An anonymous reader quotes a report from The Verge: Apple's AI features are finally starting to appear. Apple Intelligence is launching today on the iPhone, iPad, and Mac, offering features like generative AI-powered writing tools, notification summaries, and a cleanup tool to take distractions out of photos. It's Apple's first official step into the AI era, but it'll be far from its last. Apple Intelligence has been available in developer and public beta builds of Apple's operating systems for the past few months, but today marks the first time it'll be available in the full public OS releases. Even so, the features will still be marked as "beta," and Apple Intelligence will very much remain a work in progress. (You'll have to get on a waitlist to try Apple Intelligence, too.) Siri gets a new look, but its most consequential new features -- like the ability to take action in apps -- probably won't arrive until well into 2025.

In the meantime, Apple has released a very "AI starter kit" set of features. "Writing Tools" will help you summarize notes, change the tone of your messages to make them friendlier or more professional, and turn a wall of text into a list or table. You'll see AI summaries in notifications and emails, along with a new focus mode that aims to filter out unimportant alerts. The updated Siri is signified by a glowing border around the screen, and it now allows for text input by double-tapping the bottom of the screen. It's helpful stuff, but we've seen a lot of this before, and it'll hardly represent a seismic shift in how you use your iPhone. Apple says that more Apple Intelligence features will arrive in December. [...] Availability will expand in December to Australia, Canada, Ireland, New Zealand, South Africa, and the UK, with additional languages coming in April. Despite Apple's previous claim that Apple Intelligence wouldn't be available in the European Union due to the Digital Markets Act, the features will, in fact, be coming to Europe in April of next year.

Further reading: Apple Updates the iMac With M4 Chip

An anonymous reader shared this report from the blog OMG Ubuntu: Having recently announced is own range of Raspberry Pi-branded SD cards (with support for command queuing on the Pi 5 and reliable read/write speeds) the company is now offering its own range of branded Raspberry Pi SSDs... And for those who don't have an M.2 expansion board? Well, that's where the new Raspberry Pi SSD Kit comes in. It bundles the official M.2 HAT+ with an SSD for an all-in-one, ready-to-roll solution.
Eben Upton expects it to be a popular feature: When we launched Raspberry Pi 5, almost exactly a year ago, I thought the thing people would get most excited about was the three-fold increase in performance over 2019's Raspberry Pi 4. But very quickly it became clear that it was the other new features — the power button (!), and the PCI Express port — that had captured people's imagination. We've seen everything from Ethernet adapters, to AI accelerators, to regular PC graphics cards attached to the PCI Express port... We've also released an AI Kit, which bundles the M.2 HAT+ with an AI inference accelerator from our friends at Hailo. But the most popular use case for the PCI Express port on Raspberry Pi 5 is to attach an NVMe solid-state disk (SSD).

SSDs are fast; faster even than our branded A2-class SD cards. If no-compromises performance is your goal, you'll want to run Raspberry Pi OS from an SSD, and Raspberry Pi SSDs are the perfect choice. The entry-level 256GB drive is priced at $30 on its own, or $40 as a kit; its 512GB big brother is priced at $45 on its own, or $55 as a kit... The 256GB SSD and SSD Kit are available to buy today, while the 512GB variants are available to pre-order now for shipping by the end of November.

So, there you have it: a cost-effective way to squeeze even more performance out of your Raspberry Pi 5. Enjoy!

The Register's Laura Dobberstein reports: Huawei formally launched its home-brewed operating system, HarmonyOS NEXT, on Wednesday, marking its official separation from the Android ecosystem. Huawei declared it released and "officially started public beta testing" of the OS for some of its smartphones and tablets that run its own Kirin and Kunpeng chips.

Unlike previous iterations of HarmonyOS, HarmonyOS NEXT no longer supports Android apps. Huawei maintains top Chinese outfits aren't deterred by that. It cited Meituan, Douyin, Taobao, Xiaohongshu, Alipay, and JD.com as among those who have developed native apps for the OS. In case you're not familiar, they're China's top shopping, payment, and social media apps.

Huawei also claimed that at the time of its announcement, over 15,000 HarmonyOS native applications and meta-services were also launched. That's a nice number, but well short of the millions of apps found on the Google Play Store and Apple's App Store. The Chinese tech player also revealed that the operating system has 110 million lines of code and claimed it improves the overall performance of mobile devices running it by 30 percent. It also purportedly increases battery life by 56 minutes and leaves an average of 1.5GB of memory for purposes other than running the OS.

