Apple makes use of a number of open source technologies in its software products, but operating systems like iOS and OS X are hardly considered “open.” Apple has tight control over nearly every aspect of its mobile and desktop operating systems, ensuring that its products come as close as possible to resembling Apple’s vision from the moment they reach consumers’ hands until they are eventually replaced. While no one can deny the fact that Apple’s strategy has been a recipe for success thus far, a number of pundits believe Apple needs to loosen its grip on iOS and OS X if it hopes to maintain this success moving forward. Now, digital freedom fighters at the Electronic Frontier Foundation have weighed in on the issue.

“Apple’s recent products, especially their mobile iOS devices, are like beautiful crystal prisons, with a wide range of restrictions imposed by the OS, the hardware, and Apple’s contracts with carriers as well as contracts with developers,” the EFF’s Micah Lee and Peter Eckersley wrote in a post on the group’s blog. “Only users who can hack or ‘jailbreak’ their devices can escape these limitations.”

Apple pundits argue that this very notion is the reason Apple’s products are so successful. According to the EFF, however, consumers are being hurt by Apple’s closed model. Using the iOS App Store as an example, the group states that Apple is locking down its devices and preventing users from accessing an endless supply of great apps since only software approved by Apple makes it into the App Store.

“Apple changed the way we think about mobile computing with the iPhone, but they have also lead the charge in creating restrictive computers and restrictive marketplaces for software,” the EFF wrote. “You may have purchased an iPad, but unless you’ve exploited a vulnerability in iOS to jailbreak it, there are many things you cannot install on it. The App Store has thousands of apps to choose from, but your choices are limited to apps that both Apple has approved, and which can function without ‘root’ or ‘administrator’ privileges.”

The organization continued, “Apple has been known to reject or remove apps from sale because of their content (WikiLeaks app banned, eBook reader with access to Kama Sutra banned), for not using Apple to process payments, and for being capable of executing code that Apple can’t approve. While Apple’s policies have improved in the the years since the iPhone first launched, the company still maintains total control over what apps are available to consumers. Unlike Android, iOS does not have an option to install apps from sources other than the App Store.”

Lee and Eckersley conclude that Apple and its customers would be best served if the company takes the advice of Apple co-founder and former executive Steve Wozniak, who recently called for the Cupertino, California-based company to open its platforms for those who wish to alter them or add functionality not approved by Apple. ”No place, and no system, can be perfect if it denies its citizens the freedom to change it, or the freedom to leave,” the EFF said.

Security firm Kaspersky Lab has begun to independently examine Apple’s Mac OS X platform and found that it’s highly vulnerable to malware. ”As Mac OS X market share continues to increase, we expect cyber-criminals to continue to develop new types of malware and attack methods, ” the company’s CTO Nikolai Grebennikov said. “In order to meet these new threats, Kaspersky Lab has been conducting an in-depth analysis of Mac OS X vulnerabilities and new forms of malware.” Kaspersky Lab co-founder and chief executive Eugene Kaspersky previously said that Apple is a decade behind Microsoft in terms of computer security, a view Grebennikov shares.

“Our first investigations show Apple doesn’t pay enough attention to security. For example, Oracle closed a vulnerability in Java, which was a target for a major botnet several months ago,” Grebennikov said. “Apple blocked Oracle from updating Java on Mac OS, and they perform all the updates themselves. They only released the patch a few weeks ago – two or three months after the Oracle patch. That’s far too long.” Grebennikov said the existence of the botnet shows that “Apple’s security model isn’t perfect.”

While the executive claimed that he has yet to identify any iOS-specific malware, he expects to see iPads and iPhones being infected by malware in 2013. “Our experience tells us that in the near future, perhaps in a year or so, we will see the first malware targeting iOS,” he said.

Grebennikov maintains that the security analysis Kaspersky Lab has been conducting is independent of Apple, however the Cupertino-based company “is open to collaborating with us regarding new Mac OS X vulnerabilities and malware that we identify during our analysis.”

Read [Computing] Read [Engadget]

Apple on Wednesday released an update to its desktop operating system. OS X Lion 10.7.4 contains a number of minor fixes as well as a security update that addresses the FileVault password security issue uncovered recently. The bug made users’ passwords vulnerable by storing them in plain text format. Apple’s 10.7.4 release notes are as follows:

The 10.7.4 update is recommended for all OS X Lion users and includes general operating system fixes that improve the stability, compatibility, and security of your Mac including fixes that:

• Resolve an issue where the “Reopen windows when logging back in” setting is always enabled
• Improve compatibility with certain British third-party USB keyboards
• Address an issue that may prevent files from being saved to a server
• Improve the reliability of copying files to an SMB server

For detailed information on this update, please visit this website: http://support.apple.com/kb/HT5167.

