Companies working on a fix can now apply for a 14-day grace period after 90-day disclosure deadline
The whole fracas over Google Project Zero team’s disclosure of three Windows zero-day bugs before Microsoft could fix them may now be old news, but it seems to have done enough to get the former to revisit its bug disclosure policy. Google’s bug hunters took to the official Project Zero blog on Friday to announce a number of key changes to their disclosure policy.
Having recently ruffled Microsoft’s feathers by (responsibly) disclosing three unpatched vulnerabilities in Windows to the general public, Google’s Project Zero team has now turned its attention to the other side of the PC-Mac divide. The outfit recently spilled the beans on three zero-day vulnerabilities in Apple’s OS X operating system.
When Google first announced Chrome OS in 2009, among the few people who were polite enough to not dismiss it outright, and predict for it either a stillbirth or an early demise, were those who saw a merger with Android as its ultimate fate. Of course, let alone a full-blown merger, we have yet to see substantial interplay between the two platforms. The best we have seen, all these years down the line, is the ability to run a grand total of four Android apps on Chrome OS — and that too is a very recent development. Even now, Google is only working with “a select group of Android developers” and is unlikely to bring more than a handful of mobile apps to Chrome OS in the near future. Well, that’s what hacks are for, right?
Windows PCs don't exactly have a reputation for security, but Microsoft's trying to change that. When smug know-it-alls claim that Windows PCs have more viruses than a public toilet, Microsoft points to the PatchGuard driver signing system on 64-bit Windows as their way of saying "Nuh-uh!" PatchGuard keeps the baddies from getting high-level privileges on Windows machines. Bad news: Kapersky's reporting that a new malware program that targets Windows 64-bit users has figured a way around the protection.
Security firm Sophos has discovered a modified variant of the well known darkComet Remote Access Trojan (RAT) that not only affects Windows PCs, but the Mac OS X platform too. Interestingly enough, the nefarious Trojan readily admits it's not yet finished, which could be indicative of more underground programmers finally taking notice of Mac's increased market share. In its current form, Sophos senior security adviser, Chester Wisniewski, describes the Trojan as "very basic" in nature with a mix of English and German in the UI.
LaCie has expanded its lineup of USB 3.0-enabled external hard drives (maybe because the Rugged USB 3.0 mobile hard drive it launched in late April had begun pining for siblings). The Minimus and Rikiki are the company's latest USB 3.0-powered HDD offerings. If you believe in love at first sight, then an innate predilection for “sturdy brushed aluminum”will surely boost the odds of you falling for these two drives.
"The Minimus and Rikiki USB 3.0 offer our customers easy and affordable options to access the super speeds of USB 3.0," Philippe Rault, LaCie Consumer Product Manager, is quoted as saying in a release. "Since these products offer backward compatibility with USB 2.0, they will work on any PC or Mac with no worry."
Apple's latest product is so “magical and revolutionary” that the Cupertino company named it Magic Trackpad. The company, understandably, has a soft spot for multi-touch navigation. Several months after it introduced the Magic Mouse, the company has launched yet another multi-touch pointing device. The Magic Trackpad is essentially a standalone version of the MacBook Pro trackpad. However, it is significantly larger and boasts 80% more real estate than the trackpad on Apple notebooks.
That's all it takes for Apple to crush your dreams: Fifty little words. In fact, it's only one word--technically a hyphenated compound of two words--that spoils the flavor of the soup.
"Subject to the terms and conditions of this License, unless you have purchased a Family Pack or Upgrade license for the Apple Software, you are granted a limited non-exclusive license to install, use and run one (1) copy of the Apple Software on a single Apple-branded computer at a time." (emphasis mine)
Don't get the pitchforks and torches out just yet, faithful Maximum PC readers. We're all geeks here. There's nothing wrong about wanting to do a little experimentation. You can say it just as easily as I can: Some parts of OS X are simply superior to what you might find in any Windows-based environment.
The point is ultimately moot, however, because Apple simply won't allow its operating system to exist on any platform but its own. It's not like there's much of a technological gap to leap: If the industrious (albeit illegal) third-party hackers can get OS X to work in a Windows-based virtual environment, I bet the smart minds over in the engineering department at One Infinite Loop can figure it out in short order.
The company that discontinued its range of Mac clones earlier this month has now “voluntarily suspended the sale of our Rebel EFI software product.” It has temporarily discontinued Rebel EFI – a boot loader that helps install OS X on any generic PC – as it first wants the court's “clarification on the legality” of the software. “In the coming days, we will again be offering complete systems but at discounted prices as they will be bundled with your choice of Linux operating system,” the company announced on its website.
The company is trying hard to garner some much needed public support. From the face of it, Psystar wants to be seen as a champion of open computing. “It's your software, you should be able to use it where you want to,” Psystar wrote on its site. “If you purchase an off-the-shelf copy of OS X Snow Leopard, its your right to use that software.”
The dispute centers on Psystar’s installation of Apple’s OS X, version 10.5 (a.k.a. Leopard) on Intel-based computers manufactured by Psystar. Apple took exception to Psystar’s hackintosh and sued, with its complaint upheld by a Federal Court in San Francisco. The Court agreed not only to Apple’s claim of copyright infringement, but to Pystar’s violation of the Digital Millennium Copyright Act (DMCA) for the unauthorized installation of OS X.
According to a motion Psystar filed with the Court Monday, Psystar states that it and Apple have reached a partial settlement, in which Psytar agrees to pay Apple damages for violating Apple’s copyright--an estimated $2.1 million. But, only after Psystar has exhausted all of its avenues for appeal. Psystar is hoping this will placate Apple and the Court enough that it can escape a permanent injunction Apple has requested that would shut Psystar down.
Psystar has also asked that it’s Rebel EFI utility be excluded from any injunction. Rebel EFI, which is sold separately, is used to load OS X onto its systems. With Rebel EFI buyers of Psystar’s desktops are able to install OS X themselves, rather than have it preloaded by Psystar, effectively allowing Psystar to remain in the hackintosh business.
Apple may have agreed to drop its copyright infringement claims against Psystar for the promise of a possible future payment. But it’s not clear that Apple is in agreement with Psystar’s continued sale of Rebel EFI, if Apple’s intent is to limit the hackintosh market. It would seem that the dust from this dispute has yet to settle.