As reported by MacRumors and various other sources, Mac apps that use the Sparkle back-end software to auto-update are potentially vulnerable to a hack attack.
Apps that use a vulnerable version of Sparkle and an unencrypted HTTP channel for server updates are at risk of being hijacked to transmit malicious code to end users. The Sparkle framework is used by apps outside of the Mac App Store to facilitate automatic software updates.
In other words, apps that use the Sparkle back-end over the secure HTTPS are NOT affected. Only those that use HTTP might be.
What it means is that malicious interests can essentially take-over the update routine, offering users hacked apps that might open their system to attack. The user will be unaware because the app will look legitimate. This hasn’t happened yet, and likely will never happen. But it remains a possibility.
You can find out what applications on your system use the Sparkle back-end by opening a Terminal window (you’ll find it in the Utilities folder in the Applications list) and pasting in the following single line command. Potentially affected apps will then be listed:
This will not distinguish between those that use HTTP or HTTPS, though.
Alternatively, you can use the following command for a more precise scan. It will scan apps for their update server addresses and produce a list of those that use HTTP, and that therefore might be vulnerable. Because URLs are reported you might have to do some detective work to find out what the affected app name is, because the URL will probably be that of the developer rather than one dedicated to the app itself:
for i in /Applications/*/Contents/Info.plist; do defaults read "$i" SUFeedURL 2>/dev/null; done|grep -iv https
If any of the apps you discover using the above command flash-up an update message when you start them (see above for an example of how it might look), be safe and cancel the dialog box. Then head over to the app developer’s website and download the latest version of the app manually.
MacUpdate has done it again to bring you 10 essential apps for an incredible $19.99, saving 80% of the usual retail price. As always, even if you only want a few of the apps this is still an extraordinarily good deal.
Here’s what you get:
Typeeto: Turn Your Mac keyboard into a Bluetooth Keyboard. Usually sold for $9.99.
SnapNDrag Pro: Click-and-Drag Screenshot Utility. Usually sold for $9.99.
Paragraphs: The Writing Tool for Writers. Usually sold for $9.99.
Get Backup Pro: Powerful Backup, Synchronization & Cloning Utility. Usually sold for $9.95.
NZBVortex: Lightweight Usenet NZB Download Client. Usually sold for $10.00.
AirRadar: Easy-to-use, Personalized Wireless Network Scanner. Usually sold for $9.95.
Minitube: Native YouTube client. Usually sold for $9.75.
Rewind: Continuously record the last sixty seconds of your screen. Usually sold for $10.00.
Cardsmith: Greeting card creation program. Usually sold for $9.99.
PhotoSweeper: Find, sort, and eliminate similar photos. Usually sold for $9.99.
As always this is a time limited offer so you’ll need to make your mind-up sooner rather than later. If you place your order very quickly, however, and you’ll also get a free copy of FX Photo Studio CK!
How would you like to upgrade your 16GB iPhone 6 (or earlier) to 128GB for only $60? Well, if you live near Shenzen, China then you’re in luck.
Just watch the video below. As the presenter explains, the process is very simple and can be carried out within half an hour by an experienced engineer. First the old memory chip is removed from the disassembled iPhone using a heat gun, because it’s actually glued in place. It’s then cloned completely to the swap-in 128GB chip, so the all-important serial number data is copied across. The new 128GB chip is then glued in place within the phone and iOS reinstalled.
This is possible because, aside from their memory chips, all iPhones have identical features within the same product line. That said, you’re going to want to wait until your iPhone is out of warranty before doing this. However, I strongly suspect that we might start seeing memory upgrade kits being sold on eBay, if they aren’t already.
iFixIt’s Kyle Wiens provides a superb rundown of the Error 53 issue, detailing the story so far as well as technical information. We’d expect nothing less from the Internet’s best repair site.
Apple’s been hiding behind the excuse that Error 53 is caused by “other invalid components” used when repairs are made by non-Apple personnel, with particular reference to the Touch ID sensor. iFixIt calls them on this, pointing out:
Error 53 isn’t necessarily a problem of third-party parts. It can happen with new OEM parts out of a different iPhone. It’s a matter of synchronization—not third-party parts.
In short, it’s a mess – and the kind of mess that Apple seems very good at walking into, even during the Jobsian era (remember Antennagate?)
Getting rid of it is easy, although it involves wiping website data and cookies, which will mean you have to input your username and password again on some sites.
If you’re an experienced iPhone user, here’s what to do:
Clear the Safari browser cache and website data using the Settings app;
Force quit Safari by using the task manager.
If that sounds confusing, here are the simple steps to follow:
Click the Home button to get back to your main apps listing.
Open the Settings app, and navigate to the Safari heading.
Tap the blue Clear History and Website Data heading.
Tap the Clear History and Data heading that slides up from the bottom of the screen.
Tap the Advanced heading below, then tap the Website Data heading.
Tap the red Remove All Website Data heading at the bottom.
Double-click the Home button to open the task manager.
Swipe through the apps thumbnails until you find Safari but DON’T tap to activate it. Instead, swipe it upwards, so the thumbnail disappears off the top of the screen.
Click the Home button in order to return to the main apps listing, and then start Safari again. It should now be free of the faux-FBI warning.
Here’s one just for the British readers of Mac Kung Fu: electrical retailer Currys is currently offering the Apple Watch range for discounts ranging from £50, for the Sport models, up to £120 for the Stainless Steel models.
Free delivery is available, as well as pick-up in-store.
Who knows how long this’ll last for, and indeed some of the range is already out of stock, so take a look sooner rather than later!
[Note for non-UK readers: £120 is US$170, which might sound a lot, but like most computing items the Apple Watch is sold in the UK for much more than the US equivalent price thanks to a dodgy dollar/sterling rate as well as 20% point of sale tax (VAT)]
Apple’s made the Videoshop video editing app free of charge until 10 March 2016. To get it you’ll need to use the Apple Store app on your iPhone or iPad (note: NOT the App Store!), then tap the Featured icon at the bottom and scroll down until you see the headline, “Make awesome videos”. Then tap to redeem the voucher code.
1. Trim: Cut out any unwanted moments. You can also split your videos into multiple clips.
2. Music: Add from your iPod library or Buy Clips from the Videomall.
3. Sound effects: Choose from animals noises, farts, Vine quotes, explosions, laughter, etc.
4. Slow motion (or fast motion): Adjust video or audio speed to slow or fast.
5. Adjust Display: Change Brightness, Contrast, Saturation, etc.
6. Merger: Combine multiple clips into one.
7. Text: Type your own text with color and various fonts.
8. Voice overs: Record your own voice over the video.
9. Animated titles: Introduce your videos with animated titles.
10. Filters: Select from several filters to enhance your videos.
11. Transitions: Choose from 10 transitions to animate between video clips.
12. Photos: Create slideshows easily.
13. Stop Motion: Create Vine videos with stop motion recording.
14. Resize: Rescale your video within the video frame.
15. Reverse: Playback videos in reverse.
16. Copy: Create duplicate video clips.
17. Tilt Shift: Add depth to your videos.
18. Share on Vine, Snapchat, Instagram, Facebook, YouTube, Vimeo, Dropbox, Whatsapp or by E-mail.