Apple has released security updates for a newly discovered zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices. From a report: The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said "may have been actively exploited." Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details it first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used to silently hack into iPhones belonging to at least one Bahraini activist.

Last month, Citizen Lab said the zero day flaw -- named as such since it gives companies zero days to roll out a fix -- took advantage of a flaw in Apple's iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist's phone. Pegasus gives its government customers near-complete access to a target's device, including their personal data, photos, messages and location.

Epic Games filed a notice of appeal Sunday following a judge's decision in its antitrust lawsuit against Apple. From a report: U.S. District Judge Yvonne Gonzalez Rogers mostly sided with Apple, rejecting Epic's claims that the iPhone maker is a monopoly. She also didn't rule that Apple needs to restore Fortnite, Epic's hit game at the center of the lawsuit, to the App Store or Epic's Apple developer account. She also rejected the need for third-party App Stores and didn't force Apple to lower its App Store revenue cut of 15% to 30%.

The judge, however, said that Apple has engaged in some anticompetitive conduct and she ordered the Cupertino, California-based technology giant to allow all app and game developers to steer consumers to outside payment methods on the web. All developers for the first time could be able to include a button in their apps to let users pay for transactions online, circumventing Apple's fees. She also ordered Epic to pay at least $4 million in damages to Apple for breach of contract, which included collecting payments outside of Apple's in-app-purchase system.

Long-time Slashdot reader fahrbot-bot quotes Engadget: Hold off on purchasing that iPhone mount for your motorbike.

In a new Apple Support post first seen by MacRumors, the tech giant has warned that high amplitude vibrations, "specifically those generated by high-power motorcycle engines" transmitted through handlebars, can damage its phones' cameras.

As the publication notes, that damage can be permanent. A simple Google search will surface posts over the past few years by users whose cameras were ruined after they mounted their iPhone on their bike, mostly so they can use it for navigation.
MacRumors summarizes another Apple recommendation: for slower vehicles like mopeds and scooters "at least use a vibration-dampening mount to minimize the chances of any damage."

Engadget's suggestion? "Just use another GPS device to make sure you don't ruin a device that costs hundreds to over a thousand dollars."

"Asahi Linux for Apple M1 Macs is moving closer to reality," writes Slashdot reader TroysBucket.

An Asahi developer posted a detailed status update on Twitter. Linux enthusiast Bryan Lunduke offers this succinct summary:

- The Asahi Linux team has Linux (Debian, in this case) booting and usable with network support.

- They now have (very early) display drivers which "take full advantage of the display hardware."

- They have at least two base distributions — both Arch and Debian — working and functional (to some extent).

They also have, according to their latest update, "boot picker" support so that you can manually select which OS / Drive to boot from on the M1 Macs... I, for one, can't wait to see the first public, functional release of Asahi Linux — and will be following it extremely closely.

Mark Gurman, reporting on Friday's ruling in Apple and Epic lawsuit: So how much does Apple stand to lose? That all comes down to how many developers try to bypass its payment system. Loup Venture's Gene Munster, a longtime Apple watcher, put the range at $1 billion to $4 billion, depending on how many developers take advantage of the new policy. Apple depicted the ruling as a victory, signaling that it's not too worried about the financial impact. "The court has affirmed what we've known all along: The App Store is not in violation of antitrust law" and "success is not illegal," Apple said in a statement. Kate Adams, the iPhone maker's general counsel, called the ruling a "resounding victory" that "underscores the merit" of its business.

Apple's adversary in the trial -- Epic Games, the maker of Fortnite -- also contended that the judge sided with Apple. This "isn't a win for developers or for consumers," Epic Chief Executive Officer Tim Sweeney said on Twitter. [...] Apple made about $3.8 billion in U.S. revenue from games in 2020, most of which came from in-app purchases, according to estimates from Sensor Tower. But even if the ruling ends up costing Apple a few billion dollars a year, that's still a small fraction of its total revenue. In fiscal 2021 alone, the company is estimated to bring in more than $360 billion, meaning the change won't make or break its overall financial performance. And many developers may choose to stick to Apple's payment system so they don't have to build their own web payment platform.
More concerns were shared by the EFF in a thread on Twitter. "Disappointingly, a court found that Apple is not a monopolist in mobile gaming or in-app transactions, so its App Store commissions don't violate antitrust law. One bright spot: the court found Apple's gag rules on app developers violate California law...

