Apple today informed developers that it is implementing a new subscription feature that will allow customers to be charged automatically when an app's subscription price goes up, which is not the way that subscriptions work at the current time. MacRumors reports: Right now, customers must explicitly agree to a pricing change when the cost of a subscription increases through an "Agree to New Price" interface. If a customer does not tap on agree when the warning comes up, their subscription is automatically canceled, but that's changing. Going forward, developers will be able to increase the price of a subscription and have it auto renew, with customers simply being informed rather than needing to outright agree. Apple says that "under specific conditions and with advance user notice" developers can offer an auto-renewable subscription price increase without the user needing to take action and without their subscription being impacted.

There are specific limits that Apple is placing on developers to make sure this functionality is not abused. A pricing increase cannot occur more than once per year, and it cannot exceed $5 and 50 percent of the subscription price, or $50 and 50 percent for an annual subscription price. Apple says that it will always notify users of the pricing increase in advance, via email, push notification, and a message within the app. Apple will also provide instructions on how to view, manage, and cancel subscriptions. [...] In situations where prices increase more often than once a year or exceed Apple's thresholds, subscribers will need to opt in as usual before the pricing increase is applied. Apple says that this will also happen in territories where the law requires it.

Apple delayed a plan to require workers to come back to the office three days a week, citing a resurgence in Covid-19 cases, marking the latest setback in its efforts to return to normal. From a report: The company informed employees Tuesday that it's delaying the requirement, which had been slated to go into effect on May 23, according to a memo seen by Bloomberg. However, the company is still expecting workers to come to the office two days per week. The company said the requirement is being delayed for "the time being" and didn't provide a new date. Apple was set to require employees to work from the office on Mondays, Tuesdays and Thursdays beginning next week -- a policy that had been controversial among some staff. Already, employees have been coming in two days a week as part of a ramp-up effort that began in April. For now, that mandate isn't changing.

An anonymous reader quotes a report from Ars Technica: When you turn off an iPhone, it doesn't fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down. It turns out that the iPhone's Bluetooth chip -- which is key to making features like Find My work -- has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany's Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone's location or run new features when the device is turned off. This video provides a high overview of some of the ways an attack can work.

The findings (PDF) have limited real-world value since infections required a jailbroken iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as Pegasus, the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries. Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And of course, firmware infections are already extremely difficult to detect since it requires significant expertise and expensive equipment.

Apple has released iOS 15.5, macOS 12.4, and more today with updates like new features for Apple Cash, the Podcasts app, and the Studio Display webcam fix. However, a bigger reason to update your devices is the security patches with today's releases. iOS 15.5 includes almost 30 security fixes while macOS 12.4 features over 50. 9to5Mac reports: Apple shared all the details for the security fixes in its latest software for iPhone, iPad, Mac, and more on its support page. For both iOS and Mac, many of the flaws could allow malicious apps to execute arbitrary code with kernel privileges. Another for iOS says "A remote attacker may be able to cause unexpected application termination or arbitrary code execution." Specifically on Mac, one of the 50+ flaws fixed was that "Photo location information may persist after it is removed with Preview Inspector." Important security updates are also available for macOS Big Sur with 11.6.6, macOS Catalina, Xcode 13.4, and watchOS 8.6.

Apple is testing future iPhone models that replace the current Lightning charging port with the more prevalent USB-C connector, Bloomberg reported Friday, citing people with knowledge of the situation, a move that could help the company conform with looming European regulations. From the report: In addition to testing models with a USB-C port in recent months, Apple is working on an adapter that would let future iPhones work with accessories designed for the current Lightning connector, said the people, who asked not to be identified because the matter is private. If the company proceeds with the change, it wouldn't occur until 2023 at the earliest. Apple is planning to retain the Lightning connector for this year's new models.

Oil giant Saudi Aramco on Wednesday surpassed Apple as the world's most valuable firm. CNBC reports: Aramco's market valuation was just under $2.43 trillion on Wednesday, according to FactSet, which converted its market cap to dollars. Apple, which fell more than 5% during trading in the U.S. on Wednesday, is now worth $2.37 trillion. Energy stocks and prices have been rising as investors sell off equities in several industries, including technology, on fears of a deteriorating economic environment. Apple has fallen nearly 20% since its $182.94 peak on Jan. 4. The move is mostly symbolic, but it shows how markets are shifting as the global economy grapples with rising interest rates, inflation, and supply chain problems.

An anonymous reader shares a report: Last October marked 20 years of the iPod. It's a remarkable run in the cutthroat, always-iterating world of consumer electronics. And while it's undoubtedly true that life hasn't been particularly fruitful for the music player in a product lineup that includes various iPhones and iPads, the beloved music player has somehow managed to hang on. That is, until today.

