that wanted to limit a device to a specific account and keep students and others from installing apps not approved by the institution. Without the restriction, students or employees could easily change the iTunes account linked to the iOS device. Unfortunately, as noticed by one frustrated 9to5Mac reader, it seems there are several backdoor methods of bypassing the setting…

expand full story

Apple to address security issues in iOS 6.1.2 update in the next week or so

According to a report from German language blog iFun, Apple is preparing to release iOS 6.1.2 early next week to address the much talked about Microsoft Exchange bug and passcode vulnerability. Apple already confirmed that both issues would be fixed in an upcoming software update, but iFun confirmed the update would land sometime before Feb. 21 based on its checks with carriers.

iFun accurately predicted the launch of iOS 6.1.1 through the same sources earlier this month. In addition, the report appears to claim the enhancements to maps in Japan that Apple introduced in the recent 6.1.1 beta would reach consumers in the coming weeks as iOS 6.1.3.

Apple provided a statement to AllThingsD about the passcode vulnerability earlier this week:

Reached for comment, Apple said it is hard at work on a fix. “Apple takes user security very seriously” spokeswoman Trudy Muller told AllThingsD. “We are aware of this issue, and will deliver a fix in a future software update.”

patch Stories February 7, 2013

HT5655-Sheet-001-en.

As noted by ArsTechnica, Adobe just released an unscheduled patch to address two vulnerabilities that could be the source of malware attacks on both OS X and Windows. Apple has also issued a KB urging users to update. According to the advisory posted by Adobe, the attacks targeted Firefox or Safari users on Mac:

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

The update is available through Adobe’s website here.

Powered by WordPress VIP