apple

Mac OS 10.5.5 packs fixes for slew of security flaws

With the release of Mac OS X 10.5.5 on Monday, the Cupertino, Calif., computer company provided patches for almost three dozen software flaws. Some of the fixes are specific to Apple features, such as image processing and Finder. Other fixes are updates to various open-source projects including Bind, ClamAV, OpenSSH, and Ruby.

Version 10.5.5 can be obtained from the Apple Software Downloads page.

ATS This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.4, and Mac OS X Server v10.5 through v10.5.4. The update addresses the issue in CVE-2008-2305 in which viewing a document containing a maliciously crafted font may lead to arbitrary code execution. Apple credits Chris Ries of Carnegie Mellon University Computing Services for reporting this vulnerability.

BIND This patch affects users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.4, and Mac OS X Server v10.5 through v10.5.4. The update upgrades users to BIND version 9.4.2-P2, which addresses performance issues associated with BIND version 9.4.2-P1.

ClamAV This patch affects users of Mac OS X Server v10.4.11 and Mac OS X Server v10.5 through v10.5.4. The update addresses the vulnerabilities detailed within CVE-2008-1100, CVE-2008-1387, CVE-2008-0314, CVE-2008-1833, CVE-2008-1835, CVE-2008-1836, CVE-2008-1837, CVE-2008-2713, and CVE-2008-3215 by updating Mac OS users to ClamAV version 0.93.3.

Directory Services This patch affects users of Mac OS X v10.5 through v10.5.4 and Mac OS X Server v10.5 through v10.5.4. The update addresses the vulnerability detailed in CVE-2008-2329, in which a person with access to the log-in screen may be able to list user names. Apple says an information disclosure issue exists in Log-in Window when it is configured to authenticate users with Active Directory. "By supplying wildcard characters in the user name field, a list of user names from Active Directory may be displayed."

Directory Services II This patch affects users of Mac OS X Server v10.4.11, Mac OS X Server v10.5 through v10.5.4. The update addresses the insecure file operation vulnerability within CVE-2008-2330, in which a local user may obtain the server password if an OpenLDAP system administrator runs slapconfig. … Read more

Podcaster: So good, Apple won't let you have it

Correction: The price of the app has been corrected from the original post.

Apple has told Alex Sokirynsky that he cannot distribute his Podcaster app for iPhone via the Apple iTunes store since, he reports, "it duplicates the functionality of the Podcast section of iTunes." This is a crime that Apple is perpetrating on iPhone users, and it is a lie, since Podcaster does something iTunes doesn't do, and it adds real functionality to the iPhone that lots of people, like me, really want.

Read more: Tom Krazit's Apple to Podcaster: No App Store for you.… Read more

Crazy Apple rumor of the day: New MacBooks already shipping

We usually hate acting as an echo chamber for the viciously self-inflating Internet rumor mill, but this one is so gloriously out there that we can't help but weigh in.

Usually respectable financial outlet Barron's (owned by Dow Jones & Company, after all), caught our eye with the following report:

Citigroup's Richard Gardner asserted in a research note this morning that..."field checks" have confirmed that shipments of new MacBooks have begun; he says the most distinctive features of the new MacBooks are "very thin aluminum casing, an LED-backlit display and an aggressive entry-level … Read more

Apple releases Mac OS X 10.5.5

Apple has released the latest version of Leopard, with bug fixes and security updates accompanying the fifth update to the operating system.

The company sent over a list of improvements about 30 minutes ago, and the full list of fixes and improvements should be up on Apple's Web site any moment with the update itself popping up in Software Update. Two notable updates from the "General" section were a fix for the video playback problems that affected some MacBook Air owners, as well as a puzzling bug "in which some Macs could unexpectedly power on at … Read more

Apple engineers working on ARM-based CPUs for iPhone

The magic of social networking has confirmed that Apple plans to make its own ARM-based processors for future versions of the iPhone.

