Major Security Flaw in 2.0.2 (APPLE READ THIS)

Similar Messages

• IPhone reception is poor (it's actually NOT AT&T).... Hope Apple Reads This

  After using the iphone all I could think of was...."fewest dropped calls" my a--. I've never has so many dropped calls in my life since switching to the new iPhone.
  Here are steps I've taken:
  Verified that I'm in an excellent coverage area (with AT&T)
  Swapped SIM - It was suggested online, and by Apple Support.
  Swapped iPhone
  Purchased Wi-Ex zBoost YX510 Dual band signal booster.
  All to no avail.
  I've determine it's not AT&T that is the problem it's the iPhone.
  When the phone is sitting, I can get full signal, 4 bars. As soon as I pick up the phone...I get dropped calls, zero signal, no service, or maybe 1 bar (barely).
  Even after doing all the aforementioned items, I still get loss of service. Clearly this is a problem with the iPhone, a search of the web shows TONS of people experiencing the same issue.
  Not only that, but I contacted Wi-Ex the makers of zBoost which was HIGHLY rated by several reputable magazines etc...and they stated they have actually gotten a LARGE number of calls with respect to iPhone users having poor reception.
  He pointed to transmit power as possibly being the culprit. I'm not a phone expert, I'm a Senior Systems Engineer, so not sure what that would have to do with anything. But he stated it used to be the old Motorola RAZR that they constantly got calls about and he verified that they definetly had the worst trasmit power out of any cell phone seen. Which is probably why so many people complain about the RAZR but now he states the iPhone calls are slowly taking over.
  Even with the booster in my house, I reguarly get FULL signal 4 bars...but like I said...as soon as I touch the phone or make a call...it's all over.
  I'm hoping this can be fixed through an iPhone update. I would hate to think I have to return the phone can cancel service, but I can't operate like this.
  If Apple is watching, I'm willing to be a beta tester in anyway you see fit. I love the phone but I can't deal with all these great features but constant call dropping.

  Hi Derrick,
  Similar situation to you but..
  I purchased yx500 cel single band (800 MHZ, that's the one iPhone uses at my location) actually 2 of them. Yeah I know alot of money to spend to get service at my house. But the 1st purchase was an absolute neccesity for my wife's iPhone. He phone is her ONLY phone for business and no service or 1 bar was not acceptable. The gain on the supplied base station omnidirectional antenna is only so so as the signal strength diminishes about 10 feet away from the base station. I tried the directional indoor base station antenna to get more distance from the base station, with no luck. So the 2nd purchase was another 500 cel for use in the other end of our downstairs, for me. 2 outdoor antennas on either end of the house.
  The interesting part of this discussion is that my wife had Sprint previous to the iPhone and service was pretty much the same as it is now with ATT. Sprint's and ATT's towers are next to each other about 1 mile away, as the crow flies, from my house. I had and still have a Blackberry Pearl (now used as a backup phone just in case) and the service was the same as the iPhone. I had a friend over for dinner this weekend who just bought a Blackberry Curve (ATT) Same story with the service, 1 bar to no service. ATT's coverage map indicates (at street level) that we are in an excellent service area. I think our problem is that there are dense trees between us and the tower. Digital signals don't go through trees very well if at all.
  For me and my wife the wi-ex product works although (and pertinent to your experience) occasionally the signal will drop inexplicably and dramatically.
  On the road the iPhones work fine, and the very infrequent dropped calls are due to known (by me in my years of travelling) holes in the coverage area.
  All of this stuff, unfortunately for people like us (at least for me), means that there are no definitive answers to the problem, and like you I have had to spend alot of money, and go through a long process of trial and error to maybe have an answer to the problem of service.
  I'm traveling to Colorado, Denver in fact in a few weeks and will be very curious to see how service is there.
  Will keep everyone posted.
  CD3

