AI

Meta is Quietly Launching Pocket, an App for Vibe-coding and Scrolling Small 'Gizmos' (techcrunch.com) 25

"Mozilla shut down the well-loved read-it-later Pocket app last year, and now Meta is launching an app called Pocket with an entirely different, AI-focused pitch," writes The Verge.

While it's not available for downloads in most locations, Meta's Pocket will allow people "to generate small, interactive apps and games using AI prompts," writes TechCrunch. They're called "gizmos", and Pocket "also offers a scrollable feed where you can play with gizmos others have made."

Some context from The Verge: Meta CEO Mark Zuckerberg is all in on AI as the new social media, and he's previously described a vision of how users could use AI to make interactive experiences and share them with people. The launch of Pocket appears to be one manifestation of that idea... It follows Meta hiring engineers from a company called Atma Sciences Inc., which made an app called Gizmo, as Business Insider reported in March.

On a help center page, Meta also describes a gizmo as a "playable AI-generated experience," and when you post one, Meta says you can choose to let other people remix them.

"Based on the app's screenshots in Google Play, there are many similarities to Gizmo's original app, which is still listed," notes TechCrunch.

"Pocket is another example of Meta's push to make AI creation tools more mainstream, extending its earlier efforts, which included AI-generated images created via its Meta AI app and AI videos created with its app called Vibes. It has also added AI features across its social platforms... " Given that Meta has not officially announced Pocket's debut, it's likely that Pocket is still in its initial experimentation phase. Its counterpart Gizmo, however, had generated 635,000 lifetime installs across both iOS and Google Play, according to Appfigures, which noted it had a 98% positive sentiment.
Security

New Unpatchable Exploit Targets Apple Devices With A12 and A13 Chips (9to5mac.com) 39

Researchers have disclosed a new unpatchable BootROM exploit affecting Apple devices with A12, A13, S4, and S5 chips. The attack requires physical USB access and DFU mode, but can let an attacker run code before iOS loads, bypass signature checks, and boot modified software. 9to5Mac reports the details: In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8, a new exploit that "leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware" and cannot be patched. The PS Team explains that ahead of today's disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple's security team for its "prompt response, constructive engagement, and cooperation throughout" the process.

In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. [...] They add that "technical support for A12X/Z is possible," but "it is not currently implemented." That could add the 2018 and 2020 iPad Pro lineups to the list. The way usbliter8 works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory. That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software.

Importantly, the exploit does not affect or compromise the device's Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure. That said, PS Team says that "although usbliter8 doesn't affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave," adding that "by releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security." [...] Given that this is also an unpatchable exploit, the researchers note that "affected users should be aware that migrating to newer hardware remains the most effective mitigation."

IOS

Apple Announces Major App Store Changes on iOS in Brazil (macrumors.com) 10

Apple is allowing iPhone developers in Brazil to distribute apps through authorized alternative marketplaces and use third-party payment systems following action by the country's competition regulator. "In other words, developers in Brazil will be able to circumvent the App Store and Apple's in-app purchase system, but there are still fees," reports MacRumors. Apple will collect commissions ranging from 5% on externally distributed apps to as much as 26% for some App Store transactions using its payment system. From the report: Alternative app marketplaces will have to be authorized by Apple and will need to meet ongoing requirements. For apps that are still distributed through the App Store, developers will be able to include an alternative payment processing method in their app and/or link users to a website to complete a transaction. These changes are available on iOS 26.5 and later, and they are the result of regulatory action from Brazil's competition regulator. Apple has added a new page on its website with additional details for developers in Brazil.

Apple said these changes introduce privacy and security risks for users, including children. The company has introduced safeguards to mitigate these risks, including a notarization process for iOS apps, an authorization process for app marketplaces, and limitations on external links and alternative payments for users under the age of 18. Apple has already allowed alternative app stores and/or third-party payment systems on iOS in the EU, Japan, and South Korea, and it will likely be forced to do so in the UK and Australia too, due to similar regulations in those countries.