Apple is working on a more affordable $2,000 "Apple Vision" spatial computing headset that could be launched as early as next year, according to Bloomberg's Mark Gurman. MacRumors reports: The new headset would be a lower-end counterpart to the $3,500 Apple Vision Pro, which was released in February. Apple reportedly expects this more affordable model to sell at least twice as many units as the Vision Pro, though "that's not saying much," adds Gurman. Apple will struggle to hit 500,000 Vision Pro sales this year, according to market tracker IDC.

To achieve the lower price point, the Apple Vision would likely use a less powerful processor and cheaper materials than aluminum and glass. The device is also expected to omit certain inessential features, such as the EyeSight display that shows the user's eyes on the outside of the headset. Apple could also use larger, lower resolution displays for the more affordable version of the Vision Pro headset, according to previous reports. Gurman also notes that Apple is working on a second-generation Vision Pro, slated for release in 2026, and a separate smart glasses device to accompany the Vision headsets.

wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.
He's also written guides on building cheap anti-drone equipment...

Phoronix's Michael Larabel reports: OpenBSD 7.6 is out this evening as another major step forward for this BSD operating system with enhanced hardware support, security improvements, updating various user-space software, and enabling other kernel enhancements. There are a ton of changes to find with the just-released OpenBSD 7.6.

Some of the new OpenBSD 7.6 features include:

- OpenBSD 7.6 provides initial support for Qualcomm Snapdragon X1 Elite (X1E80100) SoCs. The 7.6 release also has initial Samsung Galaxy Book4 Edge boot support in ACPI mode with OpenBSD 7.6.
- ARM64 has additional CPU security mitigations with Spectre-V4 now in place on ARM64 and adding Spectre-BHB for Cortex-A57 cores.
- OpenBSD 7.6 on RISC-V now supports the Milk-V Pioneer board.
- OpenBSD 7.6 on AMD64 has finally implemented support for AVX-512.
- Various SMP kernel improvements. You can view the full list of features and download the OpenBSD 7.6 release via OpenBSD.org.

"Pine64 has confirmed that its open-source e-ink tablet is returning," reports the blog OMG Ubuntu: The [10.1-inch e-ink display] PineNote was announced in 2021, building on the success of its non-SBC devices like the PinePhone (and later Pro model), the PineTab, and PineBook devices. Like most of Pine64's devices, software support is largely tackled by the community. But only a small batch of developer units were ever sold, primarily by enthusiasts within the open-source community who had the knowledge and desire to work on getting a modern Linux OS to run on the hardware, and adapt to the e-ink display.

That process has taken a while, as Pine64's community bloggers explain:

"The PineNote was stuck in a chicken-and-egg situation because of the very high cost of manufacturing the device (ePaper screens are sadly still expensive), and so the risk of manufacturing units that then didn't have a working Linux OS and would not sell was huge."

However, the proverbial egg has finally hatched. The PineNote now has a reliable Debian-based OS, developed by Maximilian Weigand. This is described as "not only a bare-bones capable OS but a genuinely daily-usable system that 'just works'" according to the Pine64 blog. ["This is excellent as it also moves the target audience from developers to every day users. You should be able to power on the device and drop into a working Gnome experience."] It is said to use the GNOME desktop plus a handful of extensions designed to ensure the UI adapts to working well with an e-ink display. Software pre-installed includes Xournal++ for note taking, Firefox for web browsing, and Foliate for reading ebooks, among others. [And it even runs Doom...]

Existing PineNote owners can download the the new OS image, flash it to their device, and help test it... Touch and stylus input are major selling points of the PineNote, positioning it as a libre alternative to leading e-ink note-taking devices like the Remarkable 2, Onyx BOOX, and Amazon Scribe.
"I do not (yet) have a launch date target," according to the blog post, "as behind-the-scenes the Pine Store team are still working on all things production."

But the update also links to some blog posts about their free and open source smartwatch PineTime...

He's the long-time Slashdot reader who installed Linux on a 1993 PC — and then installed a 1994 version of MS-DOS on a modern Thinkpad X13. (And somewhere along the way, he even built a ChatGPT client for DOS...)

