Security researchers at Zscaler claim to have found a security flaw in CNN’s iPhone app that exposes personal login and passwords of its users. The CNN app for iPhone, which includes an iReport feature that allows users to sign-up and submit news stories, is reportedly not using SSL encryption for registration/login and SSL certificate pinning like its Android app counterpart and sending the personal user info to and from the app unencrypted. The report notes that CNN’s iPad app is not subject to the same vulnerability as it currently doesn’t have the iReport feature:
The current CNN for iPhone App (verified on Version 2.30 (Build 4948)) has a key weakness whereby passwords for iReport accounts are sent in clear text (unencrypted). While this is always a problem, it’s especially concerning that this relates to functionality which permits people to anonymously submit news stories to CNN. This occurs both when a user first creates their iReport account and during any subsequent logins.
As can be seen, both transmissions are sent in clear text (HTTP) and the password (p@ssword) is sent unencrypted, along with all other registration/login information. The concern here is that anyone on the same network as the user could easily sniff the victim’s password and access their account. Once obtained, the attacker could access the iReport account of the user and compromise their anonymity. The same credentials could be used to access the user’s web based iReport account where any past submissions are also accessible.
Zscaler said it notified CNN of the security flaw on July 15th and that the company confirmed it’s investigating. The CNN app for iPhone received an update today with “bug fixes” listed in the release notes, but the company is yet to confirm if the update was to address the security flaw detailed by Zscaler.
Apple released an EFI firmware update (version 2.9) for the mid-2011 MacBook Air last week to address problems the computer could have while waking from sleep, but recently users have started to report on the company’s support forum that the software was failing to install on their machines, and in some cases leaving them with completely non-functional computers, as first noted by MacRumors.
While some users report that their MacBook Airs shut down for several hours only to suddenly spring back to life, others claim that their machines still won’t startup. In other cases, users are finding that the Mac App Store prompts them to re-install the update over and over. So far there aren’t any reports of a successful resolution to the issue, even through AppleCare channels.
If you haven’t already installed the update, it may be best to sit this one out until Apple has fixed whatever problem seems to be plaguing users at the moment.
If you have a MacBook Air from mid-2011, you may have noticed intermittent issues where your laptop has a harder time waking up from sleep mode than it normally would have done, and when it does, the fans might loudly…
Intel has debuted the next generation of its Core i5 and i7 processors, according to a report from CPU World. Each of these updated chips sports a 200 MHz speed boost over its previous incarnation, which can currently be found in the MacBook Pro lineup. It’s likely that these processors will be found in a spec-bumped version of the MacBook Pro later this year.
The current series of MacBook Pro processors are available at clock speeds of 2.0 GHz (in the lowest-end 13-inch model) up to 2.6 GHz (in the top-of-the-line, built-to-order 15-inch model). The next-gen models released this week range from 2.2 to 3.0 GHz, which will provide a decent speed boost to each model.
Facebook announced today that it’s rolling out a new feature for its mobile apps that will let users save content for easy access at a later date. A list of saved content from Facebook— including links to things like places, movies, TV, and music— will appear in the Facebook mobile apps in the “More” section and on the left side bar on the web.
Facebook notes that it will sometimes show users reminders of saved content in the News Feed and also let users share saved lists with others (although saved items are set to private by default):
Your saved items list is organized by category and you can swipe right on each item to share it with your friends or move it into your archive list…We’ll sometimes show you reminders of your saved items in News Feed. For example, we might show you links to articles you saved.
The new Save feature could be considered a competitor to services like Pinterest or reader apps that let users save content from around the web for reading and sharing at a later date. The feature appears to allow users to share individual items they’ve added to their Saved items list in a similar way users currently share individual posts via the Facebook timeline.
The new feature is rolling out for all users on iOS, Android and web over the coming days.
Twitter has announced that an upcoming update to its mobile clients will allow users to go back and review their entire direct message history. Currently the app only provides a limited look back, but that restriction will be removed in a new version that will also make deleting messages more reliable across its web and mobile platforms.
There’s still no word on whether this update will be the one to restore the inability to send links in direct messages, which has been an ongoing issue for several months now for many useres, while others are still able to send URLs in messages with no problem.