"The court's opinion spells out many serious problems with today's mobile app ecosystem, such as false tensions between user choice and user privacy. Congress can help with real antitrust reform and new legal tools, and shouldn't let Apple's privacywashing derail that work."

Lack of communication, confusion about payments and long delays have security researchers fed up with Apple's bug bounty program. The Washington Post: Hoping to discover hidden weaknesses, Apple for five years now has invited hackers to break into its services and its iconic phones and laptops, offering up to $1 million to learn of its most serious security flaws. [...] But many who are familiar with the program say Apple is slow to fix reported bugs and does not always pay hackers what they believe they're owed. Ultimately, they say, Apple's insular culture has hurt the program and created a blind spot on security. "It's a bug bounty program where the house always wins," said Katie Moussouris, CEO and founder of Luta Security, which worked with the Defense Department to set up its first bug bounty program. She said Apple's bad reputation in the security industry will lead to "less secure products for their customers and more cost down the line."

Apple said its program, launched in 2016, is a work in progress. Until 2019, the program was not officially opened to the public, although researchers say the program was never exclusive. [...] In interviews with more than two dozen security researchers, some of whom spoke on the condition of anonymity because of nondisclosure agreements, the approaches taken by Apple's rivals were held up for comparison. Facebook, Microsoft and Google publicize their programs and highlight security researchers who receive bounties in blog posts and leader boards. They hold conferences and provide resources to encourage a broad international audience to participate. And most of them pay more money each year than Apple, which is at times the world's most valuable company.

Microsoft paid $13.6 million in the 12-month period beginning July 2020. Google paid $6.7 million in 2020. Apple spent $3.7 million last year, Krstic said in his statement. He said that number is likely to increase this year. Payment amounts aren't the only measure of success, however. The best programs support open conversations between the hackers and the companies. Apple, already known for being tight-lipped, limits communication and feedback on why it chooses to pay or not pay for a bug, according to security researchers who have submitted bugs to the bounty program and a former employee who spoke on the condition of anonymity because of a nondisclosure agreement. Apple also has a massive backlog of bugs that it hasn't fixed, according to the former employee and a current employee, who also spoke on the condition of anonymity because of an NDA.

A U.S. judge on Friday issued a ruling in "Fortnite" creator Epic Games' antitrust lawsuit against Apple's App Store, labelling Apple's conduct in enforcing anti-steering restrictions as anticompetitive. From a report: The case may determine whether Apple is allowed to retain control over what apps appear on its iPhones and whether it is allowed to charge commissions to developers. The Verge adds: Judge Yvonne Gonzalez-Rogers issued a permanent injunction in the Epic v. Apple case on Friday morning, handing a major setback to Apple's App Store model. Under the new order, Apple is: "permanently restrained and enjoined from prohibiting developers from including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and (ii) communicating with customers through points of contact obtained voluntarily from customers through account registration within the app."

Apple appointed one of its top software executives, Kevin Lynch, to oversee its nascent self-driving car project after the previous leader left for Ford Motor. From a report: Lynch, an Adobe veteran who joined Apple in 2013 to run the software group for the company's smartwatch and health efforts, replaced Doug Field as the manager in charge of the car work, according to people with knowledge of the matter.

The executive first started working on the project earlier this year when he took over teams handling the underlying software. Now he is overseeing the whole group, which also includes hardware engineering and work on self-driving car sensors, said the people, who asked not to be identified because the move isn't public. The change marks the latest shake-up in the project's tumultuous history. Since Apple embarked on its plan to develop a self-driving car around 2014, the endeavor has seen management turnover, layoffs of engineers and strategy shifts -- all while shrouded in secrecy.

"Germany's Federal Criminal Police Office (BKA) purchased access to NSO Group's Pegasus spyware in 2019 after internal efforts to create similar iOS and Android surveillance tools failed," reports AppleInsider. The news comes less than a month after the Digital Agenda committee chairman of Germany's federal parliament, Manual Hoferlin, declared Apple to be on a "dangerous path" with plans to enact on-device child sexual assault material monitoring. He said the system undermines "secure and confidential communication" and represents the "biggest breach of the dam for the confidentiality of communication that we have seen since the invention of the Internet." From the report: The federal government revealed the agreement with NSO in a closed-door session with the German parliament's Interior Committee on Tuesday, reports Die Zeit. When the BKA began to use Pegasus is unclear. While Die Zeit says the tool was purchased in 2019 and is currently used in concert with a less effective state-developed Trojan, a separate report from Suddeutsche Zeitung, via DW.com, cites BKA Vice President Martina Link as confirming an acquisition in late 2020 followed by deployment against terrorism and organized crime suspects in March.

