Apple Mac flaw gives hackers 'super status,' root access

An unaddressed five-month-old flaw in Apple's Mac OS X gives hackers near unlimited access to files by altering clock and user timestamp settings.

As reported by Ars Technica, a bug discovered five months ago has received renewed interest due to the creation of a new module in testing software Metasploit, which can life easier for hackers looking to exploit the Mac vulnerability.

The bug revolves around a Unix component called sudo. The program is designed to require a password before "super user" privileges are granted to an account -- giving access to other user files -- and the flaw works around this authentication process by setting a Mac's clock back to Jan 1, 1970, the Unix epoch, a way to describe instances in time. By setting the clock back to 1-1-1970, the beginning of time for the machine -- as well as altering the sudo user timestamp -- it is possible for hackers to gain root access without the need for a password.

Metasploit is an open-source framework that makes it easier for security researchers to penetrate and test networks. Although useful for researchers to pinpoint and correct security flaws, this can also be used to make exploiting the sudo vulnerability easier.

All versions of OS X from 10.7 through to the current 10.8.4 version remain vulnerable.

However, the vulnerability -- (CVE-2013-1775) -- does have limitations. In order for hackers to exploit this security flaw, they must already have administrator privileges, and the user must have ran sudo at least once previously. In addition, the hacker needs to have either physical or remote access to the machine in question.

"The bug is significant because it allows any user-level compromise to become root, which in turn exposes things like clear-text passwords from Keychain and makes it possible for the intruder to install a permanent rootkit," HD Moore, the founder of Metasploit, told the publication. "I believe Apple should take this more seriously but am not surprised with the slow response given their history of responding to vulnerabilities in the open source tools they package."

Source

Analysts push iPhone 5C price predictions to $450

Apple will choose to defend revenue because it can't compete at low-end in emerging markets

Some analysts have rethought their expectations on the price of Apple's expected lower-end iPhone 5C, and now believe the Cupertino, Calif. company will play defense by charging as much as $450 for the new plastic smartphone.

"In terms of unsubsidized pricing, I don't see any way the iPhone 5C can be priced below $400," Sameer Singh, an analyst who writes on Tech-Thoughts.com, said in a post Monday. "I think Apple is leaning towards $450 ... [although] they could go as low as $400 if it helps facilitate a deal with China Mobile."

China Mobile, the world's largest mobile carrier, has yet to strike a deal with Apple to carry the iPhone, although Apple CEO Tim Cook has met at least twice this year with company executives.

As recently as two weeks ago, Singh had pegged the iPhone 5C's unsubsidized price at $399.

Ben Thompson, who covers a variety of topics, including smartphones, on his Stratechery blog, also has reconsidered his iPhone 5C price bet. In a post last week, Thompson said he is now leaning toward $450 for the plastic-cased smartphone, an increase from his previous maximum of $399.

The pricing dilemma that Apple faces, said Singh, is that it simply cannot compete at the very lowest end -- the under-$200 unsubsidized price point -- that is the volume driver in emerging markets. Trying to do so would not only reduce profit margins, something Apple has always been loath to do, but the device would not be up to its self-set standards. Producing a cheap smartphone simply to get into the lowest category would not only damage Apple's brand but be contrary to consistent comments by executives, particularly Cook, who has repeatedly said that Apple would not chase market share for its own sake.

But if it cannot effectively compete at the low end, Apple risks losing revenue by pricing the iPhone 5Ctoo low.

"A substantial cut in the iPhone 5C's unsubsidized price is unlikely to increase volumes in subsidized markets, but Apple would effectively be 'leaving money on the table,' especially in Apple's core, subsidized markets," said Singh.

Currently, Apple sells three models at three different price points: the iPhone 5 for $650 unsubsidized, $199 with a contract; the iPhone 4S ($550/$99); and the iPhone 4 ($450/$0).

If it can't reach an unsubsidized price significantly lower than the current lowest -- $450 -- there's no reason to bother, Singh said, as it would only cannibalize sales of the iPhone 4 price point with an even cheaper iPhone 5C, reducing its revenue in developed markets like the U.S. by the difference.

A $350 unsubsidized price for the iPhone 5C would, in other words, cost Apple $100 per unit in missed revenue. Customers would still get a "free" iPhone, but carriers would be paying Apple less than they do now for the two-year-old iPhone 4.

That's a path Apple's unlikely to take.

"[$450] would not help Apple compete much more effectively in unsubsidized/prepaid markets," Singh said. "[But] I think Apple may be incredibly wary of leaving 'money on the table' and is likely to opt for a pricing strategy that is defensive rather than one that eliminates the 'price umbrella' for competitors."

Apple is expected to unveil its new iPhones, including the iPhone 5C as well as a full-priced model to replace the iPhone 5, on Sept. 10, and start selling the new smartphones in a first wave of markets on Sept. 20.

Source

Skype sees 3D video calling in its future

"We know how to make it work," Microsoft exec says. In the lab, that is. Now if only the technology could be harnessed for consumer devices.

Skype is working on three-dimensional video calling, but release is hampered until camera and video capture technology catches up.

In an interview with the BBC, Microsoft's Skype vice president Mark Gillett said that the popular video chat and instant-messaging app has the potential to support 3D conversations in the future, but it may be "many years" before the technology can be launched.

"We've done work in the labs looking at the capability of 3D-screens and 3D-capture," the senior executive commented. "We've seen a lot of progress in screens and a lot of people now buy TVs and computer monitors that are capable of delivering a 3D image. But the capture devices are not yet there."

Gillet explained that in order for 3D video calling to take place, multiple cameras have to be added to a computer system where they are precisely calibrated and pointed at the right angles to take suitable images. The executive told the BBC that Skype's research and development teams have been working on this system "in the lab" and "we know how to make it work," but the current ecosystem of devices such can support 3D technology is limited.

The three-dimensional viewing format has taken a beating recently, having failed to live up to the initial excitement surrounding its arrival. The BBC has ditched its 3D channels because of poor user demand, describing the technology as "hassly." Disney's ESPN has also announced the closure of 3D cable in the US, saying that the service may be resumed in the future "if or when 3D does take off."

While Skype's adoption of 3D technology could shore up flagging consumer interest, Gillet believes that video calling is likely to be low on the list of applications used by the technology in the future.

"You'll see much more penetration of 3D on TVs, on computers and ultimately in smartphones, probably, ahead of seeing it for sending a video call," Gillet admitted.

In the meantime, the senior executive said that Skype -- purchased by Microsoft in 2011 -- is exploring how to offer 1080p resolution video calls on devices other than the upcoming Xbox One.

Source