Apple has just released iOS 4.0.2. The update fixes the security vulnerability from viewing malicious PDF files. Presumably this will also stop the one-click jailbreak at http://jailbreakme.com/, which utilized this exploit.
To read all of the details about the update, go here.
I read a great article on Gizmodo about streaming media via your iDisk. This is no where near as cool as all the hype that has been flying around the rumor mills about Apple setting up a streaming service your itunes purchases, but it is something cool to use in the meantime. This is a great way to pad out your portable music library if you do not have a lot of space for movies/music on your iPod/iPhone/iPad.
Basically it works like this. Upload your music, movies, TV shows, videos, etc., to your iDisk. Then, using the iDisk app, navigate iDisk to the file and select it. It will start playing, or, depending on whether you are using the 3G network or Wi Fi, it will start loading. I tested Fresh, from Devo’s new album, Something for Everybody, on my iPhone 3G, using Wi Fi and 3G. The music played fine on both Wi Fi and 3G. The video had to load when I tried it on 3G, but after I let it load, it played fine.
The file format of the media I played was Apple’s, as I purchased the album from iTunes, so I can’t say how well other formats will play. Also, there are a couple drawbacks:
Though it may be lacking, this is definitely a move in the right direction where streaming media is concerned. I am really hoping this is just the tip of a much greater iceberg.
Ever wish you could go back to the good old 8 bit days of video games, but still play your favorite titles from today. Well, thanks to Ed Fries you can do just that with Halo 2600.
I’m sure there’s far more productive things you could be doing right now, but those Covenant are not going to kill themselves.
Gizmodo’s Jesus Diaz has reported a serious exploit to all iOS 4 devices and iPads. It’s incredibly simple and possibly very dangerous. Diaz writes:
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
At the moment there are two possibilities. One, you can avoid any .pdf links. Alternatively, you can jailbreak your device and install a program which monitors your online activities and asks if you’re SURE you want to down load the .pdf you just clicked.
It is rumored that the 4.1 update will correct this problem, and is due out later this month.
Apple has released Safari 5.0.1, which has the extensions activated by default. Apple has also launched Extensions Gallery, where you can instantly install a number of extensions. The instant installation only works from the Extensions Gallery, but developers will be able to create extensions and host them on their own sites (a sigh of relief resounds).
Safari extensions are sandboxed and don’t have access to information on a user’s system.
The Safari Developer Program provides you with the tools to create a digital certificate for your extensions. This certificate allows your extensions to be installed on Safari, protects them from tampering, and ensures that your extension can only be updated by you.
Apple has announced an iPhone case program to help alleviate the antennae problems which have been plaguing the new smart phone. The official word, from their site, is:
If you purchase an iPhone 4 before September 30, 2010, you are eligible to receive an iPhone 4 Bumper or a select third-party case from Apple at no charge.
For iPhone 4 purchases made before July 23, 2010, you must apply no later than August 22, 2010; otherwise, you must apply within 30 days of your iPhone 4 purchase. To qualify for this program, you must purchase your iPhone 4 by September 30, 2010.
To get a free bumper, or case, there are three easy steps, one of which is an app that you can use to order the case right from the comfort of your… well, where ever you happen to be.
There are conditions, but it looks like we can finally move on to better things, like the refreshed line of iMacs.
The EFF has won a victory for the rights of the common man. You can now jailbreak your iPhone without the fear of legal liability. With a jailbroken phone you can get applications from other sources. You can also set up your phone to work on other networks.
Apple still can disable jailbroken phones with software upgrades. So, if you do jailbreak your phone, you might not be able to take advantage of software improvements. Most importantly, if you jailbreak your phone, don’t bother bringing it in to the Apple Store. Jailbreaking the iPhone voids its warranty.
Bottom line: the new rules exempt the user from legal liability only. To my knowledge, Apple has not been pursuing litigation, so it seems a bit pointless.
Perhaps, not. It’s a small step, but hopefully a step in the right direction. I have been very happy with my phone, and the apps that have been made available to me. I know that it is easier for Apple to control problems by not allowing anything and everything to be tinkered with. Yet, it’s that tight-fisted approach that has led to users dissatisfaction with the closed architecture of the iPhone and the systems around it. It’s my hope that Apple can find a way to unclinch enough to give more freedom to users and developers, while still capping problems before they start.
Those users who browse the internet with Apple’s Safari browser will want to check their AutoFill settings. They can be found in Safari -> Preferences -> AutoFill. If the checkbox next to “Using info from my Address Book card” is selected, deselect it.
Now for the why.
Jeremiah Grossman of WhiteHat Security has reported a exploit which a malicious website could use that would give access to your address book, without you ever knowing it. He writes:
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.
You can see a proof-of-concept of how the exploit works here. Or, if you’re paranoid, you can check to see if you’ve turned off the feature properly.
Not in the article, but down in the comments, Jeremiah reports that older versions of Chrome were prone to this attack, but this has been fixed in later versions. Firefox and Opera seem to be fine, as are mobile version of Safari (on iPhones, iPod Touches, and iPads).
Consumer Reports has published their findings on the iPhone 4 and are saying they cannot, in all good conscience, recommend the iPhone 4 due to the antenna design flaw. The irony is the iPhone 4 received the highest overall score, 76 out of 100, in the smart phone category. Ouch. That sucks.
Awesome phone, but don't buy it.
But the wound gets deeper. It is being reported that there were several (6 or 7) threads started on Apple’s Discussion forums pointing to the Consumer Report article that have been deleted by Apple. It would seem the company with the famous 1984 commercial has become the Big Brother they were supposedly fighting against.
Double Damn. I went to the forums to check for myself. As of 10:10 a.m. July 13, 2010, I found four topics:
Now, wait a minute. Apple isn’t deleting posts…
I went back to the one post that had been cached by Bing (and I’m not even going to get into the possible Microsoft vs. Apple conspiracy thing here) and noticed the post was dated July 12, 2010 9:06 a.m. Maybe these new posts were yet to be scrubbed (and many of them have people are counting down to them being removed).
All of this makes me wonder, why would Apple want to delete these posts? Is deleting them really covering anything up? It’s a little insulting to one’s intelligence to think that by deleted these posts from their forums Apple could actually brush this matter under the rug. It’s more than that. It’s ri-donkeydick-ulous. Whether you like them or not, a company does not get into the position Apple’s in by being mongoloids.
The closest thing I could come up with, those still a weak answer, is maybe Apple is taking these post off because they are not support questions/answers. I took the time to look the matter up in their Terms of Use. As with most legal language, it’s slippery going, but I found this, which was the most directly related rule:
your Submission should either be a technical support question or a technical support answer.
As the Consumer Report doesn’t really address any technical support question, it can be argued that rather than take up server space, however small, and eat up bandwidth, Apple decided to delete them and let people to read these articles on their respective servers.
But, I didn’t get too much further (I figured I’d got back at least 10 pages deep) when I found this: Topic : CNN is now reporting on Iphone 4 reception issue. This clearly is not a technical support question, nor is it an answer to one. WTF?!?
So, truth be told, I don’t have a clue what Apple’s reasons are here. It sounds like the same kind of wishy washy standerds that are applied to app submissions are being applied to threat posts. This whole deal is exponentially worsened because the posts have to do with their flagship item, the iPhone, and the problems it is having. I’m all but ready to join in with the conspiracy theories.
At the end of the day, Apple does have every right to moderate their forums as they choose. I fully support them in that right. At the same time, I am concerned that they are adopting some practices that can quickly become devious and hurtful to them as a company.
All companies have their weaknesses, faults and problems. I’ve come to trust Apple, for the most part, over the 20 years I’ve been a user. I’ve made my bread and butter money to them. I try to not be too much of a fanboy, ‘cos honestly, most fanboys are insipid douches, but it’s my history with them that’s giving them the benefit of the doubt here. All the same, I have to say they’ve got some work they need to get to, and quick.
Concern about privacy online seems to be in every other headline, and rightfully so. Our information keeps falling into nefarious hands and can cost us thousands, take the weekend’s “fraudulent iTunes charges.” So, anytime I’m given the opportunity to opt-out of data mining, I jump on it. The latest offering is from Apple allowing users to opt-out of iAd’s data collection.
What iAds collects is the applications you’ve downloaded, how much you interact with the applications and what you don’t like and have deleted.
This opt out only works on devices running iOS 4. There’s no opting-out on the iPad or laptops and desktops. If you own more than one device, you have to opt-out on each device. Note: Opting-out doesn’t stop you from seeing ads, it just stops Apple from collecting data about how you use your iPhone.
