Chinese Security Team Exploits Safari Security Flaw at PWN2OWN [Mac Blog]
Every year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple’s Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe’s Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.
China’s Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple’s sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple’s OS X is difficult to exploit and the operating system overall is very secure.
“For Apple, the OS is regarded as very safe and has a very good security architecture,” Keen team member Liang Chen said. “Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems.”
Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn’t the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.
     |
EE prepping its own low-cost LTE handset for UK launch
We assumed Vodafone would be the first UK network to launch an own-brand LTE handset when a US regulatory filing, of all things, hinted as such. Nothing’s come of that as yet, but it looks instead like competitor EE’s going to give it a shot with the device you see above. Details about the handset itself are scarce, although we know it’ll be Cat 4 and thus take advantage of the theoretical max speeds available on the operator’s “double-speed” plans. From the picture, though, we can see a moderately EE-themed Android skin, three standard soft keys below the display, and what appears to be a polycarbonate band on the bottom edge. Oh, and the silvery back plate with EE logo over to the right.
We believe the phone will be priced below the Alcatel One Touch Idol S as the network’s lowest-cost handset (the Idol S is £130 on pay-as-you-go or from £19 per month on contract currently), but have significantly better specs than the current entry-level offering. EE declined to “comment on rumor and speculation,” but we’re allegedly a good few months from its official release, so still some way from knowing exactly how competitive the own-brand smartphone might be.
Filed under: Cellphones, Mobile
Farewell, CeBIT 2014
CeBIT 2014 is done, and it’s high time that we say goodbye to the Hannover Messe. Of course, much of CeBIT’s thunder has been stolen by Mobile World Congress and IFA, but given the interesting products that we’ve stumbled upon here, there’s clearly still some life in the show. We hope that you enjoyed our efforts, and if you missed any of the news or hands-ons, grab a champagne-flavored ice cream (yes, really) and check out the unabridged list below.
- Samsung’s thing for (faux) leather continues with the ATIV Book 9 Style
- Samsung announces security-minded Cloud Print apps for Android and iOS
- Fujitsu’s palm-scanning laptops won’t be fooled by severed limbs
- MSI gaming laptop packs next-gen NVIDIA graphics and ’3K’ display into Ultrabook thickness
- Fujitsu’s latest all-in-ones don’t need to be turned off
- An e-reader that makes calls: InkPhone promises two weeks on a charge
- UK Prime Minister wants a ‘permanent technological revolution’… and movies downloaded in a second
- Shuttle runs a Haswell Core i7 in a case barely bigger than a disk drive
- Raspberry Pi gets its own sound card
- Plextor targets gamers with ’50 percent faster’ SSD starting at €199 ($275)
- Archos’ octa-core smartphone is surprisingly quick for the price
- Power strips don’t have to be ugly, just ask Powerdrobe
- Archos’ 6.4-inch smartphone puts the buttons on the back
- When you cram an entire smartphone into a watch, you get the Exetech XS-3
- Bend it like robo-Beckham with the U14 Free Kick toy
- NVIDIA says most laptops die after 50 minutes of gaming, claims new GPUs will double stamina
Google Play Store update adds finer security control for app purchases
Making it smoother for you to buy up all the in-app items you need (or make it harder for your kids to do the same), Google’s latest update to the Play Store is adding a new “Require password” settings option, as well as a more eye-catching in-app purchase reminder when applicable apps are downloaded. These security changes might well be in response to a recently-filed class action lawsuit against Google Play, and the ability for children to really ring up those in-app purchases within a 30-minute window. In the company’s defense, however, the default setting requires users to input their password for every app and in-app item.
Apple recently added an in-app purchase nag warning inside its iOS 7.1 update, noting that once the password has been entered, users won’t have to reenter it for 15 minutes. Google’s store update also adds the ability to batch-install apps (ready for that upgrade), although it’s curiously dropped the batch-uninstall function. The fight against bloatware might take a little longer next time.
Filed under: Internet, Software, Mobile, Google
Via: Android Community
Google Play Store update available: Adds ability to set purchase requirements
With all the focus surrounding the class-action lawsuit due to unauthorised charges accumulated through in-app purchases, Google has issued an update to the Google Play Store of which one particular added feature is the ability to set exactly when to be prompted for authentication.
The standard 30-minute window is still there as it always was, and you can follow this tip to set it, but now users can opt to be asked for the password in order to authenticate every App purchase and every in-app transaction.
In addition, in-app purchases has also been added to the permissions window presented to users before they install an App in order to make them fully aware.
Google have also made some other changes in the latest Google Play Store update including mass-installing multiple Apps, as well as some user interface changes such as moving the settings icon into the main menu.
Some users may not see the Google Play update immediately as it’s being rolled out in phases, but users can force the update by tapping on the build number, or downloading it from this link and sideloading the APK.
The post Google Play Store update available: Adds ability to set purchase requirements appeared first on AndroidGuys.
Report Claims GT Advanced Will Only Supply 9% – 16% of iPhone 6 Sapphire Displays [iOS Blog]
A new report from DigiTimes Research is claiming that GT Advanced, the company that has partnered with Apple to open a sapphire plant in Mesa, Arizona, will only be able to produce anywhere from 9% to 16% of sapphire displays for Apple’s next generation iPhone. The report’s estimation was based on the company’s forecast sales of $188 to $348 million, which indicates that Apple will be able to output roughly 6.3 to 11.6 million sapphire displays.
