IOS

Researcher Dumps Three iOS Zero-days After Apple Failed To Fix Issues for Months (therecord.media) 64

A security researcher has published details about three iOS zero-day vulnerabilities, claiming that Apple has failed to patch the issues, which they first reported to the company earlier this year. From a report: Going by the pseudonym of Illusion of Chaos, the researcher has published their findings on Russian blogging platform Habr and has released proof-of-concept code for each vulnerability on GitHub. This includes:

1. A vulnerability in the Gamed daemon that can grant access to user data such as AppleID emails, names, auth token, and grant file system access.

2. A vulnerability in the nehelper daemon that can be used from within an app to learn what other apps are installed on a device.

3. An additional vulnerability in the nehelper daemon can also be used from within an app to gain access to a device's WiFi information.

EU

EU Proposes Mandatory USB-C on All Devices, Including iPhones (theverge.com) 244

The European Commission, the executive arm of the European Union, has announced plans to force smartphone and other electronics manufacturers to fit a common USB-C charging port on their devices. From a report: The proposal is likely to have the biggest impact on Apple, which continues to use its proprietary Lightning connector rather than the USB-C connector adopted by most of its competitors. The rules are intended to cut down on electronic waste by allowing people to re-use existing chargers and cables when they buy new electronics. In addition to phones, the rules will apply to other devices like tablets, headphones, portable speakers, videogame consoles, and cameras. Manufacturers will also be forced to make their fast-charging standards interoperable, and to provide information to customers about what charging standards their device supports. Under the proposal, customers will be able to buy new devices without an included charger. The proposals only cover devices using wired, not wireless, chargers, EU commissioner Thierry Breton said in a press conference, adding that "there is plenty of room for innovation on wireless." A spokesperson for the Commission subsequently confirmed to The Verge that a USB-C port is only mandatory for devices that charge using a cable. But, if a device charges exclusively via wireless, like Apple's rumored portless iPhone, there'd be no requirement for a USB-C charging port.
Apple

Apple CEO Tim Cook in Leaked Memo: 'We Are Doing Everything in Our Power' To Identify Leakers (macrumors.com) 66

Apple CEO Tim Cook has warned employees about leaking company information. Cook's memo: Dear Team,

It was great to connect with you at the global employee meeting on Friday. There was much to celebrate, from our remarkable new product line-up to our values driven work around climate change, racial equity, and privacy. It was a good opportunity to reflect on our many accomplishments and to have a discussion about what's been on your mind.

I'm writing today because I've heard from so many of you were incredibly frustrated to see the contents of the meeting leak to reporters. This comes after a product launch in which most of the details of our announcements were also leaked to the press.

I want you to know that I share your frustration. These opportunities to connect as a team are really important. But they only work if we can trust that the content will stay within Apple. I want to reassure you that we are doing everything in our power to identify those who leaked. As you know, we do not tolerate disclosures of confidential information, whether it's product IP or the details of a confidential meeting. We know that the leakers constitute a small number of people. We also know that people who leak confidential information do not belong here.

As we look forward, I want to thank you for all you've done to make our products a reality and all you will do to get them into customers' hands. Yesterday we released iOS 15, iPadOS 15, and watchOS 8, and Friday marks the moment when we share some of our incredible new products with the world. There's nothing better than that. We'll continue to measure our contributions in the lives we change, the connections we foster, and the work we do to leave the world a better place.


Apple

Apple Bans Fortnite Until Appeals Are Exhausted in Legal Fight (bloomberg.com) 74

Apple plans to keep Fortnite off of its App Store until appeals are exhausted in its legal battle with Epic Games, the maker of the popular battle-royale game. From a report: Apple sent a letter to Epic Tuesday saying that it "will not consider any further requests for reinstatement until the district court's judgment becomes final and nonappealable." The letter, sent to Epic's lawyers from a firm representing Apple, was published on Twitter by Epic Chief Executive Officer Tim Sweeney. That process could take five years, he said. Epic sued Apple in August 2020 after the iPhone-maker removed Fortnite from its App Store, citing a workaround that circumvented Apple's commission on purchases.
Medicine