Officials made the decision to adopt Pegasus in spite of concerns regarding the legality of deploying software that can grant near-unfettered access to iPhone and Android handsets. As noted in the report, NSO's spyware exploits zero-day vulnerabilities to gain access to smartphones, including the latest iPhones, to record conversations, gather location data, access chat transcripts and more. Germany's laws state that authorities can only infiltrate suspects' cellphone and computers under special circumstances, while surveillance operations are governed by similarly strict rules.

BKA officials stipulated that only certain functions of Pegasus be activated in an attempt to bring the powerful tool in line with the country's privacy laws, sources told Die Zeit. It is unclear how the restrictions are implemented and whether they have been effective. Also unknown is how often and against whom Pegasus was deployed. According to Die Zeit, Germany first approached NSO about a potential licensing arrangement in 2017, but the plan was nixed due to concerns about the software's capabilities. Talks were renewed after the BKA's attempts to create its own spyware fell short.

Ford is hiring the head of Apple's car project away from the iPhone maker, a stunning development that brings the 118-year-old automaker an executive with Silicon Valley chops. Bloomberg reports: Doug Field is coming aboard as chief advanced technology and embedded systems officer, Ford said in a statement. Field also previously worked as a top engineer at Tesla between two stints at Apple -- most recently as a vice president in its special projects group -- and played a major role at Tesla launching the Model 3 sedan. The hire is a coup for Ford, which has made major strides under Chief Executive Officer Jim Farley in convincing investors it can compete with Tesla and others on electric vehicles and technology. Ford shares have almost doubled since Farley took over in October, after his two predecessors presided over a years-long slump.

"This is a watershed moment for our company -- Doug has accomplished so much," Farley said in a briefing with reporters. "This is just a monumental moment in time that we have now to really remake" the automaker. Apple said it's grateful for the contributions Field made and that it wishes him well at Ford. The departure marks another significant setback for Apple's automotive efforts. The company's car project has gone through several strategy and leadership shake-ups since it started to take shape around 2014.

Apple's next event, during which it will likely unveil its next slate of devices, including the seventh-generation Apple Watch and a new iPhone, is happening Sept. 14 at 10 a.m. PT, the company confirmed Tuesday. The event, like all previous ones over the last year and a half, will be held entirely online amid continued concerns about the coronavirus pandemic. From a report: Apple's invite includes the phrase "California streaming." It features a neon outline of the Apple logo set atop a silhouette of a mountain range. The company's flashy event is its most important of the year, setting its product lineup for the holiday shopping season. Last year, Apple held three major product releases in the second half, separating out announcements for its latest Apple Watches, iPads, iPhones and Mac computers. The releases helped propel Apple's sales and profit to their highest levels, setting new revenue records for the company's iPhones, iPads and Mac computers. It's unclear just what products Apple will announce and if it will repeat last year's tactic of holding multiple events throughout the second half. The iPhone 13 is almost assuredly going to make an appearance. The rumored Apple Watch 7 could as well.

"Tech companies have long encouraged putting listening devices in homes and pockets..." reports the Washington Post. "But some are growing concerned that these devices are recording even when they're not supposed to — and they're taking their fears to the courts." (Alternate URLs here and here.) On Thursday, a judge ruled that Apple will have to continue fighting a lawsuit brought by users in federal court in California, alleging that the company's voice assistant Siri has improperly recorded private conversations... [H]e ruled that the plaintiffs, who are trying to make the suit a class action case, could continue pursuing claims that Siri turned on unprompted and recorded conversations that it shouldn't have and passed the data along to third parties, therefore violating user privacy. The case is one of several that have been brought against Apple, Google and Amazon that involve allegations of violation of privacy by voice assistants...

The voice assistants are supposed to turn on when prompted — saying "Hey, Siri," for example — but the lawsuit alleges that plaintiffs saw their devices activate even when they didn't call out the wake word. That conversation was recorded without their consent and the information was then used to target advertisements toward them and sent on to third-party contractors to review, they allege... The lawsuits ask the companies to contend with what they do once they hear something they weren't intended to. Nicole Ozer, the technology and civil liberties director of the ACLU of California, said the suits are a sign that people are realizing how much information the voice technology is collecting.

