"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Mac Security In Spotlight - MacBook Air Hacked, Apple Patch Times
A MacBook Air running an up to date installation of Mac OS 10.5 Leopard was the first laptop to fall in last week's CanSecWest PWN2OWN contest, casting the spotlight once again on the Mac's security.
The contest pitted a MacBook Air against a Vista laptop and a Ubuntu Linux laptop, all fully patched. While all 3 laptops did not fall the first day which only allowed attacks against the base OS for a prize of $20,000 (+laptop), the MacBook Air reportedly took only 2 minutes to fall on day 2 when conference rules were relaxed to include all OS-bundled software for a prize of $10,000 (+ laptop).
While details of the exploit are under non-disclosure while Apple works on the issue, the attack was levied against Safari, after the user was directed to a specially crafted website (as allowed by the rules). The exploit has been reported to be an overflow bug in Webkit.
The remaining two laptops survived the rest of the second day, but the Vista laptop fell the following day when Adobe Flash player was installed as the rules were further relaxed to allow for attack of popular 3rd party applications. The Linux laptop was not exploited.
While Apple is aware of and working on the vulnerability, a recent study has claimed that Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.
The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.
A spot-check of security firm Secunia's statistics show that 6% of 113 bugs found in Apple's Mac OS X operating system from 2003 to 2008 remain unpatched.
The contest pitted a MacBook Air against a Vista laptop and a Ubuntu Linux laptop, all fully patched. While all 3 laptops did not fall the first day which only allowed attacks against the base OS for a prize of $20,000 (+laptop), the MacBook Air reportedly took only 2 minutes to fall on day 2 when conference rules were relaxed to include all OS-bundled software for a prize of $10,000 (+ laptop).
While details of the exploit are under non-disclosure while Apple works on the issue, the attack was levied against Safari, after the user was directed to a specially crafted website (as allowed by the rules). The exploit has been reported to be an overflow bug in Webkit.
The remaining two laptops survived the rest of the second day, but the Vista laptop fell the following day when Adobe Flash player was installed as the rules were further relaxed to allow for attack of popular 3rd party applications. The Linux laptop was not exploited.
While Apple is aware of and working on the vulnerability, a recent study has claimed that Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.
The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.
"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," [said researcher Stefan Frei]. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." [...]
"We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community."
Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said.
A spot-check of security firm Secunia's statistics show that 6% of 113 bugs found in Apple's Mac OS X operating system from 2003 to 2008 remain unpatched.
[ 247 comments ]
For this week's giveaway, we've teamed up with Anki to offer MacRumors readers a chance to win one of the company's adorable little Vector robots, which designed to be a personal robot...
Last year, accessory company Elago launched the W3 Charging Stand for Apple Watch, which turned Apple's modern wearable into a classic Macintosh. This week, Elago announced the latest iteration...
Cellular network operator O2 on Friday said its data networks had been restored after millions of smartphones across the UK and Japan were taken offline yesterday (via BBC).
A statement on its...
Bang & Olufsen over the past week has added AirPlay 2 support to more of its speakers, including the BeoPlay A9 and BeoPlay M5.
BeoPlay M5 speaker in AirPlay Picker via Brad Thomas
This...
Following a demo earlier this year at WWDC, LEGO today launched the LEGO AR Playgrounds app for iPhone and iPad [Direct Link]. The app uses ARKit to place digital LEGO characters and blocks into...
Google this week announced that it is shutting down its messaging app Google Allo [iOS Direct Link], and incorporating many of its features into the Messages app on Android smartphones. Google Allo...
Best Buy today launched a new Apple savings event, marking down iPhones, MacBook Airs, MacBook Pros, iMacs, iPads, iPad Pros, and some HomeKit devices. There are numerous notable discounts in the...
ConnectSense, one of the first companies to introduce a HomeKit-enabled smart plug, today announced the launch of the Smart Outlet 2, its second-generation HomeKit product.
Like the first Smart...