Apple is Working on Mental Health Monitoring Using iPhone Data 39

Apple is working on ways to help detect and diagnose conditions such as depression, anxiety and cognitive decline using an iPhone, WSJ is reporting. Techcrunch: Researchers hope that analysis of data such as mobility, sleep patterns and how people type could spot behaviors associated with those conditions, according to The Wall Street Journal. ther measurements could include facial expression analysis and heart and respiration rates. All of the processing would take place on the device, with no data sent to Apple servers. The company is working on research projects that could lead to the development of these features. The University of California, Los Angeles, is studying stress, anxiety and depression, with Apple Watch and iPhone data for 3,000 volunteers being tracked in a study that starts this year. A pilot phase that began in 2020 recorded data from 150 participants.
EU

EU Plans To Legislate for Common Phone Charger Despite Apple Grumbles (reuters.com) 179

The European Commission will on Thursday present a legislative proposal for a common charger for mobile phones, tablets and headphones, a move likely to affect iPhone maker Apple more than its rivals, Reuters reported on Tuesday, citing a person familiar with the matter. From the report: The European Union executive and EU lawmakers have been pushing for a common charger for over a decade, saying it would be better for the environment and more convenient for users. The Commission wants the sale of chargers to be decoupled from devices, and also propose a harmonised charging port, the person said. Apple, whose iPhones are charged from its Lightning cable, has said rules forcing connectors to conform to one type could deter innovation, create a mountain of electronic waste and irk consumers.
Iphone

Researcher Discloses iPhone Lock Screen Bypass on iOS 15 Launch Day (therecord.media) 25

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes. From a report: In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. "Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000," the researcher wrote on Twitter last week. [...] Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. Further reading: Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings.
Apple

Leaked Apple Training Videos Show How the iPhone-Maker Undermines Third-Party Repair (vice.com) 133

em1ly shares a report from Motherboard, which obtained leaked training videos Apple made for its authorized repair partners, showing how the company trains repair technicians to undermine third party companies and talk customers into buying more expensive first party repairs. From the report: "I cracked the glass on my phone and I'm comparing costs. How much for just that part?" One man acting the part of the customer asks in one of the videos.
"I can show you the cost for just the part before we begin," another man, playing the part of repair technician says.
"Whoa," the customer says, holding out his hands. "That's way more than the shop down the street. Why is it so expensive here?"
"This quote's for a genuine Apple part," the technician says.
"What do you mean by genuine?" the customer asks, his hands making scare quotes. "I'd like to save some money. Aren't they really the same part?"

After this, the technician launches into an explanation of why it's best for people to replace broken iPhone parts with genuine Apple products. "A genuine Apple part has to pass AppleCare engineering criteria," the technician says, explaining that a screen from Apple will be tested as if it had just come off the factory floor. "With a genuine Apple display, all the features you've come to rely on behave seamlessly...that's not the case with third party displays."

Six of the eight videos are dedicated to training repair techs on how to deal with customers worried about the huge costs of repairing an Apple device. One three-minute video is dedicated to helping customers understand why a genuine Apple screen is often better than one from a third party.

IOS

Apple Releases iOS 15 and iPadOS 15 (macrumors.com) 43

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand.

A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15.
Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.
Google

Google and Apple, Under Pressure From Russia, Remove Voting App (nytimes.com) 60

Apple and Google removed an app meant to coordinate protest voting in this weekend's Russian elections from the country on Friday, a blow to the opponents of President Vladimir V. Putin and a display of Silicon Valley's limits when it comes to resisting crackdowns on dissent around the world. From a report: The decisions came after Russian authorities, which claim the app is illegal, threatened to prosecute local employees of Apple and Google -- a sharp escalation in the Kremlin's campaign to rein in the country's largely uncensored internet. A person familiar with Google's decision said the authorities had named specific individuals who would face prosecution, prompting it to remove the app.

The person declined to be identified for fear of angering the Russian government. Google has more than 100 employees in the country. Apple did not respond to phone calls, emails or text messages seeking comment. The app was created and promoted by allies of the opposition leader Aleksei A. Navalny, who were hoping to use it to consolidate the opposition vote in each of Russia's 225 electoral districts. It disappeared from the two technology platforms just as voting got underway in the three-day parliamentary election, in which Mr. Putin's United Russia party -- in a carefully stage-managed system -- holds a commanding advantage.

