storagedude shares a report from the Cyber Express: Some of the most widely used web and social media applications could be vulnerable to three newly discovered CocoaPods vulnerabilities -- including potentially millions of Apple devices, according to a report by The Cyber Express, the news service of threat intelligence vendor Cyble Inc. E.V.A Information Security researchers reported three vulnerabilities in the open source CocoaPods dependency manager that could allow malicious actors to take over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications, potentially affecting "almost every Apple device." The researchers found vulnerable code in applications provided by Meta (Facebook, Whatsapp), Apple (Safari, AppleTV, Xcode), and Microsoft (Teams); as well as in TikTok, Snapchat, Amazon, LinkedIn, Netflix, Okta, Yahoo, Zynga, and many more.

The vulnerabilities have been patched, yet the researchers still found 685 Pods "that had an explicit dependency using an orphaned Pod; doubtless there are hundreds or thousands more in proprietary codebases." The newly discovered vulnerabilities -- one of which (CVE-2024-38366) received a 10 out of 10 criticality score -- actually date from a May 2014 CocoaPods migration to a new 'Trunk' server, which left 1,866 orphaned pods that owners never reclaimed. While the vulnerabilities have been patched, the work for developers and DevOps teams that used CocoaPods before October 2023 is just getting started. "Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code," the E.V.A researchers said. "The vulnerabilities we discovered could be used to control the dependency manager itself, and any published package." [...] "Dependency managers are an often-overlooked aspect of software supply chain security," the researchers wrote. "Security leaders should explore ways to increase governance and oversight over the use these tools." "While there is no direct evidence of any of these vulnerabilities being exploited in the wild, evidence of absence is not absence of evidence." the EVA researchers wrote. "Potential code changes could affect millions of Apple devices around the world across iPhone, Mac, AppleTV, and AppleWatch devices."

While no action is required by app developers or users, the EVA researchers recommend several ways to protect against these vulnerabilities. To ensure secure and consistent use of CocoaPods, synchronize the podfile.lock file with all developers, perform CRC validation for internally developed Pods, and conduct thorough security reviews of third-party code and dependencies. Furthermore, regularly review and verify the maintenance status and ownership of CocoaPods dependencies, perform periodic security scans, and be cautious of widely used dependencies as potential attack targets.

According to Bloomberg's Mark Gurman, Apple plans to add its "Apple Intelligence" AI features to visionOS and update its approach to in-store demos of the headset. The Verge reports: The company is adding a new "Go Deeper" option to its in-store demos, Gurman writes. That reportedly includes testing office features and watching videos, as well as defaulting to the Dual Loop band that sends straps over the top and around the back of wearers' heads instead of the single-strap Solo Loop band, which some find uncomfortable. Apple will also reportedly let people view their own videos and photos, including panoramas, in the headset. Adding the sentimental touch to the demos could work out, especially once visionOS 2 comes out this fall, with its "spatialize" option to turn 2D photos into 3D ones -- a feature that's more impressive than it has the right to be (though still a little quirky with hair and glasses, like Apple's Portrait Mode feature).

Apple's decision not to launch its own AI features in the EU is a "stunning declaration" of its anticompetitive behavior, European Commission Vice-President Margrethe Vestager said. From a report: About two weeks ago, Apple announced it will not launch its homegrown AI features in the EU, saying that interoperability required by the EU's Digital Markets Act (DMA) could hurt user privacy and security. A few days later, the Commission accused Apple's App Store of DMA breaches. Apple's move to roll back its AI plans in Europe is the most "stunning, open declaration that they know 100% that this is another way of disabling competition where they have a stronghold already," Vestager, the Commission's vice president for a Europe fit for the digital age and Commissioner for Competition, told a Forum Europa event.

The "short version of the DMA [Digital Markets Act]" is that to operate in Europe, companies have to be open for competition, said Vestager. The DMA foresees fines of up to 10% of annual revenue, which in Apple's case could be over $32.2 billion, based on its previous financial performance. For repeated infringements, that percentage could double.

