As TidBITS Security Editor Rich Mogull wrote in “Gatekeeper Slams the Door on Mac Malware Epidemics” (16 February 2012), the most significant security hole on the Mac stems from users being tricked into installing something malicious, and once OS X 10.8 Mountain Lion sees widespread adoption later this year, Mac users will have additional protection from at least malicious downloaded applications.

But even Gatekeeper won’t protect from malware that worms its way into Macs in other ways, such as Flashback, malware that may have started out life masquerading as a Flash Player installer but can now infect Macs through sneakier means. (Thanks to TidBITS sponsor Intego for many of the details in this article, which Intego was the first to publish in its Mac Security Blog.)

Infection Vectors — In Flashback’s original approach (variants Flashback.A, Flashback.B, and Flashback.C), a malicious or hacked Web site would display what looks like a Flash error, and if you were to click it, an installer package pretending to be Flash Player would be downloaded. If “Open ‘safe’ files after downloading” is selected in Safari’s General preferences, the bogus installer would be launched automatically, and your Mac would be infected. (Tip #1: Disable that option in Safari!)

The new Flashback.G instead employs a two-pronged approach that’s completely different from the fake Flash Player installer, though the malicious code that’s installed is essentially the same (hence the continued use of the Flashback name). First, it attempts to install code on your Mac silently through one of two known Java vulnerabilities. (Luckily, Macs running 10.7 Lion don’t have Java installed by default, and those who have installed all available Java updates in either Lion or 10.6 Snow Leopard are immune from
such attacks.) Failing that, Flashback next attempts to download and run a Java applet that displays a self-signed certificate purporting to be from Apple Inc.; if you were to click the Continue button, you’d be giving the applet permission to run and your Mac would be infected.

It’s clear that Flashback is in active development, not just from the arrival of this new attack vector, but because it intentionally tries to avoid detection. Some variants check to see if the user is running Mac OS X in VMware Fusion and won’t execute if so. They do this because many security researchers test malware in virtual machines, rather than risk infection of full installations of Mac OS X, since it’s easier to delete a virtual machine and start over with a clean copy. The most recent
Flashback.G variant won’t even attempt to install if Intego’s VirusBarrier X6 or certain other security programs are present, presumably since there’s no point in bothering with Macs that are already protected.

Infection Effects — Flashback’s goal is to capture user names and passwords, which it accomplishes by inserting its code into Web browsers like Safari and Firefox and other network applications like Skype. It monitors network traffic and looks for connections to a number of domains — sites such as Google, Yahoo, CNN, PayPal, numerous banks, and many others. Presumably, the bad guys behind Flashback are looking for user names and passwords that they can exploit immediately — such as for a bank Web site — and those that may be reused across different sites. (Tip #2: Don’t use the same password for all Web sites!)

Because Flashback’s code can interfere with its host programs, it tends to cause crashes. If a network-related program starts crashing regularly, that may be a clue that your Mac has been infected.

Flashback needs both a way to transmit these stolen login credentials back to the mothership and a method of updating its code. It does this via a set of command and control servers that were initially inoperable when Intego discovered Flashback in late September 2011. They were brought online at some point in October 2011 and have been sending updates to infected Macs since. In theory, Flashback can also download additional software, although Intego hasn’t yet seen such activity.

Exactly what code Flashback installs on infected Macs has changed over time. At first, it installed a dynamic loader library and auto-launch code into a file at ~/Library/Preferences/Preferences.dylib. That backdoor code communicated with remote servers using RC4 encryption and sent information such as the infected Mac’s unique hardware ID, version of Mac OS X, hardware architecture, and more.

Subsequent variants of Flashback moved away from the easy-to-delete Preferences.dylib file and instead install the backdoor code inside the application package for Safari and Firefox, modifying the app’s Info.plist file with the location of the backdoor and storing the actual code at /Applications/Safari.app/Contents/Resources/UnHackMeBuild. (For Firefox, replace “Safari.app” with “Firefox.app” in all the commands and paths below.)

Just removing that file from within the app isn’t sufficient to eliminate the infection; it’s also necessary to delete the following lines from the Info.plist, and to do that, you must either open it in BBEdit, or first convert the file to XML with this Terminal command:

plutil -convert xml1 /Applications/Safari.app/Contents/Info.plist


Once that’s done, look for and delete these lines.

