On the day that Apple releases El Capitan details of an exploit that makes it possible to bypass the Gatekeeper feature of OS X have emerged. Designed to combat various forms of malware, the security feature can be bypassed using a simple trick involving the use of a signed binary.
Even when Gatekeeper is configured to use its highest level of protection, the ease with which the fortifications can be slipped through is staggering. Using a file that has already been deemed trustworthy by Apple, it is possible to trick OS X into executing a malicious file stored in the same folder as the signed one. No patch is yet available, and it is believed the problem affects all versions of OS X.
While the world was oohing and ahhing (or yawning) at the latest Google Nexus devices, an arguably far more important announcement hit the Internet. The long-awaited, and much-anticipated, OS X 10.11 El Capitan got an official release date. Guess what? You do not have to wait long, as that date is tomorrow. Woo-hoo!
How much do you expect to pay for this upgrade? Well, if you said anything larger than zero, you would be very wrong. While Microsoft recently gave Windows 10 as a free upgrade to some users, Apple has been doing this for years. In other words if you own a compatible Mac (all since 2009 and some from 2007 and 2008), you can be enjoying the latest and greatest operating system tomorrow at no charge.
Perhaps inspired by the backlash Microsoft has faced over privacy concerns in Windows 10, Apple has published its own privacy policies on a new page that's designed to be easy to read. Written in plain English, the site sets out Apple's position regarding privacy in OS X and iOS. As well as touting the steps to which the company goes to protect its customers' privacy, Apple also uses the documents to trumpet numerous security features.
This is Apple riding the waves of interest concerning privacy, using it as an opportunity to get one over the likes of Microsoft and Google. There are promises of "telling you up front exactly what’s going to happen to your personal information and asking for your permission" as well as the offer that "if you change your mind later, we make it easy to stop sharing with us". Sounds great in theory, but does it stand up to scrutiny?
With OS X 10.11 El Capitan set to launch at the end of the month, Apple has already started working on the first update for its latest Mac operating system. The early OS X 10.11.1 build was released last week for developers, and is now also available to those of us who are enrolled in the public beta program.
Given that it is a relatively minor update, OS X 10.11.1 El Capitan is not expected to introduce any major changes. Nonetheless, let's take a look at what's new.
A vulnerability has been discovered in iOS and OS X that could be used to install apps without permission, using AirDrop. The feature exists to provide a way for people to quickly send files from one device to another, but security researcher Mark Dowd has been able to exploit the vulnerability to push apps to iOS even if the user does not accept the file that is AirDropped.
Dowd has reported the vulnerability to Apple, but the company has failed to patch the problem so it still exists in iOS 9. Using a combination of techniques, it is possible to bypass the security screen that asks if an app is to be trusted or not, meaning that a malicious app can be installed without permission or notification.
This just arrived in my inbox from Apple: Offer to download what could be the final build before Apple certifies OS X 10.11 as golden: "Thank you for participating in the Apple Beta Software Program. Your feedback and usage of the OS X El Capitan public beta has helped us make this release great. We are pleased to give you access to the OS X El Capitan GM Candidate".
Promises. Promises. "If you are currently testing OS X El Capitan, please back up your Mac and do the following to install the GM Candidate. Go to your Purchased tab in the Mac App Store and click the Download button next to OS X El Capitan GM Candidate. When your download finishes, the installer will automatically launch. Follow the onscreen instructions to complete installation".
Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani -- two of the team behind the myki identity management security software -- found that a series of terminal commands can be used to extract a range of stored credentials.
What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute.
I must apologize to Art Alexakis, lead singer for Everclear. In a personal post last night observing his role as a tattoo artist in movie "Wild", his name is misspelled. Funny thing, so to get it right, I copied and pasted from the web into the WordPress editor. Yet somehow when published, and I missed, his name appeared as Alexis. My thanks goes to Scott Bell, who pointed out the error in a Google+ comment.
