Office 2016 Proving Unstable With Apple's El Capitan 137

An anonymous reader writes: Users of Microsoft Office on the Mac are reporting widespread instabilities and conflicts after upgrading to the latest version of the Apple desktop operating system, El Capitan. The first indications that El Capitan and Office 2016 were not working well together came in a now epic thread at Microsoft Community. Many users have surmised that new restrictions in file permissions in El Capitan caused the problems initially, though nearly all agree that Office's Outlook email client is the critical point of failure in the current round of application crashes and loss of functionality.

New Attack Bypasses Mac OS X Gatekeeper 66

msm1267 writes: Mac OS X's Gatekeeper security service is supposed to protect Apple computers from executing code that's not signed by Apple or downloaded from its App Store. A researcher, however, has built an exploit that uses a signed binary to execute malicious code. Patrick Wardle, a longtime Apple hacker, said Gatekeeper performs only an initial check on an application to determine whether it came from an untrusted source and should not be executed. Using a signed binary that passes the initial check and then loads a malicious library or app from the same or relative directory, however, will get an advanced attacker onto an OS X machine. Wardle disclosed his research and proof of concept to Apple, which said it is working on a patch, and may push out a short-term mitigation in the meantime.

Recalc Or Die: Excel 1.0 Developers Celebrate Their Baby's 30th Birthday 119

theodp writes: This weekend, reports GeekWire, many of the original Excel team members are getting together to celebrate the 30th anniversary of the software's release. "We certainly ripped some stuff off," acknowledged Microsoft Excel 1.0 lead developer Doug Klunder, "but we also did some things that nobody else had done at the time and probably hasn't done since — some of which are really insane, and some of which turn out to be pretty handy." Klunder, who was responsible for Excel's killer "intelligent recalc" feature, quit his job after Bill Gates decided to shift the original Excel project from MS-DOS to the Mac, but ended up coming back and finishing the project after an ill-fated stint as a farm worker in the lettuce fields of California. "Just imagine having this product where one of the key components of it is really only understood by this guy who will quit routinely and go be a migrant farm worker down in California," said Excel 1.0 program manager Jabe Blumenthal. "It was not necessarily the most traditional or stable of environments." Many of the original Excel team members still use the program today — the RSVP sheet for this weekend's party was an Excel Online document. Before a professional naming firm came up with "Excel," the software was known by its code name "Odyssey", and other product names considered by Microsoft included "Master Plan" and "Mr. Spreadsheet." By the way, "Mr. Spreadsheet" makes his MOOC debut next week in edX's free-to-audit Excel for Data Analysis and Visualization course.

Proposed MAC Sniffing Dongle Intended To Help Recover Stolen Electronics 120

An anonymous reader writes to say that an Iowa City police officer is developing a new concept to help police find more stolen property. The Gazette has a short report that officer David Schwindt, inspired by a forensics class, is working on L8NT, a specialized wireless dongle to help police officers locate stolen electronics (any of them with wireless capabilities and a MAC address, at least) by scanning for MAC addresses associated with stolen goods. The idea is to have police scan as they drive for these MAC entries, and match them against a database. The article notes a few shortcomings in this concept, but does not point out an even bigger one: MAC addresses are usually mutable, anyhow, in a way that's not as obvious as an obscured serial number, and thieves could refine their business model by automating the change.

"Extremely Critical" OS X Keychain Vulnerability Steals Passwords Via SMS 123

Mark Wilson writes: Two security researchers have discovered a serious vulnerability in OS X that could allow an attacker to steal passwords and other credentials in an almost invisible way. Antoine Vincent Jebara and Raja Rahbani — two of the team behind the myki identity management security software — found that a series of terminal commands can be used to extract a range of stored credentials. What is particularly worrying about the vulnerability is that it requires virtually no interaction from the victim; simulated mouse clicks can be used to click on hidden buttons to grant permission to access the keychain. Apple has been informed of the issue, but a fix is yet to be issued. The attack, known as brokenchain, is disturbingly easy to execute. Ars reports that this weakness has been exploited for four years.

Chrome 45 Launches, Automatically Pauses Less Important Flash Content, Like Ads 92

An anonymous reader writes: Google today launched Chrome 45 for Windows, Mac, Linux, and Android with some expected changes and new developer tools. First and foremost, Chrome now automatically pauses less important Flash content (rolling out gradually, so be patient). This has been a longtime coming from both Google and Adobe, with the goal to make Flash content more power-efficient in Chrome: In March, a setting was introduced to play less Flash content on the page, but it wasn't turned on by default, and in June, the option was enabled in the browser's beta channel. Now it's being turned on for everyone.

