G$earch

New exploit uses old Office vulnerability for OS X malware delivery

Posted by Harshad

New exploit uses old Office vulnerability for OS X malware delivery


New exploit uses old Office vulnerability for OS X malware delivery

Posted: 27 Mar 2012 06:15 PM PDT

Some malware groups have recently been found to be taking advantage of an old, patched vulnerability in Microsoft Office for OS X in an attempt to spread command-and-control malware to OS X systems.

The vulnerability used in the attack is outlined in a Microsoft security bulletin in June 2009, which applied to all versions of Office 2004 version 11.5.4 or earlier, Office 2008 version 12.1.8 or earlier, and OpenXML Converter 1.0.2 or earlier.

The vulnerability was patched soon after it was found, and currently all supported Office programs are well beyond these versions. However, malware developers are attempting to exploit unpatched systems. These efforts mark the first time Office documents have been used as a vehicle for attacks in OS X.

For this attack to work, you would need to open a maliciously crafted Word file that has likely been distributed via spam and other suspicious means that could easily be avoided. When a maliciously crafted Word file is opened in an unpatched version of Word for Mac, it runs a script that writes the document's malware payload to the disk and executes a shell script that runs the malware. In addition it displays a Word document containing a poorly formatted political statement about Tibetan fre... [Read more]

Apple releases Logic Pro and Express updates

Posted: 27 Mar 2012 05:27 PM PDT

If you are an audio enthusiast or musician and make use of Apple's Logic Pro or Logic Express software packages, then Apple has released a couple of updates that address compatibility, performance, and stability in these programs.

While the updates have not yet been listed on Apple's support download page, they should be available via Software Update for those who have either Logic Pro or Logic Express installed, so you can manually invoke Software Update from the Apple menu to get these updates.

According to the release notes for each of these updates (Logic Pro and Logic Express), the following problems have been addressed in both programs:

Compatibility

  • Provides compatibility with songs created with GarageBand for iOS 1.2.
  • Resolves an issue in Logic Pro 9.1.6 in which projects with a large number of fades displayed "I/O Error, Result code = -36" when playback was started.
  • Improves performance when using multiple instances of EXS24 in 32-bit mode with EXS24 Virtual Memory mode active.
  • Resolves several issues related to the download and installation of basic and additional content.
  • Resolves an issue that could occur which caused the application to stop responding when performing Undo. This would occur after deleting... [Read more]

Seesmic launches Pro version, adds ads to free version

Posted: 27 Mar 2012 04:26 PM PDT

The new combined view is available to Seesmic Pro users.

(Credit: Seesmic)

Popular social networking app Seesmic got an update today in the form of new features and a brand-new paid Pro version. While at first glance this may seem like all good news, I must warn you that there is a bit of a downside.

First, the good stuff. All Seesmic users now have the ability to view Instagram and Twitter thumbnails right from within the timeline, which is a lot more convenient than before. Along with that, they can now upload images directly to Twitter natively. And of course, there are the requisite minor bug fixes and performance improvements that come with pretty much every other app update.

Then, there's the brand-new offering, Seesmic Pro. For $2.99, this premium version of the app comes with the ability to view updates from multiple accounts, all within a single timeline. This includes Facebook as well as Twitter. While I don't personally like to mix feeds from my different accounts, there are certainly a ton of users out there who do, which is why this little addition is important.

Now here's where the story gets a little fishy: Seesmic Pro also comes ad-free, which is awesome news for paying users. Unfortunately this means that users of the free app, who have always enjoyed an ad-free experience previously, now get to see ads popping into their timelines every so often. For dedicated See... [Read more]

Tibet.A malware for OS X uses Flashback Java vulnerabilities

Posted: 27 Mar 2012 03:54 PM PDT

One recent malware program for OS X that has caused concern has been the Flashback Trojan, which in its latest variants has taken advantage of Java security holes to embed code in programs or user accounts that will launch the malware when Web browsers are used. Once run, the malware tries taking screenshots and otherwise collect information to upload to remote servers.

Apparently the Java exploit used in this malware is catching on, and other malware have been developing that uses the same route of attack. Recently Intego reported on a new Trojan horse called Tibet.A (in its first revision), which downloads a Java applet when you visit a malicious Web page (URLs to such are apparently being sent via e-mail spam links), and installs a backdoor program. This malware works on Windows PCs and OS X. Apparently the Web page involved will determine the platform being used and will send the appropriate binaries to the computer.