Mr. Navalny's team reacted with outrage to the decision, suggesting the companies had made a damaging concession to the Russians. "Removing the Navalny app from stores is a shameful act of political censorship," an aide to Mr. Navalny, Ivan Zhdanov, said on Twitter. "Russia's authoritarian government and propaganda will be thrilled." The decisions also drew harsh condemnation from free-speech activists in the West. "The companies are in a really difficult position but they have put themselves there," David Kaye, a former United Nations official responsible for investigating freedom of expression issues, said in an interview. "They are de facto carrying out an element of Russian repression. Whether it's justifiable or not, it's complicity and the companies need to explain it."

Iphone

iPhone 13 and iPhone 13 Pro Feature Dual eSIM Support (9to5mac.com) 30

Apple introduced eSIM support on iPhone with iPhone XR and iPhone XS in 2018. However, while you can use a regular SIM and an eSIM simultaneously, there was no way to use two eSIMs simultaneously -- until now. iPhone 13 and iPhone 13 Pro feature dual eSIM support for the first time. From a report: The new capability was confirmed by Apple on the iPhone 13 specs webpage. There, Apple says that iPhone 13 models support Dual SIM using both regular SIM and eSIM and "Dual eSIM," as the company calls it. If you check the webpage of the iPhone 12 or previous generations, only combined Dual SIM support is mentioned. These are the SIM support specifications for iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max: Dual SIM (nanoâ'SIM and eSIM), and dual eSIM support. During the event, Apple also mentioned that iPhone 13 models have support for more 5G bands, which should enable the new faster network in more countries.
Apple

Apple Watch Series 7 Delivers Larger Screens and More Durability (engadget.com) 26

Earlier today at Apple's iPhone 13 launch event, Apple introduced the Apple Watch Series 7 with a new, more seamless design with larger 41mm and 45mm cases that include larger, brighter and more durable screens. There's also a variety of new colors to choose from. Engadget reports: The update takes advantage of the bigger displays, with more information and new watch faces like Contour, Modular Duo and World Timer. As for durability? Series 7 is the first Apple Watch with a dust resistance rating (IP6X), making it better-suited to mountain climbing or the beach. The screen itself is more crack-resistant thanks to a thicker new geometry, and you'll still get swim-friendly WR50 (that is, 50-meter) water resistance. You won't confuse this with a rugged watch, but you might not panic quite so much after a fall.

The updates aren't quite so aggressive under the hood. You can anticipate 33 percent faster charging and fall detection during workouts. Most of the updates come through watchOS 8, which now includes detection of cycling workouts, better tracking for e-bikes and help if you fall off. You'll also get a full swipe-based keyboard, support for more workouts (Pilates and Tai Chi) and respiratory rate tracking while you sleep. Apple Watch Series 7 will arrive sometime this fall starting at $399. The Apple Watch SE and Watch Series 3 will hang around at respective prices of $299 and $199, and you can expect refreshed Nike and Hermes variants for the Series 7.

Apple

All-new iPad Mini Announced With 5G, USB-C, and Larger 8.3-inch Display (theverge.com) 36

Apple has announced its all-new iPad Mini. It features a new enclosure with narrower bezels and rounded corners. From a report: The big news is that it's larger than the iPad Mini 5 with an 8.3-inch display (up from its predecessor's 7.9-inch panel), making the device even more viable as a driver for multitasking or schoolwork. Apple says the screen can reach 500 nits of brightness. The iPad Mini is currently Apple's smallest tablet, even with the bump in size. Apple was rumored to have been considering a Mini LED display on the new iPad, similar to that of its largest iPad Pro. Those appear to have missed the mark; the new Mini sports a regular Liquid Retina display. The new iPad Mini is up for preorder today and will be available next week starting at $499.
Iphone

iPhone 13 Pro and Pro Max Announced With High Refresh Rate 120Hz Displays (theverge.com) 124