The Long Reach of Windows 95 354

jfruh writes: I'm a Mac guy — have been ever since the '80s. When Windows 95 was released 20 years ago, I was among those who sneered that "Windows 95 is Macintosh 87." But now, as I type these words on a shiny new iMac, I can admit that my UI — and indeed the computing landscape in general — owes a lot to Windows 95, the most influential operating system that ever got no respect. ITWorld reports: "... even though many techies tend to dismiss UI innovation as eye candy, the fact is that the changes made in Windows 95 were incredibly successful in making the the system more accessible to users -- so successful, in fact, that a surprising number of them have endured and even spread to other operating systems. We still live in the world Windows 95 made. When I asked people on Twitter their thoughts about what aspects of Windows 95 have persisted, I think Aaron Webb said it best: 'All of it? Put a 15 year old in front of 3.1 and they would be lost. In front of Windows 95 they would be able to do any task quickly.'"

A FreeBSD "Spork" With Touches of NeXT and OS X: NeXTBSD 165

There are a lot of open source operating systems out there; being open source, they lend themselves to forks, clones or near clones, and friendly offshoots. There are even services to let you customize, download, and (if you choose) bulk-install your own OS based on common components. Phoronix notes a new project called NeXTBSD that might turn more heads than most new open source OSes, in part because of the developers behind it, and in part because of the positive thoughts many people have toward the aesthetics of NeXTSTEP and Mac OS X. (And while it might be a fork of FreeBSD, the developers would rather call it a spork, instead.) NeXTBSD was announced last week by Jordan Hubbard and Kip Macy at the Bay Area FreeBSD Users Group (BAFUG). NeXTBSD / FreeBSD X is based on the FreeBSD-CURRENT kernel while adding in Mach IPC, Libdispatch, notifyd, asld, launchd, and other components derived from Apple's open-source code for OS X. The basic launchd/notifyd/asld/libdispatch stack atop their "fork" of FreeBSD is working along with other basic components of their new design. You can watch a recording of the announcement as well as a longer introduction linked from Phoronix's story.

In Praise of the Solo Programmer 114

HughPickens.com writes: Jean-Louis Gassée writes that once upon a time, we were awestruck by the solo programmer who could single-handedly write a magnum opus on a barebones machine like the Apple ][ with its 64 kilobytes of memory and an 8-bit processor running at 1MHz. Once such giant was Paul Lutus, known as the Oregon Hermit, who won a place next to Jobs and Wozniak in the Bandley Drive Hall of Fame for his Apple Writer word processor. "Those were the days Computers and their operating systems were simple and the P in Personal Computers applied to the programmer," writes Gassée. "There's no place for a 2015 Paul Lutus. But are things really that dire?"

As it turns out, the size and complexity of operating systems and development tools do not pose completely insurmountable obstacles; There are still programs of hefty import authored by one person. One such example is Preview, Mac's all-in-one file viewing and editing program. The many superpowers of Apple's Preview does justice to the app's power and flexibility authored by a solo, unnamed programmer who has been at it since the NeXT days. Newer than Preview but no less ambitious, is Gus Mueller's Acorn, an "Image Editor for Humans", now in version 5 at the Mac App Store. Mueller calls his Everett, WA company a mom and pop shop because his spouse Kristin does the documentation when she isn't working as a Physical Therapist. Gus recently released Acorn 5 fixing hundreds of minor bugs and annoyances. "It took months and months of work, it was super boring and mind numbing and it was really hard to justify, and it made Acorn 5 super late," writes Mueller. "But we did it anyway, because something in us felt that software quality has been going downhill in general, and we sure as heck weren't going to let that happen to Acorn."
Desktops (Apple)

Could the Best Windows 10 Laptop Be a Mac? 435

dkatana writes: Now that Windows 10 is finally out there many people are looking for the best laptop with the power to make the new OS shine. The sweet spot appears to be in $900-$1500 machines from Dell, Asus and HP. But Apple, the company that has been fighting Windows for ever, has other options for Windows 10: the MacBook Pro and MacBook Air. According to InformationWeek there are many reasons to consider purchasing a MacBook as the next Windows machine, including design, reliability, performance, battery life, display quality and better keyboard. Also MacBooks have a higher resell value, retaining up to 50% of their price after five years.

GitHub Desktop Launches To Replace Mac and Windows Apps 167

An anonymous reader writes: GitHub today launched a unified desktop version for Mac and Windows — you can download it from desktop.github.com. GitHub Desktop will automatically replace the previous Mac and Windows apps and can be used alongside GitHub Enterprise. Venturebeat reports: "...GitHub was tired of the differences between its two apps and decided it was time to align them. The hope is that if Mac and Windows users have the same workflow, it will be easier for them to work together (and for individual users to switch between the two platforms)."

Thunderstrike2 Details Revealed 65

An anonymous reader writes: Prior to DefCon and BlackHat, we learned that Trammell Hudson had developed a firmware worm for Apple machines that could spread over Thunderbolt hardware accessories. Now that both conferences have finished, Hudson has published slides and an annotated transcript detailing how the worm works.

