Security

iPhone Zero-Click Wi-Fi Exploit is One of the Most Breathtaking Hacks Ever (arstechnica.com) 114

Dan Goodin, writing for ArsTechnica: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device -- over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable -- meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google's vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single-handedly. Almost immediately, fellow security researchers took notice.

"This is a fantastic piece of work," Chris Evans, a semi-retired security researcher and executive and the founder of Project Zero, said in an interview. "It really is pretty serious. The fact you don't have to really interact with your phone for this to be set off on you is really quite scary. This attack is just you're walking along, the phone is in your pocket, and over Wi-Fi someone just worms in with some dodgy Wi-Fi packets." Beer's attack worked by exploiting a buffer overflow bug in a driver for AWDL, an Apple-proprietary mesh networking protocol that makes things like Airdrop work. Because drivers reside in the kernel -- one of the most privileged parts of any operating system -- the AWDL flaw had the potential for serious hacks. And because AWDL parses Wi-Fi packets, exploits can be transmitted over the air, with no indication that anything is amiss.

Iphone

Italy Fines Apple $12 Million For Unfair Claims About iPhone Water Resistance (9to5mac.com) 68

A reader writes: Italian regulators have fined Apple $12 million for making misleading and unfair claims about iPhone water resistance. The fine was imposed by L'Autorita Garante della Concorrenza e del Mercato (AGCM), which translates literally as the guarantee authority for competition and the market. This is the competition watchdog responsible for ensuring that companies treat both consumers and competitors fairly.

First, it says, Apple made water resistance claims without making it clear to consumers that these were true only in ideal laboratory conditions, and phones had not passed the same tests in real-life conditions. [...] Second, and more seriously, Apple made iPhone water resistance claims in its marketing, but then refused warranty service on phones which suffered water damage.

Apple has been fined ten million Euros, and additionally ordered to publish a notice on its Italian website through a "Consumer protection information" link. The potentially opens the way for similar rulings in other European Union countries, and could conceivably lead to class action lawsuits in the US and elsewhere, now that the issue has been highlighted. SetteBIT notes that the ruling references three Apple ads. Apple tends to delete older ads from its YouTube channel, but the site archives its own copies, providing proof of the claims originally made.

Entertainment

'Code Switch' From NPR Is Apple's Podcast of the Year (engadget.com) 48

Apple has picked "Code Switch" as the best audio show of the year, marking the first time the company has recognized a single podcast in this way. Engadget reports: Code Switch is NPR's weekly discussion on race. While the series has been on the air for the better part of seven years, it became significantly more popular over the summer as people across the US took to protest the death of George Floyd and other instances of racial injustice.

As in past years, the company also shared a selection of the most popular audio shows people listened to through Apple Podcasts. Few surprises here as old favorites like Stuff You Should Know, This American Life and The Daily came out as the most popular shows in the US. When it comes to shows new to 2020, Unlocking Us, Nice White Parents and CounterClock made the top three for the year. Apple's editorial team had their say as well. They picked California Love, Canary by the Washington Post and Dying for Sex as their favorites of 2020. If you're looking for something new to listen to, all three lists are a good place to start.

Open Source

Hector Martin Promises To Bring Linux To the M1 Chip (softpedia.com) 139

Joe2020 writes: Famous developer Hector Martin who put Linux on the PS4 now wants to port Linux to the new Apple M1, and he wants to do it with the help of crowdfunding by making it his full-time job. One can find his official pledge for support here. "Since these devices are brand new and bespoke silicon, porting Linux to run on them is a huge undertaking. Well beyond a hobby project, it is a full-time job," the developer explains.

"The goal is to bring Linux support on Apple Silicon macs to the point where it is not merely a tech demo, but is actually an OS you would want to use on a daily driver device. To do this, there is a huge amount of work to be done. Running Linux on things is easy, but making it work well is hard. Drivers need to be written for all devices. The driver for the completely custom Apple GPU is the most complicated component, which is necessary to have a good desktop experience. Power management needs to work well too, for your battery life to be reasonable," the dev explains. Martin says he hopes to have enough donations to purchase the new Apple Silicon-powered devices and hire other people to help with the job.

