Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Type Faster by Competing in Races

A fun way to improve your typing speed and accuracy is to join an online typing competition at typrX. This typing competition keeps track of your typing speed, while allowing you to compete against other people, either around the world in public races or with friends in private races. To set up a private race with your friends, follow these simple steps.

  • Once you have a typrX account, click the Create Private Race button on the front page and you’ll be taken to the private race page.
  • From there, copy the track code URL and send it to the friends you want to join the race.
  • You can click the Delay Countdown button to add 10 seconds to the clock if you are waiting on your friend to join the race.

Visit typrX

 
 

iOS Security Fixes Released for Serious Vulnerabilities

Send Article to a Friend

Fixes for two serious holes in iOS are now available in the form of iOS 3.2.2 for iPad and iOS 4.0.2 for 2008 and later models of iPhone and iPod touch. Attach your iOS device (or devices) to the computer with which you sync using iTunes, and use iTunes to download and install the upgrade.

One flaw lies in TrueType handling within Apple's iOS PDF display software. A PDF with fonts crafted in a particular way could allow a malicious party to run any code on an iOS device simply by getting you to view the PDF file. That flaw is paired with a second in IOSurface, a framework for buffering or holding images in memory. The IOSurface flaw allows the code to be executed in a way that gives the attack full system privileges.

At that point, an attacker could enable remote access, copy or delete all your data, or install background monitoring or call-interception software.

The flaws were revealed as part of the first successful iPhone 4 jailbreak in iOS 4, which required only that you visited a particular Web page. The escalation of privileges enabled the jailbreak software to crack Apple's protection against installing software other than that which the company allows.

Apple apparently no longer provides security upgrades for the iPhone 3.1 software branch, which is unfortunate as some iPhone 3G users were forced to revert from iOS 4 to 3.1.3 due to significant performance problems that Apple has said it is investigating.

Even with iOS 4 being a free upgrade, Apple should provide security fixes for known, significant problems in the previous widely used OS release. Further, original iPhone and iPod touch users will likely also be subject to these flaws, and cannot upgrade to iOS 4.

 

Automatic turns almost any car into a connected car. By pairing
Automatic’s connected car adapter with iPhone apps on
Automatic’s platform, drivers are able to drive safer and smarter.
TidBITS readers get 20% off all orders at <http://automatic.com/tb>
 

Comments about iOS Security Fixes Released for Serious Vulnerabilities
(Comments are closed.)

Ian Stavert  2010-08-11 13:58
Yeah I want an security fix for my 3G phone as I am not going to install iOS4 due to the performance crippling issues on the 3 series phones.
A lot more than "some" 3G users are having problems with iOSlow. There have been over 200,000 views of the thread titled "Iphone 3G OS4 problems" on Apple's web site. And another 200,000 views of another thread about the slowdowns caused by iOSlow. Not to mention the hundreds of irate postings on the WSJ article.

Hundreds of thousands of 3G owners are still locked into their multi-year service contracts. By signing the contracts, customers expected their 3G phones to function acceptably for the duration of the plans. Simply buying a new shiny iPhone 4 is not an option.

To rebuild their tarnished iPhone (antennagate) reputation, Apple needs to support all 3G owners by releasing this bug fix for the still-widely-used 3.1.3 release.
Adam Engst  An apple icon for a TidBITS Staffer 2010-08-11 19:49
Yep, we really need to write something about this, but I just haven't had the time to run it down with our older iPhone 3G. We said "some" users have reverted because that's accurate - whether or not a lot of had the problem, reverting isn't easy enough to do that most people would be doing that.
David S.  2010-08-12 15:43
Apple's failure to state whether the issues affect iOS 3.1, and if they do whether they intend to patch that version as well, is inexcusable. Lots of people are stuck on that version - 1G iPhone and iPod touch users, and they deserve to know if they are exposed to this very serious security issue or not.
My son called me just past 5 pm tonight, upset that his 3G iPhone had just locked up, then crashed, as he tried to answer a phone call for a job interview. When he "upgraded" [downgraded] to iOS4, it lost his address book which took a few weeks to reconstruct, since it also trashed the backup. His iPhone is slower, less reliable. However, Apple didn't provide a simple remedy to go back to the previous OS.

Apple really should address these problems since Apple broke his iPhone, not him. 3G and 2G phones aren't that ancient. Serious security flaws must also be addressed, back to the earliest iPhone models, iPod Touch too.

Adam, please look into this issue with older iPhones/iPods and let us know what you find and how to fix the iPhones that Apple broke. Thanks!