Update: Apple has fixed the exploit, the below link is preserved for posterity but no longer works to display anything abnormal.

A few weeks ago, there was an active XSS Exploit on Apple.com with their iTunes site. Well, a tipster sent us the exact same cross site scripting exploit found again on the Apple iTunes site (UK in this case). As a result, there are some rather amusing variations of the Apple iTunes page appearing, and again some very frightening ones, as the above screenshot demonstrates a login page that accepts username and password information, stores this login data on a foreign server, then sends you back to Apple.com. The most annoying variation sent to us tried to stuff about 100 cookies onto my machine, initiated an endless loop of javascript pop-ups with Flash files embedded in each of them, and iframed about 20 other iframes, all while playing some really awful music.

Here’s a relatively harmless variation of the XSS capable URL, it iframes Google.com:

http://www.apple.com/uk/itunes/affiliates/download/?artistName=Apple%20%3Cbr/%3E%20%3Ciframe%20src=http%3A//www.google.com/%20width=600%20height=200%3E%3C/iframe%3E&thumbnailUrl=http%3A//images.apple.com/home/images/promo_mac_ads_20091022.jpg&itmsUrl=http%3A%2F%2Fitunes.apple.com%2FWebObjects%2FMZStore.woa%2Fwa%2FviewAlbum%3Fid%3D330407877%26s%3D143444%26ign-mscache%3D1&albumName=a%20wide-open%20HTML%20injection%20hole

It doesn’t take much effort to do your own version. Anyway, let’s hope Apple fixes this quick.

Attached are a few more screenshots of links sent in by tipster “WhaleNinja” (great name by the way)

If you regularly use Spotlight (or Services) to access the dictionary app in Mac OS X, you may have noticed that with each definition a new window is spawned. This can quickly lead to clutter, which annoyed TUAW enough to ask MacOSXHints for a solution. Like magic, MacOSXHints provided one and that’s what we’re sharing here. Basically, this causes Dictionary to only use a single window on the Mac.

This is accomplished with a defaults command string, so you need to have some command line experience or just copy and past the pertinent text below.

To force Dictionary to use only one window, launch the Terminal and type the following:

defaults write com.apple.Dictionary ProhibitNewWindowForRequest -bool TRUE

You can reverse this by changing TRUE to FALSE and re-executing the command.

Relaunch Dictionary, and the change will take effect. Cool!

Holy cow. Tim Royer has posted a graph of GeekBench benchmark test suite scores for the iMac 27″ Core i5 and iMac Core i7 models, and the numbers are pretty amazing. The 27″ Core i7 model just barely underperforms a brand new $2999 Mac Pro. So what? Well, the 27″ iMac Core i7 model is only $2199, and it includes a massively beautiful 27″ LCD that doubles as a monitor. Wow. The iMac Core i7 model is a $200 upgrade to the Core i5, which is also lightning fast, but the performance increase from the Core i5 to the i7 is dramatic, so that looks to be money very well spent.

Suddenly my MacBook Pro with a 3300 GeekBench score seems hopelessly inadequate!

The Command-Tab key sequence in Mac OS X works to summon a quick application switcher, it’s an excellent trick that many advanced users frequently use to switch apps and help multitasking, but it seems lesser known amongst Mac users in general. Even if you know of the Command+Tab trick, it turns out there are many more features available within the Command-Tab application switcher than just hitting Command+Tab itself, in fact you can navigate within the app switcher, hide apps, quit apps, and more.

Read more »

There are multiple ways to convert AVI video files to MOV video format on the Mac. Perhaps the easiest free ways to convert video from an AVI file to MOV format in Mac OS X is bt using an external app like Miro, VLC, or by using the Perian plugin for QuickTime.

Here’s a step by step guide of what you’ll need to do using one of these apps:
Read more »

Did you know you can quickly access Wikipedia from anywhere in OS X by using Spotlight? Yes seriously you can, similar to the Spotlight dictionary feature.

Here’s how Wikipedia access from Mac OS X works:
Read more »

Sunday Funday… and now we’re driving cars with iPhones. We all know that texting and driving is distracting, but what about using your iPhone to actually drive a car? Someone actually figured out how to do this, and here’s the video. This seems nice and safe, nothing could possibly go wrong here…

via LifeHacker: Drive a car with your iPhone

Apple’s newest snazzy NYC store got 10,000 job applications and just over 200 were hired, making a 2% acceptance rate. BusinessInsider points out this is lower than the 7% acceptance rate at Harvard University. I imagine the economic situation contributes to the slew of resumes, but even still, those are some pretty remarkable statistics.

Source: BusinessInsider: Harvard is easier than Apple

Listening to a great song that you think everyone should hear? You can easily share music with your friends thanks to iChat and iTunes, just drag a song from iTunes into an iChat window and off it goes! This may be Snow Leopard and iTunes 9 only, I don’t recall this feature working in Leopard.

