flaw
Latest
Nokia's Maemo Ovi Store looking rickety, 'beta' label well-deserved
Bugs are to be expected in brand-new apps and platforms -- particularly when they're clearly marked with a "beta" sign -- but it starts to get a little hairier when there's money involved. One of the early crowd favorites in Nokia's Ovi Store for Maemo appears to be the game Angry Birds, which is available with a €3 level pack -- problem is, plenty of folks have discovered a way around actually paying the cash, which becomes a big problem for the developer very, very quickly. The level pack has since been removed, probably the best move until Nokia can figure out what's going on here and issue a patch. In the meantime, looks like it's back to the ol' repositories.
Leopard and Snow Leopard flaw exploited in proof of concept, real-world tomfoolery surely coming soon
Look at you, all cuddled up with your Leopard install, sipping on a steamy hot cocoa, watching the snow fall outdoors, and thinking you don't have a care in the world. We hate to break it to ya but you do have a care, a big one, thanks to a proof of concept hack exploiting a buffer overflow in MacOS 10.5 and 10.6. The flaw has been known about since June, but only now has it been proven to work on Cupertino's latest, and a very straightforward code example of how to use it has been posted online. You know what that means: watch out for those e-mail attachments. Interestingly, the flaw is also said to possibly exist in the PS3 as well, which could make for a very interesting spring -- cocoa or no.
Droid security flaw makes lock screen a mere inconvenience for evil-doers
You might recall Apple having a hard time keeping its lock screen locked at one point, and it looks like we've got a common theme brewing here now that Android's suffering from the same drama. Turns out that Android 2.0.1 -- the build currently deployed on the Droid -- suffers from a flaw whereby you can back out to a locked phone's home screen simply by pressing the Back button after accepting an incoming call. Of course, you'd either have to know a phone's number or wait for a call to actually take advantage of this, but we'd argue that it's a pretty low barrier of entry. The bright side of the story, we suppose, is that the phone goes back to being locked as soon as the call ends, but then again it doesn't take much time to peep your juicy emails. Google's aware of the issue, so we're thinking this'll make it into the Droid's next software update; we don't have a launch window for that just yet, so in the meantime... you know, just make sure no one ever calls you and you should be good to go.
Funcom implements PvP XP rollback in Age of Conan
Funcom has sent a clear message to the number of Age of Conan players who've been exploiting a flaw in the PvP XP system: START OVER. Oliver 'Tarib' Kunz, Senior Community Manager for Age of Conan, addressed Funcom's recent decision to roll back the experience gained by some players who unfairly saw a meteoric rise in gains, as confirmed in a player-by-player investigation. Kunz stated, "We have then taken what we consider to be appropriate action against those players by reducing their PvP Levels to what they were before it was possible to take advantage of this flaw and removing all PvP Gear." Of course, Kunz says, Funcom is open to discussing the removal of experience and gear from those who believe they were unfairly targeted, and have stated that if they've misidentified an exploiter, the character(s) in question will be restored to their former status. Having fun in Conan's homeland? Make sure to check out all of our previous Age of Conan coverage, and stick with Massively for more news from the Hyborian Age!
Apple acknowledges iPhone passcode flaw, promises fix next month
Apple's taking a pretty lackadaisical attitude toward one of the most easily avoided security flaws in recent memory, calling the iPhone's passcode lock bypass a "minor iPhone security issue" and saying that a fix will be rolled out in September. Thanks, Apple; we suppose it'd be a little too much trouble to ask for a fix sooner, even though you already fixed it once in 1.1.4. For what it's worth, a company spokeswoman is quick to point out that the flaw can easily be hidden by changing the home button double-click functionality to take you to the home screen, but most users don't know that, now do they? Way to show some hustle, guys -- cookies and gold stars all around.