Apple has officially announced the high-end part of the iPhone 13 lineup: the iPhone 13 Pro and 13 Pro Max. It's got a faster A15 Bionic chip, three all-new cameras, and an improved display with up to a 120Hz ProMotion high refresh rate display that can go as bright as 1,000 nits. The iPhone 13 Pro will start at $999, while the iPhone 13 Pro Max will start at $1099. Both will be available to order on Friday, shipping on September 24th. From a report: The OLED screens on both models are the same sizes as last year at 6.1 and 6.7 inches but with slightly smaller notches that should allow for more space in the iOS status bar. Apple says the phones have an all-new three-camera system. The ultrawide should offer better low-light photography, and the telephoto now goes up to 3x zoom, enabling 6x optical zoom across the three cameras. All three cameras now have night mode, and there's a new macro mode for photographing subjects at just 2cm.
Security

Apple Patches a NSO Zero-Day Flaw Affecting All Devices (techcrunch.com) 29

Apple has released security updates for a newly discovered zero-day vulnerability that affects every iPhone, iPad, Mac and Apple Watch. Citizen Lab, which discovered the vulnerability and was credited with the find, urges users to immediately update their devices. From a report: The technology giant said iOS 14.8 for iPhones and iPads, as well as new updates for Apple Watch and macOS, will fix at least one vulnerability that it said "may have been actively exploited." Citizen Lab said it has now discovered new artifacts of the ForcedEntry vulnerability, details it first revealed in August as part of an investigation into the use of a zero-day vulnerability that was used to silently hack into iPhones belonging to at least one Bahraini activist.

Last month, Citizen Lab said the zero day flaw -- named as such since it gives companies zero days to roll out a fix -- took advantage of a flaw in Apple's iMessage, which was exploited to push the Pegasus spyware, developed by Israeli firm NSO Group, to the activist's phone. Pegasus gives its government customers near-complete access to a target's device, including their personal data, photos, messages and location.

The Courts

Epic Files Appeal After Loss To Apple in App Store Case (bloomberg.com) 119

Epic Games filed a notice of appeal Sunday following a judge's decision in its antitrust lawsuit against Apple. From a report: U.S. District Judge Yvonne Gonzalez Rogers mostly sided with Apple, rejecting Epic's claims that the iPhone maker is a monopoly. She also didn't rule that Apple needs to restore Fortnite, Epic's hit game at the center of the lawsuit, to the App Store or Epic's Apple developer account. She also rejected the need for third-party App Stores and didn't force Apple to lower its App Store revenue cut of 15% to 30%.

The judge, however, said that Apple has engaged in some anticompetitive conduct and she ordered the Cupertino, California-based technology giant to allow all app and game developers to steer consumers to outside payment methods on the web. All developers for the first time could be able to include a button in their apps to let users pay for transactions online, circumventing Apple's fees. She also ordered Epic to pay at least $4 million in damages to Apple for breach of contract, which included collecting payments outside of Apple's in-app-purchase system.

Iphone

Apple Says Motorcycle Vibrations Can Damage IPhone Cameras (engadget.com) 132

Long-time Slashdot reader fahrbot-bot quotes Engadget: Hold off on purchasing that iPhone mount for your motorbike.

In a new Apple Support post first seen by MacRumors, the tech giant has warned that high amplitude vibrations, "specifically those generated by high-power motorcycle engines" transmitted through handlebars, can damage its phones' cameras.

As the publication notes, that damage can be permanent. A simple Google search will surface posts over the past few years by users whose cameras were ruined after they mounted their iPhone on their bike, mostly so they can use it for navigation.

MacRumors summarizes another Apple recommendation: for slower vehicles like mopeds and scooters "at least use a vibration-dampening mount to minimize the chances of any damage."

Engadget's suggestion? "Just use another GPS device to make sure you don't ruin a device that costs hundreds to over a thousand dollars."
Open Source

Linux For Apple Silicon Macs Gets Closer To Reality (substack.com) 53

"Asahi Linux for Apple M1 Macs is moving closer to reality," writes Slashdot reader TroysBucket.

An Asahi developer posted a detailed status update on Twitter. Linux enthusiast Bryan Lunduke offers this succinct summary:

- The Asahi Linux team has Linux (Debian, in this case) booting and usable with network support.

- They now have (very early) display drivers which "take full advantage of the display hardware."

