Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Using Expose within Spaces

To drag a file into an application that's running in another one of your Spaces, use Expose while in Spaces overview mode. First, press F8 to go into Spaces overview mode, then press F9 to Expose all application windows. Hover over the application window you want and wait a moment or press the Space bar, and both that space and that application come to the foreground, ready for you to drop the file.

Visit plucky tree

Submitted by
cricket

 
 

Apple Updates iOS and Apple TV to Fix Critical SSL Security Bug

Send Article to a Friend

Apple has released iOS 7.0.6, iOS 6.1.6 (for the iPhone 3GS and fourth-generation iPod touch only), and Apple TV 6.0.2, which you should update to immediately, as they fix a critical SSL/TLS vulnerability that could make it possible for your online accounts and financial information to be compromised. On iOS, you can download the updates in Settings > General > Software Update or update through iTunes. (Unfortunately, if you have resisted upgrading to iOS 7 on a device that otherwise supports it, there’s no way to close the vulnerability — short of jailbreaking — without going all the way to iOS 7.0.6.) On the Apple TV, download the update in Settings > General > Software Updates > Update Software.


The vulnerability also affects Mac OS X, which remains unpatched as of this writing, but Apple promises a fix “very soon,” likely in OS X 10.9.2. In the meantime, we recommend avoiding the Safari Web browser, and instead using Google Chrome or Firefox, which are unaffected by the bug. You can check whether your browser is vulnerable by visiting this test site. Other Mac apps remain vulnerable until a general fix is released, and, if possible, it would be best to avoid unsecured public Wi-Fi networks as well, though the likelihood of significant exploits that take advantage of this vulnerability becoming widespread before Apple releases a fix are low.

The problem in SSL/TLS revolves around Apple’s code not checking signatures in TLS Server Key Exchange messages, which could allow an attacker to use a man-in-the-middle attack to spoof an SSL server.

Security analysts have determined that the vulnerability was caused by a misplaced “goto fail” line in the operating system source code. Developer Jeffrey Grossman has confirmed that the vulnerability began in iOS 6.0, but did not exist in iOS 5.1.1, giving it a nearly 18-month history.

John Gruber of Daring Fireball cross-referenced the release date of iOS 6.0, 24 September 2012, with a leaked PowerPoint deck on the NSA’s PRISM program, which states that Apple was added to the program in October 2012. While Gruber says that the proximity between these dates is most likely a coincidence, the NSA has been known to subvert the effectiveness of online security.

Check out the Take Control ebooks that expand on the topic in this article:

Do you have anything to hide? Whether or not you think you do, your online activities are being tracked and analyzed—and not always to your benefit. Author Joe Kissell explains who wants your data (and why!) and helps you develop a personalized privacy strategy. You'll learn how to manage privacy with your Internet connection, browsing the Web, email, chatting, social media, and sharing files.
Password overload has driven many of us to take dangerous shortcuts. If you think ZombieCat12 is a secure password, that you can safely reuse a password, or that no one would try to steal your password…think again! Overcome password frustration with expert advice from Joe Kissell, and don't miss our Joe of Tech comic or Joe’s intro video!

 

CrashPlan is easy, secure backup that works everywhere. Back up
to your own drives, friends, and online with unlimited storage.
With 30 days free, backing up is one resolution you can keep.
Your life is digital; back it up! <http://tid.bl.it/code42-tb>
 

Comments about Apple Updates iOS and Apple TV to Fix Critical SSL Security Bug
(Comments are closed.)

Dennis B. Swaney  2014-02-24 16:44
If Apple was really concerned they would release an update for ALL devices capable of running iOS 6. But no, they'd rather try to force people using iOS 6 to downgrade to the crappy iOS 7.
Kevin Kemball  An apple icon for a TidBITS Contributor 2014-02-24 23:02
Early Saturday (Feb.22) morning I upgraded from iOS 6.1.5 to iOS 6.1.6 on a 4th gen iPod Touch. The badge was practically waving at me since there are so very few "alerts" on the 'Settings' panels.

Check the article text at a slower rate of speed...

The real "irritant", for lack of something more pithy, is that an OS X patch is not available at the same time.
Patching iOS and AppleTV is one thing but doing your daily banking is now a lot more iffy... ( should I-shouldn't I).
Tom Robinson  2014-02-25 01:21
If you're doing the banking on a trusted network, e.g. home, then you should be fine. It's the public Wi-Fi networks where there's potential for intercepts.
Josh Centers  An apple icon for a TidBITS Staffer 2014-02-25 08:43
Hi Kevin, your banking should be safe as long as you use the Chrome or Firefox browsers. Safari is easy to avoid, but the bigger concern is other apps that use Apple's SSL/TLS implementations.
So just jailbreak it. That's what I will end up doing on my wife's phone. She and I have no interest in going to iOS 7 at this point, so that's the only solution.
Jeremy Hughes  2014-02-25 01:04
I'm running Safari 6.1.1 on Mac OS 10.8.5. The gotofail test site reports that this version of Safari is safe.
Adam Engst  An apple icon for a TidBITS Staffer 2014-02-25 05:22
Yes, it seems that the problem may affect only OS X 10.9 Mavericks, but we didn't want to say that without more confirmation than the gotofail test site. We'll know for sure once Apple releases a fix.
I noticed something unusual after the IOS 7.0.6 upgrade to my iPad, iPad Air, iPhone 4, and iPhone 5: the battery performance degraded significantly.

I believe I solved the problem. Bluetooth was turned on via the upgrade process on all four devices. I watched it on the last two device upgrades to confirm.

Does anyone know why Apple would force Bluetooth in Settings to be "On" after an IOS upgrade?

At least I found the cause to the battery life degradation. But it makes me wonder what other settings may have been forced from "Off" to "On" or vice versa.
Tom Robinson  2014-03-01 12:13
Presumably it's a bug. It's been happening to our iThings intermittently every iOS 7.0.x upgrade.
d kaye  2014-02-27 12:31
Has anyone had a problem with iPhoto (9.2.3/10.6.8) after upgrading to IOS 7.0.6? Neither my wife's iPad Air or her iPhone 4 will upload photos anymore.