Trailrunner7 writes "Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers have now taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in the Windows world. Researchers have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users. The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability in the way that Office for Mac handles certain Word files, according to researchers at AlienVault, who discovered and analyzed the attacks."

wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

CUPS is the popular open-source printing system that many projects have used successfully as a core, for desktop printing and as the basis of dedicated print servers. Reader donadony writes with word that Apple "has chosen to abandon certain Linux exclusive features, [while] continuing with popular Mac OS X features. The changeover is being attempted by Apple to set new printing standards that will not require 'drivers' in the future." However, as this message from Tim Waugh at Red Hat points out, all is not lost: "Where they are of use for the Linux environment, those orphaned features will continue to be maintained at OpenPrinting as a separate project."

adeelarshad82 writes "Earlier today Apple announced their next OS, Mountain Lion. According to an early look, OS X 10.8 does more to integrate social networking and file-synching into a personal computer than any other OS. It tightly integrates with the whole Apple ecosystem that includes iOS devices and the free iCloud sharing service. Moreover Mountain Lion adds a powerful new line of defense against future threats where a malware app is prevented from running even if it is deliberately downloaded to a computer. Even though Apple's clearly got a lot of fine-tuning to do—and possibly a few features to add, there's no doubt that Mountain Lion already looks very fine." Update: 02/16 15:04 GMT by T : New submitter StephenBrannen writes with some more details culled from CNET. The newest OS X has now been released to developers, with an official release date planned for this summer. "Mountain Lion, as it is called, will further blur the lines between iOS and its Mac OS. iOS features that are being ported include: Messages (replacing iChat), Notification Center, Game Center, Notes, and AirPlay mirroring. Also new to Mac OS is the addition of Gatekeeper, which should help prevent malware attacks on Apple products. Not announced is whether Siri will be ported to the Mac."

An anonymous reader writes "Apple hasn't released a Mac OS X device running on ARM yet, but a recently discovered thesis from a former Apple intern going by the name of Tristan Schapp details a 12-week project carried out in 2010 to port the OS to the ARMv5 architecture. The port got as far as booting to a multi-user prompt, but then hit hurdles to do with drivers and cache. The good news is that same intern now works for Apple as part of the CoreOS team. With rumors last year that a MacBook Air running on ARM could appear by 2013, could he be part of a team making that happen? If he is, I bet it will use the new ARMv8 architecture announced late last year."

mario_grgic writes "And so it begins: Apple will require that all Mac apps submitted to the Mac App store stick to strict sandboxing requirements. This means you must ask Apple for read or read/write entitlements for additional folders outside your Application Support folder before your app is approved. There are also restrictions on direct hardware access, communication to processes your app did not start, or even something simple as taking a screenshot. All that is needed after this to turn your Mac into an appliance is to only allow app installations from App Store."

msmoriarty writes "Oracle had lots of Java announcements at this year's JavaOne. So far the plans include: 'The availability of an early access version of JDK 7 for the Mac OS, plans to "bridge the gap" between Java ME and Java SE, an approach to modularizing Java SE 8 that will rely on the Jigsaw platform, a new project that aims to use HTML5 to bring Java to Apple's iOS platform, the availability of JavaFX 2.0, a pending proposal to open source that technology, gearing up Java EE for the cloud, and a delay in the release of Java 8.'"

The dispute between Mac cloner Psystar and Apple has been a long and twisty one; now, reader UnknowingFool writes that "Last week, the U.S. Ninth Circuit Court of Appeals ruled mostly against Psystar in their appeal of their case with Apple. The Court found for Apple in that they did not misuse copyright by having conditions in the OS X license. Psystar won on one point in which some of the court orders should have not been sealed."

Trailrunner7 contributes this snippet from ThreatPost: "Malware that targets Mac OS X isn't anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that's been in favor among Windows malware authors for several years now."

hypnosec tips a bit of Apple news from late last week that got overshadowed by the headlines about Steve Jobs. According to El Reg, "People logging in to Macs running OS X 10.7, aka Lion, can access restricted resources using any password they want when the machines use a popular technology known as LDAP for authentication. Short for Lightweight Directory Access Protocol, LDAP servers frequently contain repositories of highly sensitive enterprise data, making them a goldmine to attackers trying to burrow their way into sensitive networks." Initial reports about this bug cropped up less than a week after Lion was released.

itwbennett writes "Macs aren't being hit with advanced persistent threat (APT) attacks, but that doesn't mean they're invulnerable, say researchers at iSec Partners. Speaking at the Black Hat conference in Las Vegas Wednesday, iSec founder Alex Stamos and his team of researchers took a look at the typical stages of an APT attack — and compared how the Mac would do versus Windows 7. Their conclusion: Macs provide good protection against the initial phases of the attack, but once the bad guys are on the network, it's a whole different story. 'They're pretty good for [protecting from] remote exploitation,' Stamos said. '[But] once you install OS X server you're toast.'"

