Apple Patches BASH Exploit

Apple has released an update for OS X 10.7, 10.8, and 10.9 users affected by the "ShellShock" bug. It is recommended that you run this update as soon as possible. The updates are available for download from the Apple Support site: click here

Be sure to choose the update for your operating system. Users of previous operating systems (10.6 or earlier) should contact DesignCorp to discuss a fix.  


UNIX "ShellShock" Bug

A bug was discovered in the BASH shell for UNIX late last week. What does this mean for us Mac users? Mac OS X is built on UNIX and includes that BASH shell. That "shell" or "command prompt" is a piece of software that allows the Mac to be controlled without the use of the graphic interface. 

This bug (CVE-2014-6271) can be exploited by an outside source requesting some basic information about your system, which could allow a hacker complete control. Apple released a statement Saturday saying "the vast majority of Mac computer users were not at risk from the bug." The reason for this is that your Mac is, by default, configured with all WAN services disabled and would not respond to any requests from the outside. This is not the case for most Servers, or for anyone who has altered their Mac system. 

Apple is working on a patch to the OS which should be run as soon as it is made available. 


Apple Releases SSL Vulnerability Fixes for OS X and iOS

On Friday afternoon (02/21/14), Apple released an update for iOS 7 and 6 for iPhones, iPods, iPads, and Apple TVs to fix a major problem with the integrity of SSL connections from those devices: a programming error caused Apple's SSL code to skip vital checks of a server's authenticity when establishing a "secure" connection.  Be sure to update your iOS devices immediately, either by going to Settings> Software Update> on the device, or plugging into your Mac and updating through iTunes.

Shortly after the news broke about the iOS security flaw, it was also discovered that the Mac OS was also vulnerable to the same bug, that has come to be known as "Gotofail". Apple releases an update last night that addresses this man-in-the-middle attack. Not just Safari, but any Mac application that relies on SSL authentication would be at risk, such as Twitter for Mac app, iMessage, FaceTime, and the Mail email client. This update also patches 32 other vulnerabilities. Update your Mac OS as soon as possible by running Software Update from your Mac Apple Menu. Along with the vulnerability patches in OS X 10.9.2, Apple also provided several non-security fixes to deal with reliability, stability and performance issues.

Users of Mac OS 10.7 ("Lion") and 10.8 ("Mountain Lion") are also at risk and should update their OS as well. Apple included patches for these operating systems that fixes four vulnerabilities in Safari 6, pushing the version number to 6.1.2.

More Details about the "gotofail" bug:
This means, for the last 18 or so months, when you've been sending emails, checking your bank account or using just about any secure online service on a public network (wired or wireless) an attacker could have been monitoring what you were doing and find ways to steal or subvert your data.

Although DesignCorp has always recommended not performing ANY sensitive online functions on an untrusted network.... with a bug like this, the type of online activity that puts you at risk expands well beyond just online financial transactions. Handshakes between services like Apple's iCloud or your Mail application and your mail servers were are risk. A hacker could have captured the SSL communication between your Messages app and Apple servers, or your Twitter account login. Even if you close this security hole now, your data could still be out there from past activity. 

DesignCorp strongly recommends, after running these updates, that you change all online passwords (like iCloud/iTunes Store/Apple IDs, financial institutions, email accounts, cloud data services like EverNote, DropBox, and online backup services).

Those of you who followed our advice and did little or NOTHING, on public networks, are much less at risk, but not immune to this bug. This lesson emphasizes that using your devices in public, even just for email or a FaceTime call, can be dangerous. 


Apple Announces iPhone 5S and 5C

At the media event in Cupertino, CA, on Sept. 10th  Apple CEO Tim Cook announced the new iPhone lineup.  

Available Sept. 20th, these two new iPhone models come with some impressive new features:

iPhone 5S:
- A7 64-bit processor chip
- M7 coprocessor "motion" chip
- Touch ID Fingerprint ID sensor
- LTE wireless
- improved iSight camera (8MP)
- iOS 7
- improved battery life 


iPhone 5C:
- Standard iPhone 5 A6 chip
- LTE Wireless
- 4" Retina Display
- 8 MP iSight camera
- cute color cases
- iOS 7
- improved battery life 

The capacity and pricing structure is as follows:



iOS 7 Announced

In addition to the new iPhones, Apple also announced the release date and recapped some of the new features included in iOS 7. 

Available for free on September 18th, the new iOS will bring an entirely new look and some powerful new features.

In addition to features already announced earlier this year, Apple announced some additional functionality that will come with iOS 7, including:
- a new Control Center
- smarter Multi-tasking
- AirDrop
- Navigation improvements
- new Notification Center
- "Moments" photo groups to replace Camera Rolls
- Revamped Pages, Numbers, iPhoto and iMovie apps
- iTunes Radio feature
- Integrated Searching
- Parallax 3D desktop


The new OS will only be compatible with the following devices:

iPhones: 4, 4S, 5, 5S, 5C
iPod: Touch 16GB, 32GB and 64GB
iPad: 2, Retina ("3"), and Mini 

However, some of the devices listed as compatible, will work with limited features. Here's an example: