The Mac Security Blog
The Mozilla Foundation today release security updates for the Firefox web browser and the Thunderbird e-mail client. Bothe of these updates contain patches for security issues.
Firefox 4.0.1 contains three security fixes, two of them for critical vulnerabilities. Updates were also issued for older versions of Firefox, moving their version numbers to 3.5.19 and 3.6.17. Users can get the latest version using the built-in auto-updater in Firefox.
Thunderbird 3.1.10 has also been updated, but no specific information on security fixes is available at this time. This update most likely contains the same fixes as Firefox 3.6, since it uses the same HTML rendering engine. Users can update the program using the built-in auto-updater.
Google has updated Chrome, the company’s web browser, patching 25 vulnerabilities, many of which are serious. While a few of these vulnerabilities affect only the Linux version of Chrome, and one affects only the Mac and Linux versions, the majority affect all platforms.
The new version number of Chrome is 11.0.696.57, and the browser will update itself automatically on launch.
It is worth noting that Google paid out a total of $16,500 in “finder’s fees” to people who reported these flaws.
The blogosphere has been agog for the past week or so, since information was made public showing that Apple’s iPhone (and other 3G iOS devices) records user location data. We felt that this wasn’t a big deal, and much of the press agreed. However, a number of people found this to be a Big Problem, leading Apple to release a Q&A on Location Data.
In this document, Apple addresses the issue, explaining what data is stored, why, and for how long.
First, the iPhone does not store user locations, but rather:
a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.
Some of this data comes from a crowd-sourced database – from other iPhone users. Apple says:
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone.
For this reason, users may find that the database shows them having been in locations they have never visited.
Apple points out that users cannot be identified:
This data is sent to Apple in an anonymous and encrypted form. Apple cannot identify the source of this data.
But Apple also points out that when Location Services is turned off, this data shouldn’t be stored. They say that this is a bug, and say that they will issue a software update in the coming weeks to fix it.
Apple says that the software update will do the following:
- reduce the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
- cease backing up this cache, and
- delete this cache entirely when Location Services is turned off.
And, finally, Apple says:
In the next major iOS software release the cache will also be encrypted on the iPhone.
This all led to a nice discussion about user privacy and location data, and it showed that other phones store such data as well. Apple has reacted promptly and will fix the bug that allowed this data to be stored even when Location Services is turned off, and will encrypt this data just in case.
So can we move on to something more important now?
MacLegion has just launched its first bundle, a knock-out selection of ten great Mac applications. One of the stars is VirusBarrier X6. For the price of VirusBarrier X6, get all ten applications: only $49.99 for the entire bundle, a $552 value. Other apps include Screenflow, LaunchBar, ForkLift, Amadeus Pro and Data Rescue.
For a great selection of utilities at a great price, check out the MacLegion Spring 2011 Bundle. You have only 15 days to buy it, so get it now.
Intego today released VirusBarrier Plus, a new Mac antivirus and anti-malware program. Sold exclusively through the Mac App Store, VirusBarrier Plus offers protection from both Mac and Windows malware, as well as other types of malware, malicious scripts, and more. And VirusBarrier Plus is available at a special launch price of only $7.99 for a two-week introductory period.
VirusBarrier Plus detects Mac and Windows malware, so Mac users are protected, and so they don’t pass on infected files to friends and colleagues using Windows or other operating systems. It also protects against PDF malware, Flash malware, Linux malware, keyloggers, hacker tools, and malicious scripts (PHP, Perl, Javascript, shell scripts and more). VirusBarrier Plus also lets advanced users run malware scans from the command line, using the Mac OS X Terminal application, to scan all the files on their Macs.
VirusBarrier Plus also offers frequent, free malware definition updates: new malware definitions are provided at least twice a week, and users can check for updates to malware definitions simply by clicking a button.
Mac users wanting a total security package that also includes Intego’s powerful two-way firewall, Antivandal and full protection from network attacks should consider VirusBarrier X6, which is the comprehensive solution that keeps Macs safe from the dangers of the Internet (www.intego.com/virusbarrier).
VirusBarrier Plus lets users run manual or scheduled scans of any file, folder or volume on their Mac for which they have rights. It offers the following features:
- Scans and repairs Mac OS X malware
- Scans and repairs Microsoft Word, Excel or PowerPoint documents
- Scans and eradicates infected Windows executables
- Finds and eradicates PDF and Flash malware
- Finds and eradicates keyloggers and hacker tools
- Finds and eradicates malicious scripts (PHP, Perl, Javascript, shell scripts and more.)
- Finds and eradications Linux malware
- Scans zip archives
- Users can run Quick Scans or Full Scans
- Scans can be scheduled
- Users can specify trusted files and folders
- A command-line scanner lets users scan more files
- A contextual menu lets users scan individual files or folders on demand
- No impact on performance
- Easy to use
VirusBarrier Plus is available now in English, Chinese, Dutch, French, German, Italian, Japanese, Portuguese, Russian and Spanish. The introductory US price is $7.99, with comparable prices in other currencies. After a two-week introductory period, this price will increase to $9.99. VirusBarrier Plus is only available from the Mac App Store: http://www.intego.com/vbp.
Intego today announced an update to its hugely popular VirusBarrier Express free Mac antivirus and anti-malware program. The first antivirus and anti-malware program available from the Mac App Store, VirusBarrier Express has been downloaded nearly 1 million times since its release.
In version 1.1 of VirusBarrier Express, Intego has improved and simplified the program’s malware definition update system. Mac malware definitions are now free, and are updated at least once a month (more often in the case or new, serious malware). Users can check for updates to malware definitions simply by clicking a button.
VirusBarrier Express is a totally free antivirus and anti-malware tool based on the award-winning technology of Intego’s VirusBarrier X6. VirusBarrier Express protects against Mac malware. Users who also want to scan for Windows malware (so they don’t pass infected files on to friends and colleagues using Windows or other operating systems) should purchase VirusBarrier Plus, also available from the Mac App Store.
Mac users wanting a total security package that also includes a Intego’s powerful two-way firewall, Antivandal and full protection from network attacks should consider VirusBarrier X6, which is the comprehensive solution that keeps Macs safe from the dangers of the Internet (http://www.intego.com/virusbarrier).
VirusBarrier Express lets users run manual or scheduled scans of any file, folder or volume on their Mac for which they have rights. It offers the following features:
- Scans and repairs Mac OS X malware, Microsoft Word, Excel or PowerPoint documents and Java malware,
- Scans zip archives
- Users can run Quick Scans or Full Scans
- Scans can be scheduled
- Users can specify trusted files and folders
- A contextual menu lets users scan individual files or folders on demand
- Malware definitions are updated at least once a month.
- No impact on performance
- Easy to use
VirusBarrier Express is available in English, Chinese, Dutch, French, German, Italian, Japanese, Portuguese, Russian and Spanish.
VirusBarrier Express is a free download, and is only available from the Mac App Store: http://www.intego.com/vbe.