On Wednesday, a Russian hacker discovered a vulnerability in Google’s Chrome web browser during CanSecWest’s Pwnium hacker contest. It was the first time in four years at the competition that Chrome was hacked, and for his efforts, Sergey Glazunov was rewarded with $60,000. Less than 24 hours after the exploit was brought to Google’s attention, the search giant released an update fixing the vulnerability. “The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame,” Google wrote on its Chrome update blog. “This release fixes issues with Flash games and videos, along with the security fix listed below.” Glazunov’s vulnerability is described as an “UXSS and bad history navigation” issue, however no other details were given. More →
Last week, two exploits concerning Google Wallet left users questioning the service’s security. One of the exploits allowed hackers to bypass PIN protection, but it was only present on rooted devices. A second exploit, however, did not require a handset to be rooted, leaving all Google Wallet users exposed. The company maintained that the service was secure but as a precautionary measure it disabled its prepaid card services, but Google announced on Tuesday that it has patched Wallet and has fixed the vulnerability. Security firm zVelo, however, is not satisfied with Google’s efforts. While the Mountain View-based company has suggested that users with rooted handsets don’t use Google Wallet, zVelo insists that a person can steal an Android phone and then root, thus performing the exploit to bypass the PIN. As an extra layer of security, it is recommended that users configure a passcode to protect their devices from unwanted access. More →
Nokia said on Twitter Wednesday that a second software update will roll out to Lumia 800 devices over the next two weeks. It is largely expected that the update will help fix the poor battery life that has plagued some, but not all, Lumia 800 users. Nokia has already addressed the battery issue, which limits the capacity of the battery, and has even recommended that those with the problem send their devices in for replacement phones. More →
HTC’s chief executive officer Peter Chou recently said his company has already developed a solution to dodge an ITC injunction, which was issued after a ruling that found HTC guilty of infringing two of Apple’s patents. “It’s actually quite rarely used,” Chou said of the feature that violates Apple’s patents, suggesting that the company isn’t afraid of the ban that is set to take effect on April 19th. HTC issued a statement following the ITC’s decision and explained that the patent ” is a small UI experience and HTC will completely remove it from all of our phones soon.” In other words, don’t worry too much if you have your heart set on buying HTC’s upcoming Elite flagship device set to launch on AT&T early next year. More →
Nokia’s European support team has issued an official statement to those who have a Lumia 800 with poor battery life. “We immediately started to investigate these reports and can now confirm that while the battery itself is fine, a software problem on certain variants is limiting the phone’s ability to access the full battery capacity,” a Nokia representative wrote on the support forums Monday. Michael explained that the battery life issues are only the result of a software flaw and, as such, Lumia 800 owners can expect a software patch that fixes the problem early next year. Lumia 800 users who do not want to wait that long can contact Nokia and request a replacement handset. Hit the break for Nokia’s explanation of how to find out whether or not your Lumia 800 is affected by the bug. More →
Verizon Wireless on Monday confirmed that it is working on a software fix that will address what it refers to as a “signal strength issue” present in its just-released Samsung Galaxy Nexus smartphone. “The signal strength issue is currently being investigated,” a Verizon Wireless support representative posted on a company Twitter account. “We don’t have an ETA, but a software update is being developed.” We’ve noticed that the signal strength displayed by our Galaxy Nexus review unit is sometimes weaker than other Verizon smartphones in the same room, but we haven’t experienced any above-average call drops, slowed data throughput or anything else that might result from poor reception. Verizon launched the highly anticipated Galaxy Nexus last week, and we called the international version of the handset the best Android phone to date when we reviewed it last month. More →
Apple on Thursday released an update to iOS 5 that addressed issues many users were having with poor battery performance. The Cupertino, California-based company had been testing the solution for some time, even uncharacteristically reaching out to affected end-users and having them install the potential fix to test its effectiveness. Despite Apple’s determination that iOS 5.0.1 resolved issues related to battery life, however, not all users are finding that to be the case. Read on for more. More →