iPhone security flaw bypasses passcode lock
Let's be real: a four-digit code isn't very much separating a determined bandit from your data, which is all that the iPhone affords. Granted, the phone locks up after a few attempts to slow your arch-nemeses down a notch or two, but if your code is your birthday or the last four digits of your phone number -- and you know it is, so just admit it -- they'll eventually figure it out anyway. On second thought, though, never mind, because it turns out there's a pretty effective way around these formalities -- 2.0.1 and 2.0.2 have both been confirmed to let you around the passcode lock simply by hitting Emergency Call and double-clicking the home button. At this point, the user will have access to your Favorites list, which is pretty bad as-is, but from here, they'll be able to click on an arrow and use links within your contacts to get out to the SMS, Maps, or Safari apps. If you change the home button functionality from the default (Favorites) to Home, then nothing will happen at the Emergency Call screen -- your phone is safe from prying eyes, we guess. The iPod option will kick the user into the iPod app, though, which we think is almost as bad as the Favorites exploit, because we'd really rather not our thieves know that we listen to Hannah Montana. MacRumors is reporting that it may have already been fixed for a future firmware release, so yeah, any minute now would be just great, Apple.[Thanks to everyone who sent this in]
DS Daily: So close
There are some games that are almost perfect. They're so close! They've got an excellent learning curve, the graphics are amazing, the story is fantastic ... but there's one flaw that keeps it from being all it could be. Surely you've played a few of these on the DS. Maybe it's an interminable tutorial sequence that makes you want to bang your head against the wall, or a lot of wasted extra screens you have to wait through over and over (a particular peeve of this blogger's, but it didn't stop Professor Layton and the Curious Village from being awesome), or maybe the touchscreen just doesn't always work quite right, particularly at critical moments (hi2u, Puzzle Quest), and sometimes, they're just really, really hard. At times, these little flaws detract from a game, and sometimes, the game is so good it just doesn't matter; after all, all games have some tiny flaw. But they're there, and we're sure you've noticed a few. Tell us about them!
Apple forced to pay up over iBook G4 flaw
Just months ago, the Consumer Complaints Board in Denmark announced that it had "proven" that the logic board within a slew of Apple's iBook G4s were faulty, and now it seems that Cupertino has been forced to cough up reparations. According to InfoWorld, a US-based Apple spokeswoman stated that it "disagreed with the DCCB's findings based on its own investigation, and has a strong track record for customer satisfaction." Apparently, the counter report that Apple assembled wasn't enough to persuade the board that the swarm of customer complaints were unwarranted, and now Frederik Navne Boesgaard (of the CCB) has said that Apple "paid up" after conceding the point.
Apple issues fix for recently discovered QuickTime flaw
Just over a week after a dubious duo found a way to commandeer a Mac thanks to an elusive flaw in QuickTime (of all things), Apple's security police have purportedly fixed the flaw and issued an update. Apparently, the hole could be "exploited through a rigged website and let an attacker control computers running both Mac OS X and Windows," and the firm elaborated by stating that a "maliciously crafted Java applet could lead to arbitrary code execution" if users didn't apply the patch. The newest version of QuickTime now sits at 7.1.6, and reportedly "repairs the problem by performing additional checking," and interestingly enough, Apple seemingly tipped its hat to Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue. So make sure you fire up that Software Update today if you haven't already -- a presumably small bundle of downloadable joy should be waiting.
Security flaw found in iTunes and QuickTime
Apple has announced a security flaw has been found in the latest version of iTunes 6.0.1 and 6.0.2, as well as QuickTime 7.0.3 and 7.0.4 that affects both Mac OS X and Windows. The flaw could allow an attacker to run code as the currently logged in user, which is typically worse news for Windows users, but is still not something Mac user should take lightly.While Apple is working on a patch, I thought this sentence from a PC Pro article was somewhat interesting: "[Apple] will have around two months to issue a suitable fix before it comes under pressure, as the flaw is only at the initial report stage of the process." I wonder what exactly that means - is there some kind of industry consensus that has to be met? Or do they just mean that most people who exploit flaws like this don't use RSS readers and won't find out about the flaw for a month or two? Hopefully, we won't have to find out.[via MacMinute]