<key>LSEnvironment</key>
<dict>
<key>DYLD_INSERT_LIBRARIES</key>
<string>/Applications/Safari.app/Contents/Resources/UnHackMeBuild</string>
</dict>


But Flashback didn’t stop there. According to Intego, a later variant installs an executable file in the /tmp directory, applies executable permissions, and then launches the executable. The Flashback backdoor thus becomes active with no indication that anything untoward has happened.

Intego has determined that the most recent Flashback.G variant changes approaches yet again, installing itself into an invisible file in the /Users/Shared directory. This file can bear many names, but all the ones seen so far have a .so extension. Unfortunately, it seems likely that Flashback will continue to rotate the names and locations of where it stores its backdoor code, making it difficult to provide reliable removal instructions.

This latest variant also creates a file at /Users/Shared/.svcdmp and a plist file, used to patch applications, at ~/.MACOSX/environment.plist, along with a log stored at ~/Library/Logs/vmLog.

Some of Flashback’s early variants (but not Flashback.G) go beyond just patching network-aware applications, and intentionally damage system files. In particular, these early variants of Flashback disable Mac OS X’s built-in XProtect malware detection system by deleting some key files:

• /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist
• /usr/libexec/XProtectUpdater

This intentional file deletion is particularly concerning not just because it prevents XProtect from working (Apple has updated XProtect to detect the earlier variants of Flashback), but also because it means that antivirus software cannot repair the damage; doing so would entail installing entirely new copies of the affected files, rather than just restoring them to their pre-infection state.

It is possible to repair the damage manually, by restoring files from Time Machine or another backup program, but it’s essential to do so from within the backup program to get the original permissions, which likely wouldn’t happen with a simple Finder copy.

Our Advice — Intego tells me that the rate of infection by Flashback has increased significantly since it started using the combination of the Java vulnerabilities and the fake self-signed certificate. What I don’t yet have a sense of is how easy it is to run across a Web site that hosts Flashback, but there are both ways that users can be fooled into visiting such sites and ways legitimate sites can unwittingly end up hosting such malware.

Regardless, it is certainly possible to avoid infection by Flashback. Apple’s own XProtect has been updated to detect and protect against Flashback’s early variants, so as long as that’s active, you’re probably safe from any of those that may still exist. Nonetheless, to guard against the later variants, you must make sure you have either not installed Java in Lion, or kept your Java installation in Lion or Snow Leopard up to date. And barring that, if you get a prompt to approve a self-signed certificate from Apple, you must deny it.

Similarly, it’s possible to remove Flashback infections manually, if you have a fairly high level of technical sophistication (the information above should give you what you need to know, though I’d also recommend searching the Web for updated information about future Flashback changes).

But I must admit, just as with the MacDefender situation, I’m driven to say that anyone who doesn’t feel they have the technical awareness to detect Flashback’s infection attempts or to repair an infected Mac manually should be running up-to-date security software like Intego’s VirusBarrier X6.

(There are of course other antivirus tools available for the Mac, some of which are free, like ClamXav and Sophos Anti-Virus for Mac Home Edition, but VirusBarrier provides additional security-related capabilities, such as a configurable port-based firewall, the capability to detect spyware activity and prevent software from “phoning home,” network traffic monitoring tools, network attack detection, anti-phishing protection, cookie filtering, and more.)

Much as I would like to say that users should just be careful out there, it’s simply too easy for someone who doesn’t know what a self-signed certificate looks like to click through such a prompt, and even allowing a fake Flash Player installer to run is the sort of thing that many less-experienced users wouldn’t think twice about doing.

Although I have numerous Macs buried at various levels of strata in my Midden Heap of Antiquity, I have only one that is running Mac OS X 10.7 Lion: the 27-inch mid-2011 iMac that I purchased last summer. Lion, in fact, was my main reason for buying it; my main machine before the purchase was an older aluminum iMac, a 24-inch Core 2 Duo model that was capable of running Lion. But I wanted to keep that one around to run 10.6 Snow Leopard and, with it, all the Rosetta software that Lion was promising to kick quietly to the curb.

When I got the new machine, though, Lion was not yet out: the new iMac came with Snow Leopard installed, which made (or should have made) migrating to it from my older iMac a snap. As it turned out, though, the Migration Assistant failed repeatedly with both FireWire and Ethernet connections. Instead, for some reason I still don’t understand, the Migration Assistant was able to work only via an AirPort connection, so it took me a couple of days and a few false starts before my new iMac was ready to rock and roll. This all happened right around the time that Apple made the GM (“golden master”) version of Lion available to developers for download.