• Hope Someone at Apple read this

  One month ago i've recived a new 23'' Apple monitor and soon i've noticed one pixel (in the center bottom of the display) not working properly.
  I said one is not too bad!
  but now that i'm writing the pixels not working properly are growing in the same area making them more evident (for precision today 10; sometimes are less but sometime are more 10 is an average number).
  I can remeber Mr. Jobs sayng in one of last keynote that Apple lcd monitors are the best! Apple refuses the lcd display other companies use for their top of the gamma...etc.
  Well ..... I've two 30'' and this 23'' in my studio and when i look at them...they are beautifull !But i'had troubles with pixels in 30'' (now solved) and the new 23'' has problems too.
  I found difficult to trust Mr. Jobs words because i'use also other brands monitor (Sony, Eizo) and in no one i have one single broken pixel .
  May be Apple should pay more attenction to the quality provided by their chinese suppliers.
  Come on Apple!

  You may be able to convince apple that you have too many dead pixels. Try taking it into an apple store and see what they say

• APPLE: read this ...

  hi apple,
  leopard is slow in starting and shuting down, admin gone twice (since yesterday evening), repair permissions does'nt work and so on ....
  are we your paying betatesters ?????
  i hope you solve the problems soonest !
  regards,
  sascha

  p.s. i love and use apple since 20 years and was (nearly) never dissapointed !

• IPod Shuffle green/yellow flashing  APPLE READ THIS AND POST IT!!!

  This was posted by ipod user pcgoddess and this is the only way I got my ipod shuffle to work. It would not play it would just blink green and orange. Apple couldn't even put up a solution on their own website. If I were Apple I would be embarrassed.
  "After searching high and low, I found a solution in another chat area. It takes a few minutes, but it works.
  Place the Shuffle in your PCs USB.
  A dialog box may pop up. Do not click it.
  Do not click any dialog which pops up asking if you want to put songs from this pc onto this ipod, deleting the old ones.
  Click edit, preferences, then select the "ipod" tab.
  Check the box "enable disk use".
  Move the slider to the right so that it is set to more data (maximum), and 0 songs.
  Click ok.
  Right click your start button and select "Explore".
  Navitage to My Computer, and then seek the drive which represents the shuffle.
  Right click the drive and select format.
  Leave the options as they are.
  Click Start.
  After formatting, click eject ipod (icon in the bottom right of the itunes window).
  Remove the shuffle.
  Re-insert the shuffle. "

  nice try but that doesnt work... i had to return mine and the very same day the new one broke! this product is all around crappy...
  This was posted by ipod user pcgoddess and this is
  the only way I got my ipod shuffle to work. It would
  not play it would just blink green and orange. Apple
  couldn't even put up a solution on their own website.
  If I were Apple I would be embarrassed.
  "After searching high and low, I found a solution in
  another chat area. It takes a few minutes, but it
  works.
  Place the Shuffle in your PCs USB.
  A dialog box may pop up. Do not click it.
  Do not click any dialog which pops up asking if you
  want to put songs from this pc onto this ipod,
  deleting the old ones.
  Click edit, preferences, then select the "ipod" tab.
  Check the box "enable disk use".
  Move the slider to the right so that it is set to
  more data (maximum), and 0 songs.
  Click ok.
  Right click your start button and select "Explore".
  Navitage to My Computer, and then seek the drive
  which represents the shuffle.
  Right click the drive and select format.
  Leave the options as they are.
  Click Start.
  After formatting, click eject ipod (icon in the
  bottom right of the itunes window).
  Remove the shuffle.
  Re-insert the shuffle. "

• Hope that Apple reads this.

  Purchased and Imac in 2011...great machine and still believe so. However just as the warantee ran out the mother board and hard drive faild.. This cost me a fortune to repair as there was no comprehencion from Apple. Since then Apple service have repaced  three hard drives as well as having to leave the iMac on several other occasions due to OS issues not allowning start up. I have tried to discuss this Apple and all I get is YOU ARE OUT OF WARANTEE. I am not even asking for free service I just want to bring to their attention that here we have a real problem machine and the number of times it has been for hard drive replacements etc..are not aceptable.
  I guess this is what come from not wanting to listern to the customers.
  I dont expect any reply but want to tell sombody.

