MacRumors

Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.

I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.

Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.

DigiTimes highlights a report from Taiwan's Economic Daily News stating that two chip manufacturers, Taiwan Semiconductor Manufacturing Company and United Microelectronics Corporation, are expected to receive chip orders for Apple's rumored iPhone nano. The report states that orders would likely come in March, leading to a June release of the iPhone nano at the earliest.

Meanwhile, American Technology Research analyst Brian Marshall believes that the iPhone nano will not initially be launched in the United States. According to Marshall, wireless industry insiders have confirmed that the device is not yet being tested by AT&T, suggesting that US customers will face an indefinite wait for the new device. Marshall also speculates that China may be an ideal market for the iPhone nano's initial release.

"Obviously, the best-case scenario here would be a China launch (~600mil+ wireless subscribers total in the country), but we have no definitive knowledge of this and are working on identifying the local of launch and other pertinent details," he said.

The rumored iPhone nano has been the subject of considerable discussion since mid-December, when iDealsChina published details of the device based on a silicone skin produced by case manufacturer XSKN. Vaja quickly followed suit by adding an entry for "iPhone nano" to their list of case offerings. While these developments led to speculation that the iPhone nano would be released at last week's Macworld Expo, some analysts tempered expectations with information that, while the device is on the way, it would not be ready for a Macworld introduction.

CNet reports that Google is hoping to release a version of their Chrome browser for both Mac and Linux in the first half of 2009. At the moment, the Mac version is just starting to become functional:

"That team now is able to render most Web pages pretty well. But in terms of the user experience, it's very basic," Rakowski said of the Mac version. "We have not spent any time building out features. We're still iterating on making it stable and getting the architecture right."

Chrome is a Webkit-based browser developed by Google that is currently available for Windows only. Google believes it "can add value for users and, at the same time, help drive innovation on the web."

Google's co-founder even acknowledged that the lack of a Mac version was "embarrassing" and that he was running Chrome under VMWare Fusion on his own Mac.

After verbally acknowledging that the new 17" MacBook Pro's non-removable battery would cost $179 to replace, Apple has posted an official page describing how one would seek a battery replacement and the exact cost depending on your region.

The battery in your MacBook Pro (17-inch, Early 2009) is a consumable item, which means it will require replacement at the end of its useful life. A replacement battery can be purchased directly from Apple. The price of the replacement battery includes installation of your new battery and environmentally responsible disposal of your depleted battery.

If you are fortunate enough to live near an Apple Retail location, Apple says the procedure should be a same-day replacement with appointment. Mail-in replacements, however, will require 3-4 business days after shipment of the unit.

Apple claims that their improved battery technology will allow up to 5 years without needing a replacement.

According to a regulatory filing made today by LG, the display manufacturer has signed a five-year deal to provide LCD panels to Apple, a deal that includes an upfront payment by Apple of $500 million. Reuters cites analyst comments that LG currently supplies displays for 70% of Apple's computer products, so the new deal suggests a strengthening of the existing relationship that should bring long-term price and supply stability.

"Although LG Display already had a relationship with Apple, the deal's duration and the size of the advance show that the two companies are involved in a long-term, strategic alliance," said Son Young-jun, a spokesman for LG Display.

The deal appears similar to ones announced in November 2005 in which Apple agreed to pay $1.25 billion upfront to a number of flash memory manufacturers as part of long-term supply agreements.

After Apple announced that Steve Jobs would be not be giving the 2009 Macworld Expo keynote, analyst expectations about the event dropped dramatically.

While Apple did not deliver the expected updates to the iMac and Mac mini, they did provide substantial updates to their iLife and iWork suites and finally introduced the unibody 17" MacBook Pro.

No iMac and Mac mini Updates

The most disappointing aspect of Macworld was the lack of updates for the Mac mini and iMac. The Mac mini, in particular, has been long overdue for a refresh, and the recent rumors seemed to indicate that it would finally get some worthy upgrades (dual monitor, FireWire).

While no one could say for sure that the new iMac was coming, two sites (Wired and TUAW) specifically said that Apple would be releasing a new Mac mini at Macworld. The timing was believable, of course, since evidence of the new iMacs and Mac minis had been found buried within Mac OS X, itself. Unfortunately, either timetables changed, or these sites were simply wrong.