For information on the security content of this update, please visit: http://support.apple.com/kb/HT1222.

The OS X Lion 10.7.4 update can be downloaded immediately through the integrated software update utility in OS X.

While Windows-powered “ultrabooks” have yet to really make a splash in the market, Apple is reportedly considering a move that could further limit their appeal as vendors prepare a second wave of less expensive ultrabook models. Citing unnamed sources within Apple’s supply chain, Digitimes on Monday reported that Apple is readying a new entry-level MacBook Air model that could launch in the third quarter this year. Details are extremely limited, though it is presumed that the notebook will be an updated 11-inch model that could launch around the same time as Apple’s new 13- and 15-inch MacBook Pro models, which are expected to become available some time this summer. Apple may reveal the new model during its annual Worldwide Developer Conference, which begins on June 11th.

Read

Microsoft researchers recently discovered a piece of Mac OS X malware that exploits a three-year-old flaw in old versions of Office for Mac. The threat uses a multi-stage attack, just like a Windows virus would. While Microsoft did fix the problem in 2009, the software giant notes that not every machine is up-to-date. The company’s data indicates, however, that the malware is not widespread. “No operating system that exists outside a laboratory is entirely immune to malware,” Microsoft stated on its blog. “As different operating systems continue to gain in popularity they attract more attention from would-be attackers – especially since, as we see in the example analysis above, the techniques and understanding needed to do so may be much the same as those used against other platforms. And even though an operating system may include many risk-reducing mitigation technologies, any machine’s defenses against vulnerabilities are directly related to how current its security updates for applications are kept.” Microsoft concludes by warning users of Office 2004 for Mac, Office 2008 for Mac or Open XML File Format Converter for Mac to update their software in order to protect themselves from possible threats.

Read

The “Flashback” virus that originated on a series of WordPress blogs and went on to infected more than 600,000 Mac computers last month may have generated its creators thousands of dollars each day. According to antivirus software firm Symantec, the Flashback malware has been generating revenue for its authors by hijacking users’ ad clicks, and due to the widespread nature of the infection, the authors could have been generating up to $10,000 per day. “Flashback specifically targets search queries made on Google and, depending on the search query, may redirect users to another page of the attacker’s choosing, where they receive revenue from the click,” the firm explained, adding that Google never receives the intended ad click. Symantec notes that ad-clicking Trojans are nothing new and a botnet of 25,000 infections could generate an author up to $450 per day.

Read

Apple may be the most valuable company in the world, but when it comes to security, the Cupertino-based company doesn’t hold a candle to Microsoft. Kaspersky Lab co-founder and chief executive Eugene Kaspersky on Wednesday told CBR that Apple is a decade behind Microsoft in terms of computer security. ”I think they are ten years behind Microsoft in terms of security,” Kaspersky said. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but [Flashback] was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms.” More than 600,000 Macs were infected by the Flashback trojan virus before it was discovered earlier this month and the exploit it used to infect OS X PCs was patched. “Apple will understand very soon that they have the same problems Microsoft had ten or 12 years ago,” Kaspersky said. ”They will have to make changes in terms of the cycle of updates and so on and will be forced to invest more into their security audits for the software.”

Read

Since Microsoft released its Windows 8 Consumer Preview in February, millions of users have downloaded the software giant’s latest operating system, which looks to carefully blend its existing mobile and desktop experiences into one. According to research from ad network Chitika, the Windows 8 CP adoption rate in the U.S. and Canada has doubled that of OS X Mountain Lion, Apple’s upcoming operating system. Of course Microsoft’s Windows 8 preview is publicly available for free while Apple’s Mountain Lion preview is available only to those with paid developer accounts. Chitika’s research was conducted from April 13th to April 19th and it analyzed hundreds of millions of impressions across the Chitika ad network. The Consumer Preview makes up .1% of all Windows traffic and exhibits traffic levels more than three times the peak level that the Windows 8 Developer Preview produced. The increased level of activity is a good sign for Microsoft, which will reportedly complete work on Windows 8 this summer. According to rumors, the first wave of PCs and tablets powered by the new platform are slated to launch in October.

Read

Apple announced on Wednesday that its annual Worldwide Developer Conference will take place from June 11th through June 15th this year in San Francisco, California. The company made tickets available at around 8:30 a.m. EDT on Wednesday, and they were sold out within two hours, likely before most West Coast-based developers even woke up. Tickets are not transferable this year and as such, developers who didn’t manage to secure a ticket don’t have many options. One man, however, found a way around Apple’s restrictions.

An anonymous developer on Wednesday posted a want ad on Craigslist. Under the headline, “I will legally change my name to yours for a WWDC ticket – $1600,” the San Francisco-based man offered any takers as much as $2,100 plus other services in exchange for a ticket to the conference, which costs $1,600 when purchased directly from Apple. Because tickets are not transferable, the man said he would also legally change his name, thus allowing him to use the ticket.

