Tag: flaw

Apple asks Samsung for help to fix iPhone 6

ByRWIdiIUAAWry9Apple is turning to smartphone archrival Samsung in order to fix an  iBug with its new iPhone 6 phablet.

The super expensive machines keep crashing which is something that Apple does not like talking about much.

According to Business Korea Jobs’ Mob is going to buy more components from Samsung for its iPhone 6 and iPhone 6 Plus, along with Apple Watch parts.

In return Samsung is going to help Apple fix a bug in the NAND flash in the higher storage 64GB which is triple-level cell flash and the SK Hynix, Toshiba and SanDisk TLC NAND the 128 GB models.

Samsung will supply fresh modules which avoid the performance issues that some users have encountered.

This isn’t the only bug Apple has had with its phablet, either. Some users have reported problems with the camera, namely the optical image stabilisation (OIS) going awry and causing blurry shots.  Apple’s answer seems to be to return to its old business partner and get some decent gear under the bonnet.

 

Microsoft to change suicide server settings

msSoftware giant Microsoft has had enough of a suicide server setting in ASP.NET which too few sysadmins can be bothered disabling.

Microsoft said that all future versions of ASP.NET will enforce the deprecation of EnableViewStateMac=“false”. This was in a security advisory in December 2013, when Redmond has warned the setting had a privilege escalation vulnerability. Microsoft warned that disabling Message Authentication Code (MAC) validation would allow an attacker to use crafted HTTP code to inject code into the ASP.NET server.

Microsoft fixed that problem in ASP.NET 4.5.2 and in an optional patch for customers. Now, in a notice published on September 9, Microsoft says the previously optional patch will henceforth be enforced for all versions of ASP.NET.

“If you are running the ASP.NET framework on your machine, this behaviour will be picked up automatically the next time you check for updates.”

However it is likely to break installations still using EnableViewStateMac=“false”, but Microsoft said it was necessary to address this issue head-on due to the prevalence of misinformation regarding this switch and the number of customers who are running with it set to an insecure setting.

Most developers using the insecure setting did so to support cross-page posts on their sites. The scenario most likely to break when EnableViewStateMac=“false” is disabled is where designers were avoiding synchronising the <machineKey> setting in a Web farm.

You can read the advisory here