It's still clear to us, however, that Mac mini and iMac updates are imminent. Based on whispers we've heard, we do feel that many of the rumored upgrades surrounding the Mac mini are true. It's just a matter of when.

Macbook Pro 17" - Fixed Battery

The first report that Apple was going to deliver a 17" MacBook Pro with a fixed internal battery came from 9to5Mac. Though the site hedged a bit towards the end, the original information was confirmed by multiple sources.

The use of an extended-life, non-removable battery was unique and accurate and 9to5Mac deserves credit for the scoop.

iLife, iWork, Cloud Computing

Perhaps to the relief of many, Apple's push into "cloud" computing was far more limited than originally reported. The information came again from 9to5Mac but was described as far more ambitious a plan than what was seen at this year's Macworld.

Original reports claimed Apple would migrate iWork and iLife functionality into web-based services. While Apple did release an iWork.com public beta, its functionality is limited to collaboration and document sharing.

Other information from 9to5Mac also detailed celebrity lessons for GarageBand, which did turn out to be true.

DRM-Free

It seems clear that CNet has sources at major music labels and was able to predict that Apple would be launching a full DRM-free store at Macworld.

No iPhone Nano... Yet?

Case manufacturers XSKN and Vaja have both advertised cases for an unreleased iPhone Nano in the weeks leading up to Macworld. And while we still don't see the reasoning behind such a product, it seems clear that the case manufacturers did believe that this product was coming and have actually produced cases based on the leaked specs. In fact, the same spec leaks may also be responsible for the iPhone Nano clones that have already hit the market.

It remains possible that we will see such a product in the future, or it may have simply been an expensive mistake on the part of the case manufacturers.

What's Next?

Cinema Displays, the Mac mini and iMac seem the most likely updates coming next. Previous supply chain sources had claimed the iMac would start shipping in January. If true, that means the update could come within weeks.

Apple has occasionally been known to launch products shortly after their Macworld events in either January or February. The earliest example we could find was an iPod Shuffle revision launched on January 30th, 2007.

Macworld Expo 2009 officially ended on Friday, and media and attendees have since scattered back to their respective locations. Beyond the product announcements themselves, we certainly enjoyed meeting up with readers and other Mac personalities from around the world. Delicious Monster sponsored a meetup for our readers and the following companies provided giveaway prizes: Dr Bott, Speck, Beejive, Iconfactory, Just Mobile, and Ten One Design. Thanks to them.

Blake Patterson's Macworld San Francisco Flickr Photo Set captures the Macworld experience from the keynote line, pre-keynote waiting, opening of floor and even down to late night bar gatherings and a 3 a.m. Denny's run. Gatherings involved both familiar faces (Gruber) and newcomers (Fieldrunners developers)

The fight for 2010 seems to be on as CNet has confirmed that CES is organizing a Mac-themed area next year and is actively recruiting Mac exhibitors. Meanwhile, IDG/Macworld has already opened expo-pass registration for Macworld SF 2010 and appears to be offering free floor passes at this early date (normally $25-$45).

Cult of Mac first reported yesterday that Apple had decided to exhibit at next year's Consumer Electronics Show (CES) 2010.

We had originally filed the report on Page 2 as it seems to contradict Apple's reasoning for pulling out of future Macworld events. Specifically, Apple has claimed that trade shows are becoming less important venues and not worth the time or cost to participate. In fact, Schiller even acknowledged that the January time-frame for the Macworld event simply didn't coincide with Apple's product release life cycles.

AppleInsider, however, is now also reporting from their sources that Apple is planning on exhibiting at CES 2010. The rumor site describes the move as a "done deal" and that Apple is up to the challenge of sitting amongst its competition.

That indicates that an Apple appearance at CES 2010 might likely serve primarily a symbolic move by Apple as it cements its increasing importance in the consumer electronics world at the expense of Microsoft, generic PC makers, smartphone vendors, and its other competitors in the consumer electronics industry.

One of the major stories coming out of CES is the revival of Palm with the release of the Palm Pre, the first smartphone to be based on their new webOS platform. The Pre, currently planned for a US release on Sprint sometime in the first half of this year, contains a 3.1-inch, 320x480 touch screen, 8 GB of memory, a slide-out QWERTY keyboard, a 3-megapixel camera with flash, built-in GPS, an accelerometer, and Wi-Fi, 3G, and Bluetooth connectivity.

