Bug in iOS 11.1.2 – Task Switching and Handoff

Summary

There’s a great feature in iOS on iPhone and iPad devices that allows you to easily switch between running programs. Press the home key twice in sequence and you’ll see the programs that are open and running on the current device. Also, you’ll see the program most recently accessed on your other iCloud connected devices. Whatever program you most recently used, on whatever device that was, will also show up (assuming it’s still open). This is called the handoff feature.

Operating Issues and Problems

This functionality works differently on the iPhone and iPad. On the iPhone, you’ll see the program icon, the program name and what device you’re about to take over the session from. If you have more than one device, you won’t be shown tasks on the other devices — only the one most recently used. It would be nice to have the ability to choose between tasks on different devices.

With the iPad implementation,  you’ll only see an application icon in the dock. There’s no application name or device name provided. There’s an icon meant to distinguish ‘desktop computer’ or ‘iPhone’ but these may not be obvious for people to identify. In macOS, in the dock you’ll see the application icon, and when you hover your mouse over it, there’s a description explaining what the application is and what device it’s on.

The biggest problem is with regard to the iPhone — if you’re one of these people who closes out all  your apps when not in use. Pressing the home key twice will do nothing if you have no programs running. You don’t have the option to pickup a handoff task from another device. The workaround for this is to open an app, even if you don’t need it, then press the home key twice, then you’ll see your currently running app and an option at the bottom of the screen to choose a handoff task from another device.

Fix Requests

Here is a brief summary of the fix requests for the problems described above.

  1. Provide a text label on the iPad for the handoff option.
  2. Make it possible to choose which device to pickup a session from, rather than only the most recent. This would be helpful for someone regularly going between iPad, iPhone, and desktop or laptop device.
  3. On the iPhone, make it possible to press the home key twice, when nothing else is open, and see a handoff option from another device.

 

Apple Programs Still Running After Quit – Force Quit Task Manager

Problem Description

An operating system design flaw that has persisted over about three years is the presence of program running, using memory, and slowing down the computer after they have been closed and quit. This has been reported to Apple, and others have noticed it as well, but the problem remains through the current macOS Sierra Version 10.12.2 release of the Apple operating system.

Reproducing the Problem

To reproduce the problem described above, at the end of a day or two of use, close all your programs, then press Option+Command+Esc to bring up the Force Quit menu (similar to Task Manager in Windows) to view that the programs are still running. The Dock area should show all program icons, and those that are running should have a black dot under them. See the screen shot below.

Temporary Workaround Fix

Using the Force Quit menu (Option+Command+Esc) highlight the programs that no longer appear to be running in the Dock and then choose force quit. See the screen shot below.

Screen Shot

Below is a screen shot showing this issue. Programs can be seen in the Force Quit dialog, but they are not indicated as running in the Dock (as shown by a black dot under the icon for the running programs). In the example below, Numbers, Preview, and Text Edit are shown as still running after they have been closed and quit.

20161222th2044-apple-design-flaws-applications-force-quit-not-running-memory-management.jpg

Apple iOS 10 Legacy Operational Issues

Summary

This is a live page being updated regularly with a list of iOS 10 legacy operational issues -problems that existed in previous iOS versions that have persisted and not been fixed yet in iOS 10. Additional items will be listed here as they are discovered.