  I do understand your frustration. I too own a mind 2011 iMac and I absolutely love it. While I cannot advise you how to bring those issues to Apple's attention, I can probably share with you a tip that helped me in the past. If you bought the machine using a credit card, you may be automatically eligible for an extended warranty (not from Apple, but from the credit card company). I bought mine with a visa credit card, So, when I had my GPU replaced at the Apple Store outside of the 1 year standard warranty, visa reimbursed me the repair costs (about $250).
  Also, I see you mentioned hard drive. At that time when my GPU failed, I also had a HDD issue and Apple replaced my HDD for free. There was a replacement program at that time for faulty Seagate 1TB HDDs used in some of the 2011 27" iMacs. I don't know if they are still running that program.
  And this weekend, the AMD 6970M GPU failed again. I went to the Apple Store today thinking I had to pay $250 again, but was told that there is currently a replacement program for that GPU used in some of the Mid 2011 27" iMacs and that I will not be charged for it. This program did not exist when I had my earlier repair done.
  So, I think Apple is looking at the issues reported and repairs done on various models and is working on appropriate replacement programs. Anyway, just wanted to share my experience with my iMac.

• Security flaw-To use CSOM/Javascript code for Custom Office365(Sharepoint Online) application

  Hi,
  I've developed custom application in Office365(Sharepoint Online) using CSOM/Javascript. Security team from client side has been reported one major issue to the our application that any end user can comment our CSOM/Javascript code and bypass the validation
   or can update / insert into sharepoint list item using developer tool/ Console in Google Chrome(F12 Key).
  Also end user can write his own separate code in console of Google Chrome (Developer Tool / F12) and can update / insert  into Sharepoint List.
  Note:- End user has Add, Edit, View permission on all Sharepoint List.
  This is one major security flaw of the Sharepoint/Office365 to use CSOM /Javascript for writing code, to overcome this issue could you please provide me some solution.
  Your help would be greatly appreciated!!!  
  Looking for reply.
  Thanks,
  Mahesh Sherkar
  Web: http://Mahesh-Sherkar.com
  Email: [email protected]

  Hello Paras, 
  Did you get any solution for this? I think your website was implemented this form. Can you please tell me the way how I can achieve it? I am also facing same problem. Please reply me as early as possible.
  Thanks,
  Mihir

• IOS 7 security flaw

  Major Security flaw in IOS 7
  I your phone is locked with a passcode (even the complex one) and you swipe up to get to the control centre
  Click on alarms
  hold down the sleep on/off button until you get the slide to power off
  Cancel this
  Double click the Home button
  hey presto you can get to the apps that were open
  The phone is also unlocked
  However this doesnt work if you had left the camera app open

  I tried it in all different ways, it wouldn't open the phone. But when i do open the phone normally, it opens immediatly in the mutlitasking page. But I am sure this could be a security flaw that might work with others.

• When opening safari i get a message that says major security issue please contact apple immediately suspicious activity might have been detected. what is this and how do i get rid of it so i can use my internet?

  when opening safari i get a message that says major security issue please contact apple immediately suspicious activity might have been detected. what is this and how do i get rid of it so i can use my internet?

  A misleading and malicious popup. Launch Safari with the Shift key held down; if that doesn't work, temporarily disconnect the computer from the Internet.
  (121307)

• IMessage password/Apple ID security flaw?

  I'm still able to sign into iMessage on my ipad mini using an old password/Apple ID.... Why is this and how do I fix it

  Sorry for the old bump.
  But my issue similar and a security flaw.  If I turn off imessages on my ipad, anyone can turn them on, enter the wrong password, and poof they work.
  How is that that I can enter ANY password and imessages works?
  Seems not secure at all.  If I go on my colleagues iphone, enter my apple id (my email - duh) and the wrong password, it works there too.
  How do I restrict this?

• Acrobat 9.2.0 Update Breaks Text Box Tool, Possibly Introduces a New Security Flaw.

