MacRumors

A MacBook Air running an up to date installation of Mac OS 10.5 Leopard was the first laptop to fall in last week's CanSecWest PWN2OWN contest, casting the spotlight once again on the Mac's security.

The contest pitted a MacBook Air against a Vista laptop and a Ubuntu Linux laptop, all fully patched. While all 3 laptops did not fall the first day which only allowed attacks against the base OS for a prize of $20,000 (+laptop), the MacBook Air reportedly took only 2 minutes to fall on day 2 when conference rules were relaxed to include all OS-bundled software for a prize of $10,000 (+ laptop).

While details of the exploit are under non-disclosure while Apple works on the issue, the attack was levied against Safari, after the user was directed to a specially crafted website (as allowed by the rules). The exploit has been reported to be an overflow bug in Webkit.

The remaining two laptops survived the rest of the second day, but the Vista laptop fell the following day when Adobe Flash player was installed as the rules were further relaxed to allow for attack of popular 3rd party applications. The Linux laptop was not exploited.

While Apple is aware of and working on the vulnerability, a recent study has claimed that Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.

The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.

"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," [said researcher Stefan Frei]. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." [...]

"We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community."

Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said.

A spot-check of security firm Secunia's statistics show that 6% of 113 bugs found in Apple's Mac OS X operating system from 2003 to 2008 remain unpatched.

There's been so much talk about the possibility of the "3G" iPhone, it can be hard to keep up with all the rumors. First of all, "3G" technology promises broadband-like speeds over wireless cellular networks. At present, the iPhone only offers 2.5G (EDGE) speeds, which means your web pages and email download at relatively slower speeds.

It's been no secret that the iPhone will eventually adopt 3G technology. When Steve Jobs first introduced the iPhone in January 2007, he specifically said (video clip) that Apple plans on making "3G phones and all sorts of amazing things in the future". The major issue that prevented Apple from incorporating 3G into the first iPhone was excessive power consumption from 3G chipsets:

We cared a lot about battery life and we cared a lot about physical size. Down the road, I'm sure some of those tradeoffs will become more favorable towards 3G but as of now we think we made a pretty good doggone decision.

Some newly announced 3G chipsets promise to address these power issues and AT&T's CEO has even said outright that the 3G iPhone is coming in 2008.

When is it coming?

The earliest evidence of the 3G iPhone came from Goldman Sachs Analysts who predicted that the iPhone would see two updates in 2008. The first minor update was predicted to be a Flash memory upgrade in the 1st half of the year. This came true in February with the release of the 16GB iPhone.

The second revision was described as "major" and was predicted to include 3G, possibly a different look, and arrive in the 2nd half of 2008. A number of reports this week appears to confirm this prediction. Hon Hai has reportedly won the contract to build Apple's next iPhone and Bank of America sources suggest that the 3G iPhone will begin limited production in May with a ramp up in June. Spanish paper Cinco Dias suggests that the 3G iPhone could debut in the Spanish market as early as May.

Finally, there was news this week that Apple has acquired trademark rights to use the name "iPhone" in Japan -- a country that interestingly has a 3G network but no EDGE network.

What do I do now?

A June release for the next iPhone falls conveniently close to Apple's Worldwide Developer's Conference which takes place from June 9-13th this year. It's possible that Apple will replace the existing iPhone with the 3G version, but it's also conceivable that the 3G version will be a high-end model, leaving the existing 2.5G iPhone in place at a cheaper price point.

Due to the mounting evidence for the 3G iPhone, we've updated our Buyers Guide to recommend against buying an iPhone at this time unless you absolutely need it. Obviously, individual circumstances may vary, but if you are an average consumer looking for the best value for the money, we recommend waiting, but understand the new version could still be (at least) 3 months off.

A group of iPhone developers will be releasing a new software tool today that will enable users to fully customize and control their iPhones. A Youtube video details what is possible with the tool.

