Apple has released an iOS 12 update users of older iPhone and iPad devices should download as soon as possible. Engadget reports: The new version of the company's 2018 operating system addresses a major vulnerability that Apple recently patched within iOS 15. According to a support document, the WebKit flaw could have allowed a website to run malicious code on your device. In its usual terse manner, Apple notes it is "aware of a report that this issue may have been actively exploited."

For that reason, you should download the update as soon as possible if you're still using an iOS 12 device. That's a list that includes the iPhone 5s, iPhone 6, as well as iPad Air, iPad mini 2 and iPad mini 3. You can download iOS 12.5.6 by opening the Settings app, tapping on "General" and then selecting "Software Update."

Trademark filings suggest that Apple may be staking claim to potential names for its highly anticipated mixed-reality headset, part of the tech giant's push into its first new product category in years. From a report: Applications were filed in the US, EU, UK, Canada, Australia, New Zealand, Saudi Arabia, Costa Rica and Uruguay for the names "Reality One," "Reality Pro" and "Reality Processor." Though Apple itself didn't make the filings, they follow a pattern that the iPhone maker has used in the past -- including relying on law firms that the company has previously enlisted to lock down brands. Apple's headset is expected to combine virtual and augmented reality technology and vault the company into closer competition with Meta Platforms, the leading provider of VR gear. It's been seven years since the company last went after a new hardware category with the Apple Watch.

Justice Department lawyers are in the early stages of drafting a potential antitrust complaint against Apple, Politico reported Friday, citing a person with direct knowledge of the matter -- a sign that a long-running investigation may be nearing a decision point and a suit could be coming soon. From the report: Various groups of prosecutors inside DOJ are assembling the pieces for a potential lawsuit, the individual said, adding that the department's antitrust division hopes to file suit by the end of the year. Still, the Justice Department has made no decisions whether or when to sue Apple, the world's most valuable public company, cautioned that person and one other familiar with the probe -- and it's still possible no case will be filed. Both were granted anonymity to discuss a confidential investigation.

New research claims that of five major Big Tech firms, Google tracks more private data about users than any other -- and Apple tracks the least. AppleInsider reports: Apple has previously introduced App Tracking Transparency specifically to protect the privacy of users from other companies. However, a new report says that Apple is also avoiding doing any more tracking itself than is needed to run its services. According to StockApps.com, Apple "is the most privacy-conscious firm out there." "Apple only stores the information that is necessary to maintain users' accounts," it continues. "This is because their website is not as reliant on advertising revenue as are Google, Twitter, and Facebook."

The StockApps.com report does not list what it describes as the "data points" that Big Tech firms collect for every user. However, it says they include location details, browser history, activity on third-party websites, and in Google's case, also emails in Gmail. It also doesn't detail its methodology, but does say that it used marketing firm digitalinformationworld to investigate Apple, Amazon, Facebook, Google, and Twitter. Of these five, Google reportedly tracks 39 separate data points per user, while Apple tracks only 12. Unexpectedly, Facebook is stated as tracking only 14 data points, while Amazon tracks 23, and Twitter tracks 24.

Lockdown Mode disables a series of features that can be used to hack iPhone users. But the lack of these features also makes it easier to figure out who is using Lockdown Mode. From a report: Once Apple launches the new iPhone and iPad operating system early next month, users will be able to turn on a new privacy mode that the company calls "extreme." It's made for journalists, activists, politicians, human rights defenders, and anyone else who may be worried about getting targeted by sophisticated hackers, perhaps working for governments armed with spyware made by companies such as NSO Group. Apple calls it "Lockdown Mode" and it works by disabling some regular iPhone features that have been exploited to hack users in the past. But if users turn on Lockdown Mode, they will be easy to fingerprint and identify, according to a developer who created a proof of concept website that detects whether you have Lockdown Mode enabled or not.

John Ozbay, the CEO of privacy focused company Cryptee, and a privacy activist, told Motherboard that any website or online ad can detect whether some regular features are missing, such as loading custom fonts, one of the features that Lockdown Mode disables. "Let's say you're in China, and you're using Lockdown Mode. Now, any website that you visit could effectively detect you are using Lockdown Mode, they have your IP address as well. So they will actually be able to identify that the user with this IP address is using Lockdown Mode," Ozbay said in a call. "It's a tradeoff between security and privacy. [Apple] chose security."

