Felix Krause writes: Do you want a user's Apple ID password to get access to their Apple account or to try the same email/password combination on different web services? Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so. This is just a proof of concept, phishing attacks are illegal! Don't use this in any of your apps. The goal of this blog post is to close the loophole that has been there for many years, and hasn't been addressed yet. For moral reasons, I decided not to include the actual source code of the popup, however it was shockingly easy to replicate the system dialog.

According to MacRumors, KGI Securities analyst Ming-Chi Kuo said iPad Pro models set to be released in 2018 will come equipped with a TrueDepth Camera and will support Face ID. Apple is believed to be adding TrueDepth cameras to the iPad Pro to introduce a user experience that's consistent with the iPhone X and boost competitiveness. From the report: According to Kuo, TrueDepth Cameras will be limited to the iPad Pro, which is Apple's main flagship tablet device. Kuo also predicts 2018 iPhone models will adopt the new camera technology coming in the iPhone X, as he has mentioned in a previous note: "We predict iOS devices to be equipped with TrueDepth Camera in 2018F will include iPhone X and 2018 new iPhone and iPad models. Because of this, we believe more developers will pay attention to TrueDepth Camera/ facial recognition related applications. We expect Apple's (U.S.) major promotion of facial recognition related applications will encourage the Android camp to also dedicate more resources to developing hardware and facial recognition applications."

According to software company Futuremark, Apple doesn't intentionally slow down older iPhones when it releases new software updates as a way to encourage its customers to buy new devices. MacRumors reports: Starting in 2016, Futuremark collected over 100,000 benchmark results for seven different iPhone models across three versions of iOS, using that data to create performance comparison charts to determine whether there have been performance drops in iOS 9, iOS 10, and iOS 11. The first device tested was the iPhone 5s, as it's the oldest device capable of running iOS 11. iPhone 5s, released in 2013, was the first iPhone to get a 64-bit A7 chip, and iOS 11 is limited to 64-bit devices. Futuremark used the 3DMark Sling Shot Extreme Graphics test and calculated all benchmark scores from the iPhone 5s across a given month to make its comparison. The higher the bar, the better the performance, and based on the testing, GPU performance on the iPhone 5s has remained constant from iOS 9 to iOS 11 with just minor variations that Futuremark says "fall well within normal levels." iPhone 5s CPU performance over time was measured using the 3DMark Sling Shot Extreme Physics test, and again, results were largely consistent. CPU performance across those three devices has dropped slightly, something Futuremark attributes to "minor iOS updates or other factors."

A fresh case of Apple's new iPhone popping open due to a swollen battery has been reported in state media in China, the world's biggest smartphone market where the U.S. firm is seeking to revive faltering sales. From a report: The incident comes as Apple investigates similar cases reported in Taiwan and Japan of batteries in its latest iPhone 8 Plus becoming bloated, causing the device's casing to open. On its website on Thursday, China's state-backed ThePaper.cn cited an iPhone buyer surnamed Liu as saying his newly purchased iPhone 8 Plus arrived cracked open on Oct. 5. There was no sign of scorching or an explosion. Liu told ThePaper he bought the handset through online marketplace of JD.com. He said he did not charge the new device and returned it to the seller. The fresh reports comes on the heels of another story last week where Apple claimed that it was looking into a similar matter.