- They have at least two base distributions — both Arch and Debian — working and functional (to some extent).

They also have, according to their latest update, "boot picker" support so that you can manually select which OS / Drive to boot from on the M1 Macs... I, for one, can't wait to see the first public, functional release of Asahi Linux — and will be following it extremely closely.

Businesses

Apple Risks Losing Billions of Dollars Annually From Ruling (bloomberg.com) 61

Mark Gurman, reporting on Friday's ruling in Apple and Epic lawsuit: So how much does Apple stand to lose? That all comes down to how many developers try to bypass its payment system. Loup Venture's Gene Munster, a longtime Apple watcher, put the range at $1 billion to $4 billion, depending on how many developers take advantage of the new policy. Apple depicted the ruling as a victory, signaling that it's not too worried about the financial impact. "The court has affirmed what we've known all along: The App Store is not in violation of antitrust law" and "success is not illegal," Apple said in a statement. Kate Adams, the iPhone maker's general counsel, called the ruling a "resounding victory" that "underscores the merit" of its business.

Apple's adversary in the trial -- Epic Games, the maker of Fortnite -- also contended that the judge sided with Apple. This "isn't a win for developers or for consumers," Epic Chief Executive Officer Tim Sweeney said on Twitter. [...] Apple made about $3.8 billion in U.S. revenue from games in 2020, most of which came from in-app purchases, according to estimates from Sensor Tower. But even if the ruling ends up costing Apple a few billion dollars a year, that's still a small fraction of its total revenue. In fiscal 2021 alone, the company is estimated to bring in more than $360 billion, meaning the change won't make or break its overall financial performance. And many developers may choose to stick to Apple's payment system so they don't have to build their own web payment platform.

More concerns were shared by the EFF in a thread on Twitter. "Disappointingly, a court found that Apple is not a monopolist in mobile gaming or in-app transactions, so its App Store commissions don't violate antitrust law. One bright spot: the court found Apple's gag rules on app developers violate California law...

"The court's opinion spells out many serious problems with today's mobile app ecosystem, such as false tensions between user choice and user privacy. Congress can help with real antitrust reform and new legal tools, and shouldn't let Apple's privacywashing derail that work."
Security

Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings. (washingtonpost.com) 23

Lack of communication, confusion about payments and long delays have security researchers fed up with Apple's bug bounty program. The Washington Post: Hoping to discover hidden weaknesses, Apple for five years now has invited hackers to break into its services and its iconic phones and laptops, offering up to $1 million to learn of its most serious security flaws. [...] But many who are familiar with the program say Apple is slow to fix reported bugs and does not always pay hackers what they believe they're owed. Ultimately, they say, Apple's insular culture has hurt the program and created a blind spot on security. "It's a bug bounty program where the house always wins," said Katie Moussouris, CEO and founder of Luta Security, which worked with the Defense Department to set up its first bug bounty program. She said Apple's bad reputation in the security industry will lead to "less secure products for their customers and more cost down the line."

Apple said its program, launched in 2016, is a work in progress. Until 2019, the program was not officially opened to the public, although researchers say the program was never exclusive. [...] In interviews with more than two dozen security researchers, some of whom spoke on the condition of anonymity because of nondisclosure agreements, the approaches taken by Apple's rivals were held up for comparison. Facebook, Microsoft and Google publicize their programs and highlight security researchers who receive bounties in blog posts and leader boards. They hold conferences and provide resources to encourage a broad international audience to participate. And most of them pay more money each year than Apple, which is at times the world's most valuable company.

Microsoft paid $13.6 million in the 12-month period beginning July 2020. Google paid $6.7 million in 2020. Apple spent $3.7 million last year, Krstic said in his statement. He said that number is likely to increase this year. Payment amounts aren't the only measure of success, however. The best programs support open conversations between the hackers and the companies. Apple, already known for being tight-lipped, limits communication and feedback on why it chooses to pay or not pay for a bug, according to security researchers who have submitted bugs to the bounty program and a former employee who spoke on the condition of anonymity because of a nondisclosure agreement. Apple also has a massive backlog of bugs that it hasn't fixed, according to the former employee and a current employee, who also spoke on the condition of anonymity because of an NDA.

Slashdot Top Deals