  Anyone have any ideas for this one?
  Once we upgraded to version 9.2.0 (This is a major security release that fixes a Javascript security flaw) our text box tool no longer works the way we want it and crashes the program.
  Try this:
  1. Open any PDF document on a  Windows XP SP3 computer with Adobe Acrobat 9.2.0.
  2. Add the 'Text Box Tool'  to the toolbar by right-clicking the toolbar and selecting 'MoreTools' then placing a checkbox next to the 'Text Box Tool'.
  3. Click the 'Text Box Tool' on the toolbar and draw a new textbox anywhere on the PDF document.
  4. Click out of the textbox to cancel typing mode, then single click back on the textbox that you just created.
  5. Right-click the textbox that you created and select 'Properties..."
  6. Under the 'Appearance' tab,
  a. Select Style: No Border
  b. Select Fill Color: No Color
  c. Check the box 'Make Properties Default'
  d. Click OK.
  7. Click the Text Box Tool again, and draw another textbox (Since there is no border you will not see it but you will still be drawing a textbox).
  8. Let go of the mouse when you are done drawing your textbox rectangle and the program will crash at this point.
  Results:
  1. "An internal error occurred." dialog box is displayed.
  2. After clicking ok the following "Microsoft Visual C++ Runtime Library" dialog box is displayed:
  "Runtime Error!
  Program: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
  R6025
  - pure virtual function call
  3. After clicking ok another dialog box is displayed:
  Error signature
  AppName: acrobat.exe AppVer: 9.2.0.124 ModName: acrobat.dll Offset: 000509dd
  4. The same error has occurred on all five computers that we tested the new version on.
  Expected results: A new textbox is created and you may start typing in text (This was the behavior in version 9.1.3).
  Additional Information
  At times, we need to add information to PDF files (i.e missing dates, etc). We have always used the Text Box Tool to do this with no border, and with no fill color as this is the EASIEST and FASTEST way to add information to PDF files in a precise manner. We want the fill color to be transparent so that we can fit text in between and exactly on lines easier, and so that there is not a solid background box behind the text. We want no border because a border around text that needs to go on a line looks stupid. Up until version 9.2 this procedure worked fine. Now, the program will crash. Perhaps this even adds another security vulnerability if the crash could be exploited. We want to maintain security by patching Adobe to address the JavaScript vulnerability that was addressed in version 9.2.0, however, we are not able to update our users as the new version breaks the fundamental purpose that we use Adobe Acrobat for. We are stuck with the vulnerable version 9.1.3 until this problem is addressed. Disabling JavaScript is not an option either, as we use a Java plug-in on a daily basis.
  Any thoughts would be great, I have attached screenshots of the errors.

  The question still is not answered.
  The problem continues in Acrobat 8.1.7 for Windows, even after updating toAcrobat  8.2.0. ( I can't comment on whether recent updates to Acrobat 9 fix the problem in Acrobat 9.)
  The internal error after text insertion problem occurs even with PDF documents created in Acrobat 8, i.e., not only old versions of PDF files. We have the text box insertion icon in the toolbar, and the properties set to "no color" for the box and "0" width for the text box lines, as other commentators have noted.
  The problem did not exist when Acrobat 8 Pro was installed, it was introduced by one of the updaters.
  The main reason we use Acrobat, rather than much cheaper PDF-creation software, is to annotate PDF files (including inputting data into spaces in standard forms).
  So justify the high price of Acrobat and fix the problem please, Adobe !

• Security Flaw on iPhone???

  Critical iPhone security flaw found
  Fortify Software, a security firm, has uncovered a critical security flaw in the Apple iPhone which could lead to phishing attacks.
  Because the iPhone only displays the first few characters of a URL in its Safari web browser, phishers could easily hide a fraudulent URL at the end of a link without the user even knowing it.
  Even worse, the iPhone connects the browser and the phone in such a way that it may be possible to embed scam telephone numbers into a site to make the phone automatically dial the scam number.
  Let’s hope Apple is working on a fix for this one because that is some scary stuff. Now, if you input addresses yourself and use bookmarks, the chances of being affected by this are relatively minimal. That said, watch out for strange emails and Google results — you can’t always trust that either.
  Anybody read this? Any comments or thoughts??? Valid?