Last year, when it was rumoured that the then upcoming iPhone models -- 7 and 7 Plus -- won't have the 3.5mm audio jack, The Verge's Nilay Patel wrote that if Apple does do it, it would be a user-hostile and stupid move. When those iPhone models were official announced, they indeed didn't have the audio jack. Earlier this week, Android-maker Google announced the Pixel 2 and Pixel 2 XL smartphones that also don't feature the decades-old audio jack either, a move that would likely push rest of the smartphone makers to adopt a similar change. The rationale behind killing the traditional headphones jack, both Apple and Google say, is to move to an improved technology: Bluetooth. But there is another motive at play here, it appears. Patel, writes for The Verge: As the headphone jack disappears, the obvious replacement isn't another wire with a proprietary connector like Apple's Lightning or the many incompatible and strange flavors of USB-C audio. It's Bluetooth. And Bluetooth continues to suck, for a variety of reasons. Newer phones like the iPhone 8, Galaxy S8, and the Pixel 2 have Bluetooth 5, which promises to be better, but 1. There are literally no Bluetooth 5 headphones out yet, and 2. we have definitely heard that promise before. So we'll see. To improve Bluetooth, platform vendors like Apple and Google are riffing on top of it, and that means they're building custom solutions. And building custom solutions means they're taking the opportunity to prioritize their own products, because that is a fair and rational thing for platform vendors to do. Unfortunately, what is fair and rational for platform vendors isn't always great for markets, competition, or consumers. And at the end of this road, we will have taken a simple, universal thing that enabled a vibrant market with tons of options for every consumer, and turned it into yet another limited market defined by ecosystem lock-in. The playbook is simple: last year, Apple dropped the headphone jack and replaced it with its W1 system, which is basically a custom controller chip and software management layer for Bluetooth. The exemplary set of W1 headphones is, of course, AirPods, but Apple also owns Beats, and there are a few sets of W1 Beats headphones available as well. You can still use regular Bluetooth headphones with an iPhone, and you can use AirPods as regular Bluetooth headphones, but the combination iPhone / W1 experience is obviously superior to anything else on the market. [...] Google's version of this is the Pixel Buds, a set of over-ear neckbuds that serve as basic Bluetooth headphones but gain additional capabilities when used with certain phones. Seamless fast pairing? You need Android N or higher, which most Android phones don't have.

Last month, we covered a story about how turning off Wi-Fi and Bluetooth in iOS 11's Control Center doesn't really turn off Wi-Fi and Bluetooth. EFF has called the situation bad for user security. From the report: Instead, what actually happens in iOS 11 when you toggle your quick settings to "off" is that the phone will disconnect from Wi-Fi networks and some devices, but remain on for Apple services. Location Services is still enabled, Apple devices (like Apple Watch and Pencil) stay connected, and services such as Handoff and Instant Hotspot stay on. Apple's UI fails to even attempt to communicate these exceptions to its users. It gets even worse. When you toggle these settings in the Control Center to what is best described as "off-ish," they don't stay that way. The Wi-Fi will turn back full-on if you drive or walk to a new location. And both Wi-Fi and Bluetooth will turn back on at 5:00 AM. This is not clearly explained to users, nor left to them to choose, which makes security-aware users vulnerable as well. The only way to turn off the Wi-Fi and Bluetooth radios is to enable Airplane Mode or navigate into Settings and go to the Wi-Fi and Bluetooth sections. When a phone is designed to behave in a way other than what the UI suggests, it results in both security and privacy problems. A user has no visual or textual clues to understand the device's behavior, which can result in a loss of trust in operating system designers to faithfully communicate what's going on.

To improve functionality between Uber's app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user's iPhone screen, even if Uber's app was only running in the background, security researchers told news outlet Gizmodo. From a report: After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. The screen recording capability comes from what's called an "entitlement" -- a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn't find any other apps with the entitlement live on the App Store. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach said. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."

Joe Rossignol, writing for MacRumours: Brazilian software developer Matheus Mariano appears to have discovered a significant Disk Utility bug that exposes the passwords of encrypted Apple File System volumes in plain text on macOS High Sierra. Mariano added a new encrypted APFS volume to a container, set a password and hint, and unmounted and remounted the container in order to force a password prompt for demonstration purposes. Then, he clicked the "Show Hint" button, which revealed the full password in plain text rather than the hint. [...] Apple has addressed this bug by releasing a macOS High Sierra 10.13 Supplemental Update, available from the Updates tab in the Mac App Store.