The tool known as "Pwnage Tool" is currently a Mac OS X application that allows users to modify their iPhone's bootloader to allow it to boot any software. In its native state, the iPhone bootloader is what prevents it from booting unauthorized (non Apple) firmware.

Once patched with this tool, the "pwned" iPhone will accept any software to boot, including modified iPhone firmware or alternative operating systems such as Linux. The demo video shows how a custom 1.1.4 firmware that already includes Jailbreaking and Unlocking can be easily loaded onto an iPhone. They also believe the modifications will support future firmware, such as iPhone 2.0, which is due for release in late June.

Early adopters should proceed with caution, of course. While the most common use will likely continue to be unlocking/jailbreaking, the tool opens up many possibilities:

Full independence from Apples vision on what the iPhone (and iPod Touch) can and cannot do.
....
You will eventually be able to backup your entire phone and restore to a state exactly the way you like it, restore straight to jailbroken state with installer, or even potentially install other OSes like linux (see iphonelinux.org) to your phone.

Update: Delayed until next week.

Apple issued the first Mac OS X 10.5.3 seed (9d10) to developers yesterday. The latest update to Apple's Mac OS X Leopard addresses dozens of outstanding issues.

Fixes range from Dashboard, Parental Controls, iCal Synchronization, memory leaks and stability issues. All in all, 75 distinct bug fixes are listed in the accompanying seed notes.

A few known issues remain, and Apple typically seeds a number of developer builds for testing before releasing the final update to customers. While these point releases generally provide bug and stability fixes only, the 10.5.2 seed also addressed some user interface complaints. The current version of Mac OS X (10.5.2) was released in February 2008.

Apple quietly issued a new update to the Apple TV tonight. The 2.0.1 update is the first update since the Take 2 update that Apple announced at Macworld this year.

'Take 2' introduced Movie rentals, and revamped the entire Apple TV interface.

With such a small version increase, it may simply represent a bug fix release, but we will post a list of changes as we find them. Current Apple TV owners can download the update through their Apple TV "Settings" menu.

New Features:

- "Genres" option under "My Movies"

Apple announced the immediate availability of the Aperture 2.1 update which is available as a free download for existing Aperture 2.0 customers. Version 2.1 introduces an open plug-in architecture that makes it easy to use 3rd party imaging software within Aperture itself:

Aperture 2.1 includes the Apple-developed plug-in, Dodge & Burn, which adds brush-based tools for dodge (lighten), burn (darken), contrast, saturation, sharpen and blur. Over the coming months, third party software developers will deliver image editing plug-ins for localized editing, filters and effects, noise analysis and reduction, fisheye lens correction and more.

Apple is working with a number of 3rd party developers to bring their plug ins to Aperture. This list of 3rd party plug-ins include: Nik Software's Viveza plug-in, PictureCode's Noise Ninja plug-in, Digital Film Tools' Power Stroke plug-in, The Tiffen Company's Dfx plug-in, dvGarage's dpMatte plug-in and HDRtoner plug-in, and Image Trends' plug-ins: Fisheye-Hemi, ShineOff, and PearlyWhites.

The Commercial Times is reporting that electronics maker Hon Hai is competing to make the next iPhone (via MarketWatch).

The news comes as Gartner is clarifying recent claims that the new phone has already been ordered by Apple. Via Information Week:

That report later got circulated on the Web, where the comments were misinterpreted as a Gartner prediction, Dulaney's boss, Bob Hafner, said.

Gartner doesn't know whether Apple has actually placed an order for 3G iPhones, but the researcher does believe the next version of the touch-screen smartphone will have those high-speed capabilities. "If Apple was to place an order, than 10 million would be a reasonable number," Hafner said. "And we absolutely believe that in the next-generation iPhone 3G will be there."

As to rumors of Apple placing an order for the high-speed phones, Hafner said, "We have not got confirmation that an order had been placed."

Multiple reports have pegged the 3G iPhone to be released in 2008. '3G' is a fast mobile data technology that allows for broadband internet access on mobile phones. The iPhone currently uses EDGE (2.5G) technology, which is most similar to dial-up speeds.