TeaCurran writes with this mildly ranty objection to the most recent Mac OS X update; several friends who have made the leap on their MacBook Pros have various other complaints, too, including system slowdowns that resemble crashes (except that their pointers still work) and recurring black screens for some configurations (with or without the kernel panics TeaCurran mentions) — what's been your experience? "Apple OS X Lion shipped with new NVidia video drivers that are causing anyone with a mid 2010 Macbook Pro to get a kernel panic every 5-10 minutes. Apple knew about the issue before shipping lion, hasn't responded to the issue, and is censoring posts in their support forum that mention words like 'boycott' and 'petition.' NVidia has responded that the drivers are the responsibility of Apple so they won't deal with the issue. How a major hardware manufacturer can ship such a faulty product without getting much press about it is completely beyond me."

snydeq writes "InfoWorld's John Rizzo sees Mac OS X Lion Server as a downgrade that may prompt a move to Windows Server. 'Mac OS X 10.7 Lion Server adds innovative features and a new low price tag, but cuts in services and the elimination of advanced GUI administration tools may force some enterprise departments to think twice about the role of Mac servers on their networks,' Rizzo writes. 'Looking more deeply inside Lion Server, it's impossible to avoid the conclusion that Lion Server is not built for those of us in IT. The $50 price tag — down from $500 — is the first clue that Lion Server trying to be a server for the consumer. But the ironic part for IT administrators is that Lion Server actually requires a greater degree of technical knowledge than its predecessors.'"

Trailrunner7 writes "Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries, could also be used for more malicious purposes down the road. Miller discovered the default passwords set on the battery at the factory to change the battery into unsealed mode and developed a method that let him permanently brick the battery as well as read and modify the entire firmware. 'You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though,' Miller said."

An anonymous reader writes "Apple has long had a troubled relationship with IT departments. Any creative professional will testify just how hard it can be to convince IT managers to allow the use of Macs in Windows-dominated environments. And, despite the fact that the Mac OS is now quite a well-behaved client on Windows LANs, Apple sometimes does little to help its own cause. The decision to release OS10.7, or Lion, for download only is hardly going to endear Apple to IT managers who need to conserve network resources. Most of all, IT departments would want to see the Mac OS offering full support for virtualization, on the desktop and on the server. There are rumors that Apple will, itself, run a virtualized version of Mac OS under VMware as part of its iCloud product. Allowing OS X to run as a guest on non-Apple servers, and even on the desktop under VDI, would bring enormous administrative benefits to companies using Macs."

steffann was one of several readers to note that Apple has released OS X Lion for $30 available only through the Mac App Store. It's a 4 gig download so you better not be in a hurry. Lots of new stuff both cosmetic and functional. But if you're the sort of person who is going to install it today, then you already know what they are! They also updated the Air lineup, dropping the old white MacBooks entirely.

WankerWeasel writes "With the release of Mac OS X 10.7 Lion this month, Apple will no longer offer a bootable installer DVD and is making 10.7 Lion available only through the App Store. This guide provides quick instructions on how to use the OS X 10.7 Lion installer to create a bootable flash drive (instructions for making a bootable DVD are also included on the blog)."

An anonymous reader writes "Apple released to developers the 'gold master' version of Mac OS 10.7, known as Lion, in a move that positions the company for a July roll-out. 'With Snow Leopard, Apple's previous Mac OS release, the time between going from gold master status to hitting store shelves was approximately two weeks. However that release required Apple to stamp and produce boxed discs to send out to retail stores. Lion will be the first by Apple to be released only through its Mac App Store as a digital download.'"

dkd903 writes "It turns out that there is a feature in OS X Lion which no one expected and was never announced at WWDC. The feature we are talking about is 'Restart to Safari.' As you might have guessed from the name, this feature makes it possible to restart the Mac into just the Safari browser and nothing else."

Barence writes "When Steve Jobs announced last night that he was 'going to demote the PC and the Mac to just be a device,' it was the clearest indication yet that Apple is phasing out Mac OS X, argues PC Pro's Barry Collins. 'Over the past couple of months, there have been continual rumours that Apple is testing the iPad's A5 processor in its MacBook range, suggesting Apple believes iOS could stretch further than smartphones and tablets,' Collins argues. Plus, Apple would take a 30% cut on all Mac software if it mandated downloads via the App Store only. 'The only part of Apple's portfolio where iOS doesn't make sense is in the high-end. Yet, Apple's already discontinued its Xserve range of servers and... it's almost exclusively fixated on the consumer market,' he argues."