News from 'The Apple Blog'

Apple has just released iOS 4.0.2 for iPhone and iPod touch and iOS 3.2.2 for iPad through iTunes. This update plugs a security hole that would allow malicious PDF files to compromise iOS.

The PDF security hole was used in the JailbreakMe website so that users could jailbreak their iPhones without running any special software; all they had to do was download a specially-created PDF file. When Mobile Safari loads the PDF and reads the font section, it incorrectly executes the code inside the font section which takes advantage of an exploit to crack iOS.

JailbreakMe was fairly safe in that it leveraged existing techniques to jailbreak the iPhone. The real problem with this PDF exploit is that it’s easy to create a web page that would deceive the user into opening a PDF file in Mobile Safari which could do something more harmful.

Apple took a little over a week to roll out a fix for this exploit. Not bad when you consider the number of devices affected (various iPod touch and iPhone models) and the amount of testing that goes into a firmware update (even a minor one).

The update is rather large (almost 580MB for the iPhone 4) because it contains the full firmware image. You can download the update by connecting your iPhone or iPod touch to your computer running iTunes and clicking on “Check for Update.”

I suppose this points out a weakness in Apple’s system for pushing updates. There’s no way to update your iPhone or iPod touch without a desktop computer running iTunes. While it may seem impossible to those of us who read TheAppleBlog, many people rarely connect their iPhones to their computer and download apps and such from the device itself. Apple has relied on sending text messages to notify iPhone customers of important updates in the past, but I’m not aware of any method to send notifications to iPod touch users.

Of course, if you wanted to jailbreak your iPhone, then be sure to avoid the update. You may want to look into a Cydia app that prompts you before opening a PDF file just to warn you of the risk and make sure you wanted to do so.

Related GigaOM Pro Research: Mobile OSes Are No Longer Just About Mobile

News from 'The Apple Blog'

When I was tasked to write a roundup of iPad blogging apps, I figured this would be the usual pros and cons of four or five apps. Instead, I found only two, one of which is specific to WordPress (see our disclosure below). Since neither of the two apps made me all that happy, the multi-app roundup I was hoping for instead became a case of “two apps enter, no app leaves.”

Blogging on the iPad is a sorry state of affairs — I’m also coming at this from the angle of a prose blog, not a photo blog. Both WordPress and BlogPress allow you to do the same basic features: type in your thoughts and press publish. Neither of the apps let you define links or format your text — you’re limited to plain style. Some of this, I am led to believe from researching other apps with the same problem (Evernote), is how restrictive Apple is on its rich text features. On the other hand, all of the Office-style apps out there let you format text, so I don’t know what’s up. What I do know is, neither of these two apps even come close to the feature set most bloggers need.

WordPress (Free)

As the official app for WordPress, it’s a sad commentary when the best I can say is, “Some of the time, it doesn’t crash. And it’s free.” A quick five minute double-check of some features yielded four crashes. It crashed inserting a picture. It crashed while canceling edits. I wouldn’t be surprised if it crashed while crashing. When I was able to successfully insert a picture, it didn’t show up in the local draft; I had to go out to the local view to see it, and even then it was just code, not a visual. You can, however, manage comments, pages, and assign categories within the WordPress App.

I was also impressed with its offline features. It cached previous posts which made it handy to reference what I’d  said about a topic.

BlogPress ($2.99)

In addition to the hearty, “It crashes less” feature, BlogPress also connects to Blogger, MSN Live Spaces, Movable Type, TypePad, Live Journal, Drupal and Joomla in addition to WordPress. If you’re not using WordPress, BlogPress is the only game in town for you. Unfortunately, it doesn’t connect to Tumblr. I had a lot more success with this app, even within my WordPress-hosted sites. For starters, the only time it crashed on me was when I connected it to Live Journal, and when I relaunched it everything was OK. Inserted pictures showed up inline where I wanted them to, and I could adjust their alignment, but not their size. I was also unable to manage comments or edit static Pages in BlogPress. Still, I found BlogPress to be worth the $2.99.

My recommendation for BlogPress is somewhat grudging. It’s not a bad app, but I’m hard pressed to find many blog posts I’ve ever written that I could do entirely in either of these apps. Almost every post has bolded or italic text, an image, and a link or two. Of those three things, both apps only let me embed the image. Unless I’m writing a rare text-only post, I’ll need the web front-end of each site to wrap up the post. Sure, the apps are good for throwing a post together on the iPad and tossing it in the online Drafts folder for later editing, but it’s pretty sad I can’t rely on either of them to start-to-finish an average blog post.

Hopefully, at some point we’ll see a better selection, as well as the ability to format text and insert links. Until then, BlogPress earns my enthusiastic “At least it sucks less than the WordPress app” seal of approval.

Disclosure: Automattic, maker of WordPress.com, is backed by True Ventures, a venture capital firm that is an investor in the parent company of this blog, Giga Omni Media. Om Malik, founder of Giga Omni Media, is also a venture partner at True.

News from 'The Apple Blog'

Mixed in amongst all of the other Apple product updates this morning was an unassuming little battery charger. At a cost of $29 and including six reusable AA batteries, this little white charger offers you the chance to power all of your wireless desktop accessories with a clean conscience knowing that you’re doing your part to help the environment.

According to Apple, the charger sets a new industry standard for lowering standby power usage by sensing when its batteries have achieved a full charge and then automatically reducing its power consumption. Each charger comes with six high-performance AA NiMH batteries with an estimated lifespan of up to 10 years per battery. With six batteries,  you should be able to power your wireless keyboard, new Magic Trackpad, and still have two replacements left at full charge. It’s worth noting, though, that the first generation of the aluminum wireless keyboard actually requires three AA batteries.

Apple’s sales pitch offers us the chance to “..finally break the cycle of buying and disposing of those toxic, single-use alkaline batteries.” This is undoubtedly the natural continuation of Apple’s ongoing effort to improve its image as an environmentally responsible company. Energy efficiency has been one of the company’s primary avenues for reducing the impact its products have on the environment.

While scoring relatively well in the most recent Greenpeace Guide to Greener Electronics for efforts to reduce the amount of toxic chemicals in its products, Apple still took some knocks for waste and energy. Whenever it builds a product with an internal battery, Apple goes to great length to ensure it’s the most efficient it possibly can be in the space available. I suppose it’s only natural, then, that it has now extended that design philosophy to batteries that are removable as well.