The Pre represents a break from Palm's existing Palm OS and will be unable to run existing Palm OS applications. Instead, Pre developers will develop using browser technologies including CSS, HTML and XML along with special APIs to access the hardware features of the new device. And of course, an "App Store" for third-party applications will also be accessible from the phone.

Gizmodo was impressed by the Pre in their hands-on preview, in which they highlighted the responsiveness of the Webkit-based browser and overall user interface. They were also impressed with screen and camera quality. The minor downsides they found included a lack of video recording and a lack of browser support for Flash, although several sources are speculating that Adobe and Palm are working on a Flash plug-in.

The Pre includes several features that iPhone users have been clamoring for, including copy-and-paste, MMS messaging, and the ability to allow applications to run in the background. The Pre also offers the option of Palm's Touchstone wireless charging station. The Touchstone technology, which requires an additional back cover for the Pre itself, charges the Pre's internal battery via magnetic induction when the device is laid on the charging station.

Pricing is yet to be announced, although Palm CEO Ed Colligan suggested that it would not come in significantly under the iPhone's $199 price point. In fact, Russian Mobile-Review blogger Eldar Murtazin, who previously provided accurate information on the cancellation of Motorola's RAZR 3, claims that the Pre will be priced at $399 with a Sprint contract. He also claims that a GSM version of the phone is reportedly due for release in the UK in the second half of 2009, a fact confirmed by Paul Ghent, vice president of sales for Palm Europe.

We're wrapping up our coverage from Macworld, and here is a diverse collection of items that may be of interest.

Cultured Code released the 1.0 version of Things alongside a version update to their iPhone app [App Store]. The Mac application won Best of Show and offers an "elegant and intuitive" task manager for organizing to-dos, notes, due dates, and projects. Things 1.0 for Mac is $49.95 and the iPhone companion application is $9.99.

Gryphon Corporation was showing off Ampli Phone, a passive amplifier for the iPhone. The scientifically designed horn amplifies the sound coming out of your iPhone without the need for any additional power source. The cradle for the iPhone allows room for cables to keep it powered and the entire unit can be turned on its side for watching video. Comes in black or white and is available for $29.95.

Music Skins provides officially licensed band decals that can be applied to your iPhone or iPod. Made from 3M vinyl and adhesive technology, they can be applied and removed without leaving a residue. Prices per skin is $15.00 and they are available for all iPod and iPhone models.

Psyclops introduced a new set of iPod nano silicon sleeves aimed at the 8-14 year old market. The company also offers an interactive online dance/music community in which kids can assemble their own dance videos by mixing available audio and video clips. These videos can be shared and downloaded to their iPods. Each case (example photo) comes with a unique code to unlock special dance moves. The company will also releasing an iPhone App that allows kids to create and share their videos on their iPhone or iPod touch.

Pogue questioned Phil Schiller about Apple's withdrawal from Macworld Expo. Schiller, of course, repeated what was said in the original press release: that trade shows had become less important and not worth the effort or money involved.

Schiller, however, also admitted that having to come up with a "dazzling" show each January was unsustainable. He also admits that January does not fit into the Apple's natural product timelines, which he specifically spelled out:

He noted that Apple marches to certain annual product cycles: the holiday season (Novemberish), the educational buying season (late summer), the iPod product cycle (October), the iLife development cycle (usually March), the iPhone cycle (June).

A number of iPhone-related applications have been featured at Macworld Expo, and here are a few that have caught our interest:

iToner 2 from Ambrosia Software enables free, quick ringtone creation and transfer without the need for hacks. The new version adds the ability to easily crop selections, incorporates Cleartone technology for optimizing sound quality for the iPhone speaker, and includes 40 bundled ringtones. iToner 2 is priced at $15, but is a free update for existing iToner users. A free trial is also available.

Beejive has announced BeejiveIM for iPhone 2.0 [App Store], bringing a host of new features to the versatile instant messaging application. New features include photo transfers, voice note transfers, iPhone address book integration, added file support for multimedia, PDF, and Microsoft Office files, configurable alert sounds, and a refreshed, more native-looking interface. BeejiveIM 2.0 is priced at $15.99 for new users, and is a free update for existing users.