In addition to the name-change and $1,600, the man offered a number of perks. As he and any potential taker will share a name once the transaction is complete, the eager developer has agreed to perform jury duty, handle tasks at the department of motor vehicles and perform up to 40 hours of court-ordered community service in place of the ticket holder. He also offered a $500 bonus if the ticket holder’s first name is Jebodiah.

Apple’s developer conference this year will offer more than 100 sessions focused on developing for the iOS and OS X platforms. Apple will also likely unveil new products during its keynote on June 11th, though a new iPhone is not expected to be announced until later this year.

Security firm Intego on Monday announced that it had discovered a new variant of the Flashback malware called Flashback.S that continues to use a Java vulnerability Apple has already patched. This variant requires no password to install, and it places its files into the user’s home folder in “~/Library/LaunchAgents/com. java.update.plist” and “~/.jupdate.” Once Fashback.S is installed, it will then delete all files and folders in “~/Library/Caches/Java/cache” in order to delete the applet from the infected Mac, and avoid detection. The virus is actively being distributed, although it will not install if it finds Intego VirusBarrier X6, Xcode or Little Snitch installed on the Mac it tries to attack.

Read

A group of developers in Russia recently launched the “HackStore,” a centralized location for third-party OS X applications. Like Cydia on iOS, the HackStore is a software hub that allows developers to distribute applications without having to endure Apple’s approval process. The developers behind the project claim that piracy will not be tolerated in their app store, though it is unclear exactly what measures they are taking to prevent pirated software from being distributed through the HackStore. “The biggest Mac Appstore problem is that they limit their users in everything, without giving an opportunity to expand these limits,” HackStore’s creators wrote on their website. “This is not correct, because ONLY users should decide which applications they should install and which one do not. We think HackStore [will] break through the narrow confines of Mac Appstore.”

[Via Engadget]

Read

Security firm Sophos on Tuesday indicated that a surprisingly high level of malware has been found on Mac computers — the firm’s research revealed that one in every five Mac computers is harboring some kind of Windows malware. Of the 100,000 customers sampled through Sophos’s antivirus offerings, 20% of users were found to be carrying one or more instances of Windows malware. The firm highlighted that Windows malware on a Mac won’t cause any harm, however, unless the computer also runs a Windows partition in addition to OS X. The company’s research found that just 2.7% of Macs that installed the company’s free anti-virus software were infected by OS X malware. Nearly all of the OS X malware discovered was an iteration of the “Flashback” trojan called “Flshplyr.” Sophos said that cybercriminals may find Macs to be targets because OS X users are less likely to be running an anti-virus software, however Macs can get viruses and the right software can keep a user’s computer safe. A second pie chart follows below.

Read

Research analyst Ming-Chi Kuo of KGI Securities predicts that Apple may discontinue the 17-inch MacBook Pro model due to weak sales, MacRumors reported on Monday. The analyst has previously offered accurate information regarding the discontinuation of Mac products, specifically the 13-inch Macbook in 2011. Kuo estimates Apple will sell 5.32 million Mac computers in the second quarter of 2012, representing a 35.2% year-over-year increase. The Cupertino-based company is expected to launch an updated line of MacBook computers this summer that will be will be thinner and may feature Retina-resolution displays.

Read

Apple responded fairly quickly to news that more than 600,000 Mac computers were infected with a trojan virus called “Flashback.” One week after the massive botnet was discovered, Apple issued an update fixing the Java vulnerability that allowed Flashback to infect the machines, as well as a removal tool for affected machines. Despite the company’s efforts, Symantec stated on Tuesday evening that approximately 140,000 OS X PCs were still infected with the virus at that time. “The statistics from our sinkhole are showing declining numbers on a daily basis,” the company wrote on its blog. “However, we had originally believed that we would have seen a greater decline in infections at this point in time, but this has proven not to be the case. Currently, it appears that the number of infected computers has tapered off, but remains around the 140,000 mark.” Symantec offers its own Flashback removal tool separate from the one Apple made available in a system update on April 12th.

Read

The “Flashback” trojan virus affecting at least 600,000 Macs was discovered last week that is capable of intercepting passwords and other private data. The discovery prompted Apple to release a Java update for OS X users that removed a number of common variants of the virus. Securelist on Saturday found another Mac trojan that is also spread through Java exploits, however. The malware, called Backdoor.OSX.SabPub, can take screenshots of a user’s current session, execute commands on an infected machine and connect to a remote website to transmit the data. It is not clear how users get infected with the trojan, but because of the low number of instances and the trojan’s backdoor functionality, Securelist speculates that it is most likely used in targeted attacks, possibly launched through emails containing a URL pointing to two one of websites hosting the exploit.

Read