iOS 10 Legacy Operational Issues

  1. Automatic Case. When typing, if you use a period such as in the abbreviation U.S. in the middle of a sentence, the word that immediately follows that abbreviation will be forced into upper case. The ‘automatic uppercase’ feature, doesnt’ seem to distinguish between a period at the end of a sentence and the period at the end of an abbreviation. Some abbreviations don’t force the next word to be capitalized, such as etc. yet others do. When he upper case letter is forced in the middle of a sentence, it’s necessary to type the word, then as the second letter of the word insert the lower case letter that starts the word, then manually delete the first letter (which was forced to be upper case). It’s a bit of a hassle.
  2. Dictation Keyboard Icon. If you’re using an iPad pro, and the dictation microphone key on the on-screen keyboard disappears, you may need to turn off the iPad and then turn it back on again to restore the button.
  3. Dictation Quote Marks. When dictating text, if you say ‘quote’ the quote mark will be generated immediately preceeding the next word you say. When you want to close the quote, you can’t simply say ‘quote’ to generate another quote mark because that will create a space and then a quote mark. You must say ‘end quote’ to generate a quote mark without a space before it.
  4. Dictation Spacing in Numbers. Usually when you dictate text, the text is dictated as if you typed it. If you’re using the Numbers program, every time you dictate text into a cell, after you press ‘Done’ to end dictation, a space will be inserted before what you just dictated. You’ll then need to awkwardly try to edit that space out of the cell which is more challenging in Numbers than most applications because of the close proximity to other buttons in the function edit area. There need to be no space inserted in front of dictated text.
  5. Email Signature Duplication. We reported this happening in iOS 9 back on 21 March 2016, and the problem has been brought forward into iOS 10. If you are typing a message and then change the ‘from’ account, you’ll end up with duplicate signatures. This also happens if you’re typing a message, and switch to another app, then return to email, you’ll end up with multiple copies of your signature. This happens on iPhone and iPad.
  6. Email Signature Settings. If you use multiple signatures, in Settings, when you go to review them, you may see the video presentation of those signatures overlapping on the screen making them unreadable and not editable. This has been a problem for years, spanning multiple iPhone and iPad models and multiple iOS versions.
  7. Emoticon Tray. When using an external Apple wireless keyboard with the iPad Pro, it’s possible to press the ‘eject’ key to display and hide the on-screen keyboard. Once switched to the emoticon on-screen keyboard, the ‘eject’ key no longer works to hide the on-screen keyboard. It’s necessary to switch back to the text keyboard first.

Apple iPad Pro Email Signature Duplication Problem

There’s presently an issue that seems to only be happening on the Apple iPad Pro where email signature is duplicated at the bottom of emails when changing the From sending address.

Here’s how to reproduce the error:

  1. Setup multiple send from addresses following the instructions found here: “Using Multiple Send From Email Addresses in Apple iOS.” Keep in mind that this has only been tested for people who have generic IMAP or POP3 email services (like those provided by a website hosting company).
  2. Create a new email message or reply to an existing message.
  3. For the From address, choose an account, and then choose another account. Each time you choose a new account, the signature won’t be replaced (as is normally the case), but instead an additional signature will be placed at the bottom of your message.
  4. If you switch to another app, and return to your in-progress draft email, another email signature will be added again each time you switch away and come back.

If a solution is found, it will be posted here.

Network Solutions and Apple Email Setup for iOS and OS X

Problem Summary

If you’re a Network Solutions website hosting customer with email service, when setting up email on Apple mobile devices, the default folders may not work, and may not coincide with what is used in the Network Solutions web based email or the Apple OS X desktop Mail client. This is because the iOS and OS X mail clients are somewhat different in how they work. As a result, you might end up with emails going into different folders or no folder at all. This is especially a problem for Sent Mail and Archived mail.

Discrepancies in iOS and OS X Mail Clients

As mentioned above, iOS and OS X use different default mail folders on some email services. Additionally, the OS X desktop mail client doesn’t allow you to specify what folders to use . The iOS mail client does let you select what folders to use. Folders such as Drafts, Sent Messages, Deleted Messages, and the Archive Mailbox can be assigned however you wish in the iOS environment.

Another difference between the platforms is that OS X won’t synchronize with Microsoft Hotmail, but iOS will. So, with Apple mobile devices, you can enjoy the convenience and assuance of knowing that when you delete messages or move them to folders on your mobile device, the same will be done on the Microsoft Hotmail server. However, with the desktop mail client, only downloading of messages is possible (using the decades old POP3 standard).

Preliminary – Archive Folder

The Network Solutions email system does not have an Archive folder by default. If you create one under My Folders on the server in the web interface, it will immediately be given an icon and moved to the top level folders under Trash. Other folders you create under My Folders will remain there with a folder icon, but the Archive folder is special so it gets moved to the quick links favorites area.

This Archive folder is what iOS can use. It will show up in iOS as a top-level folder called Saved in Advanced Mail settings. This is a little bit confusing since you’d be looking for a folder called Archive .

20160130sa0608-iOS-mail-client-folder-assignment

To get to this setting, on your mobile device, go to Settings > Mail > Choose the mail account you want to configure > Click on the email address next to Account > then click on Advanced.

The Archive Folder is a very useful folder to have since many email systems will have a one-click button to move read messages from the Inbox to the Archive folder. It saves a person from the steps required to move messages to a folder (select message, click move, choose destination folder).

