New Documents in Snow Leopard's TextEdit
In the Snow Leopard version of TextEdit, you can now create a new document by Control-clicking TextEdit's Dock icon (when it's running), and choosing New Document from the pop-up menu. This isn't a major feature, of course, since you can also just press Command-N while in TextEdit, but consider Control-clicking other applications' Dock icons to see what functions they might make available.
Submitted by
Jerry Nilson
Recent TidBITS Talk Discussions
- Alternatives to MobileMe for syncing calendars between iPad/Mac (1 message)
- Free anti-virus for the Mac (20 messages)
- iTunes 10 syncing iPod Touch 4.1 (2 messages)
- Thoughts about Ping (16 messages)
Published in TidBITS 989.
Subscribe to our weekly email edition.
- Simplify Security with "Take Control of Passwords in Mac OS X"
- FCC Queries Apple, AT&T, and Google about Google Voice App
- David Pogue's "Take Back the Beep" Campaign
- Time Capsule Bumped to 2 TB
- Eye-Fi's Geo Targets Apple for Wireless Photo Transfers
- Google CEO Leaves Apple Board, Signaling Increased Competition
- RSS Feeds for TidBITS Comments
- Apple Releases MobileMe iDisk app for iPhone and iPod touch
- Fake Apple Tablet Rumors
- Apple: Web-enabled iPhone Apps Aren't for Kids
- Boxcar Offers Push Notifications from Twitter
- TidBITS Watchlist: Notable Software Updates for 03-Aug-09
- ExtraBITS for 03-Aug-09
- Hot Topics in TidBITS Talk for 03-Aug-09
Apple Fixes Serious iPhone SMS Vulnerability
At this year's Black Hat security conference, one of the largest conferences on Internet and computer security, researchers demonstrated the potential for SMS-based attacks on the iPhone that could disable the device or extract sensitive information from it. Although Apple reportedly was informed of the vulnerability 6 weeks ago, the company released iPhone OS 3.0.1 on 31-Jul-09, the day after the demo. The update is available now, via iTunes.
Researchers Charlie Miller and Collin Mulliner, of Independent Security Evaluators, issued a denial-of-service attack on CNET correspondent Elinor Mills's iPhone by sending her a specially crafted SMS message, or more accurately, hundreds of specially crafted SMS control messages, only the first of which was seen.
While the researchers only showed how attackers might use the method to disable a user's phone, Miller said it was also possible to utilize this exploit to steal data, make calls, and send text messages. In fact, once having gained access to a user's phone, an attacker could then spread the attack further by sending SMS messages to the numbers listed in the address book.
While a reboot would restore functionality to a disabled phone and is about all a user could do, it takes only seconds for an attacker to swipe sensitive data and gain access to the address book. Worse, although we haven't seen commentary about this, since SMS uses a store-and-forward mechanism, messages sent while a phone was turned off would theoretically be delivered as soon as it was turned back on.
What's especially dangerous about this attack is that it requires no action on the part of the user. Typically, iPhone attacks involve tricking the user into visiting a malicious Web site or opening a specially crafted file - thus giving potential victims at least some agency in their defense - but this one only requires that the attacker has the user's phone number.
The exploit was made possible by a memory corruption bug in the way the iPhone handles SMS messages, and affects all versions of the iPhone OS before 3.0.1. If you haven't yet updated to iPhone OS 3.0, now is your chance to go all the way to 3.0.1 and eliminate your vulnerability to this SMS vulnerability.
SMS-based attacks aren't unique to the iPhone, with Miller and Mulliner also demonstrating this particular bug on an Android-based phone. Google patched the hole in Android last week, within a few days of being notified.
![](/file/11593/db.tidbits.com.tar/db.tidbits.com/images/badges/mactech-twitter-icon-48x48.jpg)
in Los Angeles. The 3-day event is packed with sessions & evening
activities. Learn from the best. Meet and spend time with peers.
TidBITS readers save $50 at <http://macte.ch/conf_tidbits>!
Thanks!