Adobe Flash cookies are not deleted when you remove your browser cookies, because they are stored independent of your browser, meaning Flash cookies from Safari are accessible via Firefox, and vice versa. The interesting thing about Flash cookies though is that they could technically track your web browsing long after you have left the site that originated the Flash cookie, this is particularly the case with some advertising networks that appear ubiquitously around the web. Flash cookies actually have another name, they are known as Locally Stored Objects, or LSO’s, but whatever you want to call them, here is how to delete and remove Flash cookies, or LSO’s.

Read more »

Did you know that iChat and iCal work very well together? If you’re having a conversation in iChat and you or anyone else mentions a date or a day, you can hover over that mentioned date/day and add an iCal event directly from iChat without ever launching iCal! Try it out yourself with any iChat conversation, just throw in a day and see how well it works, it’s quite impressive.

OS X Daily editor Ryan pointed this out to me via Twitter a couple weeks ago, and I was surprised to learn just how well it worked. It’s now part of my daily workflow, it is very handy. Thanks Ryan!

If you have a large iTunes library it’s really easy to inadvertently gather duplicate songs, thankfully cleaning up and removing the duplicates from the iTunes song library is really easy.

Both iTunes for Mac and iTunes for Windows support an ability to easily remove duplicate songs, here’s how to do it:

Read more »

Grave, tilde, acute, circumflex, umlaut… all the fun accent codes that you might need to use. So if you need to type an accented letter in Mac OS X, we’ll show you how to quickly type them using the special option key based keystroke modifiers.

Read more »

This works in many versions of Mac OS X I’m pretty sure this only works in Snow Leopard, you can right-click/control-click on many App icons in the Dock to do things like:

* Create a New Window in Safari
* Create a New TextEdit Document
* Launch a New Remote Connection in Terminal
* Shuffle iTunes Songs
* Open a new Chat in iChat
* Set your Away Message in iChat

and so much more, right from the Dock! This is a very handy feature that I find myself using more and more, try it out with other apps and see what you get. Some of this may work in Leopard but I no longer have a Leopard machine to test this on, perhaps one of our other writers or readers can double check. Thank you readers for confirming this works in many versions of Mac OS X!

If you have the Terminal application stored in your Dock on Mac OS X, you can quickly execute any new command by right-clicking (or control clicking) on the Dock icon and navigating up to “New Command” in the popup menu.

This will prompt you for a command to run, which then launches into a terminal window specifically for that command. This is particularly nice for monitoring and analysis commands, like top, htop, dtrace, wireshark, etc.

Note that this will only execute the command you specified and will not leave you with a command line prompt afterwards by default, though you can check the box to run in a shell if you want to.

If you’re looking to continue to use the Terminal, just select ‘New Window’ instead.

Note that you must have the Terminal app already running to get these menu items available, thank you Michael for pointing this out!

Deleting cookies on the Mac depends on the specific web browser in use, thus if you want to delete all cookies, you’ll want to accomplish this for every browser app. Considering the web browsers most commonly used in Mac OS X are Safari, Chrome, and Firefox, we will show how to delete cookies in each of these browsers.

Read more »

Mac OS X 10.6.2 has been released, for most Mac users this is great news because it fixes over 40 problems and bugs, including the rare but very problematic user account deletion bug. If you have an official Apple Mac then go right ahead and update to Mac OS X 10.6.2, but if you have a Hackintosh Mac Netbook… well you will want to hold off. It has been confirmed that the final release of 10.6.2 kills Intel Atom support officially. Hackintosh Guru StellaRolla reports:

The netbook forums are now blowing up with problems of 10.6.2 instant rebooting their Atom based netbooks.

A quick glance at the Hackintosh forums on MyDellMini.com confirms this:

So, I can tell you 10.6.2 DOES NOT WORK with the Mini10v.

OSX tries to start, but it hangs before you can see the apple and system ist trying to boot again … you are in a loop…

StellaRola goes on to note that the OSx86 community is pretty crafty and a modded kernel will likely surface in the near future. In any event, if you have a Hackintosh, hold off on the official 10.6.2 until more information is available.

You can read more about the Mac OS X 10.6.2 Update from Apple.com

[ Sources: Gizmodo: 10.6.2 bug fixes and StellaRola: Official: Atom Not Supported in 10.6.2 and MyDellMini.com Forums ]

You can securely delete files from Mac OS X right from the Finder. This is by far the simplest method to securely delete something on the Mac, and the process is pretty straight forward, very similar to the normal procedure of deleting a file except that you will access a separate option to enable the ‘secure’ layer:

• Place files, folders, or whatever contents you want securely deleted into the Trash as usual
• Next, pull down the “Finder” menu and select “Secure Empty Trash” from the options (also accessible by command+right-clicking the Trash icon)

The process begins instantly, but unlike the normal approach to emptying Trash, you will find the process takes a bit longer.
Read more »