According to a report from The Information, Apple is developing a new "electrically induced adhesive debonding" technology that would make iPhone batteries easier to replace. 9to5Mac reports: Currently, replacing an iPhone battery requires using tweezers to remove the existing battery, which is held in place by adhesive strips. Then, you must use a "specialized machine and tray" to press the new battery into place. The new process uses metal instead of foil to cover the battery, as The Information explains: "The new technology --- known as electrically induced adhesive debonding -- involves encasing the battery in metal, rather than foil as it is currently. That would allow people to dislodge the battery from the chassis by administering a small jolt of electricity to the battery, the people said. Consumers still have to pry open the iPhone themselves, which is not an easy process because of the adhesives and screws that keep the iPhone's screen sealed in place."

Even with this change, however, Apple will still recommend that iPhone users visit a professional to replace their battery. If Apple's development of this new bonding technology goes according to plan, it could debut it with at least one iPhone 16 model this year. According to the report, it would then expand to all versions of the iPhone 17 next year.

After launching in the United States earlier this year, Apple's Vision Pro is now available to buy in China, Japan, and Singapore. "The Apple Vision Pro will also roll out to Germany, France, Australia, the UK, and Canada on July 12th, with preorders for those regions available starting today at 5AM PT," notes The Verge. Apple is documenting the international launch via a recent blog post.

According to CNBC, the device starts at $4,128 (29,999 yuan) in China, compared to $3,500 in the U.S. Meanwhile, Apple is already hard at work on a more budget-friendly model. In Bloomberg's "Power On" newsletter, Apple news-breaker Mark Gurman reports today that the tech giant is "working on a cheaper headset, a second Vision Pro model and augmented-reality glasses to better compete with Meta."

In 2021, Apple announced plans for a new $1 billion campus in North Carolina, set to include a new engineering and research center and support up to 3,000 employees. According to Lauren Ohnesorge of Triangle Business Journal (paywalled), Apple remains committed to the project, but the timeline has been delayed by four years. MacRumors reports: A limited amount of progress on the campus has been made since the announcement, and Apple has not provided updates on construction until now. Apple told Triangle Business Journal that it has paused work on the campus, and it is working with North Carolina Governor Roy Cooper and the North Carolina Department of Commerce to extend the project's timeline by four years.

Apple last year filed development plans for the first phase of construction, but the specific timeline for the project has never been clear. Apple's plans for Research Triangle Park include six buildings and a parking garage totaling 700,000 square feet of office space, 190,000 square feet of accessory space, and close to 3,000 parking spaces spanning 41 acres. Apple owns 281 acres of land in the area where it plans to build its campus, so there could ultimately be several phases of construction. As it prepares to build the NC research center, Apple is leasing more than 200,000 square feet of office space in Cary, North Carolina. In a statement, Apple said it is still committed to the project: "Apple has been operating in North Carolina for over two decades. And we're deeply committed to growing our teams here. In the last three years, we've added more than 600 people to our team in Raleigh, and we're looking forward to developing our new campus in the coming years."

Apple has extended its self-service repair diagnostics tool to 32 European countries, including the UK, France, and Germany. The software, previously limited to technicians, allows customers to perform system configuration after self-repairs on iPhones, Macs, and Studio Displays.

Launched in the U.S. last year, the tool is part of Apple's Self Service Repair program, which provides access to genuine parts, tools, and manuals for select models. The expansion supports 42 Apple products in 33 countries and 24 languages, furthering the company's efforts to extend product lifespan.

UPDATE (7/14/2024): Apple has now reversed their decision for UTM SE, and allowed it into their App Store. Slashdot's original story appears below...