Slashdot reader NoMoreACs also shared the news via Mac Rumors.
Desktops (Apple)

AWS Brings the Mac Mini To Its Cloud (techcrunch.com) 38

AWS today opened its re:Invent conference with a surprise announcement: the company is bringing the Mac mini to its cloud. These new EC2 Mac instances, as AWS calls them, are now available in preview. They won't come cheap, though. From a report: The target audience here -- and the only one AWS is targeting for now -- is developers who want cloud-based build and testing environments for their Mac and iOS apps. But it's worth noting that with remote access, you get a fully-featured Mac mini in the cloud, and I'm sure developers will find all kinds of other use cases for this as well. Given the recent launch of the M1 Mac minis, it's worth pointing out that the hardware AWS is using -- at least for the time being -- are i7 machines with six physical and 12 logical cores and 32 GB of memory. Using the Mac's built-in networking options, AWS connects them to its Nitro System for fast network and storage access. This means you'll also be able to attach AWS block storage to these instances, for example.
Businesses

Apple Hires Former Venture Capitalist Josh Elman For App Store Discovery Role (appleinsider.com) 10

As part of Apple's ongoing efforts to improve app discovery, the company has hired former venture capitalist Josh Elman for a related role on the App Store. AppleInsider reports: In a statement Monday, Elman said he would be joining Apple to "help customers discover the best apps for them." He added that he was excited to "build ways to help over a billion customers and millions of developers connect." As part of the transition to the new role at Apple, Elman said he would be stepping back from some of his active boards and investments -- including Discord and Medium.

Elman was previously a venture capitalist at Greylock Partners and led early investments in Discord and the precursor to TikTok. Until 2019, he was also the vice president of product at Robinhood. Elman's experience identifying and investing in apps that later became hits could help Apple in its app and software promotion endeavors. According to Bloomberg, the former venture capitalist could also help smooth over the relationship between Apple and developers.

Desktops (Apple)

After 17 Years OS X Notifier App 'Growl' Retired (github.io) 17

Growl is being retired after surviving for 17 years.

Its page on GitHub explains: Growl is a notification system for OS X. Growl has been around since 2004, and was originally called Global Notifications Center. The name was changed to Growl (like the noise a dog makes) since we felt the name Notifications Center was too geeky. We were wrong about that haha.

Growl was meant as a proof of concept which became something more for a long period of time. Before Growl was made developers either had to pop up a very basic window or some other ugliness nobody liked. Working with developers on Adium and Colloquy who wanted to implement their own custom notifications into their applications is what birthed this project.

Growl is a retired project, we couldn't think of another thing to change which would be substantial enough to bring out a new updated release. Growl is stable and should work for as long as intel based programs work. Anyone who wants to run Growl is free to do so in an unsupported fashion.

Lead developer Christopher Forsythe writes at 336699.org: With the announcement of Apple's new hardware platform, a general shift of developers to Apple's notification system, and a lack of obvious ways to improve Growl beyond what it is and has been, we're announcing the retirement of Growl as of today.

It's been a long time coming. Growl is the project I worked on for the longest period of my open source career... There's even a SourceForge project for Global Notifications Center still out there if you want to go find it... Without Growl I do not know that we would have any sort of decent notification system in OS X, iOS, Android or who knows what else...

For developers we recommend transitioning away from Growl at this point. The apps themselves are gone from the app store, however the code itself still lives. Everything from our rake build system to our code is available for use on our GitHub page.

Portables (Apple)

Developer Successfully Virtualizes Windows for Arm on M1 Mac (macrumors.com) 114

Developer Alexander Graf has successfully virtualized the Arm version of Windows on an M1 Mac, proving that the M1 chip is capable of running Microsoft's operating system. From a report: Currently, Macs with the M1 chip do not support Windows and there is no Boot Camp feature as there is on Intel Macs, but support for Windows is a feature that many users would like to see. Using the open-source QEMU virtualizer, Graf was able to virtualize the Arm version of Windows on Apple's M1 chip, with no emulation. Since the M1 chip is a custom Arm SoC, it is no longer possible to install the x86 version of Windows or x86 Windows apps using Boot Camp, as was the case with previous Intel-based Macs. However, he said in a Tweet that when virtualized on an M1 Mac, "Windows ARM64 can run x86 applications really well. It's not as fast as Rosetta 2, but close."
Earth

Amazon and Apple 'Not Playing Their Part' in Tackling Electronic Waste (theguardian.com) 74

Global giants such as Amazon and Apple should be made responsible for helping to collect, recycle and repair their products to cut the 155,000 tonnes of electronic waste being thrown away each year in the UK, MPs say. From a report: An investigation by the environmental audit committee found the UK is lagging behind other countries and failing to create a circular economy in electronic waste. The UK creates the second highest levels of electronic waste in the world, after Norway. But MPs said the UK was not collecting and treating much of this waste properly. "A lot of it goes to landfill, incineration or is dumped overseas. Under current laws producers and retailers of electronics are responsible for this waste, yet they are clearly not fulfilling that responsibility," the MPs wrote. About 40% of the UK's e-waste is sent abroad, according to estimates -- something the MPs point out is often done illegally.