It's strange how tech meant to be beneficial gets in the way. More mistakes appear in my stories because of autocorrect than I make myself. The pattern is consistent: I will write, nix autocorrect's changed misspelling, but later edit something else in the sentence. Word changes! As a long-time writer and editor, I revise constantly until publishing—and afterwards, too. The spelling errors I miss most often typically are the ones made for me during spot edits.
It's no secret that Chrome for Mac (OS X) is a mess. It eats a ridiculously high amount of memory, energy and shortens the battery life. Google announced earlier this year that it was working on a fix. And now it is delivering on that promise. The latest Chrome build -- available via Canary channel -- is significantly less resource hogging, and surprisingly faster at the same time.
The company has been hard at work improving the memory consumption in its Web browser while also making the tabs snappier. You can read about the development process and feedback at Chromium's developer website. The build dubbed 45.0.2454.46 is also significantly lighter on the battery and is no longer making the laptop crazy hot. In a recent build, the company was testing interesting internal processes like tab discarding in the background. The idea behind it is simple: make the tabs you haven't used in awhile idle automatically. This would, under the typical condition, free up a significant amount of memory.
Two zero-day vulnerabilities in Apple’s OS X, that have been discovered by an Italian teenager, could potentially be used to gain remote access to a computer.
Luca Todesco, 18, found that there are two bugs in the OS that can be used to corrupt the memory in the OS X’s kernel. Once the memory is corrupt, the attacker can then circumvent the kernel address space layout randomization (kASLR), which is a defensive technique of the OS to protect itself from giving the attacker the root shell. But once the attacker circumvents through the kASLR, they can gain a root shell.
One of the main benefits to owning a MacBook is the superb battery life. Apple's laptops can work for a great deal of time on battery power alone, thanks in no small part to the numerous improvements made to OS X in recent years. Take my 2013 13-inch MacBook Air for example: it gets well over six hours of battery life on Yosemite, despite being nearly two years old at this stage. I rarely have to worry about plugging it in.
In fact, it could last even longer. The trick is not to use Chrome, which, despite Google's recent efforts to lower its power consumption, continues to be the most power-hungry major browser on OS X, more so than Apple's Safari and Mozilla's Firefox.
Apple has promised it will fix a major vulnerability which recently cropped up in its OS X Yosemite operating system.
The worrying zero-day vulnerability allows malware authors to modify a hidden configuration file to get root permissions on the victim machine, security firm Malwarebytes explained in a blog post, allowing for the installation of adware and other assorted malware nastiness.
Macs have long been touted as being immune to viruses and malware -- but there have been plenty of vulnerabilities that show this to be a fallacy. Apple's own claims that its hardware was not susceptible to the same firmware security flaws as PCs served only to encourage people to prove the company wrong.
At Black Hat USA on Thursday, researchers will demonstrate that not only can Macs be remotely infected with malware, but that this malware can survive a user formatting the system. In a talk at the InfoSec event in Las Vegas that focuses on all manner of security topics, Trammell Hudson, Xeno Kovah, and Corey Kallenberg will show that Macs are just as vulnerable to remote attacks as PCs using the Thunderstrike 2 backdoor.
Not so long ago most Mac users would have told you that their systems didn't need any form of protection as they were inherently safe. But the world has become a more dangerous place and last year the iWorm malware is thought to have recruited some 18,000 Macs into a botnet.
Whilst experienced users who are careful about what they install and where they go online may still be justified in feeling safe using a Mac without additional protection, there's no doubt that non-experts need extra security. Particularly as cyber criminals have started to target Macs because they know more of them are unprotected.
Apple has released the first public betas of iOS 9 and OS X 10.11 El Capitan, allowing anyone with a compatible device -- iPhone and/or Mac -- to become a tester. Having signed up for the beta program last month, I immediately wanted to experience what is new in the upcoming versions of the two operating systems.
There is huge demand for the first public betas, proof being that Apple's servers were quickly overloaded during the first hours of availability. You can thank the media frenzy for this. Nonetheless, I have managed to install the iOS 9 and OS X 10.11 El Capitan public betas on my iPhone 6 Plus and 13-inch MacBook Air, respectively. And here are my first impressions.