But in a new blog post, yeokm1 reveals "I recently built myself a PC," salvaging parts from a previous desktop system to bootstrap an upgrade. And "I decided to build one with the ability to still reach back into the past to run MS-DOS..."

The result? A Ryzen 5 7600 and GeForce 4060 Ti system, but with a floppy drive, optical drive, Sound Blaster card, serial, parallel and PS/2 ports — that runs MS-DOS. The fact that a 30-year-old MS-DOS 6.22 can still work well enough on such a modern hardware is testament to the efforts made by the industry to ensure good x86 PC backward compatibility. AMD, Nvidia and Asus deserve to be commended on their efforts here.

I'm also impressed that the modern Nvidia Geforce 4060 Ti still supports some legacy video BIOS modes to a usable level although this is not complete. I didn't document in this blog post but brief tests with other VESA modes and resolutions didn't work so well. I wonder how long more this amount of x86 PC backward-compatibility will continue to last though... It definitely feels like the end is near.
Their blog post includes a video about their system. (And yes, it plays Doom.) But their ultimate goal is to use it to play modern games like Cyberpunk 2077 and Flight Simulator 2020 (as well as the upcoming Flight Simulator 2024) "at reasonably good settings and performance." (And also to experiment with light machine-learning workloads, do basic video editing, run virtual machines.)

After successfully building their DOS-running system, they asked ChatGPT what it thought. Would the system's specs be powerful enough to handle the 30-year-old operation system? And ChatGPT confidently replied:

"Neither the Ryzen 5 7600 nor the GeForce RTX 4060 Ti is designed to run DOS natively. DOS is an older operating system that was primarily used on x86 architecture from the late 20th century, and modern hardware like the Ryzen 5 7600 and GeForce RTX 4060 Ti are not compatible with DOS due to their 64-bit architecture and lack of necessary drivers to interface correctly with DOS, which relied on much older technology..."

yeokm1's blog post concludes: "I think I just proved ChatGPT wrong :P"

First announced in 2018, Samsung's "One UI" software is expanding to all the company's major tech products in 2025. 9to5Google reports: At its annual developer conference, Samsung announced that "One UI" is the new name for the company's software experiences across "major product lines." This specifically includes TVs and home appliances. Samsung says: "In addition, the company announced that it will integrate the software experience of its major product lines -- from mobile devices to TVs and home appliances -- under the name One UI next year. By providing a cohesive product experience and committing to software upgrades for up to seven years, Samsung will continue to bring innovation for its customers."

There's no word on how, if at all, this will affect software design or features, but the cohesive branding and the announcement mentioning that it will "integrate the software experience" implies we'll see similar designs across the company's portfolio, at least eventually. Samsung also announced that One UI 7, its next Android update, would be delayed to 2025 with a beta "before the end of the year" during the same keynote.

Microsoft launched its annual Windows 11 update today, introducing significant changes to the operating system. The Windows 11 2024 Update, or 24H2, will roll out gradually, starting with PCs running versions 22H2 or 23H2 that have opted for faster feature updates. Key additions include an Energy Saver feature, Wi-Fi 7 support, and 80Gbps USB4 Version 2.0 compatibility. Select high-end PCs meeting Copilot+ requirements will gain access to enhanced features like an improved Recall function and generative AI tools in Paint.

This update marks the most substantial overhaul of Windows 11 since its 2021 release, with major changes to the compiler, kernel, and scheduler. Microsoft has also improved the Arm-to-x86 app translation layer, now dubbed "Prism." While stable, users may encounter occasional issues. The update maintains Windows 11's existing hardware requirements but raises the bar for unsupported installations.

The Tor Project: Today the Tor Project, a global non-profit developing tools for online privacy and anonymity, and Tails, a portable operating system that uses Tor to protect users from digital surveillance, have joined forces and merged operations. Incorporating Tails into the Tor Project's structure allows for easier collaboration, better sustainability, reduced overhead, and expanded training and outreach programs to counter a larger number of digital threats. In short, coming together will strengthen both organizations' ability to protect people worldwide from surveillance and censorship.

Countering the threat of global mass surveillance and censorship to a free Internet, Tor and Tails provide essential tools to help people around the world stay safe online. By joining forces, these two privacy advocates will pool their resources to focus on what matters most: ensuring that activists, journalists, other at-risk and everyday users will have access to improved digital security tools.