The tsunami of electronic waste was throwing away valuable resources vital to a sustainable future, the report published on Thursday said. Globally, thrown-away computers, smartphones, tablets and other electronic waste have a potential value of $62.5bn each year from the precious metals they contain, including gold, silver, copper, platinum and other critical raw materials such as tungsten and indium. MPs accused online retailers including Amazon and eBay of freeriding as they are not considered retailers or producers, and are therefore not legally liable to contribute to the collection and recycling of e-waste. "For all their protestations of claimed sustainability, major online retailers and marketplaces such as Amazon have so far avoided playing their part in the circular economy by not collecting or recycling electronics in the way other organisations have to," MPs said. "Given the astronomical growth in sales by online vendors, particularly this year during the coronavirus pandemic, the EAC calls for online marketplaces to collect products and pay for their recycling to create a level playing field with physical retailers and producers that are not selling on their platforms."

OS X

Is Apple Silicon Ready? (thenextweb.com) 132

Programmer Abdullah Diaa has put together a website to help determine if your favorite apps work on Apple Silicon yet. An anonymous reader shares a report from The Next Web: ... [P]lease say hello to Is Apple silicon ready? The idea behind the site is simple: it shows you if specific apps will work on laptops and desktops with Apple's in-house chip. Easy to get your head around, right? It shows you a list of software and, if they have native M1 support, they're given a green tick.

Here's an image that shows you what's going on far clearer than lots of words could. As you can see, the site also shows you if the app you're after has Rosetta 2 support. Effectively, Rosetta 2 is an emulator, allowing a large number of apps designed for Intel machines to run on Apple Silicon. If this is supported, you will still be able to use that software on an M1-toting machine.
Further reading: Linus Torvalds Would Like To Use An M1 Mac For Linux, But...
Desktops (Apple)

Linus Torvalds Would Like To Use An M1 Mac For Linux, But... (zdnet.com) 246

Yes, Torvalds said he'd love to have one of the new M1-powered Apple laptops, but it won't run Linux and, in an exclusive interview he explains why getting Linux to run well on it isn't worth the trouble. Steven J. Vaughan-Nichols writes via ZDNet: Recently, on the Real World Technologies forum, Linux's creator Linus Torvalds was asked what he thought of the new M1-powered Apple laptops. Torvalds replied, "I'd absolutely love to have one if it just ran Linux." You may think, "what's the problem? Doesn't Linux run on practically every processor on the planet from 80386s to IBM s390x to the ARM family of which Apple's M1 chip is a child?" Well, yes, yes it does. But it takes more than a processor to run a computer.

Torvalds would like to run Linux on these next-generation Macs. As he said, "I've been waiting for an ARM laptop that can run Linux for a long time. The new Air would be almost perfect, except for the OS. And I don't have the time to tinker with it, or the inclination to fight companies that don't want to help." Aye, there's the rub. In an exclusive interview, Torvalds expanded on why he can't see porting Linux to the M1-based Macs. "The main problem with the M1 for me is the GPU and other devices around it, because that's likely what would hold me off using it because it wouldn't have any Linux support unless Apple opens up."

Still, while Torvalds knows Apple opening up their chipsets "seems unlikely, but hey, you can always hope." Even if that "wasn't an issue," Torvalds continued, "My personal hope would be more cores. Even in a laptop, I don't care about 20-hour battery life (and I wouldn't get it building kernels anyway). I'd rather plug it in a bit more often, and have 8 big cores." As for the Mac's limited RAM -- no more than 16GBs on current models -- he can live with that. "16GBs is actually ok by me because I don't tend to do things that require a lot more RAM. All I do is read email, do git and kernel compiles. And yes, I have 64GB in my desktop, but that's because I have 32 cores and 64 threads, and I do hugely parallel builds. Honestly, even then 32GB would be sufficient for my loads." That said, other developers and power users may want more from the new Macs, Torvalds thinks. "The people who really want tons of memory are the ones doing multiple VMs or huge RAW file photography and video."

The Courts

Apple Security Chief Maintains Innocence After Bribery Charges (arstechnica.com) 71

An anonymous reader quotes a report from Ars Technica: A grand jury in California's Santa Clara County has indicted Thomas Moyer, Apple's head of global security, for bribery. Moyer is accused of offering 200 iPads to the Santa County Sheriff's office in exchange for concealed carry permits for four Apple employees. Moyer's attorney says that he did nothing wrong, and notably Apple is standing behind its executive. "We expect all of our employees to conduct themselves with integrity," an Apple spokesperson said in a statement. "After learning of the allegations, we conducted a thorough internal investigation and found no wrongdoing."