On Monday, Apple expanded its DIY repair program to include MacBook Air and MacBook Pro laptops equipped with M1 chips (including the Pro and Max). At least, in theory. The repairability experts at iFixit, who regularly dissect Apple's gadgets, have taken a look at the new program, and their outlook is...mixed. iFixit's Sam Goldheart writes that the new MacBook Pro guides "threw us for a loop." The issue: the documentation "makes MacBook Pros seem less repairable" than they have been in the past. From a report: The repair manual for replacing the 14-inch MacBook Pro's battery, for example, is a whole 162 pages long. (One of the first steps, of course, is "Read the entire manual first.") The reason the guide is so long, it turns out, is that replacing these batteries isn't just a matter of popping the battery out. A user needs to replace the entire top case and keyboard in order to replace the battery. Needless to say, it is unusual for a laptop battery replacement to require a full-computer teardown.

And then, as Goldheart points out, there's the matter of the money. The "top case with battery" part that you'll need to purchase for the 2020 and 2021 MacBook Pro models is not cheap -- after rooting around Apple's store, Verge editor Sean Hollister found that you can expect to pay well upwards of $400 for the top case with battery after the repair credit. "Apple is presenting DIY repairers with a excruciating gauntlet of hurdles: read 162 pages of documentation without getting intimidated and decide to do the repair anyway, pay an exorbitant amount of money for an overkill replacement part, decide whether you want to drop another 50 bucks on the tools they recommend, and do the repair yourself within 14 days, including completing the System Configuration to pair your part with your device," Goldheart writes in summary. "Which makes us wonder, does Apple even want better repairability?"

An anonymous reader quotes a report from Ars Technica: Skirting the official macOS system requirements to run new versions of the software on old, unsupported Macs has a rich history. Tools like XPostFacto and LeopardAssist could help old PowerPC Macs run newer versions of Mac OS X, a tradition kept alive in the modern era by dosdude1's patchers for Sierra, High Sierra, Mojave, and Catalina. For Big Sur and Monterey, the OpenCore Legacy Patcher (OCLP for short) is the best way to get new macOS versions running on old Macs. It's an offshoot of the OpenCore Hackintosh bootloader, and it's updated fairly frequently with new features and fixes and compatibility for newer macOS versions. The OCLP developers have admitted that macOS Ventura support will be tough, but they've made progress in some crucial areas that should keep some older Macs kicking for a little bit longer.

[...] First, while macOS doesn't technically include system files for pre-AVX2 Intel CPUs, Apple's Rosetta 2 software does still include those files, since Rosetta 2 emulates the capabilities of a pre-AVX2 x86 CPU. By extracting and installing those files in Ventura, you can re-enable support on Ivy Bridge and older CPUs without AVX2 instructions. And this week, Grymalyuk showed off another breakthrough: working graphics support on old Metal-capable Macs, including machines as old as the 2014 5K iMac, the 2012 Mac mini, and even the 2008 cheese grater-style Mac Pro tower. The OCLP team still has other challenges to surmount, not least of which will involve automating all of these hacks so that users without a deep technical understanding of macOS's underpinnings can continue to set up and use the bootloader. Grymalyuk still won't speculate about a timeframe for official Ventura support in OCLP. But given the progress that has been made so far, it seems likely that people with 2012-and-newer Macs should still be able to run Ventura on their Macs without giving up graphics acceleration or other important features.

Xiaolang Zhang, a former Apple employee who was accused of stealing computer files with trade secrets about Apple's secretive car division, pleaded guilty in federal court in San Jose on Monday. CNBC reports: Zhang's plea agreement with the U.S. government is under seal, according to court filings on Monday. Zhang faces as much as 10 years in prison and a $250,000 fine after pleading guilty to a felony charge of theft of trade secrets. Sentencing is scheduled for November. Zhang was accused of downloading internal Apple files about the company's car project -- specifically, a 25-page document including engineering schematics of a circuit board for an autonomous vehicle. Zhang was also accused of taking reference manuals and PDFs describing Apple's prototypes and prototype requirements.