  It's hardly a new flaw since disguising URLs in links has been common practice for some time. However, while the browser does indeed only show a limited number of characters from the URL being opened (more if in landscape mode than portrait) to get to the URL at all the user would either have to enter it manually, or encounter it in an email or web page where the full URL should readily be discovered.
  It seems probable to me that over time, security holes will be found as in all accessible and discoverable devices on the internet. Based on experience with Apple and MacOS, I would have confidence that genuine weaknesses found in the iPhone will benefit from security fixes as expeditiously as possible.

• Security Flaw: Screen Saver Authentication

  Hi,
  I have found a security flaw, it exists in both Panther and Tiger. If a system has 2 accounts, the first account being active and locked through a screen saver. The second account (if administrator) can type their username/password in the authentication screen, and it will unlock the first account. This works if the first account is an administrator or not. Any administrator username/password will authenticate any other account from the screen saver authentication box. I have proven this on 2 machines, a D2.5 G5, and a 1.6 iMac G5.
  Please contact me for further testing.

  it's not a TECHNICAL flaw, it is however a logical flaw, yes.
  Because admins are part of the sudoers files, one admin does have the permission to unlock another admin like that, the same as how when logged in with one account you can use another admin account to authorize the installation of software (why it's not necessary to be logged in with your admin account)
  The behavior I suspect you desire is the behavior Windows uses, where when you use an admin account to unlock a computer, it logs out the user who locked it (assuming the admin isn't the one logged in).
  I suggest you submit a feature request to Apple.

• IPhone location tracker - still a security flaw?

  I hear a lot about a security flaw in the iPhone OS, allowing others to track the location of my phone without my consent and with no straightforward way to protect myself.  On the internet, I see semi-legal app's offered, said to track any iPhone, "just enter the phone number".
  First - is this still true?  I have updated to the latest iOS5.
  If not, what are the settings I need to be aware of?
  If yes, has Apple announced a plan to plug that security flaw?
  Short of jailbraking my phone and installing unauthorized software - what can I do about it?
  /Lars

  There is not, and never was, a security flaw in iOS that allows or allowed others tot track the location of the phone.
  The "apps" you see are generally bogus. They are "joke" apps. They can NOT do what they appear to do. It's simply not possible.
  ... unless ...
  If the phone is jailbroken, tracking apps can be installed. If your phone is not jailbroken, you have nothing to worry about. The only way anyone could track the location of your phone would by by accessing your iCloud account and using Find my iPhone. So long as you keep your password secure, this isn't an issue.  Oh... and Find my Friends if you've agreed to share your location with someone.

• Screen Saver Password Protection - Security Flaw

  Although I have always felt OS X has been a solid and secure operating system, there continues to remain one painful, and blatant security flaw. I keep thinking that Apple will address the issue, but they certainly haven't done so thus far.
  Explanation:
  With any good security policy, and in any secure environment, there will always be a need to "lock" (password protect) a system when not in use. That is, after 'X' period of time, the user interface is password protected so as not to allow access to the system while not in use. This is probably the most common and fundamental security measure in any environment. However, Apple's (GUI) password protection falls short in a number of ways. The only current method of password protecting the user interface is through the Screen Saver. Although at a glance it appears functional, it is a poor design and is easy to disable.
  The screen saver configuration lies within two files; the ~/Library/Preferences/com.apple.dock.plist and ~/Library/Preferences/ByHost/com.apple.screensaver.<variable>.plist. It is especially important to note that both of these files are located in the users home folder, which gives them full access to the configuration files. There is absolutely nothing preventing a user from deleting these files, and thus, disabling the only mechanism to password protect the user interface. Giving the user the ability to disable or remove ANY security related configuration is a poor design.
  Now initially we thought we had a solution by setting the user immutable flag on the ByHost screen saver plist using chflags. This would still allow user access, but would prohibit them from deleting the ByHost plist. Well, it sounded good in theory. However, if ~/Library/Preferences/com.apple.dock.plist is deleted, you can say goodbye to your password protected screen saver, despite locking the screen saver plist. So naturally the idea occurred to me to set the user immutable flag on ~/Library/Preferences/com.apple.dock.plist. This works, but makes it impossible to modify the Dock. Needless to say, if the Dock can't be modified, there's no point in even having it.
  Now that isn't the only thing wrong with the screen saver password protection. You would expect that an administrator could unlock a users (password protected) screen saver, but you would also assume that the user was logged off as a result. Not in this case... If an admin unlocks a password protected screen saver for a user, they are now logged in as that user and have access to everything the user was doing when it was locked (email, spreadsheets, confidential information... anything). This is not the preferred method. If for some reason an admin needs to unlock a password protected screen saver, it should log off that user, not allow access to the user's session.
  Finally, the biggest flaw yet. With a recent update, the password protection doesn't even work, as indicated by several people in the following threads.
  http://discussions.apple.com/thread.jspa?messageID=2706417&#2706417
  http://discussions.apple.com/thread.jspa?messageID=1950444&#1950444
  http://discussions.apple.com/thread.jspa?messageID=2648700&#2648700
  I have personally seen this issue while developing our corporate OS X image. Despite any fix or workaround, the simple fact that this has occurred is disturbing. ...As if the design wasn't bad enough, it now has the potential to stop working entirely.
  Now don't get me wrong, I love OS X and prefer to work on it over any other operating system. Nonetheless, the current design for the "screen lock" is inadequate at best. For a large enterprise environment with stringent security requirements, it's far from sufficient. My hope in posting this is that someone from Apple acknowledges the design flaw and incorporates a more effective solution into the next OS.
  MacBook   Mac OS X (10.4.6)  

