Follow MKF via Twitter > Facebook > Reddit > Apple News (iOS)

How to find if your apps are affected by the Sparkle hijack

Wed Feb 10, 04:57 PM

As reported by MacRumors and various other sources, Mac apps that use the Sparkle back-end software to auto-update are potentially vulnerable to a hack attack.

Says MacRumors:

Apps that use a vulnerable version of Sparkle and an unencrypted HTTP channel for server updates are at risk of being hijacked to transmit malicious code to end users. The Sparkle framework is used by apps outside of the Mac App Store to facilitate automatic software updates.

In other words, apps that use the Sparkle back-end over the secure HTTPS are NOT affected. Only those that use HTTP might be.

What it means is that malicious interests can essentially take-over the update routine, offering users hacked apps that might open their system to attack. The user will be unaware because the app will look legitimate. This hasn’t happened yet, and likely will never happen. But it remains a possibility.

You can find out what applications on your system use the Sparkle back-end by opening a Terminal window (you’ll find it in the Utilities folder in the Applications list) and pasting in the following single line command. Potentially affected apps will then be listed:

 find /Applications -name Sparkle.framework | awk -F'/' '{print $3}' | awk -F'.' '{print $1}'

This will not distinguish between those that use HTTP or HTTPS, though.

Alternatively, you can use the following command for a more precise scan. It will scan apps for their update server addresses and produce a list of those that use HTTP, and that therefore might be vulnerable. Because URLs are reported you might have to do some detective work to find out what the affected app name is, because the URL will probably be that of the developer rather than one dedicated to the app itself:

 for i in /Applications/*/Contents/Info.plist; do defaults read "$i" SUFeedURL 2>/dev/null; done|grep -iv https

If any of the apps you discover using the above command flash-up an update message when you start them (see above for an example of how it might look), be safe and cancel the dialog box. Then head over to the app developer’s website and download the latest version of the app manually.


Leave a comment... [1]


Summon Apple Watch glances via Siri

Wed Feb 10, 04:30 PM

Here’s a tip that’ll make your Apple Watch that little bit more useful.

You can summon any Glance using Siri – even if that Glance isn’t activated in the Apple Watch settings app. All you need do is wake the watch in the usual way and say something like:

“Hey Siri, show me the battery Glance”


“Hey Siri, show me the BBC News Glance”

The Glance will then appear below and, in the case of the BBC News Glance, you can keep abreast of world affairs without pressing a single button.

To remind you, here are some built-in glances you might attempt to summon – and remember that you DON’T have to have these glances activated in settings for Siri to be able to summon them:

  • Settings
  • Heartbeat
  • Battery
  • Weather
  • Activity
  • Calendar
  • World Clock
  • Stocks
  • Now Playing
  • Maps

Some third-party apps have their own glances, of course. A couple of my favorites are BBC News and Dark Sky.


Leave a comment... [1]


10 top apps for just $19.99, saving 80%

Tue Feb 9, 07:30 PM

MacUpdate has done it again to bring you 10 essential apps for an incredible $19.99, saving 80% of the usual retail price. As always, even if you only want a few of the apps this is still an extraordinarily good deal.

Here’s what you get:

Typeeto: Turn Your Mac keyboard into a Bluetooth Keyboard. Usually sold for $9.99.

SnapNDrag Pro: Click-and-Drag Screenshot Utility. Usually sold for $9.99.

Paragraphs: The Writing Tool for Writers. Usually sold for $9.99.

Get Backup Pro: Powerful Backup, Synchronization & Cloning Utility. Usually sold for $9.95.

NZBVortex: Lightweight Usenet NZB Download Client. Usually sold for $10.00.

AirRadar: Easy-to-use, Personalized Wireless Network Scanner. Usually sold for $9.95.

Minitube: Native YouTube client. Usually sold for $9.75.

Rewind: Continuously record the last sixty seconds of your screen. Usually sold for $10.00.

Cardsmith: Greeting card creation program. Usually sold for $9.99.

PhotoSweeper: Find, sort, and eliminate similar photos. Usually sold for $9.99.

As always this is a time limited offer so you’ll need to make your mind-up sooner rather than later. If you place your order very quickly, however, and you’ll also get a free copy of FX Photo Studio CK!


Leave a comment...


Hacking a 128GB iPhone upgrade for $60

Tue Feb 9, 06:12 PM

How would you like to upgrade your 16GB iPhone 6 (or earlier) to 128GB for only $60? Well, if you live near Shenzen, China then you’re in luck.

Just watch the video below. As the presenter explains, the process is very simple and can be carried out within half an hour by an experienced engineer. First the old memory chip is removed from the disassembled iPhone using a heat gun, because it’s actually glued in place. It’s then cloned completely to the swap-in 128GB chip, so the all-important serial number data is copied across. The new 128GB chip is then glued in place within the phone and iOS reinstalled.

This is possible because, aside from their memory chips, all iPhones have identical features within the same product line. That said, you’re going to want to wait until your iPhone is out of warranty before doing this. However, I strongly suspect that we might start seeing memory upgrade kits being sold on eBay, if they aren’t already.


Leave a comment...


Error 53: iFixIt calls out Apple, tells the whole truth

Tue Feb 9, 02:47 PM

iFixIt’s Kyle Wiens provides a superb rundown of the Error 53 issue, detailing the story so far as well as technical information. We’d expect nothing less from the Internet’s best repair site.

