OS X

Apple Releases Meltdown and Spectre Fixes For Older Versions of MacOS (neowin.net) 18

An anonymous reader quotes a report from Neowin: Apple released its round of bug fix/security updates -- including iOS 11.2.5, macOS 10.13.3 High Sierra, watchOS 4.2.2, and tvOS 11.2.5 -- today. In doing so, it also offered some security updates for Macs running older versions of its OS, including OS X 10.11 El Capitan and macOS 10.12 Sierra. The security updates mainly focus on the Meltdown and Spectre vulnerabilities, which were fixed for High Sierra users a couple of weeks ago. OS X 10.11.6 El Capitan got the smallest update, including fixes for IOHIDFamily, Kernel, QuartzCore, and Wi-Fi. As for the Sierra update, it's available for machines that are running macOS 10.12.6. It includes the above fixes, but it also includes improvements for Audio, LinkPresentation, Security, and there's an additional Kernel fix.
Security

Tinder's Lack of Encryption Lets Strangers Spy on Your Swipes (wired.com) 46

Tinder's mobile apps still lack the standard encryption necessary to keep your photos, swipes, and matches hidden from snoops, a security firm reports. From Wired: On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.
Security

'Text Bomb' Is Latest Apple Bug (bbc.com) 60

An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.
IOS

Apple Is Blocking an App That Detects Net Neutrality Violations (vice.com) 258

dmoberhaus writes: Apple isn't allowing a new app developed by a university professor that detects when your internet is being throttled by ISPs from being listed on the app store. The company claimed the app contained "objectionable content" and "has no direct benefits to the user."
The reporter, who tested the app through the beta channel, writes: The app is designed to test download speeds from seven apps: YouTube, Amazon, NBCSports, Netflix, Skype, Spotify, and Vimeo. According to the app, my Verizon LTE service streamed YouTube to my iPhone at 6 Mbps, Amazon Prime video at 8 Mbps, and Netflix at 4 Mbps. It downloaded other data at speeds of up to 25 Mbps. UPDATE: Slashdot reader sl3xd has made us aware of an update to the story. "After this article was published, Apple told Dave Choffnes that his iPhone app, designed to detect net neutrality violations, will be allowed in the iTunes App Store," reports Motherboard. "According to Choffnes, Apple contacted him and explained that the company has to deal with many apps that don't do the things they claim to do. Apple asked Choffnes to provide a technical description of how his app is able to detect if wireless telecom providers throttle certain types of data, and 18 hours after he did, the app was approved." "The conversation was very pleasant, but did not provide any insight into the review process [that] led the app to be rejected in the first place," Choffnes told Motherboard in an email.
Businesses

Tim Cook Says Power Management Feature In Older iPhones Will Be Able To Be Turned Off In Future Update (macrumors.com) 153

In an interview with Rebecca Jarvis of ABC News, Apple CEO Tim Cook touched on the ongoing controversy over power management features in older iPhones. He says that a future update will allow customers to turn off the power management feature that has caused older iPhones to slow down. Mac Rumors reports: According to Cook, when the power management features were first introduced in iOS 10.2.1, Apple did explain what was going on, but following the controversy, he believes Apple should have been clearer. The company did indeed mention that the shutdown issue was caused by uneven power delivery and explained that its power management system had been tweaked, but there was no clear notice that it could cause devices to operate more slowly at times. Cook says Apple "deeply apologizes" to customers who thought the company had other motivations. Apple is introducing better battery monitoring features in a future iOS update, and Cook says Apple will also allow customers to turn off the power management feature, which is new information that the company has not previously shared. The majority of the interview was focused on the announcements that Apple made today. The company plans to contribute $350 billion in the U.S. economy over the next five years, as well as issue employees a bonus of $2,500 of restricted stock units following the introduction of the new U.S. tax law.
Businesses

