Catalin Cimpanu, writing for BleepingComputer: macOS High Sierra users are once again impacted by a major APFS bug after two other major vulnerabilities affected Apple's new filesystem format in the last five months. This time around, according to a report from Mac forensics expert Sarah Edwards, recent versions of macOS High Sierra are logging encryption passwords for APFS-formatted external drives in plaintext, and storing this information in non-volatile (on-disk) log files.

The issue, if exploited, could allow an attacker easy access to the encryption password of encrypted APFS external volumes, such as USB thumb drives, portable hard drives, and other external storage mediums. This bug goes against all well-established Apple development and security rules, according to which apps and utilities should use the Keychain app to store valuable information, and should definitely avoid storing passwords in cleartext. Video 1, and 2.

The small city of Elk Grove, California received more than 2,000 erroneous 911 calls from Apple devices at an Apple repair facility. The months-long issue is yet to be resolved. From a report: Between October 20, 2017 and February 23, 2018, the police department in Elk Grove, California received 2,028 calls on its 911 lines originating from the Apple facility -- an average of 16 calls per day. At one point in January, the calls from the Apple factory were so frequent that they tied up every single one of Elk Grove's six 911 lines, according to public documents reviewed by Business Insider. "They lit us up like a Christmas tree," one dispatcher wrote in in an email to other dispatchers. It was obvious to Elk Grove police that the 911 calls were not real emergencies, but rather, the equivalent of accidental "butt dials," mysteriously ringing the city's hotline on an assembly-line scale.

For whatever reason, many of the iPhones being repaired at the Apple facility were going rogue and dialing 911. But for city officials trying to stop the nuisance and to ensure that a critical emergency resource was not overburdened, fixing the problem has not been easy. Despite crediting Apple for being responsive to their pleas for help, Elk Grove officials have been frustrated by the company's inability to fix the problem. At one point, officials even discussed the possibility of getting the state government involved and sending police to the factory.

At its education event in Chicago today, Apple introduced a refreshed 9.7-inch iPad with Apple Pencil support. "The updated iPad will be available in Apple stores today, in silver, space gray, and a new gold finish," reports The Verge. "The tablet will include Touch ID, an HD FaceTime camera, 10 hours of battery life, an 8-megapixel rear camera, LTE option, and Apple's A10 Fusion chip." From the report: Apple previously lowered the price of its 9.7-inch iPad last year, with a base model starting at $329, but today it's going a step further for students. Apple is offering the new iPad to schools priced at $299 and to consumers for $329. The optional Apple Pencil will be priced at $89 for schools and the regular $99 price for consumers. This is obviously not the $259 budget iPad pricing that was rumored, but it does make it a little more affordable to students and teachers. This new iPad will be a key addition to Apple's lineup as it seeks to fight back against Google's Chromebooks. Apple's iPads and Mac laptops reigned supreme in U.S. classrooms only five years ago, accounting for half of all mobile devices shipped to schools in 2013. Apple has now slipped behind both Google and Microsoft in U.S. schools, and Chromebooks are dominating classrooms with nearly 60 percent of shipments in the U.S. Apple had some other non-hardware, education-themed announcements at its event today. "Apple demonstrated Smart Annotation, which allows teachers to mark up reports in Pages directly, and the company promised new versions of its iWork apps like Pages, Numbers, and Keynote that support the Apple Pencil," reports The Verge. "Teachers will also be able to use Macs to create digital books for their classrooms, and Apple is building a books creator into the Pages app." The company also announced a new augmented reality app called Froggipedia that lets students virtually dissect frogs using an Apple Pencil. The free iCloud offering for students has also been bumped up from 5GB to 200GB.