In late 2023, Tails approached the Tor Project with the idea of merging operations. Tails had outgrown its existing structure. Rather than expanding Tails's operational capacity on their own and putting more stress on Tails workers, merging with the Tor Project, with its larger and established operational framework, offered a solution. By joining forces, the Tails team can now focus on their core mission of maintaining and improving Tails OS, exploring more and complementary use cases while benefiting from the larger organizational structure of The Tor Project.

This solution is a natural outcome of the Tor Project and Tails' shared history of collaboration and solidarity. 15 years ago, Tails' first release was announced on a Tor mailing list, Tor and Tails developers have been collaborating closely since 2015, and more recently Tails has been a sub-grantee of Tor. For Tails, it felt obvious that if they were to approach a bigger organization with the possibility of merging, it would be the Tor Project.

An anonymous reader quotes a report from TechCrunch: Microsoft today revealed Correction, a service that attempts to automatically revise AI-generated text that's factually wrong. Correction first flags text that may be erroneous -- say, a summary of a company's quarterly earnings call that possibly has misattributed quotes -- then fact-checks it by comparing the text with a source of truth (e.g. uploaded transcripts). Correction, available as part of Microsoft's Azure AI Content Safety API (in preview for now), can be used with any text-generating AI model, including Meta's Llama and OpenAI's GPT-4o.

"Correction is powered by a new process of utilizing small language models and large language models to align outputs with grounding documents," a Microsoft spokesperson told TechCrunch. "We hope this new feature supports builders and users of generative AI in fields such as medicine, where application developers determine the accuracy of responses to be of significant importance." Experts caution that this tool doesn't address the root cause of hallucinations. "Microsoft's solution is a pair of cross-referencing, copy-editor-esque meta models designed to highlight and rewrite hallucinations," reports TechCrunch. "A classifier model looks for possibly incorrect, fabricated, or irrelevant snippets of AI-generated text (hallucinations). If it detects hallucinations, the classifier ropes in a second model, a language model, that tries to correct for the hallucinations in accordance with specified 'grounding documents.'"

Os Keyes, a PhD candidate at the University of Washington who studies the ethical impact of emerging tech, has doubts about this. "It might reduce some problems," they said, "But it's also going to generate new ones. After all, Correction's hallucination detection library is also presumably capable of hallucinating." Mike Cook, a research fellow at Queen Mary University specializing in AI, added that the tool threatens to compound the trust and explainability issues around AI. "Microsoft, like OpenAI and Google, have created this issue where models are being relied upon in scenarios where they are frequently wrong," he said. "What Microsoft is doing now is repeating the mistake at a higher level. Let's say this takes us from 90% safety to 99% safety -- the issue was never really in that 9%. It's always going to be in the 1% of mistakes we're not yet detecting."

An anonymous reader quotes a report from Ars Technica: California Gov. Gavin Newsom vetoed a bill that would have required makers of web browsers and mobile operating systems to let consumers send opt-out preference signals that could limit businesses' use of personal information. The bill approved by the State Legislature last month would have required an opt-out signal "that communicates the consumer's choice to opt out of the sale and sharing of the consumer's personal information or to limit the use of the consumer's sensitive personal information." It would have made it illegal for a business to offer a web browser or mobile operating system without a setting that lets consumers "send an opt-out preference signal to businesses with which the consumer interacts."

In a veto message (PDF) sent to the Legislature Friday, Newsom said he would not sign the bill. Newsom wrote that he shares the "desire to enhance consumer privacy," noting that he previously signed a bill "requir[ing] the California Privacy Protection Agency to establish an accessible deletion mechanism allowing consumers to request that data brokers delete all of their personal information." But Newsom said he is opposed to the new bill's mandate on operating systems. "I am concerned, however, about placing a mandate on operating system (OS) developers at this time," the governor wrote. "No major mobile OS incorporates an option for an opt-out signal. By contrast, most Internet browsers either include such an option or, if users choose, they can download a plug-in with the same functionality. To ensure the ongoing usability of mobile devices, it's best if design questions are first addressed by developers, rather than by regulators. For this reason, I cannot sign this bill." Vetoes can be overridden with a two-thirds vote in each chamber. The bill was approved 59-12 in the Assembly and 31-7 in the Senate. But the State Legislature hasn't overridden a veto in decades. "It's troubling the power that companies such as Google appear to have over the governor's office," said Justin Kloczko, tech and privacy advocate for Consumer Watchdog, a nonprofit group in California. "What the governor didn't mention is that Google Chrome, Apple Safari and Microsoft Edge don't offer a global opt-out and they make up for nearly 90 percent of the browser market share. That's what matters. And people don't want to install plug-ins. Safari, which is the default browsers on iPhones, doesn't even accept a plug-in."