An anonymous reader quotes a report from The Verge: Apple might finally allow retro video game emulators on the App Store, but this month, the company rejected submissions of iDOS 3, a new version of the popular DOS emulator, and UTM SE, an app that lets you emulate operating systems like Windows on iOS. In both instances, Apple said the new releases violate guideline 4.7 of the App Review Guidelines, which is the one that allows for retro game emulators. Chaoji Li, the developer of iDOS 3, shared some of Apple's reasoning for the rejection with The Verge. "The app provides emulator functionality but is not emulating a retro game console specifically," according to Apple's notice. "Only emulators of retro game consoles are appropriate per guideline 4.7." "When I asked what changes I should make to be compliant, they had no idea, nor when I asked what a retro game console is," Li said in a blog post. "It's still the same old unreasonable answer along the line of 'we know it when we see it.'"

UTM posted about its rejection on X. "The App Store Review Board determined that 'PC is not a console' regardless of the fact that there are retro Windows / DOS games for the PC that UTM SE can be useful in running," according to the post. UTM also noted that Apple is barring UTM SE from being notarized for third-party app stores because the app apparently violated guideline 2.5.2. That rule states that apps have to be self-contained and can't execute code "which introduces or changes features or functionality of the app, including other apps." Apple typically hasn't allowed just-in-time (JIT) compilation. However, and somewhat confusingly, UTM said that UTM SE doesn't include just-in-time compilation. Additionally, Apple clarified that guideline 4.7, which allows apps to offer "certain software that is not embedded in the binary," is "an exception that only applies to App Store apps" but isn't one that UTM SE qualifies for, UTM said in a follow-up post.

An anonymous reader shares a report: Apple rejected overtures by Meta Platforms to integrate the social networking company's AI chatbot into the iPhone months ago, according to people with knowledge of the matter. The two companies aren't in discussions about using Meta's Llama chatbot in an AI partnership and only held brief talks in March, said the people, who asked not to be identified because the situation is private. The dialogue about a partnership didn't reach any formal stage, and Apple has no active plans to integrate Llama.

[...] Apple decided not to move forward with formal Meta discussions in part because it doesn't see that company's privacy practices as stringent enough, according to the people. Apple has spent years criticizing Meta's technology, and integrating Llama into the iPhone would have been a stark about-face.

Apple is imposing unfair restrictions on developers of apps for its App Store in violation of a new European Union law meant to encourage competition in the tech industry, regulators in Brussels said on Monday. From a report: The charges further escalated a tussle between Apple, which says its products are designed in the best interest of customers, and E.U. regulators, who say the company is unfairly using its size and considerable resources to stifle competition. Apple is the first company to be charged for violating the Digital Markets Act, a law passed in 2022 that gives European regulators wide authority to force the largest "online gatekeepers" to change their business practices.

After initiating an investigation in March, E.U. regulators said Apple was putting unlawful restrictions on companies that make games, music services and other applications. Under the law, also known as the D.M.A., Apple cannot limit how companies communicate with customers about sales and other offers and content available outside the App Store. The company faces a penalty of 10 percent of global revenue, a fine that could go up to 20 percent for repeat infringements, regulators said. Apple reported $383 billion in revenue last year. "Today is a very important day for the effective enforcement of the D.M.A.," said Margrethe Vestager, the European Commission executive vice president in charge of competition policy. She said Apple's App Store policies make developers more dependent on the company and prevent consumers from being aware of better offers.

Earlier this month Apple announced a partnership with OpenAI to bring ChatGPT to Siri.

"Now, the Wall Street Journal reports that Apple and Facebook's parent company Meta are in talks around a similar deal," according to TechCrunch: A deal with Meta could make Apple less reliant on a single partner, while also providing validation for Meta's generative AI tech. The Journal reports that Apple isn't offering to pay for these partnerships; instead, Apple provides distribution to AI partners who can then sell premium subscriptions... Apple has said it will ask for users' permission before sharing any questions and data with ChatGPT. Presumably, any integration with Meta would work similarly.

Filipe Esposito reports via 9to5Mac: When Apple introduced AirPods in 2016, the company also unveiled a new, easy and intuitive way to pair wireless accessories to iPhone and iPad. Rather than having to go to Bluetooth settings and press buttons, the system identifies the accessory nearby and prompts the user to pair it. With iOS 18, this quick pairing process will be available for the first time to accessory makers.