The FBI did not have the technical capability to access an iPhone used by one of the terrorists behind the San Bernardino shooting, a Justice Department watchdog has found. ZDNet: A report by the department's Office of Inspector General sheds new light on the FBI's efforts to gain access to the terrorist's phone. It lands almost exactly a year after the FBI dropped a legal case against Apple, which had refused a demand by the government to build a backdoor that would've bypassed the encryption on the shooter's iPhone. Apple said at the time that if it was forced to backdoor one of its products, it would "set a dangerous precedent." Syed Farook and his wife, Tashfeen Malik, killed 14 people in the southern Californian town in December 2015. The 11-page report said that the FBI "had no such capability" to access the contents of Farook's encrypted iPhone, amid concerns that there were conflicting claims about whether the FBI may have had techniques to access the device by the time it had filed a suit against Apple. Those claims were mentioned in affidavits in the court case, as well as in testimony by former FBI director James Comey.

Foxconn, the Taiwan-based company best-known for manufacturing Apple products announced that one of its subsidiaries (Foxconn Interconnect Technology) is purchasing U.S.-based Belkin for $866 million in cash. "Belkin owns a number of major brands, including Linksys and Wemo," notes Android Police. From the report: The buyout would make Foxconn a major player in consumer electronics, instead of just a contract manufacturing company. Belkin primarily sells phone/tablet accessories, but also manufactures networking equipment like routers and Wi-Fi range extenders. The company also sells a range of smart home products under the Wemo brand. According to The Financial Times, the purchase is subject to approval from the U.S. Committee on Foreign Investment. In other words, there is a very real chance the acquisition could be blocked. President Trump blocked Broadcom's acquisition of Qualcomm earlier this month, based on advice from the committee.

An anonymous reader shares a report: Maybe Acer knows what Apple is up to tomorrow, maybe not. Regardless the information and communication tech company announced today the world's first Chrome OS tablet made for the education market, the Chromebook Tab 10. Designed for use in K-12 classrooms, the 9.7-inch tablet could potentially add to Google's Chromebook lead in the US education market and take some of the wind out of Apple's education-focused press conference on March 27. [...] Acer's new tablet, which will sell for $329 in April, is built around a 2048x1536-resolution IPS touchscreen with 264 pixels per inch. A durable Wacom EMR stylus comes standard and stores in the tablet's chassis that's only 0.39-inch thick (9.98 mm). Running on a Rockchip OP1 processor, 4GB of memory and 32GB of storage, the Tab 10 fully supports Google Play giving schools access to educational Android apps.

An anonymous reader shares a report: In November 2016, around seven hours after Abdul Razak Ali Artan had mowed down a group of people in his car, gone on a stabbing spree with a butcher's knife and been shot dead by a police officer on the grounds of Ohio State University, an FBI agent applied the bloodied body's index finger to the iPhone found on the deceased. The cops hoped it would help them access the Apple device to learn more about the assailant's motives and Artan himself.

This is according to FBI forensics specialist Bob Moledor, who detailed for Forbes the first known case of police using a deceased person's fingerprints in an attempt to get past the protections of Apple's Touch ID technology. Unfortunately for the FBI, Artan's lifeless fingerprint didn't unlock the device. In the hours between his death and the attempt to unlock, when the feds had to go through legal processes regarding access to the smartphone, the iPhone had gone to sleep and when reopened required a passcode, Moledor said. He sent the device to a forensics lab which managed to retrieve information from the iPhone, the FBI phone expert and a Columbus officer who worked the case confirmed. That data helped the authorities determine that Artan's failed attempt to murder innocents may have been a result of ISIS-inspired radicalization.

Where Moledor's attempt failed, others have succeeded. Separate sources close to local and federal police investigations in New York and Ohio, who asked to remain anonymous as they weren't authorized to speak on record, said it was now relatively common for fingerprints of the deceased to be depressed on the scanner of Apple iPhones, devices which have been wrapped up in increasingly powerful encryption over recent years. For instance, the technique has been used in overdose cases, said one source. In such instances, the victim's phone could contain information leading directly to the dealer.