A brief quote: "Thunderstrike 2 takes advantage of four older, previously disclosed vulnerabilities. These had all been known and fixed on other platforms, but not on Apple's MacBooks. ... Speed Racer (Incorrect BIOS_CNTL configuration, 2014, VU#766164), Darth Venamis (S3 boot script injection, 2014, VU#976132) Snorlax (Flash configuration is not set after S3 sleep, 2013 VU#577140) and PrinceHarming (2015) Unsigned Option ROMs (2007, 2012). ... While we're looking at Apple specifically in this research, the overall message is that many vendors are not keeping up to date and are not responding to CERT, especially if it requires effort to port or test vulnerabilities from other vendor platforms."

Firefox 40 Arrives With Windows 10 Support, Expanded Malware Protection 113

An anonymous reader writes: Mozilla today launched Firefox 40 for Windows, Mac, Linux, and Android. Notable additions to the browser include official Windows 10 support, added protection against unwanted software downloads, and new navigational gestures on Android. Firefox 40 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Changelogs are here: desktop and Android.

OS X Bug Exploited To Infect Macs Without Need For Password 127

An anonymous reader writes: A new flaw has been discovered in the latest version of OS X which allows hackers to install malware and adware onto a Mac without the need for any system passwords, researchers say. The serious zero-day vulnerability was first identified last week and results from a modified error-logging feature in OS X Yosemite which hackers are able to exploit to create files with root privileges. The flaw is currently found in the 'fully patched' OS X 10.10.4, but is not in the newest 10.11 El Capitan beta – suggesting that Apple developers were aware of the issue and are testing a fix.

Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters 119

BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammell Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammell teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm." Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted on YouTube.

A Tweet-Sized Exploit Can Get Root On OS X 10.10 130

vivaoporto writes: The Register reports a root-level privilege-escalation exploit that allows one to gain administrator-level privileges on an OS X Yosemite Mac using code so small that fits in a tweet. The security bug, documented by iOS and OS X guru Stefan Esserwhich, can be exploited by malware and attackers to gain total control of the computer. This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5 but is already fixed in the preview beta of El Capitan (OS X 10.11) Speaking of exploits: Reader trailrunner 7 notes that "HP’s Zero Day Initiative has released four new zero days in Internet Explorer that can lead to remote code execution."

Chrome 44 Launches With Tweaks To Push Messaging and Notifications 67

An anonymous reader writes: Google has launched Chrome 44 for Windows, Mac, and Linux with new developer tools. Aside from a host of security fixes, this release focuses mainly on developer features. The API for push notifications was updated to match the specification, a new implementation of multi-column layout was added, and they've extended support for Unicode escapes in strings. The full changelog notes a number of performance improvements as well.

Free Tools For Detecting Hacking Team Malware In Your Systems 62

An anonymous reader writes: Worried that you might have been targeted with Hacking Team spyware, but don't know how to find out for sure? IT security firm Rook Security has released Milano, a free automated tool meant to detect the Hacking Team malware on a computer system. Facebook has also offered a way to discover if your Mac(s) have been compromised by Hacking Team malware: they have provided a specific query pack for its open source OS analysis tool osquery.

Square Enix Pulls, Apologizes For Mac Version of Final Fantasy XIV 94

_xeno_ writes: Just over a week after Warner Bros. pulled the PC version of Batman: Arkham Knight due to bugs, Square Enix is now being forced to do the same thing with the Mac OS X version of Final Fantasy XIV (which was released at the same time as Batman: Arkham Knight). The rather long note explaining the decision apologizes for releasing the port before it was ready and blames OS X and OpenGL for the discrepancy between the game's performance on identical Mac hardware running Windows. It's unclear when (or even if) Square Enix will resume selling an OS X version — the note indicates that the development team is hopeful that "[w]ith the adoption of DirectX 11 for Mac, and the replacement of OpenGL with a new graphics API in Apple's next OS, the fundamental gap in current performance issues may soon be eliminated." (I'm not sure what "the adoption of DirectX 11 for Mac" refers to. OS X gaining DirectX 11 support is news to me — and, I suspect, Microsoft.) Given that the game supports the aging PS3 console, you'd think the developers would be able to find a way to get the same graphics as the PS3 version on more powerful Mac OS X hardware.

Firefox 39 Released, Bringing Security Improvements and Social Sharing 172

An anonymous reader writes: Today Mozilla announced the release of Firefox 39.0, which brings an number of minor improvements to the open source browser. (Full release notes.) They've integrated Firefox Share with Firefox Hello, which means that users will be able to open video calls through links sent over social media. Internally, the browser dropped support for the insecure SSLv3 and disabled use of RC4 except where explicitly whitelisted. The SafeBrowsing malware detection now works for downloads on OS X and Linux. (Full list of security changes.) The Mac OS X version of Firefox is now running Project Silk, which makes animations and scrolling noticeably smoother. Developers now have access to the powerful Fetch API, which should provide a better interface for grabbing things over a network.