Siri, secure yourself. If only that command worked; as it turns out, the popular virtual assistant feature on the iPhone 4S that allows users to schedule appointments, search the web, check the weather and more, may be a security threat to users who want to keep private information away from prying eyes — and ears. CNET discovered that Siri’s default security setting allows users to access the iPhone 4S feature even when the phone is locked. That means if you leave your iPhone in a cab, for example, a thief could easily access your address book, appointments and other personal information. Thankfully, there is an easy way to turn the setting off. Simply visit Settings and click General, then click Passcode Lock and toggle the option for “Allow access to Siri when locked with a passcode” to Off. The iPhone 4S will now require the the phone to be unlocked before it allows access to Siri. More →
Apple made Lion, its eighth major OS X release, available to Mac computer users on July 20th, and the Cupertino-based tech giant noted in the first sentence of its press release that Lion includes “more than 250 new features.” Unfortunately for a seemingly large group of users — this editor included — the only new features that really mattered were the numerous annoyances that came to light after just a few minutes of usage. The new autocorrect, the annoying new event behavior in iCal, the lack of key repeat, the bizarre defaults set throughout the OS… we could go on for quite a while. Some love these new features while others seriously considered rolling back to Snow Leopard. While unhappy users will have adjust to much of the new behavior if they wish to continue using Lion, there is now an answer for several common gripes: Lion Tweaks. Developed by “Fredrik W,” Lion Tweaks allows users to dial back some of the improvements that are common sources of agony, including the new spelling correction feature, a bunch of annoying animations and more. Lion Tweaks is at version 1.2 right now, and it looks like the app is being actively developed, so we can hopefully expect new capabilities soon. Hit the break to download the utility from the developer’s site. More →
T-Mobile has officially announced that it is now pushing out Android 2.3 (Gingerbread) to its LG G2x customers. The update includes the following enhancements:
- Improved battery life
- Improved front-facing camera operation when using Qik record and share
- Improved disabling Car Home
- Helps address unexpected reboots.
T-Mobile confirmed the update is rolling out over the air (OTA) now, but you should be able to manually check for the software by going to Settings > About Phone > Software Update. We heard early reports that some G2x customers were experiencing a lot of bugs with their devices so we hope this update fixes most, if not all of them. More →
Skype confirmed early Thursday morning that some users may experience connection issues signing into the service or making Skype calls. The company says it has identified the problem and has posted instructions for fixing the issue. The good news is it doesn’t look like the outage will be as massive as the one last December, which was later blamed on an overloaded cluster of support servers. If you’re experiencing issues now, hit the jump for some quick fix instructions from Skype. Just don’t blame it on Microsoft, alright?
Update: Skype says Windows users should update their client to the newest version for an immediate and easier fix. A Max OS X update is also on the way. More →
Well that didn’t take long. Yesterday, we told you about an Android vulnerability found in ClientLogin that could have serious security ramifications. Using a dummy open access-point, a nefarious third party could passively — via Wi-Fi — collect authentication tokens to password protected services such as Facebook, Twitter, and Google Calendar stored on affected Android devices. Speaking with Mobilized’s Ina Fried, the Android-maker has stated that it is taking action, and fast. “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts,” Google told the publication. “This fix requires no action from users and will roll out globally over the next few days.” The vulnerability will still be present in the company’s Picasa online photo offering, but Google stated that it is working to patch that service as well.
Adobe has identified a zero-day exploit in the latest version of Flash Player 10.2 for Windows, Mac, Linux and Android. Using the the security hole, an attacker can potentially run malicious code and even take control of an affected system. While the vulnerability and potential damage to a system are significant, common sense will help users avoid the issue in most cases. The malicious code that takes advantage of this exploit is typically delivered as a Flash file embedded in a Microsoft Word document attached to an email. Most users in this day and age know to avoid such files. Adobe is currently working on a fix for the security hole, though the company has not stated when the fix might become available. More →