An anonymous reader quotes a report from Motherboard: Grayshift, a company that offers to unlock modern iPhones for as little as $50 each, has caused a buzz across law enforcement agencies, with local police already putting down cash for the much sought-after tech. Now, it appears a section of the U.S. State Department has also purchased the iPhone cracking tool, judging by procurement records reviewed by Motherboard. Grayshift's iPhone product, dubbed GrayKey, can unlock devices running versions of Apple's latest mobile operating system iOS 11, according to marketing material obtained by Forbes. An online version of GrayKey which allows 300 unlocks costs $15,000 (which boils down to $50 per device), and an offline capability with unlimited uses is $30,000. According to a recent post from cybersecurity firm Malwarebytes, which obtained leaked details on GrayKey, the product itself is a small, four inch by four inch box, and two iPhones can be connected at once via lightning cables. Malwarebytes adds that the time it takes to unlock a device varies depending on the strength of the user's passcode: it may be hours or days. Notably, Grayshift includes an ex-Apple engineer on its staff, Forbes reported.

On March 6, the State Department ordered an item from Grayshift for just over $15,000, according to a purchase order listing available on the U.S. government's public federal procurement data system. The listing is sparse on details, putting the order under the generic label of "computer and computer peripheral equipment." But Motherboard confirmed that the Grayshift in the State Department listing is the same as the one selling iPhone cracking tech: the phone number of the vendor in both the purchase order and documents Motherboard previously obtained detailing a GrayKey purchase by Indiana State Police is the same. The "funding office" for the Grayshift purchase was the Bureau of Diplomatic Security, according to the procurement records. The Bureau acts as the law enforcement and security arm of the State Department, bearing "the core responsibility for providing a safe environment for the conduct of U.S. foreign policy," the State Department website reads.

An anonymous reader quotes a report from Quartz: Zuckerberg should have heeded what he heard from the late Steve Jobs eight years ago. Then, when the social network had a measly half-billion users, Jobs spoke at The Wall Street Journal's AllThingsD conference, where Zuckerberg was in the audience, waiting to be interviewed himself, and described what privacy meant. Journalist Walt Mossberg asked Jobs his thoughts on recent privacy issues around Facebook (which at the time was revamping its privacy controls after criticism it was forcing people to share data) and Google (which was literally recording private wifi information), and whether Silicon Valley looks at privacy differently than the rest of the world.

"Silicon Valley is not monolithic," Jobs responded, "We've always had a very different view of privacy than some of our colleagues in the Valley." Apple, for instance, does not leave it up to developers to decide whether to be dutiful about warning users that their apps are tracking their location data, instead forcing pop-ups on users to alert them that an app is tracking them, and to turn off that ability if they don't want. "We do a lot of things like that, to ensure that people know what these apps are doing," he added. It's a stance his successor, Tim Cook, still holds. Mossberg then asked Jobs if that applied to Apple's own apps in the cloud. Here's what Jobs said: "Privacy means people know what they're signing up for, in plain English, and repeatedly. I'm an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data." If the company had been more forthright about how developers could take data shared with them by Facebook users and sold to third parties, it may not have been in the mess it's in today. Additionally, TechCrunch reports that Zuckerberg was warned about app permissions in 2011 by European privacy campaigner and lawyer Max Schrems. "In August 2011, Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that's where Facebook's European HQ is based)."

"[T]his means that not the data subject but 'friends' of the data subject are consenting to the use of personal data," wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook's friends' data API. "Since an average facebook user has 130 friends, it is very likely that only one of the user's friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users' friends personal data (e.g. games, quizzes, apps that only post things on the user's page) but Facebook Ireland does not offer a more limited level of access than 'all the basic information of all friends.'" [...] "The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific," he added. It took Facebook from September 2012 until May 2014 and May 2015 to implement changes and tighten app permissions.

"Android phone makers are 'rushing' to implement fingerprint sensors under the display for upcoming handsets," reports 9to5Mac, citing a new report from Digitimes. "Android manufacturers have decided that recreating the 3D facial recognition used by iPhone X is simply too costly to include, and are instead focusing on implementing Qualcomm's ultrasonic fingerprint scanners." From the report: The report says that including an Infrared depth-sensing facial recognition system like the iPhone X is simply too expensive for Android smartphones to offer, which cannot command the same price premiums as Apple's iPhones. This is a combination of hardware and software development costs. Digitimes claims the cost of the TrueDepth 3D sensors in iPhone X peaked at $60 per unit, an incredibly high proportion of the overall phone cost if accurate. Android makers are also worried about possible patent infringement from adopting Infrared dot projector systems. Instead, they have turned to in-display fingerprint sensors as their next-generation of device authentication. This depends on using Qualcomm technology for ultrasonic-based fingerprint scanners, which can sit below the cover glass and work even if fingers are wet or greasy.