"I think this lawsuit is part of people finally starting to realize that Siri doesn't work for us, it works for Apple," she said.
An Amazon spokesperson told the Post only a "small fraction" of audio is manually reviewed, and users can opt-out of those reviews or manage their recordings. Apple told the Post that isn't selling its Siri recordings, and that its recordings are not associated with an "identifiable individual." And Google pointed out that they don't retain audio recordings by default "and make it easy to manage your privacy preferences."

But there's still concerns. "A Washington Post investigation in 2019 found that Amazon kept a copy of everything Alexa records after it thinks it hears its name — even if users didn't realize," the Post adds. In a 2019 video, Post reporter Geoffrey A. Fowler even spliced together all of Amazon's recordings of his voice, into a spoken-word anthem titled "Your voice now belongs to Amazon. "Eavesdropping is an invasion," Fowler argues in the video, adding that Amazon "is putting its profits over our privacy. It's also a sign of a bold data grab that's going on in our increasingly connected homes."

The US National Labor Relations Board is looking into cases filed against the tech giant by two of the main voices accusing the company of permitting a hostile work environment. Engadget reports: The first complaint was filed by Ashley Gjovik, the senior engineering program manager who said she spent months talking with the company about unsafe working conditions and sexism in the workplace. In a tweet, she said that after raising her concerns, she was put on indefinite paid administrative leave while Apple looks into them. Further, she said Apple implied that the company didn't want her to use Slack, where she'd been vocal about her criticisms. Gjovik filed a "Charge against Employer" complaint, The Times says, alleging 13 instances of alleged retaliation against her. Those instances include workplace harassment, reassigning her supervisory responsibilities to colleagues and giving her undesirable tasks

The second complaint the labor board is investigation was filed by Cher Scarlett, on behalf of herself and other employees, on September 1st. Scarlett is a security engineer at the company and is the face of the #AppleToo movement made up of current and former employees aiming to shine a light on the tech giant's workplace culture. The group said it collected over 500 stories of incidents involving discrimination, harassment and retaliation, and it recently started sharing them five stories at a time. Her case accuses Apple of suppressing workers' organizing efforts, specifically when they involve pay surveys and gender pay equity. Apple said in a statement: "We are and have always been deeply committed to creating and maintaining a positive and inclusive workplace. We take all concerns seriously and we thoroughly investigate whenever a concern is raised and, out of respect for the privacy of any individuals involved, we do not discuss specific employee matters."

Apple wants to hire a programmer who knows about RISC-V, a processor technology that competes with the Arm designs that power iPhones, iPads and newer Macs. The company's interest emerged in a job posting for a "RISC-V high performance programmer" that Apple published Thursday. From a report: It's not clear exactly what Apple's plans are for the technology. Landing even a supporting role in an Apple product would be a major victory for RISC-V allies seeking to establish their technology as an alternative to older chip families like Arm or Intel's x86.

One of the RISC-V's creators is seminal processor designer David Patterson, and startups like SiFive and Esperanto Technologies are commercializing RISC-V designs. The job description offers some details about Apple's plans. The programmer will work on a team that's "implementing innovative RISC-V solutions and state of the art routines. This is to support the necessary computation for such things as machine learning, vision algorithms, signal and video processing," the job description says.

Apple has delayed plans to roll out its child sexual abuse (CSAM) detection technology that it chaotically announced last month, citing feedback from customers and policy groups. From a report: That feedback, if you recall, has been largely negative. The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology. In a statement on Friday morning, Apple told TechCrunch: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features."

Apple will start asking for permission to enable Personalized Ads in iOS 15, the company's method of serving relevant ads in the App Store and Apple News by analyzing what you read, purchase, and search for on your device. From a report: The company used to collect that information by default, but now it plans to ask for permission. Apple required other developers to seek users' permission with the debut of App Tracking Transparency, so it seems like it's showing that it will hold itself to a similar standard. The Personalized Ads pop-up should show up when you open the App Store if you're running the most recent iOS 15 beta. In the pop-up, Apple writes that the ads will help you discover relevant apps, products, and services while protecting your privacy by using "device-generated identifiers and not linking advertising information to your Apple ID."

The first AR/VR headset that Apple has been in development will need to be wirelessly tethered to an iPhone or another Apple device to unlock full functionality, reports The Information. MacRumors: It will be similar to the WiFi-only version of the Apple Watch, which requires an iPhone connection to work. The headset is meant to wirelessly communicate with another Apple device, which will handle most of the powerful computing. According to The Information, Apple recently completed work on the 5-nanometer custom chips that are set to be used in the headset, and that's where the connectivity detail comes from. Apple has completed the key system on a chip (SoC) that will power the headset, along with two additional chips. All three chips have hit the tape-out stage, so work on the physical design has wrapped up and it's now time for trial production.