Books

'Steve Jobs In Exile' Remembers the Birth of the Web and 'Making Unix Taste Sweet' (arstechnica.com) 34

Ars Technica shares some anecdotes from Steve Jobs in Exile, a new book released last month: [Author Geoffrey] Cain reminds us, in stunning detail, that Jobs' "exile" era at NeXT was not only critical to his evolution as a man and an entrepreneur, but that it mattered for the rest of us, too. The technological innovations that came out of NeXT — notably, the NeXTSTEP OS — continue to live on in what we now call both macOS and iOS. As Cain puts it, "NeXTSTEP was Steve's attempt to make Unix taste sweet...."

[W]hile many tech nerds know that Tim Berners-Lee created the first World Wide Web server on a NeXT machine while working in Switzerland in 1990, few know that NeXT employees were wary of bringing the news to Jobs. Why? They feared his wrath "and that he would dismiss [the web] as 'shit.'" (In another timeline, NeXT might itself have capitalized on this world-changing innovation....)

Perhaps one of the wildest anecdotes that Cain uncovered was how one voicemail changed computer history forever. In 1996, when Apple was solidly in its mediocre Performa era — and considering buying BeOS as the basis for its new operating system — a mid-level NeXT product manager asked aloud, "Why don't we just frickin' call Apple?" (NeXT was also struggling during this period.) And so someone did. As Cain writes:

Garrett left the group of managers, walked back to his office, and took a risk. He picked up his designer phone and called the head of software at Apple. He left what he described as "one of my more inspired sales pitches" on the man's voicemail, explaining why Apple should be looking at NeXT instead of Be... In any other universe, Garrett's call might have gotten him fired. But in this timeline, it worked out. And thanks to him, Steve [Jobs] was about to enter Apple's airspace once again.

Thanks to long-time Slashdot reader destinyland for sharing the article.
Microsoft

Microsoft Deliberately Bricking All Office For Mac 2019/2021 Installations (osnews.com) 190

Microsoft Office 2019 and 2021 for Mac will reportedly drop into "reduced functionality mode" on July 13, 2026, when a license-validation certificate expires, leaving perpetually licensed apps able to open files but not edit or save them. Slashdot reader joshuark shares a report from OSnews: "Microsoft Office 2019 and 2021 for Mac view-only conversion (2026) is a scheduled remote degradation of perpetually-licensed Microsoft Office software for macOS and iOS, set for July 13, 2026 when a license-validation certificate used by the Office apps expires," reports the Consumer Rights Wiki. "After Office 2019 for Mac reached end of support in October 2023, Microsoft assured customers their installed apps would 'continue to function.' The July 13, 2026 conversion instead drops the apps into a Microsoft-defined 'reduced functionality mode,' in which files can be opened and viewed but not edited or saved. By May 30, 2026, the original 2023 end-of-support page had been re-dated and rewritten on Microsoft's site; the 'continue to function' clause was removed."

Microsoft's advice to the users they're stealing from is to keep using the applications as mere viewers, switch to the free Office 365 web applications, pay for a 365 subscription, or buy a brand new regular copy of Office 2024. None of these make any sense, and clearly, all of this should be illegal, but it's not because the software industry is a clown show.

AI

DuckDuckGo Installs Up 30% After Google Announced AI Search (yahoo.com) 24

After Google announced AI-emphasizing changes to its search results, many web surfers began defecting to DuckDuckGo, reports TechCrunch. (They describe DuckDuckGo as "a privacy-focused alternative" that accounts for around 2% of the U.S. search market...) DuckDuckGo said U.S. app installs went up 18.1% week-over-week on average during the May 20 to May 25 period, compared to May 13 to May 18. The company said that growth was sustained for six consecutive days and peaked at 30.5% on May 25. On iOS, the rate of install is even higher, with week-over-week growth hitting a 33% average, peaking at 69.9%... DuckDuckGo said the trend is stronger in the U.S, and that DuckDuckGo continued to gain users over the Memorial Day weekend, when it usually sees a dip in traffic. Some of that data is backed up by third parties. App analytics company Apptopia found a 29% increase in average daily downloads in the U.S. and a 12% increase globally over the same period.
DuckDuckGo also said visits to its AI-free search page, noai.duckduckgo.com averaged 22.7% week-over-week growth, peaking at 27.7% on May 24, according to the article. ("DuckDuckGo also offers an AI Image Filter that filters out AI-created images from search results.")