This, in fact, seemed perfect timing: I could see what Lion was like on a Mac that was not a test machine but one that was configured with my usual working environment. Fortunately, the GM release installed without problem, and I was able to try out Lion with all my apps and workflows, but still switch back to my comfortable Snow Leopard iMac at need (such as when I wanted to use my copies of FileMaker 8 or Word 2004 or Photoshop CS 1). When the official release version of Lion came along a few days later, I discovered that the GM I had installed really was the same version, so I had no reason to reinstall: I was already running the real deal, with all the quirks and foibles of a point-zero Mac OS X release.

Why am I taking you on this meander down memory lane? Because of a problem I encountered when Mac OS X 10.7.2 appeared several months later, bringing with it support for Find My Mac via iCloud (see “Meanwhile, Back at the Lion Ranch…,” 15 October 2011). The problem was this: the Find My Mac option in the iCloud preference pane was dimmed, with a note saying that I needed to update the recovery system. What’s more, the Update button that accompanied this warning launched Software Update, which frustratingly returned with a message that all of my software was up to date.

I figured that my somewhat abortive migration from my older iMac and my subsequent install of the GM developer release of Lion had somehow bollixed things up, but I didn’t want to spend the time right then tracking the problem down and possibly having to back up and reinstall everything on my new iMac. After all, aside from the inability to use Find My Mac (a feature that is almost useless for me because my desktop Mac never goes anywhere anyway), everything else continued to function well.

Then, right around the same time, Apple released Lion Recovery Update 1.0, and I thought, “Aha! This could fix that Find My Mac problem.” After all, it was an update for the recovery system itself, which is exactly what the error message was telling me I needed. But it didn’t work. The dimmed message and tantalizing-but-useless Update button remained in my iCloud preference pane. It was annoying, but had no real impact on my day-to-day use of the iMac, and I quickly forgot about it.

I remembered it recently, though, when Apple released OS X 10.7.3 (see “Mac OS X 10.7.3 Fixes Bugs, Improves Lion Server,” 1 February 2012). I dutifully installed the update and then I thought to check whether this version finally fixed the problem. After all, it was an update, and Find My Mac wanted an update; maybe it was this update for which Find My Mac yearned. But it wasn’t. I still had the dimmed message, and the accompanying Update button still mocked me.

Finally, last week Apple released EFI firmware updates for certain recent Macs including my mid-2011 iMac (see “Firmware Updates for iMac, Mac mini, MacBook Air, and MacBook Pro,” 24 February 2012). “Aha!” I thought. Maybe what my iMac really wanted was a firmware update to fix the problem. So I installed it, and, lo and behold… nothing. Find My Mac was still missing in action.

“Enough is enough,” I thought (well, there may have been a couple of expletives mixed in). I was going to get to the bottom of the problem! I did what I should have done long before and undertook one of the simplest of troubleshooting exercises: I copied the error message and did a Web search for it.

Color me chagrined: the problem was a well-known one, and one that had been long solved. The top hit on my Google search for the phrase “recovery system update required” took me to a post on Apple’s discussion boards from October 2011, and, in it, the solution to my unfindable Mac issue.

Here’s what I had to do: Reboot my iMac with both the Command and R keys held down so it would boot into the Recovery partition that Lion installs on the Mac. Once booted, I had to run the Disk Utility program included in the recovery system and have it check and repair my system drive. I did so: Disk Utility found one small problem (a one-block file allocation mismatch) and fixed it.

That wasn’t quite all. I still needed to download and reinstall the Lion Recovery Update that I had installed months previously. Interestingly, though the download was hundreds of megabytes in size, when the time came to install it, only a few dozen kilobytes actually had to be installed. Once that installation completed and my iMac rebooted, Find My Mac was finally enabled in my iCloud preferences. The entire fix took about an hour from start to finish.

What did I learn? Nothing that I didn’t already know, but I repeat it here because it’s an important lesson I relearned: when you see an error message and you aren’t sure what it means, it only takes a few moments to do a Web search for that message. In a large number of cases, you’ll find others bedeviled with the same problem who have found a solution.

What kept me from doing this earlier was what I think of as toothache terror: one’s imagined fear of the dentist (that is, my imagined fear of having to back up, reinitialize, and reinstall all my software on my iMac) can keep you suffering from a toothache far longer than is necessary, and the trip to the dentist usually ends up being much less unpleasant than the weeks of pain you spend avoiding it.