Apple's Indirect Presence Fades from CES (techpinions.com) 119

Analyst Ben Bajarin writes: We would go to CES and remark at how Apple's dominance loomed over the show. Vendors of all shapes and sizes were rushing to be a part of the Apple ecosystem. Apple's ecosystem was front and center with everything from iOS apps, to accessories galore for iPhone and iPad, and even companies looking to copy Apple in many ways. The last year or so, things have dramatically changed, and that change is further evident at this year's CES. Gone are the days of Apple's presence, or observably "winning" of CES, even though they are not present. It was impossible to walk the show floor and not see a vast array of interesting innovations which touched the Apple ecosystem in some way. Now it is almost impossible to walk the floor and see any products that touch the Apple ecosystem in any way except for an app on the iOS App Store. The Apple ecosystem is no longer the star of CES but instead things like Amazon's Alexa voice platform, and now Google's assistant voice platform is the clear ecosystem winners of CES.
Crime

Apple Health Data Is Being Used As Evidence In a Rape and Murder Investigation (vice.com) 185

An anonymous reader quotes a report from Motherboard: Hussein K., an Afghan refugee in Freiburg, has been on trial since September for allegedly raping and murdering a student in Freiburg, and disposing of her body in a river. But many of the details of the trial have been hazy -- no one can agree on his real age, and most notably, there's a mysterious chunk of time missing from the geodata and surveillance video analysis of his whereabouts at the time of the crime. He refused to give authorities the passcode to his iPhone, but investigators hired a Munich company (which one is not publicly known) to gain access to his device, according to German news outlet Welt. They searched through Apple's Health app, which was added to all iPhones with the release of iOS 8 in 2014, and were able to gain more data about what he was doing that day. The app records how many steps he took and what kind of activity he was doing throughout that day. The app recorded a portion of his activity as "climbing stairs," which authorities were able to correlate with the time he would have dragged his victim down the river embankment, and then climbed back up. Freiburg police sent an investigator to the scene to replicate his movements, and sure enough, his Health app activity correlated with what was recorded on the defendant's phone.
Software

Dell's Mobile Connect Application Will Allow Users To Easily Mirror Their Smartphone on PC; To Come Pre-installed On Company's Future PCs (venturebeat.com) 60

From a report on VentureBeat: Smartphones and computers were designed in different eras, and they don't really work well together, forcing us to split our time between them. But Dell is trying to change that with Dell Mobile Connect software, which makes the two devices more interoperable. [...] You can now make and receive phone calls directly from your computer, and you can also send and receive text messages on your PC screen. This allows you to stay connected on your PC without worrying that you're missing phone notifications or calls. And you can use any Android app on your PC. That allows you to bring your small-screen apps like games to a bigger screen. If your computer doesn't have a touchscreen, you can control the mirrored phone game with a keyboard and mouse. [...] Dell will preload the software on new Dell consumer and business PCs, and it has a free smartphone app that works on either Android or iOS. Dell Mobile Connect will be available on all new Dell Inspiron, XPS, Vostro, or Alienware purchased worldwide in January 2018 or later.
IOS

Apple Updates macOS and iOS To Address Spectre Vulnerability (engadget.com) 67

Days after Apple disclosed how it would be dealing with the Meltdown bug that affects modern computers, it's pushed out fixes for the Spectre exploit as well. From a report: iOS 11.2.2 includes "Security improvements to Safari and WebKit to mitigate the effects of Spectre," the company writes on its support page, while the macOS High Sierra 10.13.2 Supplemental Update does the same for your Mac laptop or desktop. Installing this update on your Mac will also update Safari to version 11.0.2.
Security

macOS Exploit Published on the Last Day of 2017 (bleepingcomputer.com) 62

An anonymous reader shares a report: On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier. Siguza did not notify Apple in advance, so at the time of writing, there is no fix for this flaw. Despite the doom and gloom, the vulnerability is only a local privilege escalation (LPE) flaw that can only be exploited with local access to a computer or after an attacker has already got a foothold on a machine. The vulnerability grants root access to an attacker. The issue affects the IOHIDFamily macOS kernel driver, a component that handles various types of user interactions. Siguza said he read about various flaws in this component and took a look at it to find new ways to compromise iOS, Apple's mobile operating system, where IOHIDFamily is also deployed. The expert says he found the LPE flaw in the IOHIDFamily code specific to macOS versions only. In a tweet, Siguza said, "My primary goal was to get the write-up out for people to read. I wouldn't sell to blackhats because I don't wanna help their cause. I would've submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.
Iphone