Apple this morning announced that the iPod is dead. That is, as much as a particular gadget can ever be dead. Rather, it will shuffle off this mortal coil slowly, remaining for sale while supplies last. So if you were considering purchasing one for any reason, buy now or forever hold your peace. The iPod's death has been a protracted one. I can hear those "the iPod was still around?" posts clogging up the comments section as I type this. The iconic clickwheel model, which later gave rise to the Classic, was discontinued back in 2014. The Shuffle and Nano, meanwhile, were killed off three years later. Until today, the seventh-generation iPod Touch stubbornly clung to life, three years after its debut.

Apple's director of machine learning, Ian Goodfellow, "is leaving the company due to its return to work policy," reports a tech reporter for the Verge. "In a note to staff, he said 'I believe strongly that more flexibility would have been the best policy for my team.'"

9to5Mac notes that Apple "poached Goodfellow from Google back in 2019 to join its 'Special Projects Group' as the director of machine learning." Apple employees started returning to in-person work on April 11 following a two-year stint of remote work brought on by the COVID-19 pandemic... At first, the company required employees to work in person at least one day per week. On May 4, the company ramped that up to two days per week in the office.

Starting on May 23, employees will need to be in the office three days per week. This is the start of Apple's so-called "hybrid" work plan, which will require employees to work from the office on Monday, Tuesday, and Thursday every week....

Goodfellow's former employer Google mandated that some teams return to in-person work starting last month, but many employees are able to permanently work from home.
Discontent with that policy is widespread, reports Fortune: Seventy-six percent of Apple workers surveyed said they were dissatisfied with Apple's return-to-office policy that was implemented after the COVID pandemic started waning. The survey, conducted by anonymous social network Blind, collected answers from 652 Apple employees from April 13 to April 19....

Accustomed to no commute, they're now balking at having to return to the office and say they will seek jobs at other tech companies that offer more flexible work arrangements. A sizable number of workers — 56% — claimed they are looking to leave Apple expressly because of its office requirement. It's unclear how many actually will carry through.... Blind's users are "overwhelmingly corporate workers in engineering or product roles," according to Rick Chen, director of public relations at Blind.

More action might be expected after May 23 when the pilot plan for hybrid work comes into full effect. Another worker stated: "Apple is going to see attrition like no other come June. 60% of my team doesn't even live near the office. They are not returning. "

An anonymous reader quotes a report from Tom's Hardware: A team of researchers with the University of Illinois Urbana-Champaign, Tel Aviv University, and the University of Washington have demonstrated a world-first Data Memory-Dependent Prefetcher (DMP) vulnerability, dubbed "Augury," that's exclusive to Apple Silicon. If exploited, the vulnerability could allow attackers to siphon off "at rest" data, meaning the data doesn't even need to be accessed by the processing cores to be exposed. Augury takes advantage of Apple Silicon's DMP feature. This prefetcher aims to improve system performance by being aware of the entire memory content, which allows it to improve system performance by pre-fetching data before it's needed. Usually, memory access is limited and compartmentalized in order to increase system security, but Apple's DMP prefetch can overshoot the set of memory pointers, allowing it to access and attempt a prefetch of unrelated memory addresses up to its prefetch depth.

If you feel your mind grasping at a certain familiarity with this, it's likely because the infamous Spectre/Meltdown vulnerabilities also try and speculate what data will be required by the system before it's even requested (hence the term speculative execution). But while side-channel vulnerabilities such as Spectre and Meltdown are only capable of leaking in-use data, Apple's DMP can potentially leak the entire memory content even if it's not being actively accessed. The nature of Apple's DMP also renders void some of the already-engineered fixes for speculative execution vulnerabilities -- those that rely on controlling what is visible to the processing cores. The researchers said that Apple is fully aware of their discoveries, but there are no plans for whether or not the company will deploy mitigations.

An anonymous reader quotes a report from MacRumors: Apple has agreed to settle a long-lasting six-year class-action lawsuit that accused it of knowingly slowing down iPhone 4S devices following the iOS 9 update in 2015, agreeing to pay some iPhone 4S owners who had experienced poor performance $15 each for their claims. The class-action lawsuit was initially filed in December 2015 by plaintiffs representing a group of iPhone 4S customers from New York and New Jersey. The lawsuit accused Apple of falsely marketing the iOS 9 update as providing enchanted performance on devices it supports, including the iPhone 4S.