There I was at school, patrolling the playing fields as we teachers are required to do a couple of times a week, when a few high school girls who’d had me for Japanese last year asked to me to show them Siri on my iPhone. Oohs and aahs duly delivered, one of them asked why I had an iPhone, given how terrifyingly expensive they are.

I gave my well-rehearsed answer, the one that explains how an international tech megastar like her Japanese and physics teacher (it’s important to maintain professorial reputation) must keep up with the latest kit in order to be able to speak authoritatively, and she was satisfied with this answer.

But I knew I was prevaricating. Staying current with the tech world requires continual investment, which has become a problem for me, given that, as a teacher in New Zealand, I’m not as flush as once I was.

I got into computers, and tech, and Apple in particular, back in the 1990s, when I lived near Tokyo and made a rather generous Japanese salary. When the tech itch needed scratching, a quick trip took me to the famed Akihabara electronics shopping district.

But now I’m in New Zealand, making a Kiwi teacher’s wage, and while I’d not give up the life here for anything, maintaining familiarity with Apple’s latest products has become increasingly challenging. Especially now. I find myself in something of a tech crunch, and I don’t know what the correct path is. Let me explain, and perhaps my ponderation can help you with any similar decisions you may have.

When I moved to New Zealand in 2009, I brought with me three Macs. My 20-inch iMac, an original Intel Core Duo model, is the oldest, dating back to 2006. I purchased it with the payment from my first paid FileMaker job, so it has some sentimental value. My Mac mini was bought in 2007, partly with the refund check that Apple issued to early iPhone adopters like me. Then there was the MacBook Pro that I bought in 2008 and donated to a friend’s daughter last year when she went away to boarding school. It was replaced with a new Thunderbolt-equipped 15-inch MacBook Pro, leased for three years under the New Zealand Ministry of Education’s excellent Laptops for Teachers program.

(The MacBook Pro I lease from my school for the entirely reasonable price of NZ$52 per month over a three-year period has enabled me to use a high-end laptop for an affordable price, one I likely would have struggled to justify otherwise. The lease payments work out to NZ$1,876, whereas buying that Mac outright would cost NZ$2,999. I don’t get to keep the Mac after the three years are up, but I hope I’ll be able to lease another one at that point.)

Apart from a hard disk failure about two years into its run, the iMac has served me well until recently. However, due to a power supply that has developed the disconcerting habit of turning off randomly, the iMac has become increasingly unusable as a working computer.

And so I find myself, for the first time in several years, seriously considering a major overhaul of my computer systems. Budget is the primary consideration, of course, but I would prefer not to give up having a desktop Mac for serious work, a laptop Mac for portability, and my own server for my Internet presence. How might I best juggle all the possibilities?

Replace the iMac — If money were no object, the answer would be simple. A new iMac, preferably a 27-inch model, would be arriving from the online Apple Store tomorrow. But relax, Courier Post, I’m a teacher, so you won’t be making that delivery.

I have toyed with the idea of a second-hand Mac. My first two Macs were a IIsi that was given to me by a relative who couldn’t be bothered to get it to work properly (I fixed it up in an afternoon) and a IIvx I bought used in Japan. That might well be the route I take if I decide to replace my iMac. Certainly the second-hand market here in New Zealand is healthy enough to offer some attractive deals.

Repair the iMac — If my iMac were a more recent machine, I would be taking it in to the nearest Apple Store for repair. But it’s an old computer, and my nearest Apple Store isn’t even an Apple Store. Apple has no retail presence here in New Zealand, putting my nearest genuine Apple Store in Sydney, Australia, 2,100 kilometers away across the Tasman Sea.

Instead, the inexplicably named YooBee, the main chain of Apple-authorised resellers here, charges what I consider to be unreasonable sums, including a fee simply for taking a look at an ailing computer. It’s simply not realistic to consider a repair to an old iMac under such terms.

What’s more likely is that I’ll self-diagnose the power supply problem and then buy and install the necessary parts to keep the iMac running a little longer (iFixit has instructions, though they don’t look easy). Then I can consider the next possible strategy.

Repurpose the iMac as a Server — It would be heartless, not to mention extravagant, to retire the iMac while it could still be useful. Perhaps I could put it to some other use.

My Mac mini is my Internet server, dishing up Web pages and managing email from my various blogs and domains. It’s also the newest computer I own, and there is a degree to which it’s not really pulling its weight. While I am proud of each of the dozens of page views my blogs receive on a normal day, my Moving to New Zealand blog doesn’t require significant processing power. If that’s the main task of my most powerful desktop computer, maybe it’s time to put the Mac mini to work as my main production machine and repurpose the iMac as my server.