TechCrunch delves into the reason why: I overheard a woman on the phone saying she was switching to DuckDuckGo because you can "opt out of using AI... Google just isn't Google anymore," she said. It seems that others had the same idea... Some have argued it will kill the open web, while others shared concerns that AI overviews surface inaccurate responses and take away control from users who might not want to use AI. It also overcomplicates simple things.
A Google spokesperson pointed out that AI Mode isn't the default in their search results. (And CNET notes Google include an AI-free "Web" choice in its results if you just want a page of ftraditional blue links.)

TechCrunch adds that DuckDuckGo also offers a separate free tool called Duck.ai offering access to models including Claude, Meta's Llama and OpenAI's GPT-5 mini. "All chats are private because DuckDuckGo strips the user's IP address before requests reach model providers, deletes conversations within 30 days, and prevents chats from being used for training."
AI

Apple Preparing New 'Gen AI' Website Ahead of WWDC — and New AI Features? (9to5mac.com) 11

Apple just registered a new subdomain record: genai.apple.com.

The domain was spotted by a MacRumors contributing researcher, and though it doesn't yet lead to a live web page, they believe it's tied to Apple's annual developers conference WWDC which starts June 8, "where the company has promised to announce 'AI advancements' across its software platforms."

The blog 9to5Mac speculates that "All signs point to WWDC 2026 being Apple's major AI renaissance, where the company will live up to the promises it made back at WWDC 2024, as well as a few additional new announcements." [I]it goes without saying that this is probably related to Apple's upcoming generative AI announcements at WWDC... Siri should finally be able to understand more personal context, have on screen awareness, and be able to take action in apps for you. This'll finally be made possible thanks to Apple's new partnership with Google, where Apple will be using Gemini-diffused models hosted on Private Cloud Compute to power Siri... Apple will also reportedly be introducing a new Siri app. This'll allow you to access your previous Siri conversations, as well as have text-based conversations with Siri.

Other Apple Intelligence upgrades coming at WWDC 2026 include the ability to generate wallet passes from physical tickets, new editing features in the Photos app, and additional functionality for Visual Intelligence...

Social Networks

Writers Are Fleeing the Substack Tax (theverge.com) 24

A growing number of writers are leaving Substack for alternatives most people haven't heard of like Ghost, Beehiiv, Patreon, and Passport. The reason, writes The Verge's Emma Roth, is the "platform's increased focus on social features as well as a pricing model that puts a chokehold on their business." From the report: Sean Highkin, the creator of the NBA-focused publication The Rose Garden Report, tells The Verge that he makes "significantly more money" after switching from Substack to Ghost last April. "When I first joined up, [Substack] gave me a big push and featured me and funneled a lot of traffic to me, which led to a good amount of growth," Highkin says. "But once I wasn't one of the 'new recruited talent' they could tout, they stopped featuring me and I saw my growth stagnate." Highkin now pays $2,052 per year using Ghost and an add-on called Outpost, compared to $4,968 per year on Substack. The Rose Garden Report's subscriber base has grown 22 percent since the end of 2024, Highkin says. [...]