As with the Flashback malware, since this vulnerability only requires access to the user's account, no password is required to run or install it, provided users are running older versions of Java and have Java enabled on their browsers. The malware is similar in other respects to the Flashback threat; however... [Read more]

Why I'm still frustrated with Google Voice

Posted: 27 Mar 2012 03:36 PM PDT

Google Voice on Ice Cream Sandwich.

(Credit: Google)

Remember those fateful words that no kid ever wanted to hear from their teacher: You've got so much po-tential? "Potential" is a compliment when you're just starting out in your field, and veiled disappointment after you've been in it for years. The sentiment describes exactly how I feel about Google Voice.

Let me just say that I've been using Google Voice on mobile since the apps first premiered for Android and iPhone -- and I continue to use it every day on both platforms. In fact, I depend on it for my job.

(Credit: Google)

As a cell phone reviewer, I'm constantly testing new phones. Google Voice gives me a centralized place to access my family and friends' calls and texts. Since they only see the message or incoming call, it doesn't matter which device I use to reach out.

Google Voice has a ton of features, many of them exceedingly useful, like call forwarding, free texts to the U.S. and Canada, visual voice-mail transcription, and international texting.[Read more]

PhotoToaster soon to turn up the heat with more effects, options

Posted: 27 Mar 2012 12:38 PM PDT

New lighting adjustments let you use effects like Bleach Bypass to enhance your images.

(Credit: Screenshot by East Coast Pixels)

The original PhotoToaster ($1.99) was already a favorite among photo app users, and I've had a chance to check out a demo of PhotoToaster 3.0, which adds several new features to make the app an even stronger image editor.

New lighting adjustments and presets Several new one-touch presets have been added in the latest version including Clarify, Amplify, Bleach Bypass, Sketch, Dynamic HDR, and Dramatic. Each of the new effects I tried in my testing added even more options for playing with your images, and -- like the original -- you have the option to use sliders to fine-tune each effect.

The addition of new lighting adjustments in PhotoToaster 3.0 are what make these new effects possible, letting you lighten shadows, adjust intensity and midtones, and give you the ability to "save" poorly lit photos. You also can now adjust black intensity for better contrast in your images.

You now can browse through recent edits to go back to your last saved copies for more fine tuning.

(Credit: Screenshot by East Coast Pixels)

PhotoToaster also will now have the option to decrease noise in photos. Images taken in low light ... [Read more]

At long last, Temple Run jumps onto Android

Posted: 27 Mar 2012 11:48 AM PDT

(Credit: Imangi Studios)

With more than 45 million downloads from the iTunes App Store, Temple Run is easily one of the most popular running/escape-style games available on iOS. Now, after several months of pining by rabid fans, Android gamers get to share in all the addictive fun.

Different from most other perpetual running games, Temple Run offers a 3D, over-the-shoulder point of view. This unique game style feels a lot more intense, which to me, makes the game a lot more addictive than typical side-scrolling runners. As an Indiana Jones-type character, your job is to run and navigate your way through levels, while taking care to jump over and slide under obstacles. Oh and of course, there are also evil monkeys hot on your tail, just because.

Temple Run (download) is available now for free download from the Google Play store.

[Read more]

Latest BlueStacks ARMs your PC

Posted: 27 Mar 2012 05:00 AM PDT

Angry Birds Space running in the BlueStacks beta app player for Windows.

(Credit: BlueStacks)

The BlueStacks app player for running Android apps on Windows has taken a major step forward today with the release of its first beta, which can run even graphics-intensive Android apps on desktop PCs.

The BlueStacks beta (download) leverages a new, patent-pending technology that the company has developed called LayerCake, which does two things necessary for running Android apps on Windows. First, it powers the app on hardware that it wasn't originally intended to run on. That's basically the ARM to x86 conversion which runs the apps, and it comes with the blessing of one of AMD's head honchos.

"LayerCake is a disruptive technology that enables PC manufacturers to bring the best of the Android ecosystem to their customers. We are excited to work with BlueStacks to make the emerging Android mobile apps market part of the broader computing arena," Manju Hegde, corporate vice president, Content, Applications and Solutions at AMD, said in BlueStacks' statement announcing the new beta.

LayerCake also includes hardware graphics acceleration that wasn't available in last year's BlueStacks alpha. This means that it uses your PC's graphics card to make graphics-intensive apps... [Read more]

0 comments:

Post a Comment