Apple is holding an education-focused event on Tuesday where it's expected to launch a "low-cost iPad" alongside new education software. The goal is to win back students and teachers who have adopted similar products/services from rivals Google and Microsoft. Bloomberg reports: In its first major product event of the year, Apple will return to its roots in the education market. The event on Tuesday at Lane Technical College Prep High School in Chicago will mark the first time Apple has held a product launch geared toward education since 2012 when it unveiled a tool for designing e-books for the iPad. It's also a rare occasion for an Apple confab outside its home state of California. In Chicago, the world's most-valuable technology company plans to show off a new version of its cheapest iPad that should appeal to the education market, said people familiar with the matter. The company will also showcase new software for the classroom, said the people, who asked not to be identified discussing private plans. Apple declined to comment.

Amazon has passed Alphabet to become the second most valuable company in the world. Apple remains the only other company more valuable than Amazon. CNBC reports: The e-commerce giant rose 2.7 percent on Tuesday lifting its stock market value to $768 billion. Alphabet, the parent of Google, fell 0.4 percent and is now valued at $762.5 billion. While the U.S. tech mega-caps have rallied in the past year, Amazon's performance has dwarfed them all, with the stock surging 85 percent over the past 12 months, including 35 percent to start 2018. Investors have been piling into Amazon, betting that the company's growing and very profitable cloud computing business will provide the cash needed for investments in original content, physical stores and continuing to build data centers and warehouses.

Tom Warren, writing for The Verge: If you blink during Apple's latest iPhone ad, you might miss a weird little animation bug. It's right at the end of a slickly produced commercial, where the text from an iMessage escapes the animated bubble it's supposed to stay inside. It's a minor issue and easy to brush off, but the fact it's captured in such a high profile ad just further highlights Apple's many bugs in iOS 11. 9to5Mac writer Benjamin Mayo spotted the bug in Apple's latest ad, and he's clearly surprised "that this was signed off for the commercial," especially as he highlighted it months ago and has filed a bug report with Apple.

Iranian users have not been able to access Apple's App Store all day today, in what appears to be a ban put in place by the US company. From a report: According to reports and sources who spoke with Bleeping Computer, the ban appears to have been put in place earlier today, around noon, GMT. Users were not able to connect to the Apple App Store to install or update applications. When visiting the App Store, they were instead greeted with the message "The App Store is unavailable in the country or region you're in." This ban appears to be IP-based. Meysam Firouzi -- an Iranian security researcher -- told Bleeping Computer that he successfully connected to the App Store while using a VPN, despite having Iran-related details set on his account.

The Information (paywalled) has published a lengthy report today covering the development of Siri. The article documents Siri's tumultuous changes in leadership and management over the last few years, indicating that Siri 1.0's infrastructure was very creaky, which held back the service. From a report: One of the most interesting anecdotes is the claim that Apple's HomePod team didn't meet with the Siri group until 2015 (Amazon Echo debuted in late 2014). The story says Apple had originally considered launching the speaker without Siri. The big takeaway from The Information's reporting is that Siri launched with a poorly scalable infrastructure that caused bottlenecks for years after it launched in 2011. At the initial release, the popularity of Siri 'exceeded expectations' and led to a lot of unreliability. The backend was not designed to handle enough users. Apple has spent the intervening years modernising the system apparently.