In addition to the Pixel 2 and Pixel 2 XL, Google debuted a $400 speaker, called Home Max, that looks to compete directly with Apple's recently announced HomePod. The Home Max is a larger Google Home that features stereo speakers and more premium looks and materials. It's expected to go on sale in December in the U.S. TechCrunch reports: It can tune its audio to its own space, analyzing the sound coming from the speaker using its built in microphones to determine the best equalizer settings. This is called Smart Sound, and it evolves over time and based on where you move the speaker, using built-in machine learning. It has Cast functionality, as well as input via stereo 3.5 mm jack. Home Max can output sound that's up to 20 times more powerful than the standard version of Home, Google says, and it has two 4.5 inch woofers on board with two 0.7 inch custom-built tuners. It can sit in either vertical or horizontal orientation, and it comes in both 'chalk' and 'charcoal.' Of course, this bigger speaker also includes a noise isolating array that makes it work even in open rooms with background noise, and it's Assistant-enabled, so you can use it to control your music playback via voice, or manage your smart home devices, set yourself reminders, alarms, and timers and much more. Google also launched a budget-friendly Google Home Mini that features the Google Assistant but in a smaller form factor. 9to5Google reports: Google touts the Home Mini as having a powerful speaker with "crisp" 360 degree sound. The Mini can also be connected to any Chromecast wireless speaker, but there is no 3.5mm jack like Amazon's Echo Dot. In the center, there are four white lights that note when the Home Mini is listening or responding. Besides saying the "Ok, Google" hotword, users can tap on the Home Mini to issue a command. Google also retained the Home's original button for disabling the microphone with a toggle next to the charging port. The Google Home Mini will be go on sale later this month for $49, with pre-orders starting today.

Philip Blenkinsop, reporting for Reuters: The European Commission said on Wednesday it was taking Ireland to the European Court of Justice for its failure to recover up to 13 billion euros ($15.3 billion) of tax due from Apple, a move labeled as "regrettable" by Dublin. The Commission ordered the U.S. tech giant in August 2016 to pay the unpaid taxes as it ruled the firm had received illegal state aid, one of a number of deals the EU has targeted between multinationals and usually smaller EU states. "More than one year after the Commission adopted this decision, Ireland has still not recovered the money," EU Competition Commissioner Margrethe Vestager said, adding that Dublin had not even sought a portion of the sum.

When launching its original Pixel smartphone, Google mocked the iPhone 7's missing headphone jack in its marketing material. According to Cult of Mac, Google won't be doing the same for the Pixel 2. "The company has decided to remove the aging port from its latest handsets," reports Cult of Mac. "A new leak reveals that the lineup will rely solely on USB-C for wired connectivity." From the report: Incredibly reliable leaker Evan Blass has published pictures and details of Google's upcoming Pixel 2 smartphones on VentureBeat. He has also confirmed that neither device will feature a headphone jack, which means users will have to rely on a USB-C adapter or Bluetooth. It also means Google will no longer be able to put out Pixel ads that take sly swipes at the iPhone's missing port. Blass says both Pixel handsets will be powered by a Snapdragon 835 chipset -- the same one found in the Galaxy S8, the LG V30, and other 2017 flagships -- not a faster Snapdragon 836 processor as originally planned. Other features are said to include 12-megapixel cameras, 4GB of RAM, and 64GB or 128GB storage options. The smaller Pixel will pack a 5-inch 1080p display with a 16:9, while its larger sibling will pack a 6-inch Quad HD display with an 18:9 aspect ratio. Is the lack of a headphone jack a deal-breaker, or do you think the Pixel's other features, like stock Android and front-facing stereo speakers, will make up for it?

An anonymous reader quotes a report from Engadget: Paul Otellini, Intel's previous CEO, died in his sleep on Monday, the company announced this morning. He was 66. Otellini served as Intel's fifth chief executive from 2005 through 2013, and leaves behind a legacy of the company's dominance in x86 processors. Notably, he also worked with Apple as it moved away from PowerPC chips and adopted Intel's wares. After retiring in 2013, Otellini revealed one major regret during his tenure: not working hard enough to get Intel's chips in the iPhone. Consequently, Intel mostly missed on the smartphone revolution.