Smule, creators of the popular Ocarina application (being demoed above), have released their newest offering, Zephyr [App Store]. Zephyr allows users to draw pictures or messages, to which "wind" sounds based on the users' movements are automatically added. Messages are sent randomly and anonymously around the world, and can be passed on from user to user. Zephyr is priced at $0.99.

Announced as part of Phil Schiller's keynote presentation, Apple has released Keynote Remote [App Store]. The application allows users to control Keynote presentations, view presentation notes, and preview upcoming slides via a Wi-Fi pairing between the user's iPhone or iPod touch and any Mac running Keynote '09. Keynote Remote is priced at $0.99.

ZDNet reports that the iPhone 3.0 firmware will support quad-core processors in an upcoming iPhone hardware revision. While Apple has not yet detailed iPhone 3.0 firmware, MacRumors has independently heard from a reliable source of this same multi-core support in the 3.0 firmware which should accompany the next iPhone.

Meanwhile, Imagination Technologies is announcing a multi-core GPU that could be suitable for iPhone use. Apple, an investor in Imagination Technologies, presently uses a less powerful version of their PowerVR GPU in the iPhone and iPod touch.

The likely candidate for the new iPhone's CPU, however, is a derivative of the ARM Cortex A9 multi-core processor. The ARM Cortex has excellent power efficiency, well ahead of Intel's Atom offerings. Apple appears to be an ARM architectural licensee and their acquisition of P.A. Semi has brought low-power chip design expertise into the company.

One of the more interesting products on display at the Macworld Expo is the HP MediaSmart Server EX485/EX487. The new server, which was the recipient of a Best of Show award, provides a home server solution for cross-platform environments.

The server contains an Intel Celeron 2.0 GHz processor, 2 GB of RAM and four hard drive bays, with additional expansion possible via one eSATA and four USB ports. Although a Windows PC is required for the initial setup (Boot Camp and virtualization software are officially unsupported for setup), once configured it is compatible with Windows, Mac, and Linux. Time Machine is supported for backups of networked Macs, while Windows machines are backed up using Windows Home Server. Local file and media sharing is available via Finder, while remote access to files stored on the server is available via Internet browser.

It also includes an iTunes server that centralizes iTunes music libraries for access by any networked Mac or PC with iTunes, as well as tools for simplifying uploads to photo-sharing sites such as Facebook, Picasa, and Snapfish. Online backup via Amazon S3 is also available for additional data protection.

The MediaSmart Server is offered in two configurations, the EX485 with one 750 GB hard drive for $599 and the EX487 with two 750 GB drives for $749.

Apple's announcement that they will no longer participate in future Macworld Expos has cast some doubts on the ongoing viability of the show. The Daily Geek reports that some Macworld vendors are not planing on returning in 2010, while others are taking a wait and see approach. In fact, the Consumer Electronics Show (CES) is taking advantage of the situation by trying to recruit Macworld exhibitors and promising that they will have a Mac area next year:

"CES told me they're having a Mac centric area next year," said David Polzine, the product manager for SmithMicro Software who was approached by a salesman at Macworld. "If it all moved to CES, that would work better for us."

While some vendors seem to welcome the shift to CES, many attendees we spoke to felt that CES would be a poor substitute to Macworld. Unlike Macworld, CES is a trade show tailored to industry employees and not accessible to the general public.

The Macworld Expo organizers are aware of these issues and held a town meeting addressing the future of the show. Ars Technica reported on the meeting and reveals that IDG is well aware of the unique community aspect of Macworld as compared to other trade shows and is trying to build on that strength.

"This is a different place" than the typical trade show, Kent explained. "We understand and embrace this community, and we want this community to have a say in the conference." IDG has set up a new site, macworldexpo.ning.com , where both attendees and visitors are encouraged to register, get to know each other, and provide feedback and new ideas for helping the show to continue and grow.

Plans for Macworld Expo 2010 are well underway and over 60 vendors are said to have committed to the show. IDG will be leverging some familiar faces in the Mac community for the next show. The NYTimes' David Pogue is slated to give "Anti-Keynote" for the event, while Daring Fireball's John Gruber will be hosting a session of noteworthy discussions in the Mac community.