Apple’s been hiding behind the excuse that Error 53 is caused by “other invalid components” used when repairs are made by non-Apple personnel, with particular reference to the Touch ID sensor. iFixIt calls them on this, pointing out:

Error 53 isn’t necessarily a problem of third-party parts. It can happen with new OEM parts out of a different iPhone. It’s a matter of synchronization—not third-party parts.

In short, it’s a mess – and the kind of mess that Apple seems very good at walking into, even during the Jobsian era (remember Antennagate?)


Leave a comment...


Busted by the FBI on your iPhone? Here's how to deal with it

Tue Feb 9, 12:48 PM

Had an FBI warning pop-up on your iPhone while browsing, that you just can’t get rid of? Don’t worry. It’s not an actual FBI warning and it’s NOT a virus, as some blogs are reporting. It’s just a stupid annoying Javascript trick created by stupid annoying people – of which there are, sadly, a lot on the Internet.

Getting rid of it is easy, although it involves wiping website data and cookies, which will mean you have to input your username and password again on some sites.

If you’re an experienced iPhone user, here’s what to do:

  • Clear the Safari browser cache and website data using the Settings app;
  • Force quit Safari by using the task manager.

If that sounds confusing, here are the simple steps to follow:

  1. Click the Home button to get back to your main apps listing.
  2. Open the Settings app, and navigate to the Safari heading.
  3. Tap the blue Clear History and Website Data heading.
  4. Tap the Clear History and Data heading that slides up from the bottom of the screen.
  5. Tap the Advanced heading below, then tap the Website Data heading.
  6. Tap the red Remove All Website Data heading at the bottom.
  7. Double-click the Home button to open the task manager.
  8. Swipe through the apps thumbnails until you find Safari but DON’T tap to activate it. Instead, swipe it upwards, so the thumbnail disappears off the top of the screen.
  9. Click the Home button in order to return to the main apps listing, and then start Safari again. It should now be free of the faux-FBI warning.


Leave a comment...


Brits! Get the Apple Watch for up to £120 discount

Fri Feb 5, 09:03 PM

Here’s one just for the British readers of Mac Kung Fu: electrical retailer Currys is currently offering the Apple Watch range for discounts ranging from £50, for the Sport models, up to £120 for the Stainless Steel models.

Free delivery is available, as well as pick-up in-store.

Who knows how long this’ll last for, and indeed some of the range is already out of stock, so take a look sooner rather than later!

[Note for non-UK readers: £120 is US$170, which might sound a lot, but like most computing items the Apple Watch is sold in the UK for much more than the US equivalent price thanks to a dodgy dollar/sterling rate as well as 20% point of sale tax (VAT)]


Leave a comment...


Superb iPhone and iPad video editor is now free: Videoshop

Thu Feb 4, 07:11 PM

Apple’s made the Videoshop video editing app free of charge until 10 March 2016. To get it you’ll need to use the Apple Store app on your iPhone or iPad (note: NOT the App Store!), then tap the Featured icon at the bottom and scroll down until you see the headline, “Make awesome videos”. Then tap to redeem the voucher code.

The app costs $1.99 if you choose to buy it ordinarily.

Amongst the app’s superb feature list are:

1. Trim: Cut out any unwanted moments. You can also split your videos into multiple clips.
2. Music: Add from your iPod library or Buy Clips from the Videomall.
3. Sound effects: Choose from animals noises, farts, Vine quotes, explosions, laughter, etc.
4. Slow motion (or fast motion): Adjust video or audio speed to slow or fast.
5. Adjust Display: Change Brightness, Contrast, Saturation, etc.
6. Merger: Combine multiple clips into one.
7. Text: Type your own text with color and various fonts.
8. Voice overs: Record your own voice over the video.
9. Animated titles: Introduce your videos with animated titles.
10. Filters: Select from several filters to enhance your videos.
11. Transitions: Choose from 10 transitions to animate between video clips.
12. Photos: Create slideshows easily.
13. Stop Motion: Create Vine videos with stop motion recording.
14. Resize: Rescale your video within the video frame.
15. Reverse: Playback videos in reverse.
16. Copy: Create duplicate video clips.
17. Tilt Shift: Add depth to your videos.
18. Share on Vine, Snapchat, Instagram, Facebook, YouTube, Vimeo, Dropbox, Whatsapp or by E-mail.


Leave a comment...


How to watch the Superbowl live on your Apple TV

Thu Feb 4, 05:33 PM

Only a few days now!



Leave a comment...


Unbelievable: 2TB cloud backup for life – just $49

Thu Feb 4, 05:00 PM

We’re becoming known here on Mac Kung Fu for providing exceptional and often unbelievable offers for online protection. The latest we’ve tracked down is simultaneously no exception, yet simultaneously quite exceptional:

There are no gotchas. No limitations. You can sync multiple computers (Mac and PC) and all types of file. Other features include:

  • Deleted files as well as older versions of existing files are stored for up to 30 days and you can restore them with just one click.
  • Multiple data center usage means your data is always safe, and there are NO SPEED LIMITS or bandwidth limitations.
  • Streaming from mobile devices means you can use the backup like a cloud storage drive to stream movies to your iPad or iPhone, or via web browsers.
  • 24/7 support means you’ll always have a response to any issue within 24 hours.

Who can argue with just $49 for a lifetime of this level of backup? Note that this is a limited-time offer that, at the time of writing, ends in four days.


Leave a comment... [3]


« Older