Otellini joined Intel in 1974 and served various roles throughout his career, including chief operating officer from 2003 to 2005. He would go on to spend almost 40 years at the company. He was an intriguing choice as CEO, since he was the company's first non-engineer to hold that role.

macOS 10.13's Disk Utility 17.0 (1626) does not recognize raw drives, reads a blog post, shared by several readers. From the post: Diskutil does recognize the drive. We'll use it to perform a quick, cursory format (e.g., diskutil eraseDisk JHFS+ NewDisk GPT disk0) to make the disk appear in Disk Utility, where further modifications can more easily be made. Plugging in an unformatted external drive produces the usual alert, "The disk you inserted was not readable by this computer. Initialize... | Ignore | Eject", but clicking Initialize just opens Disk Utility without the disk appearing. There's an option in Disk Utility to view "all devices," but clicking that doesn't show raw disks, the blog post adds.

Last month, Apple CEO Tim Cook said the $1,000 sticker price for the base model of iPhone X, the latest flagship smartphone from the company which goes on sale next month, is "a value price for the technology that you're getting." An anonymous reader writes: I simply don't understand why anyone would want to spend such amount on a phone. Don't get me wrong. Having a smartphone is crucial in this day and age. I get it. But even a $200 phone, untethered from any carrier contract, will let you install the apps you need, will allow you to take good pictures, surf the web, and listen to music. That handset might not be as fast as the iPhone X or Samsung's new Galaxy Note 8, or it might not be able to take as great pictures, but the difference, I feel, doesn't warrant an additional $800. The reader shares a column: When considering a purchase, comparing the value a product will add to our lives, and its cost is wise. Subjective perceptions affect how we value possessions, but let's consider the practical value of how we use smartphones. Smartphones aren't used for talking as often as the phones that preceded them were. In fact, actual "phone" use ranks below messaging, web surfing, social media and other activities that dominate smartphone usage. Furthermore, statistically we use only six core apps regularly. [...] My point is, smartphones have't changed all that much relatively speaking. Sure they're bigger, faster, more powerful and have awesome cameras. But the iPhone X is fundamentally the same device the earlier iPhones were, and provides the same basic and sought after functions. It's a glass-covered rectangular slab mostly used for messaging, web-surfing, music and social media activity. An individual's perception of self, financial resources, desired or actual social position and love for tech will likely play a role in his perception of the value of a $1,000 smartphone.

An anonymous reader quotes Silicon Beat: Apple co-founder Steve Wozniak penned an op-ed on Friday with a former Federal Communications Commission chairman, urging the current FCC to stop its proposed rollback of Obama-era net neutrality regulations. In the op-ed published by USA Today, Wozniak and Michael Copps, who led the FCC from 2001 to 2011, argued the rollback will threaten freedom for internet users and may corrode democracy... "Sometimes there's a nugget of truth to the adage that Washington policymakers are disconnected from the people they purport to represent," they wrote. "It is a stirring example of democracy in action. With the Internet's future as a platform for innovation and democratic discourse on the line, a coalition of grassroots and diverse groups joined with technology firms to insist that the FCC maintain its 2015 open internet (or 'net neutrality') rules."
In the joint letter, Wozniak and Copps write that "We come from different walks of life, but each of us recognizes that the FCC is considering action that could end the internet as we know it -- a dynamic platform for entrepreneurship, jobs, education, and free expression."

"Will consumers and citizens control their online experiences, or will a few gigantic gatekeepers take this dynamic technology down the road of centralized control, toll booths and constantly rising prices for consumers? At stake is the nature of the internet and its capacity to transform our lives even more than it already has."