ZDNet's Steven Vaughan-Nichols reports: After 20 years, Real-Time Linux (PREEMPT_RT) is finally -- finally -- in the mainline kernel. Linus Torvalds blessed the code while he was at Open Source Summit Europe. [...] The real-time Linux code is now baked into all Linux distros as of the forthcoming Linux 6.12 kernel. This means Linux will soon start appearing in more mission-critical devices and industrial hardware. But it took its sweet time getting here. An RTOS is a specialized operating system designed to handle time-critical tasks with precision and reliability. Unlike general-purpose operating systems like Windows or macOS, an RTOS is built to respond to events and process data within strict time constraints, often measured in milliseconds or microseconds. As Steven Rostedt, a prominent real-time Linux developer and Google engineer, put it, "Real-time is the fastest worst-case scenario." He means that the essential characteristic of an RTOS is its deterministic behavior. An RTOS guarantees that critical tasks will be completed within specified deadlines. [...]

So, why is Real-Time Linux only now completely blessed in the kernel? "We actually would not push something up unless we thought it was ready," Rostedt explained. "Almost everything was usually rewritten at least three times before it went into mainline because we had such a high bar for what would go in." In addition, the path to the mainline wasn't just about technical challenges. Politics and perception also played a role. "In the beginning, we couldn't even mention real-time," Rostedt recalled. "Everyone said, 'Oh, we don't care about real-time.'" Another problem was money. For many years funding for real-time Linux was erratic. In 2015, the Linux Foundation established the Real-Time Linux (RTL) collaborative project to coordinate efforts around mainlining PREEMPT_RT.

The final hurdle for full integration was reworking the kernel's print_k function, a critical debugging tool dating back to 1991. Torvalds was particularly protective of print_k --He wrote the original code and still uses it for debugging. However, print_k also puts a hard delay in a Linux program whenever it's called. That kind of slowdown is unacceptable in real-time systems. Rostedt explained: "Print_k has a thousand hacks to handle a thousand different situations. Whenever we modified print_k to do something, it would break one of these cases. The thing about print_k that's great about debugging is you can know exactly where you were when a process crashed. When I would be hammering the system really, really hard, and the latency was mostly around maybe 30 microseconds, and then suddenly it would jump to five milliseconds." That delay was the print_k message. After much work, many heated discussions, and several rejected proposals, a compromise was reached earlier this year. Torvalds is happy, the real-time Linux developers are happy, print_K users are happy, and, at long last, real-time Linux is real.

Apple's iPadOS 18 update is no longer available after some iPad Pro owners found that it bricked their devices. MacRumors reports: There are reports on Reddit from iPad Pro users who had an interruption in the installation process, leading to an iPad that refused to turn on. A total replacement was required for affected users. Not all M4 iPad Pro owners have had an issue installing the update, and it could be linked to installing the new iOS 17.7 update before installing iOS 18. Apple will make the software available again when the underlying problem has been addressed.

"New malicious software packages tied to the North Korean Lazarus Group were observed posing as a Python coding skills test for developers seeking a new job at Capital One, but were tracked to GitHub projects with embedded malware," reports SC magazine: Researchers at ReversingLabs explained in a September 10 blog post that the scheme was a follow-on to the VMConnect campaign that they first identified in August 2023 in which developers were lured into downloading malicious code via fake job interviews.
More details from The Hacker News These packages, for their part, have been published directly on public repositories like npm and PyPI, or hosted on GitHub repositories under their control. ReversingLabs said it identified malicious code embedded within modified versions of legitimate PyPI libraries such as pyperclip and pyrebase... It's implemented in the form of a Base64-encoded string that obscures a downloader function, which establishes contact with a command-and-control server in order to execute commands received as a response.