Also indicted were two officials in the office of Santa Clara County Sheriff Laurie Smith. These officials are accused of soliciting the alleged bribe. California law gives sheriffs broad discretion to decide who gets permits to carry concealed weapons in the state. Smith has previously faced accusations that her office deliberately withheld permits to carry concealed weapons until applicants did favors for Smith. A June investigation by NBC Bay Area found that donors to Smith's re-election campaign were 14 times more likely to get concealed carry permits than those who didn't donate. A press release from Smith's office described the indictments as "a difficult time for our organization."

Jeff Rosen, the Santa Clara district attorney responsible for the indictments, said that the donation of 200 iPads was scuttled at the last minute after Rosen obtained a search warrant in the case. According to LinkedIn, Moyer is responsible for "strategic management of Apple's corporate and retail security, crisis management, executive protection, investigations and new product secrecy." While two individuals in Sheriff Smith's office were indicted, no charges have been filed against Smith herself. Rosen says the investigation is ongoing. A common prosecutorial strategy is to focus on lower-ranking employees first in order to pressure them to provide evidence against their boss.

The Almighty Buck

Apple Makes Another Concession On App Store Fees (cnbc.com) 19

Apple said on Monday that companies that offer digital classes or virtual events through iPhone apps won't have to use Apple's App Store in-app purchases through June 2021, enabling them to charge their customers directly without Apple's 30% commission fee. CNBC reports: Apple said the extension was to help businesses by giving them more time to transition in-person events to digital events during the Covid-19 pandemic. "Although apps are required to offer any paid online group event experiences (one-to-few and one-to-many realtime experiences) through in-app purchase in accordance with App Store Review guideline 3.1.1, we temporarily deferred this requirement with an original deadline of December 2020," Apple wrote on its developer blog. "To allow additional time for developing in-app purchase solutions, this deadline has been extended to June 30, 2021." Last week, Apple announced that it planned to reduce its commission to 15% for app developers making under $1 million on Apple's platforms in 2021.
United States

Apple's Security Chief Indicted in Santa Clara County Sheriff Concealed-gun Permit Scandal (mercurynews.com) 217

The top security chief for Apple headlines a batch of new criminal indictments for allegedly brokering bribes with Santa Clara County sheriff's office commanders -- including the newly indicted undersheriff -- in exchange for coveted concealed-gun permits, in a striking offshoot of an ongoing corruption probe ensnaring the agency. From a report: Thomas Moyer, 50, Apple's chief security officer, was indicted last week by a criminal grand jury on allegations that he, Undersheriff Rick Sung and Capt. James Jensen arranged for 200 iPads to be donated to the sheriff's office to loosen up the release of concealed-carry weapons permits for Apple security officers. The sheriff's office is the police force for Cupertino, where Apple's global headquarters are located. The iPad donation was shelved once a separate DA investigation into pay-to-play suspicions involving the concealed-gun permits -- in which Jensen was one of four people indicted earlier this year -- got underway in August 2019, District Attorney Jeff Rosen said at a Monday news conference.
Bug

Apple Lets Some Network Traffic Bypass Firewalls on MacOS Big Sur (arstechnica.com) 113

"Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs..." reports Threatpost. "While users assumed Apple would fix the flaw before the OS emerged from beta into full release, this doesn't appear to have happened."

"Beginning with macOS Catalina released last year, Apple added a list of 50 Apple-specific apps and processes that were to be exempted from firewalls like Little Snitch and Lulu," explains Ars Technica: The undocumented exemption, which didn't take effect until firewalls were rewritten to implement changes in Big Sur, first came to light in October. Patrick Wardle, a security researcher at Mac and iOS enterprise developer Jamf, further documented the new behavior over the weekend. To demonstrate the risks that come with this move, Wardle — a former hacker for the NSA — demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure...

Wardle tweeted a portion of a bug report he submitted to Apple during the Big Sur beta phase. It specifically warns that "essential security tools such as firewalls are ineffective" under the change.

Apple has yet to explain the reason behind the change.