Under the settlement, Apple allocated $20 million to compensate iPhone 4S owners in New York and New Jersey who experienced poor performance after updating to iOS 9. Customers who believe they are entitled to the $15 must "submit a declaration under the penalty of perjury that, to the best of their knowledge, they downloaded iOS 9, or any version thereof, onto their iPhone 4S... their iPhone 4S experienced a significant decline in performance as a result, are entitled to a payment of $15 per applicable device." A website will be created where customers who believe they are entitled to the settlement will be able to submit a form, providing their name, email, iPhone 4S serial number (if possible), and mailing address. See the full motion here.

According to some iPhone users, the Apple Music iOS app is installing itself directly to the iPhone's dock when downloaded, instead of to the phone's home screen. "It's also kicking out other apps users had set up in their dock and taking their spot, which is not something apps would normally do," adds TechCrunch. From the report: Some iPhone owners also found the bug was causing Apple Music to establish itself as the default music service for Siri requests, even if another service had previously been configured for this, like Spotify. It's unclear how widespread the bug is at this time, as we've tested it internally with mixed results. However, we've seen the dock issue taking place across different versions of iOS 15, old and new, so it does not appear to be related to a recent iOS update. It's also been seen impacting different iPhone models. [...] Apple was not able to provide further details about the bug, but said it's looking into it. You can view the "odd behavior" in a video posted on Twitter by iOS developer Kevin Archer.

Apple, Google, and Microsoft are launching a "joint effort" to kill the password. The major OS vendors want to "expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium." From a report: The standard is being called either a "multi-device FIDO credential" or just a "passkey." Instead of a long string of characters, this new scheme would have the app or website you're logging in to push a request to your phone for authentication. From there, you'd need to unlock the phone, authenticate with some kind of pin or biometric, and then you're on your way. This sounds like a familiar system for anyone with phone-based two-factor authentication set up, but this is a replacement for the password rather than an additional factor.

Some push 2FA systems work over the Internet, but this new FIDO scheme works over Bluetooth. As the whitepaper explains, "Bluetooth requires physical proximity, which means that we now have a phishing-resistant way to leverage the user's phone during authentication." Bluetooth has a terrible reputation for compatibility, and I'm not sure "security" has ever been a real concern, but the FIDO alliance notes that Bluetooth is just "to verify physical proximity" and that the actual sign-in process "does not depend on Bluetooth security properties." Of course, that means both devices will need Bluetooth on board, which is a given for most smartphones and laptops but could be a tough ask for older desktop PCs.

Elon Musk likened Apple and its App Store to the equivalent of a "30% tax on the Internet" and said the fee is "10 times higher than it should be," in a series of tweets responding to a Slashdot tweet about the European Union's latest antitrust complaint against the tech giant .

A group of Apple employees have written an open letter to the company's executive team complaining about its new policy that only allows for two days of working from home, iMore has reported. From a report: They said that Apple's reasons for implementing the policy don't stand up, and that the policy is wasteful, inflexible and will lead to a "younger, whiter, more male-dominated, more neuro-normative, more able-bodied" workforce. "You have characterized the decision for the Hybrid Working Pilot as being about combining the "need to commune in-person" and the value of flexible work," the letter states. "But in reality, it does not recognize flexible work and is only driven by fear. Fear of the future of work, fear of worker autonomy, fear of losing control."

PayPal helped spur a formal antitrust complaint against Apple and its iPhone payments system by raising concerns with the European Commission, Bloomberg reported, citing people with knowledge of the matter. From the report: European regulators hit Apple with a so-called statement of objections on Monday, arguing that the iPhone maker abuses its control over mobile payments. The complaint centers on the company reserving the iPhone's tap-to-pay abilities for its own Apple Pay service, rather than letting rival payment platforms use the feature. PayPal, which has its own payment service, was one of multiple companies making informal complaints about the situation to the commission, said the people, who asked not to be identified because the discussions were private. PayPal offers a tap-to-pay option on Android phones and wants to be able to offer the same feature on Apple's iPhone.

Technology startup Rivos allegedly stole Apple's computer-chip trade secrets after poaching its engineers, Apple said in a lawsuit filed in California federal court. From a report: Apple's Friday lawsuit said Mountain View, California-based Rivos has hired over 40 of its former employees in the past year to work on competing "system-on-chip" (SoC) technology, and that at least two former Apple engineers took gigabytes of confidential information with them to Rivos. Rivos is a "stealth" startup that has largely avoided public attention since its founding last year.

Brussels regulators have charged Apple with breaking EU competition law by abusing its dominant position in mobile payments to limit rivals' access to contactless technology. From a report: Antitrust investigators are concerned that the US tech group is preventing competitors from accessing "tap and go" chips or near-field communication (NFC) to benefit its own Apple Pay system, the European Commission said in a statement on Monday. Margrethe Vestager, the EU's executive vice-president in charge of competition policy, said Brussels had "indications that Apple restricted third-party access to key technology necessary to develop rival mobile wallet solutions on Apple's devices." She added that the commission had "preliminarily found that Apple may have restricted competition, to the benefit of its own solution Apple Pay." If confirmed, "such a conduct would be illegal under our competition rules," Vestager said. The company could face fines worth up to 10 per cent of global turnover if the charges are upheld.