While vocal app developers accused Apple last week of spinning a lawsuit settlement into an App Store change that was barely a change at all, the company appears to be making a true, if small concession today: Apple says it will let developers of "reader" apps (think Netflix, Spotify, and Amazon's Kindle app) directly link their customers to their own sign-up website, where they could potentially skirt Apple's in-app payment system (and its 30 percent cut) entirely, in those cases where they haven't already. From a report: In a press release, Apple claims that the move will close an investigation by the Japan Fair Trade Commission (JFTC), and that it'll only apply to those sorts of "reader" apps right now -- a category that was originally designed by Apple to placate companies like Netflix and Hulu by allowing them to let users simply sign into their existing account instead of signing up for a new subscription via the App Store (and having to pay Apple's fees).

The JFTC has confirmed the agreement in a press release of its own, saying that the move by Apple "would eliminate the suspected violation of the Antimonopoly Act." The commission, which has been investigating Apple since 2016, says the company has pledged to report on the status of app review transparency once a year for the next three years. According to the JFTC, Apple proposed changing its app review guidelines in response to the investigation.

Apple's plan to digitize your wallet is slowly taking shape. What started with boarding passes and venue tickets later became credit cards, subway tickets, and student IDs. Next on Apple's list to digitize are driver's licenses and state IDs, which it plans to support in its iOS 15 update expected out later this year. From a report: But to get there it needs help from state governments, since it's the states that issue driver's licenses and other forms of state identification, and every state issues IDs differently. Apple said today it has so far secured two states, Arizona and Georgia, to bring digital driver's license and state IDs. Connecticut, Iowa, Kentucky, Maryland, Oklahoma, and Utah are expected to follow, but a timeline for rolling out wasn't given.

Apple said in June that it would begin supporting digital licenses and IDs, and that the TSA would be the first agency to begin accepting a digital license from an iPhone at several airports, since only a state ID is required for traveling by air domestically within the United States. The TSA will allow you to present your digital wallet by tapping it on an identity reader. Apple says the feature is secure and doesn't require handing over or unlocking your phone. The digital license and ID data is stored on your iPhone but a driver's license must be verified by the participating state. That has to happen at scale and speed to support millions of drivers and travelers while preventing fake IDs from making it through. The goal of digitizing licenses and IDs is convenience, rather than fixing a problem. But the move hasn't exactly drawn confidence from privacy experts, who bemoan Apple's lack of transparency about how it built this technology and what it ultimately gets out of it.

A federal judge was recently found to have owned Apple stock while presiding over a case brought against the tech giant by Nokia, though the discovery is unlikely to lead to further legal action. AppleInsider reports: Apple and Nokia were embroiled in a bitter patent dispute from 2009 to 2011, with both companies filing a series of legal complaints and regulatory challenges as competition in the smartphone market came to a head. The issue was ultimately settled in June 2011, and while terms of the agreement were kept confidential, Apple was expected to make amends with a one-time payment and ongoing royalties. According to a new court filing on Monday, a federal judge presiding over one of many scattershot legal volleys filed by Nokia owned stock in Apple when the suit was lodged in 2010. Judge William M. Conley of the U.S. District Court for the Western District of Wisconsin disclosed the potential conflict of interest in a letter to both parties dated Aug. 27.

"Judge Conley informed me that it has been brought to his attention that while he presided over the case he owned stock in Apple," writes Joel Turner, the court's chief deputy clerk. "His ownership of stock neither affected nor impacted his decisions in this case." It is unclear how many shares Judge Conley possessed during the case, but ownership of company stock in any capacity would have required his recusal under the Code of Conduct for United States Judges. An advisory from the Judicial Conference Codes of Conduct Committee explains that disqualifying factors should be reported "as soon as those facts are learned," even if the realization occurs after a judge issues a decision.

"The parties may then determine what relief they may seek and a court (without the disqualified judge) will decide the legal consequence, if any, arising from the participation of the disqualified judge in the entered decision," Advisory Opinion 71 reads, as relayed by Turner. Apple and Nokia are invited to respond to Conley's disclosure by Oct. 27 should they wish to seek redress, though the companies are unlikely to take action considering the case was not a lynchpin in Nokia's overarching strategy.