Apple has updated the specs for its Made-For-iPhone accessories program, letting accessory makers put USB-C ports on licensed devices, as well as create 3.5mm to Lightning cables for the first time. 9to5Mac reports: With the new specs, companies in the MFi program can now include USB-C receptacles on their officially certified iOS and Mac accessories for charging. That allows users to charge MFi accessories with a USB-C cable and or power adapter they might already have, for example, and also draw power from the USB port on a Mac using the same cable. It also has other advantages for manufacturers. Apple's documentation for the new specs lists battery packs and speakers as products that could benefit from using a USB-C receptacle. Products are also allowed to bundle USB-C cables with the MFi accessories, but manufacturers can opt to not include a cable or adapter and reduce their costs and or price in the process. Unlike with Lightning receptacles, Apple does not allow the port to be used for passthrough charging or sync of an iOS device. Also, new for accessory makers is the ability to create a Lightning to 3.5mm stereo analog audio output plug, which would allow users to go direct from the Lightning port to a 3.5mm input on another device.

Apple has yet to block a popular title in the Mac App Store that has openly embraced coin mining, prompting one to ask the question: does Apple allow apps in the Mac App Store if they clearly disclose that they will be mining cryptocurrency? Ars Technica reports: The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn't supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features. If Calendar 2 isn't the first known app offered in Apple's official and highly exclusive App Store to do currency mining, it's one of the very few.

A California state lawmaker says she hopes to make Apple explain specifically why it has opposed and lobbied against legislation that would make it easier for you to repair your iPhone and other electronics. Motherboard reports: Last week, California assemblymember Susan Talamantes-Eggman announced that she plans to introduce right to repair legislation in the state, which would require companies like Apple, Microsoft, John Deere, and Samsung to sell replacement parts and repair tools, make repair guides available to the public, and would require companies to make diagnostic software available to independent shops. Public records show that Apple has lobbied against right to repair legislation in New York, and my previous reporting has shown that Apple has privately asked lawmakers to kill legislation in places like Nebraska. To this point, the company has largely used its membership in trade organizations such as CompTIA and the Consumer Technology Association to publicly oppose the bill. But with the right to repair debate coming to Apple's home state, Talamantes-Eggman says she expects the company to show up to hearings about the bill.

"Apple is a very important company in the state of California, and one I have a huge amount of respect for. But the onus is on them to explain why we can't repair our own things and what damage or danger it causes them," Talamantes-Eggman told me in a phone interview. Talamantes-Eggman told me that the bill she plans to introduce will apply to both consumer electronics as well as agricultural equipment such as tractors. Broadly speaking, the electronics industry has decided to go with an "authorized repair" model in which companies pay the original device manufacturer to become authorized to fix devices.

In an interview with Quartz, Norman Winarsky, a founder of Siri, suggests that Apple may have given Siri an overly ambitious collection of responsibilities and hasn't made the feature reliable enough. From a report: And while vastly improved from its earliest days, Siri still isn't a sparkling conversationalist. "Surprise and delight is kind of missing right now," said Winarsky, now a consultant and venture capitalist. Winarsky acknowledges that some of this disappointment stems from the sheer difficulty of predicting the pace of major technological advancement, which Bill Gates once summed up as the human tendency to "overestimate the change that will occur in the next two years and underestimate the change that will occur in the next 10."

But part of it is also likely because Apple chose to take Siri in a very different direction than the one its founders envisioned. Pre-Apple, Winarsky said, Siri was intended to launch specifically as a travel and entertainment concierge. Were you to arrive at an airport to discover a cancelled flight, for example, Siri would already be searching for an alternate route home by the time you pulled your phone from your pocket -- and if none was available, would have a hotel room ready to book. It would have a smaller remit, but it would learn it flawlessly, and then gradually extend to related areas. "These are hard problems and when you're a company dealing with up to a billion people, the problems get harder yet," Winarsky said. "They're probably looking for a level of perfection they can't get."

Apple said on Monday it will acquire Texture, a digital magazine app, as the iPhone maker looks to fill the gap left by Facebook's pullback from news distribution. From a report: The deal is Apple's latest move to build out its content and services platform, coming just three months after it announced plans to acquire Shazam, the music recognition app, for around $400m. First launched in 2010, Texture has been described as "Netflix for magazines," as its $10-per-month subscription service provides unlimited access to more than 220 publications including People, the New Yorker, Vanity Fair, National Geographic and Vogue. Further reading: Recode.