Assuming that the new-generation iPhone will have a 5-inch screen, then the forecast sapphire revenues are translated into output of 6.27-11.6 million 5-inch sapphire-made screen covers. As Digitimes Research estimates that Apple will ship 70 million units of the new-generation iPhone in 2014, the output of sapphire screen covers frm GTAT will account for 9.0-16.6% of the iPhone shipments.
However, the details in the report strongly contrast that of an account from analyst Matt Margoils last month, who stated that GT Advanced purchased and received a total of 518 sapphire furnace and chamber systems with another 420 machines on order.
The analyst estimated that with the sheer amount of the equipment contained in its factory, GT Advanced could produce between 103 and 116 million displays per year, with an additional 84 to 94 million possible. This would indicate that Apple could produce 100 to 200 million ~5-inch sapphire displays, which would be enough for its entire line of devices. For reference, Apple sold approximately 150 million iPhones in 2013.
The integration of a larger, scratch-resistant sapphire display is widely rumored to be one of the key new features for the iPhone 6, as the company currently uses the material for small iPhone elements such as the camera lens and the home button of the iPhone 5s.
Apple is also said to be in the process of a trial run for an iPhone using a sapphire display, as CEO Tim Cook indicated during last month’s shareholders meeting that the company’s sapphire production facility was for a “secret project” he could not talk about. Apple’s next-generation iPhone is expected to be revealed later this year.
| |
Samsung’s new phone case uses ultrasound to detect people and objects
Samsung’s Galaxy S5 may be getting lots of smart new accessories, but the Korean smartphone maker is also making sure its lower-powered phones get some love too. After including various software usability functions in the Galaxy Core Advance at the end of last year, the company today introduced three new accessories that have been designed specifically to help disabled or visually impaired users do more with their Android device. First up is the Optical Scan Stand, a raised bracket that automatically triggers the phone’s OCR features to recognize and read aloud text placed in front of the phone. There’s also Voice Labels, which are similar to Samsung’s NFC-equipped TechTile stickers, but let visually impaired users make voice notes or record short explanations on how to use various devices around the home.
Perhaps the most impressive accessory of the three is Samsung’s Ultrasonic Cover: a specialized case that uses sound waves to detect people or objects (in a two-meter radius), helping users navigate new surroundings by sending vibration or spoken alerts. Even without the accessories, the Galaxy Advance Core features a trio of physical buttons on the front and dedicated camera and voice recorder buttons on the side, assisting smartphone owners that don’t want to rely solely on on-screen controls.
Filed under: Cellphones, Mobile, Samsung
Source: Samsung Mobile Press
PayPal’s new policies are more crowdfunding friendly
Last year, PayPal promised to overhaul its policies after getting flak for freezing huge amounts of crowdfunding funds, and today it’s announced those changes. By the looks of it, PayPal has been working closely with crowdfunding websites to verify each campaign that wants to use its services. If it determines that a campaign is a true crowdfunding project (as opposed to a pre-order vehicle) with no guarantees of a final product, PayPal requires it to plaster a disclaimer on its campaign page. Owners have to explicitly state that backers may not get their rewards in the end if they don’t want PayPal to get on their case. That’s not all, though: in some cases, it will require owners to disclose personal info or submit copies of their TIN/SS numbers and government IDs for verification.
PayPal chief risk officer Tomer Barel explained that the company had issues with crowdfunding, because many websites allow owners to pull funds before they reach their final goal. “This can cause regulatory and risk issues,” Barel wrote, or in other words: the company doesn’t want to deal with upset customers in case a campaign turns out to be a scam or if it fails to develop a final product. While some people might find PayPal’s conditions a bit too stringent, this development does come with a nice plus: the company now recognizes charity drives (even personal ones) as crowdfunding projects.
[Image credit: Steve Ganz/Flickr]
Filed under: Misc
Source: PayPal (1), (2)
ASUS could drop dual-OS devices following pressure from Google and Microsoft
One of the more interesting laptops we saw at this year’s CES was a split-personality hybrid from ASUS — the Transformer Book Duet TD300, shown above. According to the Wall Street Journal, however, plans to launch the device during the first half of this year have been shelved due to resistance from both side of OS camp, i.e., Microsoft and Google. The WSJ report tallies with an earlier rumor from DigiTimes, and it also claims that sales of two of ASUS’s existing dual-OS products, the the P1801 and P1802 all-in-one PCs, are to be suspended due to Microsoft’s “new policy” of not supporting dual-boot systems. On the other hand, none of this really jibes with rumors from the smartphone side of the market, where Microsoft is reportedly willing to try anything in order to boost the popularity of the mobile version of Windows.
Filed under: Laptops, Tablets, Microsoft, ASUS, Google
Source: Wall Street Journal (pay wall)
Nokia’s Refocus camera app is now available to all Lumia owners on WP8
You’d be forgiven for thinking that Nokia’s “shoot now, focus later” photography app, Refocus, required a PureView hardware to run, because until now it’s only been available on PureView-branded phones. As it turns out though, the app has just been made compatible with all Lumia phones running Windows Phone 8, including ones with down-to-earth camera modules. It works by means of a “focus sweep” — you hold your phone steady for a couple of seconds while the camera scans the scene ahead at a range of different focal lengths and then combines these into a single dynamic image that lets you adjust the focus and background/foreground blur later. If you’re reading this on a Lumia, the source link below should take you where you need to go.
AIVAnet 