MacRumors reports that Apple has begun a staggered rollout of a new firmware update (which will go fully live to everyone on May 13.) Here's how Apple's describes how it will change the lost-device-tracking AirTags: "Currently, iOS users receiving an unwanted tracking alert can play a sound to help them find the unknown AirTag. We will be adjusting the tone sequence to use more of the loudest tones to make an unknown AirTag more easily findable."
That'll make them easier to find — but some people have a different problem. This ZDNet reporter keeps getting notifications on their iPad trying to warn them about their own AirPod earbuds. The warning is totally erroneous. These are my AirPods Pro, which I have had for years now. I was able to verify they are mine by using the iPad to play a sound on the AirPods.

Apple's technology doesn't know these are my own AirPods.

The strange behavior began to appear in February. I am not alone in experiencing this annoying mistaken alert. Apple's AirPods support user forum shows several individuals in recent months with the same frustration... "It still happens several times a day. I'm getting annoyed. I get it on my phone and my iPad everytime I open the case and use my AirPods. I play the sound to be sure its really mine and it is indeed mine."

There are numerous examples of this....

Users have also reported the problem with their AirTags not being recognized. "I get constant notifications that an air tag is near me, but it turns out it's my tags. Shouldn't my phone know the difference?" writes Joe Thomas 3 on February 8th....

It's worth noting that Apple has posted a note that promises "a series of updates that we plan to introduce later this year," which include something such as "precision finding" for AirTags, and "Refining unwanted tracking alert logic."

"As a response to recent coverage of software being purged from the App Store, Apple is sharing its criteria for how it chooses to remove abandoned apps," reports 9to5Mac.

Apple's announcement say it's only flagging apps for possible removal "that
Developers will also have more time to comply after being notified." (90 days instead of 30 days). And 9to5Mac adds that Apple "is also reiterating that the practice is not new but instead part of an initiative that started six years ago.

But the Verge took a different message from "Apple to developers: if we deleted your old app, it deserved it." [T]he company has responded — by issuing a press release effectively saying that nobody was downloading the apps anyways....

Apple's explanation does clear up why it, as some developers noted, seemed to apply the rules inconsistently. For example, one developer noted that Pocket God, a popular game from the iPhone's early days, hasn't been updated for seven years but is still on the App Store. Apple is basically saying it's still up because it's still popular.

From one angle, this reasoning doesn't necessarily gel with the first half of Apple's post, where it says it removes old apps to ensure "user trust in quality apps," and to improve discoverability, security and privacy, and user experience. After all — if an app is problematic because it's outdated, more downloads would make a bad app a bigger issue. Who's being harmed if there's an outdated app almost no one is downloading?

But Apple says it doesn't want the App Store cluttered up with apps that both developers and users have forgotten about. It has enough problems making it easy for users to find good apps as it is, and it's easy to imagine Apple seeing deleting old, seemingly irrelevant apps as a good solution.

Dr. Craig Hunter is a mechanical/aerospace engineer with over 25 years of experience in software development. And now Dixie_Flatline (Slashdot reader #5,077) describes Hunter's latest experiment: Craig Hunter has been running Computational Fluid Dynamics (CFD) benchmarks on Macs for years--he has results going back to 2010 with an Intel Xeon 5650, with the most recent being a 28-core Xeon W from 2019. He has this to say about why he thinks CFD benchmarks are a good test: "As shown above, we see a pretty typical trend where machines get less and less efficient as more and more cores join the computation. This happens because the computational work begins to saturate communications on the system as data and MPI instructions pass between the cores and memory, creating overhead. It's what makes parallel CFD computations such a great real world benchmark. Unlike simpler benchmarks that tend to make CPUs look good, the CFD benchmark stresses the entire system and shows us how things hold up as conditions become more and more challenging."

With just 6 cores, the Mac Studio's M1 Ultra surpasses the 2019 Xeon before literally going off the original chart. He had to double the x-axis just to fit the M1's performance in. Unsurprisingly, he seems impressed:

"We know from Apple's specs and marketing materials that the M1 Ultra has an extremely high 800 GB/sec memory bandwidth and an even faster 2.5 TB/sec interface between the two M1 Max chips that make up the M1 Ultra, and it shows in the CFD benchmark. This leads to a level of CPU performance scaling that I don't even see on supercomputers."