Called AccessorySetupKit, the new API gives third-party accessories the same setup experience as Apple accessories such as AirPods and AirTag. As soon as the iPhone or iPad running iOS 18 with the right app detects a compatible accessory, it will show the user a popup to confirm pairing with that device. With just a tap, the system will automatically handle all the Bluetooth or Wi-Fi connectivity required by the accessory. This also means that users will no longer have to manually give Bluetooth and Wi-Fi permissions individually to that accessory's app.

If the accessory requires a more complex pairing process, such as confirming a PIN code, the iOS 18 API can also ask the user for this information without the need to open an app. Once the accessory has been paired, more information about it can be found in a new Accessories menu within the Privacy settings.

Apple is withholding a raft of new technologies from hundreds of millions of consumers in the European Union, citing concerns posed by the bloc's regulatory attempts to rein in Big Tech. From a report: The company announced Friday it would block the release of Apple Intelligence, iPhone Mirroring and SharePlay Screen Sharing from users in the EU this year, because the Digital Markets Act allegedly forces it to downgrade the security of its products and services.

"We are concerned that the interoperability requirements of the DMA could force us to compromise the integrity of our products in ways that risk user privacy and data security," Apple said in a statement. Under the DMA, Apple is expected to receive a formal warning from EU regulators over how it allegedly blocks apps from steering users to cheaper subscription deals on the web -- a practice for which it received a $1.9 billion fine from Brussels regulators earlier this year.

An anonymous reader shares a report: Apple's practice of leveraging ideas from its third-party developer community to become new iOS and Mac features and apps has a hefty price tag, a new report indicates. With the release of iOS 18 later this fall, Apple's changes may affect apps that today have an estimated $393 million in revenue and have been downloaded roughly 58 million times over the past year, according to an analysis by app intelligence firm Appfigures.

Every June at Apple's Worldwide Developer Conference, the iPhone maker teases the upcoming releases of its software and operating systems, which often include features previously only available through third-party apps. The practice is so common now it's even been given a name: "sherlocking" -- a reference to a 1990s search app for Mac that borrowed features from a third-party app known as Watson. Now, when Apple launches a new feature that was before the domain of a third-party app, it's said to have "sherlocked" the app.

In earlier years, sherlocking apps made some sense. After all, did the iPhone's flashlight really need to be a third-party offering, or would it be better as a built-in function? Plus, Apple has been able to launch features that made its software better adapted to consumers' wants and needs by looking at what's popular among the third-party developer community.

At a panel discussion, Apple's global marketing SVP Greg "Joz" Joswiak mocked Microsoft's recent recall of its Windows Recall feature. When asked by commentator John Gruber if Apple was frustrated by Microsoft's inability to build trust in such features, Joswiak quipped, "are we frustrated by the failings of our competitors? The answer's no," eliciting laughter from the panel and audience.

Nvidia has leapfrogged Microsoft and Apple to become the most valuable company in the world, following months of explosive share price growth driven by demand for its chips and an investor frenzy over artificial intelligence. From a report: The company's shares climbed 3.2 per cent to $135.18 on Tuesday, bringing its market capitalisation to $3.332tn and surpassing the two tech giants that have long jostled for pole position on US stock markets.

Nvidia has been the chief beneficiary of a boom in demand for chips that can train and run powerful generative AI models such as OpenAI's ChatGPT. In less than two years, it has been transformed from a $300bn company, grappling with a chip glut exacerbated by a cryptocurrency bust, into one of the most powerful tech companies in the world, with other Silicon Valley giants lining up to secure its latest products.

The Information: Apple has told at least one supplier that it has suspended work on its next high-end Vision headset, an employee at a manufacturer that makes key components for the Vision Pro said. The pullback comes as analysts and supply chain partners have flagged slowing sales of the $3,500 device. The company is still working on releasing a more affordable Vision product with fewer features before the end of 2025, the person involved in its supply chain and a person involved in the manufacturing of the headsets said.

