Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Arrange Icons on the iPhone/iPod touch Home Screens

Unhappy with the arrangement of your icons? You can move them around as follows: First, hold down on any Home screen icon until all the icons wiggle. Now, drag the icons to their desired locations (drag left or right to get to other screens). Finally, press the physical Home button on your device. (Unlike earlier releases, iPhone Software 2.1 doesn't move just-updated apps to the end of your Home screens, so your icons should be more stationary once you've installed the update.)

Remember that you can replace Apple's default icons in the four persistent spots at the bottom of the screen with your four most-used apps!

Visit Take Control of Your iPhone

 
 

Security Holes: Two Closed, One Opened

Send Article to a Friend

Apple last week released AirPort Extreme Update 2007-001, fixing a problem on Core Duo-based Mac minis, MacBooks, and MacBook Pros that could cause crashes or worse. The fix is related to a number of other repairs to low-level wireless hardware drivers that Apple made last year in response to a proof-of-concept exploit that could - theoretically - have enabled a nearby attacker to hijack a Mac via its wireless connection (see the series "To the Maynor Born: Cache and Crash").

If Software Update offers you the AirPort Extreme Update 2007-001, you should install it for safety's sake, and because it may fix some other bugs, but the likelihood of the security hole being exploited is nil. If you see any new problems after updating (we've heard a few anecdotal reports), check out MacFixIt's wireless troubleshooting tutorial. The update is a 7.4 MB download available via Software Update or as a standalone download.

Apple also released Security Update 2007-001, which resolves a possible exploit related to how QuickTime 7.1.3 handles RTSP URLs. The bug was identified by Kevin Finisterre and the pseudonymous "LMH" of the Month of Apple Bugs project. It's a 5.9 MB download available via Software Update or as separate downloads for Mac OS X 10.4 Tiger and Mac OS X 10.3.9 Panther.

Meanwhile, the Month of Apple Bugs project has found another bug that has captured the interest of people in the security community whose opinions I value. It turns out that Mac OS X's Software Update, when fed a file with a sufficiently malformed name, can be caused to crash or - in theory - to execute that bugaboo of the security crowd, "arbitrary code." (In other words, Software Update could be caused to run code that could replicate itself, delete data, or have other harmful effects. I say "in theory" because there's no known way yet to make that happen, but it's possible.)

Although the demonstration of the bug on the Month of Apple Bugs page doesn't work in my testing, a source showed me a variant that did demonstrate that Software Update improperly handles malformed file names. If a bad guy could figure out how to embed dangerous code in a malformed file name, that file could be fed to Software Update via a link you clicked in a Web browser or through an email attachment you opened. Turning off Software Update won't make any difference, and in fact, there's nothing users can do to eliminate the risk of being exploited. Luckily, that risk is very low.

Apple should fix the bug, as it did with the QuickTime bug, and Mac users should continue to be careful about clicking links on dodgy Web sites, avoid opening email attachments from unknown senders, and install security updates when released by Apple. As is usually the case, the revelation of this bug changes nothing for the Macintosh community; basic safe computing provides all the security necessary to render this potential exploit moot.

 

CrashPlan is easy, secure backup that works everywhere. Back up
to your own drives, friends, and online with unlimited storage.
With 30 days free, backing up is one resolution you can keep.
Your life is digital; back it up! <http://tid.bl.it/code42-tb>