Zhang was arrested by federal agents in July 2018 at the San Jose airport, where he planned to fly to China. He had previously worked for Apple since 2015, most recently as a hardware engineer on Apple's autonomous vehicle team, according to charging documents from the FBI and U.S. attorney's office. The charges gave a peek into a secretive side of Apple that the company even years later still doesn't often acknowledge: its division developing autonomous electric vehicles.

The ubiquitous device is becoming a shop window for the firm's services. From a report: As it dreams up more gadgets to sell to more people, however, Apple is employing another strategy in parallel. The company has so far put 1.8bn devices in the pockets and on the desks of some of the world's most affluent consumers. Now it is selling access to those customers to other companies, and persuading those who own its devices to sign up to its own subscription services. As Luca Maestri, Apple's chief financial officer, said on a recent earnings call, the Apple devices in circulation represent "a big engine for our services business." The strategy is picking up speed. Last year services brought in $68bn in revenue, or 19% of Apple's total. That is double the share in 2015. In the latest quarter services' share was even higher, at 24%. Apple doesn't break down where the money comes from, but the biggest chunk is reckoned to be fees from its app store, which amounted to perhaps $25bn last year, according to Sensor Tower, a data provider.

The next-biggest part is probably the payment from Google for the right to be Apple devices' default search engine. This was $10bn in 2020; analysts believe the going rate now is nearer $20bn. Apple's fast-growing advertising business -- mainly selling search ads in its app store -- will bring in nearly $7bn this year, reckons eMarketer, another research firm. Most of the rest comes from a range of subscription services: iCloud storage, Apple Music and Apple Care insurance are probably the biggest, estimates Morgan Stanley, an investment bank. More recent ventures like Apple tv+, Apple Fitness, Apple Arcade and Apple Pay make up the rest. New services keep popping up. Last November Apple launched a subscription product for small companies called Apple Business Essentials, offering tech support, device management and so on. In June it announced a "buy now, pay later" service. The company claims a total of 860m active paid subscriptions, nearly a quarter more than it had a year ago.

Apple said on Monday it would offer customers tools and know-how to repair and service their MacBook laptops at home, months after launching the service for iPhones. From a report: Apple said genuine parts and service tools will be available starting Aug. 23. Customers can buy the repair kits or rent it for one-time use for $49. Self repairs are possible only on MacBook Air and MacBook Pro models with the M1 chips. In April, Apple launched self-repair services for select iPhones models in the United States, with plans to expand the service to Europe this year.

"On Monday, Apple told employees at its headquarters in Cupertino, California, that they would have to return to the office at least three days a week by September 5," according to a columnist for Inc. First reported by Bloomberg, Tim Cook told employees in an email that they would be expected to be in the office on Tuesdays and Thursdays, with teams choosing a third day that works best for them...

Apple SVP of software Craig Federighi followed up Cook's email with one of his own, saying that he "can't wait to experience the special energy of having all of us back in the office together again!" That's great, but I imagine a lot of the people who work in the software organization are wondering whether that "special energy" actually makes them more productive, or if it's just a thing managers feel as they watch employees be productive at their desks... [T]hat's not the same thing as actual collaboration.
Here's the article's main point: [M]any companies — especially Apple — had their best two years ever when most of their employees were working from home. If anything, it seems as though the evidence pointing to the idea that it was better for the company.... Apple's market cap in March 2020 was $1.1 trillion. Today, it's just shy of three times that....

[I]t's as if Apple hasn't learned anything.
Apple's memo did say that some employees — "depending on your role" — would have the option of working fully remotely "for up to four weeks a year."

An anonymous reader quotes a report from NBC News: An Apple AirTag led to the arrest of an airline subcontractor accused of stealing thousands of dollars' worth of items from luggage at a Florida airport. Giovanni De Luca, 19, was charged with two counts of grand theft after authorities recovered the stolen items from his home, the Okaloosa County Sheriff's Office said in a news release last week. Authorities said a traveler reported last month that her luggage never made it to her destination. The items inside were worth about $1,600. She said an Apple AirTag, a tracking device that triggers alerts on iPhones, iPads and Apple computers, had been in her luggage and showed that it was on Kathy Court in Mary Esther, about 50 miles east of Pensacola.