  One thing I forgot to mention is that "Workgroup Manager.app" is a part of the "Server Admin Tools" which can be downloaded free from Apple. Although it seems to be primarily intended to be used to configure OS X Server from an OS X Client machine, many of its functions can be used to configure the OS X Client machine itself, in the complete absence of OS X Server. Unfortunately, the 'mcx_settings' aren't really "image friendly" - as far as using them on OS X client is concerned, they are something that seem to need to be applied to user accounts individually (although it is possible to copy all of the settings at once so it isn't necessary to go through the whole configuration process for each setting for each user). I have tried tinkering and applying them to groups, but group members don't seem to automatically be restricted (I may be missing something). The "tools" are available here:
  http://www.apple.com/support/downloads/serveradmintools104.html
  I don't know if it would be any better than the screen saver "hot corner", but there is an option to lock the screen from the "Keychain Access" menu extra, which can normally be enabled through "/Applications" > "Utilities" > "Keychain Access.app", from its "Preferences". This setting is then stored in the "com.apple.systemuiserver.plist" file (ie independent of the "Dock"), but could in principle be controlled from 'mcx_settings' as well. The level of control seems to be incomplete - the user can still drag the item off of the menu bar, but it returns during the next login. However, it does provide convenient access to a method to lock the screen and keychains, and has a nice "padlock" icon so that its function is obvious. It is also potentially possible to assign a two-step keyboard shortcut to the "Lock Screen" item, but it would be somewhat less convenient than a direct key combo...
  One other note regarding the "admin" user's ability to unlock the screensaver. The configuration file allowing the "admin" user to do this is "/etc/authorization", under 'system.login.screensaver'. Currently, the "rule" is set to 'authenticate-session-owner-or-admin'. Changing it to 'authenticate-session-owner' would be expected to remove the "admin" user's ability to unlock the screensaver, and if "Fast user switching" is available, the "admin", being unable to authenticate, should be able to switch to the "login window" from the authentication dialogue. I haven't tested this at all in "Tiger", but in "Panther", there was apparently a problem with it (which is why it had slipped my mind since at the time it was rejected as a viable option) - the person who posts here as "LittleSaint" had mentioned some problem with user logins when set up that way but I don't remember what it was, and so can't test if it has been fixed in "Tiger" (not very reassuring, and I apologize). And again, this is a setting that an "admin" would be able to reverse for themselves. Also, should "Fast user switching" become disabled for some reason, and the screen saver kicks in and the user isn't available, it might be a hassle to get back into the machine (it might be possible to do something over ssh). Nevertheless, it might be something to look in to.