XBox (Games)

Xbox Series X Controller Support Coming To Apple Devices (macrumors.com) 5

Apple and Microsoft are working on adding support for the Xbox Series X controller to Apple devices, according to an Apple Support page spotted by a Reddit user. MacRumors reports: The support page states that Apple devices only support the Xbox Wireless Controller with Bluetooth, Xbox Elite Wireless Controller Series 2, Xbox Adaptive Controller, PlayStation DualShock 4 Wireless Controller, and various other MFi Bluetooth controllers. However, small print on the page states: "Microsoft and Apple are working together to bring compatibility for the Xbox Series X controller to customers in a future update." There is no mention of the Sony PlayStation 5 DualSense Controller or the Amazon Luna Controller on the Apple Support page, but MacRumors has spotted code mentioning the controllers in the iOS and iPadOS 14.3 betas.
United States

Apple is Lobbying Against a Bill Aimed at Stopping Forced Labor in China (washingtonpost.com) 87

Apple lobbyists are trying to weaken a new law aimed at preventing forced labor in China, the Washington Post reported Friday, citing two congressional staffers familiar with the matter, highlighting the clash between its business imperatives and its official stance on human rights. From the report: The Uyghur Forced Labor Prevention Act would require U.S. companies to guarantee they do not use imprisoned or coerced workers from the predominantly Muslim region of Xinjiang, where academic researchers estimate the Chinese government has placed more than 1 million people into internment camps. Apple is heavily dependent on Chinese manufacturing, and human rights reports have identified instances in which alleged forced Uighur labor has been used in Apple's supply chain.

The staffers, who spoke on the condition of anonymity because the talks with the company took place in private meetings, said Apple was one of many U.S. companies that oppose the bill as it's written. They declined to disclose details on the specific provisions Apple was trying to knock down or change because they feared providing that knowledge would identify them to Apple. But they both characterized Apple's effort as an attempt to water down the bill. "What Apple would like is we all just sit and talk and not have any real consequences," said Cathy Feingold, director of the international department for the AFL-CIO, which has supported the bill. "They're shocked because it's the first time where there could be some actual effective enforceability."

Facebook

Apple Defends Delay of Privacy Feature, Slams Facebook (bloomberg.com) 22

Apple has slammed Facebook and other internet giants for their ad-targeting practices in response to a letter questioning a decision by the iPhone maker to delay a new privacy feature. From a report: The Cupertino, California-based technology company criticized Facebook's approach to advertising and user tracking, according to a written reply sent to several human rights and privacy organizations, including the Electronic Frontier Foundation and Human Rights Watch: "By contrast, Facebook and others have a very different approach to targeting. Not only do they allow the grouping of users into smaller segments, they use detailed data about online browsing activity to target ads. Facebook executives have made clear their intent is to collect as much data as possible across both first and third party products to develop and monetize detailed profiles of their users, and this disregard for user privacy continues to expand to include more of their products."

Apple's letter, reviewed by Bloomberg News, defended the company's decision to delay an iPhone feature that requires users to give explicit permission before letting apps track them for advertising purposes. The enhancement was added as part of the company's iOS 14 operating system in September, but a requirement that all apps use it was delayed until early 2021 after several developers, including Facebook, said the change would hurt their businesses. The human rights and privacy organizations criticized the delay in a letter earlier this year to Apple.

Television

Charlie Brown Holiday Specials To Air On TV, After All, In PBS Deal (kare11.com) 56

Last month, "It's the Great Pumpkin, Charlie Brown" wasn't aired on TV, marking the first time since 1965 that the Peanuts special wasn't broadcasted. Instead, it was streamed on Apple+. Now, according to The Associated Press, the Charlie Brown Thanksgiving and Christmas specials will return to the air. From the report: On Wednesday, Apple bowed to the backlash, announcing it had teamed up with PBS for ad-free broadcasts of "A Charlie Brown Thanksgiving" (on Nov. 22) and "A Charlie Brown Christmas" (on Dec. 13). Both specials will also be available for free during three-day windows on Apple TV+ (Nov. 25-27 for "Thanksgiving" and Dec. 11-13 for "Christmas.") For subscribers, the specials will be available beginning Nov. 18 and Dec. 4, respectively.
Chrome

Google's Native Version of Chrome For Apple's ARM Macs Is Out Now (theverge.com) 47

According to Chrome product manager Mark Chang, Google's version of Chrome that support ARM Macs is now available to download. The Verge reports: In theory, a native version of the notoriously resource-hungry browser might run more efficiently on Apple's Arm-based computers. In our reviews of the MacBook Air, MacBook Pro, and Mac mini equipped with the new M1 chip, though, we found that the version of Chrome built for Intel chips already runs well on Apple's new Macs, so hopefully this native version runs even better. You'll be able to pick which version of Chrome to download from the browser's website.

Google began rolling out a new version of Chrome on Tuesday, touting the "the largest gain in Chrome performance in years" thanks to some under-the-hood changes. The company's blog about the new release didn't mention anything about a version optimized for Apple's Arm-based Macs.

Slashdot Top Deals