Substack launched in 2017 as a platform that allows writers to create their own newsletters and manage paying subscribers. Unlike some of its biggest rivals, Substack takes a 10 percent cut of total subscription revenue. That tax may not seem substantial at first, but it quickly adds up as creators gain subscribers and begin charging more for their subscriptions. A calculator on Substack's own website estimates that for a newsletter charging $10 per month with 400 subscribers, the total monthly cost -- including the platform's 10 percent cut and credit card processing fees -- would add up to $636. That cost jumps to $15,900 per month with 10,000 subscribers and skyrockets to $79,500 per month for 50,000 members -- nearly $1 million per year.

Many Substack rivals charge a flat monthly fee, rather than a commission. Ghost, an open-source platform for blogs and newsletters, starts at $15 per month with 1,000 members for website creation, email newsletter capabilities, and a custom domain. Beehiiv, a creator platform with tools for launching a newsletter, website, and podcast, is free for up to 2,500 subscribers with limited access to certain features, like a built-in ad network, while its other plans vary in price based on subscriber count. A person with 10,000 subscribers, for example, will pay $96 per month for Beehiiv's "Scale" plan. There's also Kit, a newsletter platform that offers a tiered pricing model similar to Beehiiv, costing $116 per month with 10,000 subscribers on its "Creator" plan.
It's not just the 10% fee critics are complaining about; they also argue the platform offers limited customization and third-party integrations compared to some of the mentioned alternatives, heavily promotes its own branding and social features, and makes creators more dependent on its ecosystem.

Beehiiv founder Tyler Denk argues that creators should be able to build their own brands without the platform taking center stage: "We don't want to take credit for the work of our content creators." While writers can export subscribers, content, and some payment relationships, they cannot take Substack "followers" or Apple-managed iOS billing data with them.
Encryption

iPhone-Android RCS Conversations Are End-To-End Encrypted In iOS 26.5 (macrumors.com) 26

Apple says end-to-end encryption for RCS messages between iPhone and Android is now available in iOS 26.5, though the feature is still considered beta and depends on carrier support on both sides. MacRumors reports: Apple says that it worked with Google to lead a cross-industry effort to add E2EE to RCS. iOS users will need iOS 26.5, while Android users will need the latest version of Google Messages. End-to-end encryption is on by default, and there is a toggle for it in the Messages section of the Settings app. Encrypted messages are denoted with a small lock symbol. On iPhones not running iOS 26.5, RCS messages between iPhone and Android users do not have E2EE, but the new update will put Android to iPhone conversations on par with iPhone to iPhone conversations that are encrypted through iMessage.

Along with Google, Apple worked with the GSM Association to implement E2EE for RCS messages. E2EE is part of the RCS Universal Profile 3.0, published with Apple's help and built on the Messaging Layer Security protocol. RCS Universal Profile 3.0 also includes editing and deleting messages, cross-platform Tapback support, and replying to specific messages inline during cross-platform conversations.

Privacy

Apple Stops Weirdly Storing Data That Let Cops Spy On Signal Chats (arstechnica.com) 34

Apple has fixed a bug that could cause parts of Signal notifications to remain stored on iPhones even after messages disappeared and the app was deleted. "Affected users concerned about push notifications can update their devices to stop what Apple characterized as 'notifications marked for deletion' that 'could be unexpectedly retained on the device,'" reports Ars Technica. "According to Apple, the push notifications should never have been stored, but a 'logging issue' failed to redact data." From the report: Vulnerable users hoping to evade law enforcement surveillance often use encrypted apps like Signal to communicate sensitive information. That's why users felt blindsided when 404 Media reported that Apple was unexpectedly storing push notifications displaying parts of encrypted messages for up to a month. This occurred even after the message was set to disappear and the app itself was deleted from the device.

404 Media flagged the issue after speaking to multiple people who attended a hearing where the FBI testified that it "was able to forensically extract copies of incoming Signal messages from a defendant's iPhone, even after the app was deleted, because copies of the content were saved in the device's push notification database." The shocking revelation came in a case that 404 Media noted was "the first time authorities charged people for alleged 'Antifa' activities after President Trump designated the umbrella term a terrorist organization."
"We're grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue," Signal's post said. "It takes an ecosystem to preserve the fundamental human right to private communication."

