Apple prepping thinner MacBook Pros with OLED screen above keyboard, Touch ID for Q4

Apple is reportedly working on a major update to the MacBook Pro which will bring a new OLED display touch bar above the keyboard, USB-C/Thunderbolt 3, and Touch ID, according to KGI Securities analyst Ming-Chi Kuo.

The new MacBook Pro is said to come in 13-inch and 15-inch sizes and arrive in the fourth quarter of 2016.

While long overlooked, the MacBook line is the brightest spot for Apple’s 2016 rollouts. This is particularly true of the two new MacBook Pro models, to be introduced in 4Q16, as they will have a thinner and lighter form factor, Touch ID, use OLED display touch bar (to replace physical function keys, located above the keyboard) and adopt USB- C / Thunderbolt 3.

Notably, Kuo says the MacBook Pro update is the “most significant upgrade ever undertaken by Apple” with a “thin and light” design that uses new metal injection mold-made hinges and the butterfly-mechanism keyboards.

Additionally, Kuo predicts a 13-inch notebook will join the 12-inch notebook in Apple’s MacBook lineup. Moving forwards, the MacBook Air will become the company’s entry level device, the MacBook will be the mid level model and the MacBook Pro will remain the high end selection.

The new MacBook Pros will likely feature Intel’s Skylake processors and AMD’s new 400-series Polaris graphics.

[source: MacRumors]

Gaping security hole found in Norton antivirus engine

source :

It’s affects Symantec security products across the board

It seems there’s a major hole in the core Symantec antivirus engine which is used across the company’s main security products including the Norton range, although the firm has (unsurprisingly) moved quickly to address this issue.

The flaw was discovered by renowned white hat security expert Tavis Ormandy (who is part of Google’s Project Zero team), with the AV engine being susceptible to a crafted and malformed portable-executable (PE) header file, capable of causing a buffer overflow.

Such a file could potentially be delivered via an email attachment or a malicious website, and successful exploitation will result in a Blue Screen of Death system crash.

On OS X and Linux machines, the attacker can gain root access via a remote heap overflow, and as for Microsoft’s operating system, Ormandy notes: “On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get.”

As mentioned, Symantec has been quick to react, with software already being patched via LiveUpdate. If LiveUpdate has run recently on your machine(s), you should have the fix.

If you’re not sure whether your security product has been updated, then you can manually fire up LiveUpdate to download the patched engine. Simply navigate to LiveUpdate in the interface, and run it until all available updates are installed.

Make sure you’re covered, though, as this is a nasty little glitch.

Ormandy has been responsible for finding a number of vulnerabilities across all manner of security products, including the likes of Trend Micro, Sophos and Malwarebytes.