An alternative is to go ahead and use the longer three-click process to manually Archive messages by moving them to a folder.

iOS Alias Folder Renaming

Before folders on the server are assigned to email roles as described below, they will initially appear in the Advanced settings under the On the Server heading below Inbox. Once they are assigned to a role on the iOS device, regardless of what they are called on the server, they will no longer show up under Inbox, but instead they will appear at the top level as an iOS alias name with an icon. The remaining folders available on the server will be listed, but not the ones having been assigned.

Take a look at the image above. Notice the folders under On the Server and Inbox. When you first setup an email account, or before you’ve configured the folder assignment, every folder on the server will show up under Inbox. Once you select the assignment, they won’t show up anymore. So, the top level folders Drafts, Sent Messages, Deleted Messages, are the generic names representing whatever setting /assignment you chose for that folder.

For the remaining instructions, you’ll need to go into the Advanced settings to configure your iOS Mail settings.

For iPhone Running iOS 9.2

Some people will always use a website to check their emails. Other people always use a mail software program to read and compose emails. If you are someone who uses the web interface, you’ll want your folders to be the same on your iOS device. Use these settings on the iOS device to match the Network Solutions default folders.

  • Drafts  — Use Draft folder at the top level On the Server, not the Drafts folder under the inbox tree of subfolders.
  • Sent — Use the Sent folder at the top level On the Server, not the Sent Messages under the inbox tree of subfolders.
  • Deleted — Use the Trash folder at the top level On the Server, not the Deleted Messages under the inbox tree of subfolders.
  • Archive – Use the Saved folder at the top level On the Server, not the Archive folder under the inbox tree of subfolders.
  • Spam – Use the Spam folder under the inbox tree of subfolders.

For iOS 9.2.1 on iPad use the iOS settings above if you’re using the web interface a lot and want the defaults to work, or use the OS X settings described below if you want the Apple Mail client and your iOS devices to be the same. Unlike the iPhone, the folders won’t show up as top level or sub folders in iOS on the iPad. They will all be at the same level so pay attention to the names.

iOS and OS X Incompatibilities

Note that iOS lets you customize server folders for IMAP, but OS X doesn’t allow this. The OS X Mail client creates non-standard folders on the server and forces those to be used. So, in other words, drafts created with OS X will show up in Inbox>Drafts, but drafts created with iOS (or the web interface for the NetSol email) will show up in the top level Drafts folder. The real problem here is created by the fact that Apple Mail on the desktop creates new folders on the server rather than using the existing default server folders. So, the iOS device must be configured accordingly.

OS X Mail Settings for El Capitan

With the desktop Apple Mail program, the following folders will be created on the server and you can’t change or remove them (they will be created again by Mail if you do). It’s important to note that the default settings in Mail may not be correct when you setup a new email account. To check this, go to Mail > Preferences > Accounts > click on the new account > go to Mailbox Behaviors. Be sure to check all boxes in order to save all Drafts, Sent, Junk, and Trash on the server. In this way, all these messages will be available on your various devices.

Here’s an example of what can happen if you don’t store messages on the server. In the morning you might write up an important email and send it out. Then, later in the day, from your phone, you want to see that message again, but you won’t find it in Sent messages because it’s not available on the server, it was just locally stored on your Apple computer.

Here is the folder structure setup on the mail server by the Apple Mail program.

  • Drafts – This will be a folder called Drafts created by Mail on the server under Inbox tree of subfolders.
  • Sent – This will be a folder called Sent Messages created by Mail on the server under Inbox tree of subfolders.
  • Deleted – This will be a folder called Deleted Messages created by Mail on the server under Inbox tree of subfolders.
  • Archive – The Apple OS X Mail Client will use the Archive folder created on the server. It should be setup first on the server so it’s properly recognized at that level in the display of the web interface. Otherwise, it will remain in the tree of subfolders under the My folders heading without an icon in the web interface. If needed, you can move any emails already in the folder to a different folder. Then delete the Archive folder (once you’re certain the emails are moved and backed up). Then when you recreate the folder on the server, it will move to the top-level with an icon.
  • Junk – This will be a folder called Junk created by Mail on the server under Inbox tree of subfolders. This is called Spam in iOS.

Note that in iOS 9.2.1 on the iPad the top level folders may be mixed in with the sub-folders.