In their post, Signal confirmed that after users update their devices, "no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications."
IOS

Tim Cook Calls Apple Maps Launch His 'First Really Big Mistake' as CEO (macrumors.com) 79

In a recent town hall meeting reported by Bloomberg (paywalled), Apple CEO Tim Cook named the troubled 2012 launch of Apple Maps as his "first really big mistake" in the role. "The product wasn't ready, and we thought it was because we were testing more of local kind of stuff," Cook told staff. MacRumors reports: Reflecting on the debacle, Cook said it was "valuable," noting that he expressed regret to users at the time and suggested they use competing navigation apps instead.

"We apologized for it, and we said, 'Go use these other apps. They're better than ours.' And that was some humble pie," Cook said. "But it was the right thing for our users. And so it's an example of keeping the user at the center of the decisions that we made." Cook added: "Now we've got the best map app on the planet. We learned about persistence, and we did exactly the right thing having made the mistake."

Mozilla

Mozilla 'Thunderbolt' Is an Open-Source AI Client Focused On Control and Self-Hosting 23

BrianFagioli writes: Mozilla's email subsidiary MZLA Technologies just introduced Thunderbolt, an open-source AI client aimed at organizations that want to run AI on their own infrastructure instead of relying entirely on cloud services. The idea is to give companies full control over their data, models, and workflows while still offering things like chat, research tools, automation, and integration with enterprise systems through the Haystack AI framework. Native apps are planned for Windows, macOS, Linux, iOS, and Android. Thunderbolt allows organizations to do the following:
- Run AI with their choice of models, from leading commercial providers to open-source and local models
- Connect to systems and data: Integrate with pipelines and open protocols, including: deepset's Haystack platform, Model Context Protocol (MCP) servers, and agents with the Agent Client Protocol (ACP)
- Automate workflows and recurring tasks: Generate daily briefings, monitor topics, compile reports, or trigger actions based on events and schedules
- Work seamlessly across devices with native applications for Windows, macOS, Linux, iOS, and Android
- Maintain security with self-hosted deployment, optional end-to-end encryption, and device-level access controls
Apple

Apple AI Glasses Will Rival Meta's With Several Styles, Oval Cameras (bloomberg.com) 56

Bloomberg's Mark Gurman reports that Apple is developing display-free AI smart glasses aimed at rivaling Meta's Ray-Bans, with multiple frame styles, a distinctive oval camera design, and tight iPhone integration. "The idea is to unveil the product at the end of 2026 or early the following year, with the actual release coming in 2027," writes Gurman. From the report: Like Meta's offering, Apple's glasses will be designed to handle everyday uses: capturing photos and videos, syncing with a smartphone for editing and sharing, handling phone calls, listening to notifications, playing music, and enabling hands-free interaction via a voice assistant. In Apple's case, that assistant will be a significantly upgraded Siri coming in iOS 27. The glasses are part of a broader, three-pronged AI wearables strategy that also includes new AirPods and a camera-equipped pendant. Each device is designed to leverage computer vision to interpret the user's surroundings and feed contextual awareness into Siri and Apple Intelligence. That will enable features like improved turn-by-turn map directions and visual reminders.

When Apple typically enters a new product category, it offers clear advantages over what's currently available. We saw this with the original iPod, iPhone, iPad and Apple Watch -- and, even though it was a flop, the Vision Pro. That approach won't be as obvious with Apple's upcoming foldable iPhone, but we should see it on full display with the glasses. According to employees working on the project, Apple's strategy is to outdo competitors by tightly integrating the glasses with the iPhone and offering a higher-end build. While Meta relies heavily on partner EssilorLuxottica SA for frames, Apple is unsurprisingly planning to go at it alone in terms of design. That also should set it apart from Alphabet Inc.'s Google and Samsung Electronics Co., which are leaning on Warby Parker.