But it’s not quite that simple. While the Mac mini has an Intel Core 2 Duo processor and runs Lion Server, my iMac has only an Intel Core Duo, without that magic number 2. While the iMac still has all the processing oomph that I need for my Web design and FileMaker work, Apple has decreed it is unworthy of Lion, so using the iMac as a server would force me to revert to Snow Leopard Server, which I find lacking in some areas, virtual mail hosting in particular. So I could step back down to Snow Leopard Server, but I’d prefer not to.

I’d also prefer not to outsource my Web hosting and email server needs. While I’m fully aware that relying on something like Google Apps might give me similar functionality for less money, I’m not yet willing to hand my Web and email serving over to someone else.

That leads into the next possibility.

No Desktop Mac — There was a time when a laptop was a lesser computer, a compromise in a clamshell case. But no longer — my Thunderbolt-equipped MacBook Pro is, without doubt, the most powerful computer I’ve ever used. So do I really need a desktop computer any longer? I like the larger screen, and find having a mouse or trackpad next to a full-sized keyboard a convenient and comfortable way to work. So why not sell the iMac for parts, and make the MacBook Pro my main computer?

Apple’s new 27-inch Thunderbolt Display offers an interesting possibility. For a decent chunk of cash (NZ$1,649), albeit less than the cost of a new iMac (NZ$2,799), I could buy a new display and use it as a docking station for the MacBook Pro. I’d have access to my couple of terabytes of external storage when I was working at my desk, and still have a laptop to work on at school or whenever I was away from my office.

Realistically, do I need two computers, a laptop and a desktop? For years, I had only one or the other; it’s only since 2008 that I’ve had the luxury of both. The power of my laptop, when I’m using it as a laptop, is largely redundant — Microsoft Word, Safari, Mail, and QuickTime Player are its main duties, with the odd bit of Skype to talk with my family back in England.

So maybe the Thunderbolt Display is a viable option. I get a screen roughly the size of Liechtenstein, a simple one-cable docking solution, and the productivity boost of dual monitors, a feature I first came to love in the mid-1990s when I wrote my master’s dissertation (about the linguistic features of email, with one Adam Engst among the primary sources) on a PowerBook 1400 connected to the 13-inch AppleColor RGB display.

However, the approach isn’t without its flaws, not the least of which is that NZ$1,649 I’d have to cough up for the Thunderbolt Display. Plus, although I’m sure I’d adapt, it feels fussy to have to plug the MacBook Pro into the Thunderbolt Display regularly, at least in comparison to just sitting down at the iMac. One possible workaround that I might try is using software like ScreenRecycler or Air Display to turn my iMac into an external monitor for the MacBook Pro. It would still be annoying if its power supply shut off while it was acting as a display, but at least I wouldn’t lose any work.

Next Steps — Buying a new Mac is not a decision one makes without a significant degree of contemplation and consideration. My days of near-unlimited tech funds are long gone, and so I have to weigh no end of issues. I’ve managed to whittle them down to two possible paths.

Financial constraints tell me that the smart move is to connect an old display to my Mac mini, and use it as my desktop machine, repurposing the iMac as my server (it could even double as a second monitor for the Mac mini while it was serving Web pages). Or, if the iMac proved unfixable, the Mac mini could probably continue to act as my server even as I was using it as my main desktop Mac. As long as the Ministry of Education is willing to let me lease my MacBook Pro, I have my portability requirements sorted, too.

On the other hand, my iMac, at six years old (that’s almost a hundred in human years) really is nearing the end of its useful life, especially if I don’t devote more time and money to repairing its dodgy power supply. So perhaps I can justify replacing it, at which point putting the Mac mini on TradeMe (a New Zealand version of eBay) might be a good way of subsidising the purchase. This would, of course, leave me without the full trio of desktop, laptop, and server that I’ve so enjoyed having these many years. And that in turn might be addressable by having a new iMac do double duty as a desktop and server. Or by winning the lottery.

All that said, I can’t ignore the allure of an elegant and inexpensive repurposing of the machines I have, and bringing the Mac mini into service as my desktop Mac currently feels like the best option. But I’ve had so much fun contemplating all the possibilities that I wanted to throw the entire puzzle open to others as well. What would you do if you were in my shoes, with my needs and limited budget?