The New York Times spotted the LinkedIn profile of Wei-han Lien, Apple's senior manager of CPU development, over the weekend. Lien's job description, according to his profile, involves managing the ARM CPU design team for Apple, an extension of his previous work at P.A. Semi.

It's been pretty clear for a while that Apple bought P.A. Semi earlier this year to work on developing its own chips for the iPhone, but as the … Read more

Buzz Out Loud 809: Best Buy, Napster. What, now?

Don Reisinger joins the cast today for a rousing discussion that goes something like this: "Best Buy bought Napster." "Really?" "Yeah, I know, right? Weird." "Huh. Yeah. Wonder why they did that." "Dunno." It's a great show. You'll love it. (No, seriously! Don rants more than I do!)

Listen now: Download today's podcast EPISODE 809

Best Buy nabs Napster for $121 million http://news.cnet.com/8301-1023_3-10041431-93.html http://arstechnica.com/news.ars/post/20080915-best-buy-eyes-apple-microsoft-with-napster-purchase.html

In-flight Internet: Web sites, but not phone calls http://blogs.zdnet.com/gadgetreviews/?p=353… Read more

Is Touch 2G waiting on devs for voice apps?

During last week's review of the second-generation iPod Touch I uncovered something interesting: the new Touch hardware supports recording input through its headphone jack, but there's no software to take advantage of it. It seems odd, but Apple representatives confirmed the details with me by phone. Existing iPhone voice-recording applications aren't yet compatible with the iPod Touch 2G, and Apple hasn't developed their own voice recording application for the Touch, like they have with the 2G Classic and 4G Nano.

So, what needs to happen in order to get recording Apps for the second-generation iPod Touch? … Read more

Apple to Podcaster: No App Store for you

Apple's App Store policies are really starting to frustrate application developers.

Over the weekend, a good old-fashioned Internet-style kerfuffle arose over Apple's decision to reject Podcaster--an iPhone application that lets people download podcasts directly to their devices without going through iTunes--from the App Store. The developer of the application said that Apple told him the application "duplicates the functionality of the Podcast section of iTunes," apparently making it unfit for the App Store.

This has been a persistent question hanging over Apple's decision to vet every single iPhone and iPod Touch application sold through the … Read more

Apple only other company that can release a game console

The video game industry is a hotly contested space that's currently being dominated by three major companies: Sony, Microsoft, and Nintendo. And although companies like Sega and others have tried to solidify their brands in the console space, they've failed in the face of those three giants.

But just because the past is littered with companies that have failed miserably at trying to capture a place in the world of hardware, does that mean that no company ever will do it again? Microsoft is a late entrant into the space and Sony came on the scene in a big way when columns were being written about the same basic premise: companies can't break into the console war.

Sorry, but I just don't buy the logic.

That said, I don't think any company can break into the console space. In fact, I would say that only one company can do it. Not because it has worked in the video game business for such a long time or that it's uniquely positioned to break in. No, the real reason why I believe this company could make a splash in the video game business (and why it possibly will) is because it commands the kind of hype and respect that no other company in the space does.

If you ask me, Apple could (and should) release a video game console. And not just because it'll be a success, but because it's the only company that could make a dent in the market.… Read more

Could control be the key to Google's Android?

Andy Rubin, Google's director of mobile platforms, reveals a great deal about Google's mobile strategy in a recent Reuters interview. One thing, in particular, caught my eye and suggests that Google's Android may succeed, and yet fail at the same time:

Rather than launch the new operating system with a range of devices from several handset makers and phone carriers, Rubin said Google chose to "put our blinders on" and make sure the first phones impress consumers....

Google has worked almost exclusively with Taiwan's High Tech Computer Corp and T-Mobile for the first Android phone, he said. "Google wanted to make sure that we had enough control over the hardware to make sure the software worked."...

This control - so important to Apple's iPhone in ensuring a seamless hardware-plus-software experience, may well mean that Android will work as advertised.

It does, however, also mean that Android's would-be open-source developers have far less flexibility than they might otherwise wish to exercise.… Read more