Apple's design team has whipped up at least four different styles and plans to launch some or all of them, I'm told, as well as many color options. The latest units are made from a high-end material called acetate, which is known to be more durable and luxurious than the standard plastic used by many brands. Here are the designs in testing:
- A large rectangular frame, reminiscent of Ray-Ban Wayfarers
- A slimmer rectangular design, similar to the glasses worn by Apple Chief Executive Officer Tim Cook
- Larger oval or circular frames
- A smaller, more refined oval or circular option

Encryption

Google Rolls Out Gmail End-To-End Encryption On Mobile Devices (bleepingcomputer.com) 27

Gmail's end-to-end encryption is now available on all Android and iOS devices, letting enterprise users send and read encrypted emails directly in the app without any extra tools. "This launch combines the highest level of privacy and data encryption with a user-friendly experience for all users, enabling simple encrypted email for all customers from small businesses to enterprises and public sector," Google announced in a blog post. BleepingComputer reports: Starting this week, encrypted messages will be delivered as regular emails to Gmail recipients' inboxes if they use the Gmail app. Recipients who don't have the Gmail mobile app and use other email services can read them in a web browser, regardless of the device and service they're using.

[...] This feature is now available for all client-side encryption (CSE) users with Enterprise Plus licenses and the Assured Controls or Assured Controls Plus add-on after admins enable the Android and iOS clients in the CSE admin interface via the Admin Console. Gmail's end-to-end encryption (E2EE) feature is powered by the client-side encryption (CSE) technical control, which allows Google Workspace organizations to use encryption keys they control and are stored outside Google's servers to protect sensitive documents and emails.

Apple

Apple Brings Device-Level Age Verification to Two More Countries (9to5mac.com) 44

11 days ago Apple launched device-level age restrictions in the U.K. There were some glitches, reports the blog 9to5Mac. For me, the experience was an entirely painless one, taking less than 30 seconds. All I had to do was tap a confirm and continue button, and Apple told me that the length of time I'd had an Apple account was used to confirm that I'm 18+. Others, however, experienced difficulties with the process timing out or failing to complete. We summarized some of the steps you can take to try to address this. Apple has since listed additional acceptable ways to verify your age. "You can confirm your age with a credit card, or by scanning a driver's license or one of the following PASS-accredited Proof of Age cards: CitizenCard, My ID Card, TOTUM ID card, or Young Scot National Entitlement Card."

If you don't verify your age, then you'll be treated as a child or teenager, meaning that both the web content filter and communication safety features are switched on.

Apple is continuing the roll-out in Singapore (population 6 million) and South Korea (population 52 million), the article points out, citing a new Apple support document.

South Korea's law actually requires Apple to re-verify someone's age annually.
Social Networks

Will Social Media Change After YouTube and Meta's Court Defeat? (theverge.com) 54

Yes, this week YouTube and Meta were found negligent in a landmark case about social media addiction.

But "it's still far from certain what this defeat will change," argues The Verge's senior tech and policy editor, "and what the collateral damage could be." If these decisions survive appeal — which isn't certain — the direct outcome would be multimillion-dollar penalties. Depending on the outcome of several more "bellwether" cases in Los Angeles, a much larger group settlement could be reached down the road... For many activists, the overall goal is to make clear that lawsuits will keep piling up if companies don't change their business practices...

The best-case outcome of all this has been laid out by people like Julie Angwin, who wrote in The New York Times that companies should be pushed to change "toxic" features like infinite scrolling, beauty filters that encourage body dysmorphia, and algorithms that prioritize "shocking and crude" content. The worst-case scenario falls along the lines of a piece from Mike Masnick at Techdirt, who argued the rulings spell disaster for smaller social networks that could be sued for letting users post and see First Amendment-protected speech under a vague standard of harm. He noted that the New Mexico case hinged partly on arguing that Meta had harmed kids by providing end-to-end encryption in private messaging, creating an incentive to discontinue a feature that protects users' privacy — and indeed, Meta discontinued end-to-end encryption on Instagram earlier this month.