Apple originally planned to divide its Vision line into two models, similar to the standard and Pro versions of the iPhone, according to people involved in its supply chain and former Apple employees who worked on the devices. Apple's decision to halt work on the next version of its high-end headset is the latest example of the company reshuffling priorities. Apple has ramped up work on AI-powered features while paring back money-losing projects like its self-driving car, which it canceled earlier this year after spending nearly a decade on development. Augmented reality is one of Apple's biggest bets. The company aims to eventually replace the iPhone with lightweight glasses, and the Vision Pro is the first step in building consumer and developer interest in that effort.

Rocio Fabbro reports via Quartz: TDK, the largest maker of smartphone batteries in the world, said Monday that it has successfully developed a material that could be used in a new battery with "significantly higher energy density" than its existing cells. Energy density refers to how much energy a battery can store relative to its size or weight. The material will be used in TDK's CeraCharge solid-state battery, which it says has an energy density of 1,000 watt-hours per liter -- approximately 100 times more than its conventional solid-state battery. These batteries use an oxide-based solid electrolyte, in contrast with the liquid electrolyte used in lithium-ion batteries that are widely found in electronic devices, making them "extremely safe." Solid-state batteries are smaller, charge faster, last longer, and have a lower risk of damage from temperature changes. "Smaller size and higher capacitance contribute to smaller device size and longer operating time," the Tokyo-based company said.

The battery is designed to replace coin cell primary batteries, such as those found in wearable devices like wireless headphones, smartwatches, and hearing aids. The new batteries would be rechargeable, in compliance with new European Union battery regulations that are aimed at reducing the environmental impact of batteries. TDK said it's working toward mass production of solid-state batteries, and beefing up the batteries' capacity using multi-layer lamination technology and expanding their operating temperature range.

According to Bloomberg's Mark Gurman, Apple appears ready to embrace a thinner design language with the upcoming MacBook Pro, Apple Watch, and iPhone. MacRumors reports: When the M4 iPad Pro was unveiled last month, Apple touted it as the company's thinnest product ever, and even compared it to the 2012 iPod nano to emphasize its slim dimensions. Writing in the latest edition of his Power On newsletter, Gurman says that like the iPad Pro, Apple is now focused on delivering the thinnest possible devices across its lineups without compromising on battery life or major new features. Gurman writes that the new iPad Pro is the "beginning of a new class of Apple devices," and that Apple's aim is to offer "the thinnest and lightest products in their categories across the whole tech industry." Apple now reportedly has its sights on making thinner versions of iPhone, Apple Watch, and MacBook Pro over the next couple of years.

Gurman's sources tell him Apple is now focused on developing a significantly skinnier iPhone in time for the iPhone 17 line in 2025, corroborating a May report by The Information. According to the latter report, Apple is planning to launch an all-new thinner iPhone 17 model next year that will allegedly feature a "major redesign" akin to the iPhone X. Gurman previously reported that Apple is planning a complete revamp of the Apple Watch for the device's tenth anniversary, dubbed "Apple Watch X." Since the original Apple Watch was unveiled in 2014 and launched in 2015, Gurman is unsure whether the Apple Watch X will be released in 2024 or 2025. However, Apple analyst Ming-Chi Kuo today claimed that this year's upcoming Apple Watch will have a larger screen and thinner design, which sounds like the sort of major overhaul and design signature that Gurman has suggested.

Apple said on Monday it will no longer offer its "buy now, pay later" service, Apple Pay Later, in the United States, and will instead focus on bringing installment loan offerings to Apple Pay users globally later this year. The company told 9to5Mac that the new feature will allow users to access installment loans from eligible credit and debit cards, as well as lenders, when checking out with Apple Pay.

Existing Apple Pay Later users in the U.S. will still be able to manage their loans through the Wallet app. Apple Pay Later, which launched in the U.S. in March last year, allowed users to split purchases of $50 to $1,000 into four equal payments over six weeks without fees or interest. The company said the shift to a global installment loan offering will enable it to provide flexible payments to more users worldwide in collaboration with Apple Pay enabled banks and lenders.