Apple Computer Slow with AccountSD High CPU Usage and Fans Spinning Fast

You may notice that your Apple MacBook or iMac computer is running slow, the fans are spinning very fast, and the Activity Monitor (found inside of Applications > Utilities) indicates very high CPU usage for the accountsd process. If you have a multi-core processor the percentage of CPU usage may exceed 100% because more than one full CPU is dedicated to serving that task.

The accountsd process seems to have something to do with the System Preferences > Internet Accounts functions including the real-time continuous notification system. This is why it may seem that some runaway task has monopolized your computer’s CPU and is causing it to slow down.

According to some Apple Discussion threads about this issue, Google accounts may be causing problems. However, our tests show that the CPU usage remained high even after deleting all Google accounts. Other accounts that could cause high CPU usage would be Facebook or Twitter since they are always monitoring for recent updates to notify you about.

Removing unnecessary accounts can help get the CPU usage down to about 30-40% which will result in the fans not running so fast.

Multiple Security Vulnerabilities in Apple Mac OS X and Apple Safari

From: State of Iowa – Information Security Office

Date Issued:  May 5, 2015

Maximum Risk Rating/Severity:  High

Brief Summary: All Apple computers (prior to v10.10.3) are vulnerable to the 46 security exploits described below. Update to the latest version of Yosemite immediately.

Overview:

Multiple vulnerabilities have been discovered in Apple MAC OS X and Apple Safari. Mac OS X is an operating system for Apple computers. Apple Safari is a web browser available for Mac OS X and Microsoft Windows. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage, or opens a specially crafted file, including an email attachment, using a vulnerable version of OS X.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 

Affected Software:

Apple Mac OS X Yosemite prior to v10.10.3

Apple Mac OS X Mavericks v10.9.5

Apple Mac OS X Mountain Lion v10.8.5

Apple Safari v8.0.5, 7.1.5, and 6.2.5

Description:

Multiple remote code execution vulnerabilities have been discovered in Mac OS X that could allow remote code execution. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file. Details of these vulnerabilities are as follows:

  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to privilege escalation due to an issue with checking XPC entitlements (CVE-2015-1130).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 have multiple vulnerabilities in Apache prior to versions 2.4.10 and 2.2.29 including one that may allow a remote attacker to execute arbitrary code (CVEs 2015-1066, 2013-5704, 2013-6438, 2014-0098, 2014-0117, 2014-0118, 2014-0226, and 2014-0231).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion 10.8.5, and OS X Mavericks v10.9.5 ATS (Apple Type Services) are prone to multiple input validation issues in fontd which may allow a local user to execute arbitrary code with system privileges (CVEs 2015-1131, 2015-1132, 2015-1133, 2015-1134, and 2015-1135).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a cross-domain cookie issue which may result in cookies belonging to one origin may be sent to another origin (CVE-2015-1089).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a cross-domain HTTP request issue which may result in authentication credentials being sent to a server on another origin (CVE-2015-1091).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue which may result in the execution of arbitrary code by visiting a maliciously crafted website (CVE-2015-1088).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a use-after-free issue in CoreAnimation which may result in the execution of arbitrary code by visiting a maliciously crafted website (CVE-2015-1136).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple memory corruption issues in the processing of font files, which may result in the execution of arbitrary code by processing a maliciously crafted font file (CVE-2015-1093).
  • Apple Mac OS X Yosemite prior to v10.10.2 and OS X Mavericks v10.9.5 are prone to an issue with NVIDIA graphics driver’s handling of certain IOService userclient types, which may allow a local user to execute arbitrary code with system privileges (CVE-20215-1137).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue in the hypervisor framework which may allow a local application to cause a denial of service (CVE-2015-1138).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the handling of .sgi files which may result in the execution of arbitrary code by processing a maliciously crafted .sgi file (CVE-2015-1139).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue which may allow a malicious HID (Human Interface Device) to cause arbitrary code execution (CVE-2015-1095).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a buffer overflow issue which may allow a local user to execute arbitrary code with system privileges (CVE-2015-1140).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prune to a kernel memory content disclosure issue which may allow a local user to determine kernel memory layout (CVE-2015-1096).
  • Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to a heap buffer overflow in the IOHIDFamily’s handling of key-mapping properties which may allow a malicious application to execute arbitrary code with system privileges (CVE-2014-4404).
  • Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to a null pointer deference issue in the IOHIDFamily’s handling of key-mapping properties which may allow a malicious application to execute arbitrary code with system privileges (CVE-2014-4405).
  • Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to an out-of-bounds issue in the IOHIDFamily driver which may allow a use to execute arbitrary code with system privileges (CVE-2014-4380).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue in the handling of virtual memory operations within the kernel which may allow a local user to cause unexpected system shutdown (CVE-2015-1141).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a race condition in the kernel’s setreuid system call which may allow a local user to cause a system denial of service (CVE-2015-1099).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to setreuid and setregid system calls not dropping privileges permanently which may allow a local application to escalate privileges (CVE-2015-1117).
  • Apple Mac OS X Yosemite prior to v10.10.2 ICMP redirects were enabled by default, which may allow an attacker with a privileged network position to redirect user traffic to arbitrary hosts (CVE-2015-1103).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue processing TCP headers which may allow an attacker with a privileged network position to cause a denial of service (CVE-2015-1102).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an out of bounds memory access issue which may allow a local user to cause unexpected system termination or read kernel memory (CVE-2015-1100).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to improper treatment of some IPv6 packets which may allow a remote user to bypass network filters (CVE-2015-1104).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the kernel which may allow a local user to execute arbitrary code with kernel privileges (CVE-2015-1101).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a state inconsistency issue in the handling of TCP out of band data which may allow a remote attacker to cause a denial of service (CVE-2015-1105).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue in LaunchService’s handling of application localization data which may allow a local user to cause the Finder to crash (CVE-2015-1142).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a type confusion in LaunchService’s handling of localized strings which may allow a local user to execute arbitrary code with system privileges (CVE-2015-1143).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue in the handling of configuration profiles which may allow the processing of a maliciously crafted configuration profile to cause unepxted application termination (CVE-2015-1118).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to weak key generation in ntpd when an authentication key is not configured which may allow a remote attacker to brute force ntpd authentication keys (CVE-2014-9298).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple input validation issue in OpenLDAP which may allow a remote unauthenticated client to case a denial of service (CVEs 2015-1545 and 2015-1546).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple vulnerabilities in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers (CVEs 2014-3569, 2014-3570, 2014-3571, 2014-3572, 2014-8275, and 2015-0204).
  • Apple Mac OS X Yosemite prior to v10.10.2 and OSX Mavericks v10.9.5 are prone to an Open Directory Client issue which may allow an unencrypted password to be sent over the network when using Open Directory from OS X Server (CVE-2015-1147).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple vulnerabilities in PHP, including one which may lead to arbitrary code execution (CVEs 2013-6712, 2014-0207, 2014-0237, 2014-0238, 2014-2497, 2014-3478, 2014-3479, 2014-3480, 2014-3487, 2014-3538, 2014-3587, 2014-3597, 2014-3668, 2014-3669, 2014-3670, 2014-3710, 20214-3981, 2014-4049, 2014-4670, 2014-4698, and 2014-5120).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the handling of iWork files which may allow an opened, maliciously crafted iWork file to execute arbitrary code (CVE-2015-1098).
  • Apple Mac OS X Mountain Lion v10.8.5 is prone to a heap buffer overflow which may allow viewing a maliciously crafted Collada file to lead to arbitrary code execution (CVE-2014-8830).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue that may allow a user’s password to be logged to a local file (CVE 2015-1148).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue that may allow tampered applications to launch (CVEs 2015-1145 and 2015-1146).
  • Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue in WebKit that may result in arbitrary code execution after visiting a maliciously crafted website (CVE-2015-1069).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that may allow users to be tracked by malicious websites using client certificates (CVE-2015-1129).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that may allow user’s browsing history in private browsing mode to be revealed (CVE-2015-1128).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that will cause the incomplete purging of a user’s browsing history (CVE-2015-1112).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple memory corruption issues in WebKit that may result in unexpected application termination or arbitrary code execution after visiting a maliciously crafted website (CVEs 2015-1119, 2015-1120, 2015-1121,2015-1122, and 2015-1124).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a state management issue that may result in a user’s browsing history in private mode being indexed (CVE02015-1127).
  • Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a an issue in WebKit’s credential handling for FTP URLs that may result in resources of another origin being accessed after visitng a maliciously crafted website (CVE-2015-1126).
  • Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.

Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Solution/Recommendations:

We recommend the following actions be taken:

  • Upgrade to Apple Mac OS X Yosemite 10.10.3 immediately after appropriate testing.
  • Apply appropriate updates provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept, or execute files from un-trusted or unknown sources.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Apple References:

20140226we-apple-computer-security-500x500

Apple iPhone App Updates Number Won’t Reset or Clear

You may find yourself in a situation where your iPhone app updates number won’t reset or clear. This can happen after restoring a phone using iTunes. It could happen if you’ve updated the apps in iTunes and synchronized your phone, but the App Store on the phone doesn’t acknowledge that the apps have updated.

There will be a notification on the iPhone App Store icon indicating a certain number of updates are pending, but when you check they have already been updated. Restarting the phone won’t fix the problem.

At some point, additional apps on the iPhone will have updates available. At that time, the App Store will recalculate the number of available apps and display the correct number.

20150216mo-apple-iphone-6-1940x1090

Apple Time Machine Backup Failure

If you’re using the Apple OS X integrated Time Machine backup software, at some point you’ll likely get an error message stating: “Backup Failed. Time Machine couldn’t back up to ‘your_drive_name'” — where your_drive_name will be the backup drive you’ve assigned.

20141107fr2159-apple-mac-time-machine-backup-error-009

Thinking it must have just been a one-time glitch, you’ll manually run a backup, but that will result in an error as well.

20141107fr2159-apple-mac-time-machine-backup-error-002

You’ll then check the drive only to discover that although the backup folder exists, its contents are all gone.

20141107fr2159-apple-mac-time-machine-backup-error-001

You’ll panic a little, and then consider using Disk Utility to repair the disk. However, upon running Repair Disk, you’ll get a strange alert that says, “Alert. Some information was unavailable during an external lookup.”

20141107fr2159-apple-mac-time-machine-backup-error-003

After some hair pulling, you’ll figure the only option is to start all over again by formatting (erasing) the drive and doing a complete backup again.

However, when you attempt to erase the drive, you’ll get an error.

20141107fr2159-apple-mac-time-machine-backup-error-005

Problems with formatting a drive can be an indication that the partition is corrupted somehow. So, you’ll take things to the next level and attempt to partition the drive, but that will also result in an error.

20141107fr2159-apple-mac-time-machine-backup-error-004

At this point, assuming that the drive is defective, you’ll throw it in the trash can and purchase a new one.

The Time Machine backup program will work fine with the new drive for a while, but then you’ll get the error again stating the backup failed.

You’ll start all over again at the top of this page and get to this paragraph.

Realizing that the problem is likely not repeated failed hard drives, but something very quirky with Apple OS X, you’ll search the web to see if anyone else is having trouble with Time Machine backups. You’ll discover that Apple has dedicated an entire support page to all the things that can go wrong with Time Machine. Apparently you’re not alone.

20141107fr2159-apple-mac-time-machine-backup-error-006

With a mix of joy and frustration, you’ll see a link titled, “Apple Support article: Time Machine stops backing up to external disk.”

Finally your search is over.

You click the link, but it takes you to a page with an error stating, “We’re sorry. We can’t find the page you’re looking for. Please return to the Apple Support homepage.”

20141107fr2159-apple-mac-time-machine-backup-error-007

Assuming it’s a browser issue, you’ll switch from using Chrome to using Safari, and try visiting the support page again. However, this time, the support page won’t even load.

20141107fr2159-apple-mac-time-machine-backup-error-008

You’ll think to yourself, “Great. Apple’s website doesn’t even work with Apple’s browser.”

At this point you’ll want to write a blog article about the above experience, and switch to Linux.

You’ll switch to Linux.

You’ll pull your old backup drive out of the trash can, and out of curiosity, you’ll plug it into your Linux computer to find that it actually isn’t defective, and the files weren’t erased. Unfortunately, Apple’s file system permissions will be set so you won’t have permission to read the files. There’s probably a solution to that, but you’ll save that for another day.

iPhone iOS 8 Contacts Search Results Display Error

When performing a search of your contacts on the iPhone using iOS 8, you may notice that the name at the bottom of the list can’t be seen or selected if the search results fill more than a screen. The last contact in the results will be hidden below the viewable area on the screen.

You can move the search results page up (by pushing it up), but it snaps back again and the last name on the list again returns below the viewable screen area.

In the example below, a search for “wireless” in contacts produces many results. The last few results at the bottom of the list are shown.

By pressing up on the list (scrolling down), the hidden result shows.

The only work-around for this at present would be to create a contact entry that will show up at the very bottom alphabetically for the search result.

Click the image below to enlarge.

20141102su-apple-iphone-search-results-scroll-display-error-1024x768