Blake Reid, a professor at Colorado Law, is more circumspect. "It's hard right now to forecast what's going to happen," Reid told The Verge in an interview. On Bluesky, he noted that companies will likely look for "cold, calculated" ways to avoid legal liability with the minimum possible disruption, not fundamentally rethink their business models. "There are obviously harms here and it's pretty important that the tort system clocked those harms" in the recent cases, he told The Verge. "It's just that what comes in the wake of them is less clear to me".

The article also includes this prediction from legal blogger/Section 230 export Eric Goldman. "There will be even stronger pushes to restrict or ban children from social media." Goldman argues "This hurts many subpopulations of minors, ranging from LGBTQ teens who will be isolated from communities that can help them navigate their identities to minors on the autism spectrum who can express themselves better online than they can in face-to-face conversations."
IOS

iPhone Exploit DarkSword Steals Data In Minutes With No Trace (nerds.xyz) 85

BrianFagioli writes: A new iOS exploit chain called DarkSword shows how attackers can break into certain iPhones, grab sensitive data like messages, credentials, and even crypto wallets, and then disappear without leaving obvious traces. It targets older iOS 18 builds using Safari and WebGPU flaws to escape Apple's sandbox, which is pretty wild on its own, but what really stands out is how fast it works and how financially motivated these attacks have become. The takeaway is simple but important, update your iPhone ASAP and don't assume mobile devices are somehow safer than desktops anymore.
Google

Google Maps Gets Its Biggest Navigation Redesign In a Decade, Plus More AI (arstechnica.com) 57

Google Maps is rolling out its biggest update in more than a decade, introducing a Gemini-powered chatbot and a new "Immersive Navigation" interface. "Ask Maps" lets users plan trips, ask questions, and refine travel suggestions conversationally within the app. "The new chatbot will be accessible via a button up near the search bar," notes Ars Technica. "You can ask it anything you're likely to find in Google Maps without jumping into another app. You can ask for directions, of course, but it can also plan out road trips and vacations from a single prompt. Ask Maps works like a chatbot, so it accepts follow-up prompts to refine and expand on its suggestions."

Meanwhile, Google is promising a "complete transformation" of the navigation experience in Maps with what they're calling "Immersive Navigation." It brings detailed 3D visuals, smarter route previews, and improved guidance powered by data from Street View and aerial imagery. "You'll see accurate overpasses, crosswalks, landmarks, and signage in the new navigation experience," reports Ars. "Google also aims to solve some of the biggest usability issues with turn-by-turn navigation in this update. [...] Immersive Navigation tries to show you more of the route as you drive, using smart zoom and transparent buildings to help you plan ahead. Voice guidance will also reference turns after the next one where appropriate."

Immersive Navigation will also highlights the tradeoffs between different route options, such as longer routes that avoid traffic or tolls. And, as you approach your destination, it will uses Street View imagery, building entrances, and parking information to help you orient yourself. The features are launching on Android and iOS first, with broader platform support coming later.
IOS

Apple Blocks US Users From Downloading ByteDance's Chinese Apps (wired.com) 25

An anonymous reader quotes a report from Wired: While TikTok operates in the United States under new ownership, Apple has deployed technical restrictions to block iOS users in the United States from downloading other apps made by the video platform's Chinese parent organization ByteDance. ByteDance owns a vast array of different apps spanning social media, entertainment, artificial intelligence, and other sectors. The leading one is Douyin, the Chinese version of TikTok, which has over 1 billion monthly active users. While most of those users reside in China, iPhone owners around the world have traditionally been able to download these apps from anywhere without using a VPN, as long as they have a valid App Store account registered in China.