Joshua Topolsky, writing for the Outline: Once upon a time, Apple could do little wrong. As one of the first mainstream computer companies to equally value design and technical simplicity, it upended our expectations about what PCs could be. "Macintosh works the way people work," read one 1992 ad. Rather than requiring downloads and installations and extra memory to get things right (as often required by Windows machines), Apple made it so you could just plug in a mouse or start up a program and it would just... work. Marrying that functionality with the groundbreaking design the company has embodied since the early Macs, it's easy to see how Apple became the darling of designers, artists, and the rest of the creative class. The work was downright elegant; unheard of for an electronics company. [...] But things changed. In 2013 I wrote about the confusing and visually abrasive turn Apple had made with the introduction of iOS 7, the operating system refresh that would set the stage for almost all of Apple's recent design. The product, the first piece of software overseen by Jony Ive, was confusing, amateur, and relatively unfinished upon launch. [...] It's almost as if the company is being buried under the weight of its products. Unable to cut ties with past concepts (for instance, the abomination that is iTunes), unable to choose clear paths forward (USB-C or Lightning guys?), compromising core elements to make room for splashy features, and executing haphazardly to solve long-term issues. [...] Pundits will respond to these arguments by detailing Apple's meteoric and sustained market-value gains. Apple fans will shout justifications for a stylus that must be charged by sticking it into the bottom of an iPad, a "back" button jammed weirdly into the status bar, a system of dongles for connecting oft-used devices, a notch that rudely juts into the display of a $1,000 phone. But the reality is that for all the phones Apple sells and for all the people who buy them, the company is stuck in idea-quicksand, like Microsoft in the early 2000s, or Apple in the 90s.

Apple is currently investigating reports of the iPhone 8 Plus splitting open while being charged with the included cable and plug adapter. The first claim comes from a Taiwanese iPhone 8 Plus owner, who posted photos which show damage consistent with a swollen battery. The second claim is from a Japanese owner who posted similar photos of his device, which he says arrived in this state. The Next Web reports: The phone belonged to a Ms. Wu, who recently renewed her phone contract and purchased a 64GB rose gold iPhone 8 Plus. The issue emerged five days after purchasing the phone. Wu placed her phone on charge, using the supplied cable and adaptor. After three minutes, she reported seeing the front panel bulge, and eventually lift completely from the device. According to multiple Taiwanese outlets, the phone was later recovered by the carrier, and has since been shipped to Apple for analysis. 9to5Mac adds: While any incident affecting a new iPhone model is bound to attract media attention, it's worth noting the usual disclaimers. First, any device manufactured in the millions will include some faulty models -- the real news would be if this were not the case. Second, investigations into charging-related incidents often reveal that a third-party charger was used, even when an owner initially claims to have used the supplied Apple one.

An anonymous reader quotes a report from The Next Web: Apple received a record number of national security orders this year, according to its bi-annual report published this week. The company stated it received more than 13,250 national security requests affecting over 9,000 accounts in the first half of 2017. Compared to the same period in 2015, this represents a threefold increase. National Security Requests are subpoenas by the government which oblige companies or individuals to share their data for national security purposes. The requests are usually made in the form of National Security Letters and are demanded only when it's indispensable to an investigation. The reason for this rise in numbers is still unclear. The company also revealed it provided data in 44 non-civil governmental cases, information which hadn't been revealed in its previous reports.

Andy Greenberg, writing for Wired:At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC's operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple's neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven't kept pace with their operating system system updates. And for many models, Apple hasn't released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim's machine.

According to a security guide published Wednesday, Apple recommends that children under the age of 13 do not use Face ID on the iPhone X due to the probability of a false match being significantly higher for young children. The company said this was because "their distinct facial features may not have fully developed." They also recommend that twins and siblings do not use the new feature. The Guardian reports: In all those situations, the company recommends concerned users disable Face ID and use a passcode instead. With Face ID, Apple has implemented a secondary system that exclusively looks out for attempts to fool the technology. Both the authentication and spoofing defense are based on machine learning, but while the former is trained to identify individuals from their faces, the latter is used to look for telltale signs of cheating. "An additional neural network that's trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks," the company says. If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice -- just like a human.