Update: Dow Jones is now reporting that Hon Hai has secured the contract [via CNN Money]

Apple has started hiring for a new Handwriting Recognition Engineer. The job description specifically seeks someone who would be responsible for "advancing Apple's handwriting recognition technology for Mac OS X."

They even suggest that the recognition technology could extend beyond Mac OS X "to other applications and the iPhone."

Apple was one of the pioneers in handwriting recognition with their original Newton Personal Digital Assistant. While the original Newton contained a 3rd party handwriting engine that generated some early bad press, Apple later deployed their own much improved handwriting technology known as "Rosetta". Despite the remarkable strides that were made in handwriting recognition (Quicktime movie) in later versions, the Newton had a hard time shaking off the original bad press.

Rosetta technology has found its way into Mac OS X under the name "Inkwell", but requires a tablet to be installed for use. Meanwhile, the name Rosetta has been re-used in recent versions of Mac OS X for Apple's dynamic binary translation that allows Intel Macs to run PowerPC only applications.

Adobe launched the public beta of their Photoshop Express web service today at https://www.photoshop.com/express/.

The site requires Flash Player 9 and offers an entirely web-based image editor.

Photoshop Express is designed to be used essentially by anyone who uses a point and click digital camera, said Mack.

People can organize photos by dragging them into albums or create a gallery to share images. The service also lets people email links images stored online, embed them in a Web page, or download them.

Photoshop Express offers 2GB of storage with the ability to crop, rotate, and touch up your images. It also integrates with a number of photo-sharing websites. Adobe plans on eventually adding a subscription service with more options and storage.

Apple released a new version of the free iPhone Software Development Kit (SDK) which now includes Interface Builder.

Interface Builder is a tool for developers to visually create their user interface:

Interface Builder makes creating an application's user interface easier by allowing developers to use its graphical editing environment to manage virtually every aspect of creating a well designed user interface that adheres to the Aqua user interface guidelines.

Apple released the first version of the iPhone SDK on March 6th. The SDK allows developers to create their own applications which will first become available to the general public in late June 2008.

A newly published patent application reveals that Apple has been exploring the possibility of expanding their Nike + iPod sport kit into a full fledged fitness system.

The first segment of the interview process would poll the user on their fitness goals, desired activity level (moderate, advanced), fitness interests (such as jogging, pilates, and swimming), fitness goals (lose weight, firm and tone, and get back into shape), weight goals, desired workout schedule, and so forth.
....
Once the interview process is completed, the computer-based application would create a profile of the user and a workout regiment based around their feedback on goals and fitness interests. For instance, a user interested in weight training would be provided a work out schedule broken down into warmup cardio exercises and a weight training session comprised of sets, reps and weight levels.

The iPod or iPhone would then guide the user through their training, with the possibility of adding additional hardware sensors to track progress.

British chip-maker Wolfson Microelectronics is reported to have not been chosen to supply parts to Apple's future iPods. As a result, Wolfson's stock has plunged by 30% to a 3-1/2 year low.

"IPods have been a big contributor historically to revenues, so it's pretty disappointing for them," said Nick James, an analyst at Panmure Gordon

The decision appears to reflect future supplies for the iPod Touch and iPod Nano, specifically. New versions of those iPods are said to be due in the 3rd quarter of 2008.

USAToday reports that Amazon has managed to take the #2 spot amongst digital music retailers behind iTunes with their MP3 Store. No sales numbers have been released, so it's difficult to gauge exactly how close a competitor Amazon is becoming.

This information comes from the four major labels who played their part in making it so. Amazon has been provided access to a larger number of unprotected music from the major labels to stock their MP3 Store.

Apple now has 2 million songs from EMI and independent labels available without DRM, out of its 6 million-song catalog. Amazon offers 4.5 million DRM-free songs.

For its part, Amazon has done well providing seamless integration with Apple's iTunes software on the Mac.