That's not true anymore. Starting in late January, iPhone users in the U.S. with Chinese App Store accounts began reporting that they were encountering new obstacles when they tried to download apps developed by ByteDance. WIRED has confirmed that even with a valid Chinese App Store account, downloading or updating a ByteDance-owned Chinese app is blocked on Apple devices located in the United States. Instead, a pop-up window appears that says, "This app is unavailable in the country or region you're in." The restriction appears to apply only to ByteDance-owned apps and not those developed by other Chinese companies.

The timing and technical specifics suggest the restriction is related to the deal TikTok agreed to in January to divest Chinese ownership of its U.S. operations. The agreement was the result of the so-called TikTok ban law passed by Congress in 2024, which also barred companies like Apple and Google from distributing other apps majority-owned by ByteDance. The Protecting Americans from Foreign Adversary Controlled Applications Act states that no company can "distribute, maintain, or update" any app majority-controlled by ByteDance "within the land or maritime borders of the United States."

The law was primarily aimed at TikTok, which has more than 100 million users in the U.S. and had been the subject of years of debate in Washington over whether its Chinese ownership posed a national security risk. But ByteDance also has dozens of other apps that at some point were also removed from Apple's and Google's app stores in the U.S.. Now it seems like the scope of impact has reached even more apps that are not technically designed for U.S. audiences, such as Douyin, the AI chatbot Doubao, and the fiction reading platform Fanqie Novel.

Iphone

A Possible US Government iPhone-Hacking Toolkit Is Now In the Hands of Foreign Spies, Criminals (wired.com) 39

Security researchers say a highly sophisticated iPhone exploitation toolkit dubbed "Coruna," which possibly originated from a U.S. government contractor, has spread from suspected Russian espionage operations to crypto-stealing criminal campaigns. Apple has patched the exploited vulnerabilities in newer iOS versions, but tens of thousands of devices may have already been compromised. An anonymous reader quotes an excerpt from Wired's report: Security researchers at Google on Tuesday released a report describing what they're calling "Coruna," a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defenses of an iPhone to silently install malware on a device when it visits a website containing the exploitation code. In total, Coruna takes advantage of 23 distinct vulnerabilities in iOS, a rare collection of hacking components that suggests it was created by a well-resourced, likely state-sponsored group of hackers.

In fact, Google traces components of Coruna to hacking techniques it spotted in use in February of last year and attributed to what it describes only as a "customer of a surveillance company." Then, five months later, Google says a more complete version of Coruna reappeared in what appears to have been an espionage campaign carried out by a suspected Russian spy group, which hid the hacking code in a common visitor-counting component of Ukrainian websites. Finally, Google spotted Coruna in use yet again in what seems to have been a purely profit-focused hacking campaign, infecting Chinese-language crypto and gambling sites to deliver malware that steals victims cryptocurrency.

Conspicuously absent from Google's report is any mention of who the original surveillance company "customer" that deployed Coruna may have been. But the mobile security company iVerify, which also analyzed a version of Coruna it obtained from one of the infected Chinese sites, suggests the code may well have started life as a hacking kit built for or purchased by the US government. Google and iVerify both note that Coruna contains multiple components previously used in a hacking operation known as "Triangulation" that was discovered targeting Russian cybersecurity firm Kaspersky in 2023, which the Russian government claimed was the work of the NSA. (The US government didn't respond to Russia's claim.)

Coruna's code also appears to have been originally written by English-speaking coders, notes iVerify's cofounder Rocky Cole. "It's highly sophisticated, took millions of dollars to develop, and it bears the hallmarks of other modules that have been publicly attributed to the US government," Cole tells WIRED. "This is the first example we've seen of very likely US government tools -- based on what the code is telling us -- spinning out of control and being used by both our adversaries and cybercriminal groups." Regardless of Coruna's origin, Google warns that a highly valuable and rare hacking toolkit appears to have traveled through a series of unlikely hands, and now exists in the wild where it could still be adopted -- or adapted -- by any hacker group seeking to target iPhone users.
"How this proliferation occurred is unclear, but suggests an active market for 'second hand' zero-day exploits," Google's report reads. "Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities."

Slashdot Top Deals