In one instance of the coding assignment identified by the software supply chain firm, the threat actors sought to create a false sense of urgency by requiring job seekers to build a Python project shared in the form of a ZIP file within five minutes and find and fix a coding flaw in the next 15 minutes. This makes it "more likely that he or she would execute the package without performing any type of security or even source code review first," Zanki said, adding "that ensures the malicious actors behind this campaign that the embedded malware would be executed on the developer's system."
Tom's Hardware reports that "The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS. This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs."

More from The Hacker News Some of the aforementioned tests claimed to be a technical interview for financial institutions like Capital One and Rookery Capital Limited, underscoring how the threat actors are impersonating legitimate companies in the sector to pull off the operation. It's currently not clear how widespread these campaigns are, although prospective targets are scouted and contacted using LinkedIn, as recently also highlighted by Google-owned Mandiant.

An anonymous Slashdot reader writes: Haiku (the MIT-licensed operating system, inspired by BeOS) has released its fifth beta for Haiku R1.

Some new features include improved UI color management, improved dark mode coloring, Tracker improvements, TUN/TAP support for VPN connections, TCP throughput improvements, performance optimizations, UFS2 (BSD's filesystem) read-only support, new FAT filesystem driver, improved hardware support, improved POSIX compliance, improved performance, and more.
Slashdot has been covering the fate of the BeOS since 2000 (as well as the short-lived derivative project ZETA — and Haiku).

And now "With a history of over two decades and previously known as OpenBeOS, today's Haiku is pushing forward..." writes the site NotebookCheck: Haiku is a spiritual successor to BeOS, with a focus on a clean and user-friendly design paired with low system requirements. The minimum system requirements are still an Intel Pentium II/AMD Athlon CPU or better, at least 384 MB RAM, an 800x600 screen, and at least 3GB storage. It works on both 32-bit and 64-bit x86 PCs, and the 32-bit version can run many unmodified BeOS applications. It might be the best desktop open-source operating system not based on Linux or Unix... It works well in a virtual machine like VirtualBox or UTM.

An anonymous reader quotes a report from Ars Technica: Researchers still don't know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.

Although Doctor Web has a thorough understanding of Vo1d and the exceptional reach it has achieved, company researchers say they have yet to determine the attack vector that has led to the infections. "At the moment, the source of the TV boxes' backdoor infection remains unknown," Thursday's post stated. "One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access." The following device models infected by Vo1d are: [R4, TV BOX, KJ-SMART4KVIP].

One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What's more, Doctor Web said it's not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models. Further, while only licensed device makers are permitted to modify Google's AndroidTV, any device maker is free to make changes to open source versions. That leaves open the possibility that the devices were infected in the supply chain and were already compromised by the time they were purchased by the end user. "These off-brand devices discovered to be infected were not Play Protect certified Android devices," Google said in a statement. "If a device isn't Play Protect certified, Google doesn't have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety."

Users can confirm if their device runs Android TV OS via this link and following the steps here.

wiredmikey shares a report from SecurityWeek: Microsoft on Tuesday raised an alarm for in-the-wild exploitation of a critical flaw in Windows Update, warning that attackers are rolling back security fixes on certain versions of its flagship operating system. The Windows flaw, tagged as CVE-2024-43491 and marked as actively exploited, is rated critical and carries a CVSS severity score of 9.8/10. Redmond's documentation of the bug suggests a downgrade-type attack similar to the 'Windows Downdate' issue discussed at this year's Black Hat conference. Microsoft's bulletin reads: "Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 -- KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability."

To protect against this exploit, Microsoft says Windows users should install this month's Servicing stack update (SSU KB5043936) and the September 2024 Windows security update (KB5043083), in that order.

Apple plans to release the next versions of iOS, iPadOS, macOS, and watchOS to the general public on September 16, the company announced via its website following its iPhone-centric product event earlier today. From a report: We should also see updates for tvOS and the HomePod operating system on the same date. The new releases bring a number of new features and refinements to Apple's platforms: better texting with Android devices thanks to support for the RCS standard, iPhone Mirroring that allows you to interact with your iPhone via your Mac, more UI customization options for iPhones and iPads, and other improvements besides. What won't be included in these initial releases is any hint of Apple Intelligence, the batch of generative AI and machine learning features that Apple announced at its Worldwide Developers Conference in June. Apple is testing some of the Apple Intelligence features in betas of iOS 18.1, iPadOS 18.1, and macOS 15.1, updates that will be released later this fall.