[Steve McCabe is a Mac consultant, tech writer, and teacher in New Zealand. He writes about his adventures in New Zealand, he blogs about technology, and he has just finished rebuilding his personal Web site.]

iMac Wi-Fi Update 1.0 — Apple has released the iMac Wi-Fi Update 1.0, which is recommended for all iMacs released since late 2009 that are running Mac OS X 10.7.3. The update resolves an issue that can prevent an iMac from automatically connecting to a known Wi-Fi network after waking from sleep. It’s available for direct download, but it’s easier to get through Software Update, where it will appear only if it’s necessary for your iMac. (Free, 25.81 MB)

Read/post comments about iMac Wi-Fi Update 1.0.

Firmware Updates for iMac, Mac mini, MacBook Air, and MacBook Pro — Apple has released a quartet of firmware updates for models released in 2011: iMac EFI Firmware Update 1.9, Mac mini EFI Firmware Update 1.6, MacBook Air EFI Firmware Update 2.4, and MacBook Pro EFI Firmware Update 2.7. Each update improves reliability when booting from the network, addresses issues with HDCP authentication after rebooting, and fixes a problem with boot device selection when a USB storage device
is hot-plugged. As with any firmware update, you should read the installation instructions carefully before installing and avoid interrupting the update process. To ensure you get an update only if it’s necessary, we recommend relying on Software Update; if an update doesn’t appear for you, it’s not appropriate for your Mac. (Free, each approximately 4 MB)

Read/post comments about Firmware Updates for iMac, Mac mini, MacBook Air, and MacBook Pro.

ScreenFlow 3.0.5 — Telestream has released ScreenFlow 3.0.5, a maintenance update to the screencast recording app that offers a plethora of fixes and improvements. Among the highlights, the new release resolves a problem with logging in to and publishing to Vimeo, modifies the iPhone export preset for Mac OS X 10.7 Lion to 480 by 320, and fixes an issue that caused occasional errors when recording PowerPoint presentations. The update includes many more minor fixes and subtle improvements. ($99 new from Telestream or the Mac App Store,
free update, $29 upgrade from 2.x or 1.x, 14.1 MB)

Read/post comments about ScreenFlow 3.0.5.

Camino 2.1.1 — The Camino Project has released version 2.1.1 of its eponymous open-source Web browser, which includes a number of updates and fixes. The release includes an upgraded Mozilla Gecko rendering engine (1.9.2.27) and now blocks older versions of Adobe Flash Player 10 and 11 (10.3.183.15 and 11.1.102.62 and earlier, respectively) due to security issues. The update also includes several tweaks for using AppleScript scripts, correctly checks for the presence of a Java plug-in on Mac OS X 10.7 Lion, and provides several other fixes. (Free, 18.5 MB, release notes)

Read/post comments about Camino 2.1.1.

PDFpen and PDFpenPro 5.7.2 — Preparing for the release of OS X 10.8 Mountain Lion, Smile has released PDFpen 5.7.1 and PDFpenPro 5.7.1, both of which are updated with the Smile developer ID that is used by Mountain Lion’s Gatekeeper security feature (see “Gatekeeper Slams the Door on Mac Malware Epidemics,” 16 February 2012). The updates to the PDF manipulation tools also fix a gradual shift in color when using comments and an issue with the text tool when object stroke is set to none. A quick 5.7.2 release fixes a
potential issue with saving, primarily on 10.6 Snow Leopard, and another issue with localization of page numbering. ($59.95/$99.95 new with a 20-percent discount for TidBITS members, free update, 47 MB)

Read/post comments about PDFpen and PDFpenPro 5.7.2.

Two quick bits for you this week — Serenity Caldwell’s highlights of new features in OS X 10.8 Mountain Lion over at Macworld, and Chris Foresman’s article at Ars Technica about the new Mastered for iTunes section of the iTunes Store.

System Change Highlights in OS X 10.8 Mountain Lion — While much of the chatter over the upcoming release of OS X 10.8 Mountain Lion has focused on the Gatekeeper security feature and unifying the Mac and iOS experience, Macworld’s Serenity Caldwell delves into ten less-heralded system changes, including multi-disk Time Machine backup, draggable files in screen sharing, and a Dashboard overhaul.

Read/post comments

Mastering the Audiophile Experience for iTunes — Apple recently debuted a Mastered for iTunes section in the iTunes Store, where audiophiles can discover releases that have been optimized for playback within its 256 kbps AAC format. Chris Foresman at Ars Technica delves into what goes into the mastering process for compressed digital audio files, including a discussion with Masterdisk Chief Engineer Andy VanDette (who recently completed a remastering project for Rush’s back catalogue).

Read/post comments