On Aug. 9, another traveler reported that more than $15,000 worth of jewelry and other items had been taken from his luggage. Okaloosa County sheriff's deputies investigating both suspected thefts cross-referenced Destin-Fort Walton Beach Airport employees who lived near Kathy Court and found De Luca at his home. He was arrested Aug. 10. The items reported missing on Aug. 9 were recovered, and De Luca admitted to rummaging through someone else's luggage and removing an Apple AirTag, the sheriff's office said. The woman's luggage has not been found.

Apple is advising iOS and iPadOS users to update to the latest software version to patch two security holes that could allow an application to execute arbitrary code with kernel privileges. They also issued a patch for WebKit, the browser that powers Safari and all third-party browsers on iOS. For this vulnerability, Apple says that "processing maliciously crafted web content may lead to arbitrary code execution."

"With two major security fixes, we recommend all iPhone users update to iOS 15.6.1 immediately and all iPad users update to iPadOS 15.6.1," writes Chance Miller via 9to5Mac. "You can do so by heading to the Settings app, choosing General, then choosing Software Update."

Apple: Shazam turns 20 today, and as of this week, it has officially surpassed 70 billion song recognitions. A mainstay in popular culture, the platform has changed the way people engage with music by making song identification accessible to everyone. For more than 225 million global monthly users, to "Shazam" is to discover something new. [...] With its continued commitment to innovation over the past two decades, Shazam is pioneering new ways to bring fans closer to the music and artists they love with new tools like the concert discovery feature, which spotlights concert information and tickets on sale for shows nearby, simply by Shazaming a song, or by searching for it in the Shazam app or website.

Apple is in talks to make Apple Watches and MacBooks in Vietnam for the first time, marking a further win for the Southeast Asian country as the U.S. tech giant looks to diversify production away from China. Nikkei Asia reports: Vietnam is already Apple's most important production hub outside of China, producing a wide range of flagship products for the American company, including iPad tablets and AirPods earphones. The Apple Watch is even more sophisticated, according to industry experts, who say that squeezing so many components into such a small case requires a high degree of technological skill. Producing the device would be a win for Vietnam as the country attempts to further upgrade its tech manufacturing sector.

Apple has also continued to shift iPad production to Vietnam after COVID-related lockdowns in Shanghai caused massive supply chain disruptions. BYD of China was the first to assist with this shift, though sources told Nikkei Asia that Foxconn, too, is now helping build more iPads in the Southeast Asian nation. Apple is also in talks with suppliers to build test production lines for its HomePod smart speakers in Vietnam, the people said. On the MacBook front, Apple has asked suppliers to set up a test production line in Vietnam, two sources said. However, progress in moving mass production to the country has been slow, partly due to pandemic-related disruptions but also because notebook computer production involves a larger supply chain, multiple sources said. That network is currently centered on China and very cost-competitive, they added. Further reading: Apple Targets September 7 for iPhone 14 Launch in Flurry of New Devices

An anonymous reader quotes a report from Bleeping Computer: North Korean hackers from the Lazarus group have been using a signed malicious executable for macOS to impersonate Coinbase and lure in employees in the financial technology sector. The name of the false document was "Coinbase_online_careers_2022_07." When launched, it displays the decoy PDF above and loads a malicious DLL that ultimately allows the threat actor to send commands to the infected device. Security researchers at cybersecurity company ESET found that the hackers also had malware ready for macOS systems. They said that the malicious file is compiled for Macs with both Intel and Apple silicon, meaning that users of both older and newer models were targeted. In a thread on Twitter, they note that the malware drops three files [...].

