Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Untrash the Trash

Feeling trasher's remorse? On Snow Leopard, you can open the Trash (click the Trash icon in the Dock) and "untrash" individual items there. Select one or more trashed items (files and folders) and choose File > Put Back. This returns the items to where they were when you originally put them in the trash. The keyboard shortcut is Command-Delete - the same as the shortcut for trashing an item in the first place, since in deleting something from the trash you are untrashing it.

Submitted by
Matt Neuburg

 
 

AirPort Updates Stop Wi-Fi Exploit

Send Article to a Friend

Apple last week released a pair of updates, Security Update 2006-005 and AirPort Update 2006-001, which resolve a trio of related potential exploits in which a local attacker could inject a maliciously crafted frame into a wireless network. In theory, such an attack could cause system crashes, execute arbitrary code, or elevate privileges, though Apple took pains to note that there are no known instances of these exploits. Although you can download the individual updates from the Apple Downloads page (only one is necessary), you must pick the correct one for your machine.

Since AirPort Update 2006-001 covers only two specific builds of Mac OS X 10.4.7 - whereas Security Update 2006-005 handles Mac OS X 10.3.9 and other specific builds of Mac OS X 10.4.7 (with different downloads for 10.3.9 and for PowerPC- and Intel-based Macs running 10.4.7) - we encourage you to let Software Update download the correct version for your system. If you're running Mac OS X 10.3.9 and Software Update doesn't show Security Update 2006-005, you must first install AirPort 4.2 and AirPort Extreme Driver Update 2005-001 (I suspect Software Update will provide them as well).

Although Apple's release notes are terse as usual, these updates undoubtedly come in response to the Wi-Fi exploit demonstrated by David Maynor and Jon Ellch at the Black Hat 2006 conference. Apple did not credit Maynor nor Ellch for these fixes, however, which is an implicit statement that Apple refuses to acknowledge that the two researchers contributed to uncovering the flaws. An Apple spokesperson denied that SecureWorks, the firm for which Maynor works, provided information that led to these patches. Rather, the spokesperson told several media outlets and TidBITS that news of the SecureWorks demonstration prompted Apple to conduct an in-depth code audit that led to identifying these vulnerabilities. (See "Wireless Driver Hack Could Target Macs and Windows," 07-Aug-06 and "Apple Issues Careful Wi-Fi Exploit Denial," 28-Aug-06.) SecureWorks has not responded to any media outlet with additional clarification at press time; the company is also in the middle of a merger, which could be why they're not commenting. What's most important is that Mac users who apply the patches are no longer vulnerable to these particular exploits.

 

Fujitsu ScanSnap Scanners — Save your business time and money
with our easy-to-use small ScanSnap Scanner line. Eliminate
paper piles by scanning documents, business cards, and receipts.
Visit us at: <http://www.ez.com/sstb>