ESET linked the recent macOS malware to Operation In(ter)ception, a Lazarus campaign that targeted high-profile aerospace and military organizations in a similar way. Looking at the macOS malware, the researchers noticed that it was signed on July 21 (as per the timestamp value) with a certificate issued in February to a developer using the name Shankey Nohria and team identifier 264HFWQH63. On August 12, the certificate had not been revoked by Apple. However, the malicious application was not notarized -- an automatic process that Apple uses to check software for malicious components. Compared to the previous macOS malware attributed to the Lazarus group of hackers, ESET researchers observed that the downloader component connects to a different command and control (C2) server, which was no longer responding at the time of the analysis.

A security researcher says that Apple's iOS devices don't fully route all network traffic through VPNs as a user might expect, a potential security issue the device maker has known about for years. From a report: Michael Horowitz, a longtime computer security blogger and researcher, puts it plainly -- if contentiously -- in a continually updated blog post. "VPNs on iOS are broken," he says. Any third-party VPN seems to work at first, giving the device a new IP address, DNS servers, and a tunnel for new traffic, Horowitz writes. But sessions and connections established before a VPN is activated do not terminate and, in Horowitz's findings with advanced router logging, can still send data outside the VPN tunnel while it's active.

In other words, you might expect a VPN client to kill existing connections before establishing a secure connection so they can be re-established inside the tunnel. But iOS VPNs can't seem to do this, Horowitz says, a finding that is backed up by a similar report from May 2020. "Data leaves the iOS device outside of the VPN tunnel," Horowitz writes. "This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers. The latest version of iOS that I tested with is 15.6."

Apple is aiming to hold a launch event on Sept. 7 to unveil the iPhone 14 line, Bloomberg News reported Wednesday, citing people with knowledge of the matter, rolling out the latest version of a product that generates more than half its sales. From the report: The new iPhones will kick off a busy fall product season, which will also include multiple new Macs, low-end and high-end iPads, and three Apple Watch models. Apple is updating its flagship product at a precarious time for the industry. Smartphone sales have begun to flag as consumers cope with inflation and a shaky economy. But Apple appears to be faring better than its peers: The iPhone sold well last quarter, and the company has signaled to suppliers that it doesn't foresee a dropoff in demand.

Apple laid off many of its contract-based recruiters in the past week, part of a push to rein in the tech giant's hiring and spending, Bloomberg reported Tuesday, citing people with knowledge of the matter. From a report: About 100 contract workers were let go in a rare move for the world's most valuable company, said the people, who asked not to be identified because the situation is private. The recruiters were responsible for hiring new employees for Apple, and the cuts underscore that a slowdown is underway at the company.

Workers laid off were told the cuts were made due to changes in Apple's current business needs. Bloomberg first reported last month that the company was decelerating hiring after years of staffing up, joining many tech companies in hitting the brakes. Chief Executive Officer Tim Cook confirmed during Apple's earnings conference call that the company would be more "deliberate" in its spending -- even as it keeps investing in some areas.

"Apple, the world's biggest listed company, updated its general employee conduct policy about two years ago to explicitly prohibit discrimination on the basis of caste," reports Reuters, "which it added alongside existing categories such as race, religion, gender, age and ancestry.

Apple has more than 165,000 full-time employees, the article points out, and "The inclusion of the new category, which hasn't been previously reported, goes beyond U.S. discrimination laws, which do not explicitly ban casteism." The update came after the tech sector — which counts India as its top source of skilled foreign workers — received a wake-up call in June 2020 when California's employment regulator sued Cisco Systems on behalf of a low-caste engineer who accused two higher-caste bosses of blocking his career.... Since the suit was filed, several activist and employee groups have begun seeking updated U.S. discrimination legislation — and have also called on tech companies to change their own policies to help fill the void and deter casteism....

Elsewhere in tech, IBM told Reuters that it added caste, which was already in India-specific policies, to its global discrimination rules after the Cisco lawsuit was filed, though it declined to give a specific date or a rationale.
Meta, Amazon, and Google do not mention caste in internal polices, the article points out — but they all told Reuters it's already prohibited by their current policies against discrimination.

And yet, "Over 1,600 Google workers demanded the addition of caste to the main workplace code of conduct worldwide in a petition, seen by Reuters, which they emailed to CEO Sundar Pichai last month and re-sent last week after no response."