Apple's iPhones Were the Best-Selling Tech Product of 2017 (usatoday.com) 88

An anonymous reader quotes USA Today: Once again, the iPhone was the best-selling tech product of 2017, selling more units than the No. 2 through No. 5 products combined. According to Daniel Ives, an analyst with GBH Insights, who compiled the chart for USA TODAY, Apple will sell 223 million iPhones in 2017, up from 211 million phones the previous year... Apple took a risk in introducing three new iPhones for 2017...but all in all, Apple sold more iPhones total, although fewer than the peak year of 2015, when it moved 230 million units. (That was the year of the iPhone 6...)

The global market share for smartphones is dominated by Google's Android system, which owns 85%, compared to 15% for Apple's iOS, according to researcher IDC. But the iPhone is the most popular smartphone brand, having opened a huge gap compared to No. 2 Samsung's Galaxy phones at 33 million. However Samsung, which has a broader portfolio of phones, sells more overall. Indeed, in 2016, Samsung shipped over 320 million phones, most lower-priced phones sold outside the United States, like the J3, On8 and A9 lines.

Apple's strong performance through September earned CEO Tim Cook a $9.3 million bonus on top of his $3.06 million salary -- plus vesting of $89.2 million more in Apple stock. Here's the complete list of the five best-selling tech products of 2017:
  • Apple iPhones: 223 million
  • Samsung Galaxy S8 and Note 8 smartphones: 33 million
  • Amazon Echo Dot connected speakers: 24 million
  • Apple Watch: 20 million
  • Nintendo Switch video game console: 15 million

Power

Slashdot Asks: How Should Apple Have Responded To the Battery Controversy? 177

Yesterday, Apple officially apologized for slowing down older phones in order to compensate for degrading batteries. In a letter to customers, Apple said, "We apologize," offering anyone with an iPhone 6 or later a battery replacement for $29 starting in late January through December 2018 -- a discount of $50 from the unusual replacement cost. They're also promising to add features to iOS that provide more information about the battery health in early 2018.

Apple's response has left many wondering whether or not it is enough. Even though they are discounting the cost of a battery replacement, for example, they are still profiting from each battery replacement. At the end of the day, "Apple only came clean after independent investigation, giving the whole situation an air of underhanded secrecy," writes Macworld. Should Apple have responded differently to the battery controversy? In the first place, should Apple even issue a software update to older devices to purposefully throttle the CPU and prevent the phones from randomly shutting down when experiencing rapid power draw?

Quinn Nelson via Snazzy Labs explains the controversy and how it is largely exaggerated.
Iphone

Apple Apologizes For iPhone Slowdown Drama, Will Offer $29 Battery Replacements (theverge.com) 254

An anonymous reader quotes a report from The Verge: Apple just published a letter to customers apologizing for the "misunderstanding" around older iPhones being slowed down, following its recent admission that it was, in fact, slowing down older phones in order to compensate for degrading batteries. "We know that some of you feel Apple has let you down," says the company. "We apologize." Apple says in its letter that batteries are "consumable components," and is offering anyone with an iPhone 6 or later a battery replacement for $29 starting in late January through December 2018 -- a discount of $50 from the usual replacement cost. Apple's also promising to add features to iOS that provide more information about the battery health in early 2018, so that users are aware of when their batteries are no longer capable of supporting maximum phone performance.
Open Source

Fleeing Google's Apps and iOS, Mandrake Linux Creator Launches 'eelo' Project (hackernoon.com) 122

Open-source veteran Gaël Duval created Mandrake Linux in 1998. But in a new essay, he writes that "I realized that I had become lazy. Not only wasn't I using Linux anymore as my main operating system, but I was using a proprietary OS on my smartphone. And I was using Google more and more."

Long-time Slashdot reader nuand999 writes: He's creating a non-profit project called eelo.io that's going to release a "privacy-friendly" smartphone OS and associated web-services... eelo is going to be forked fromLineageOS, and will ship with the existing open source bricks put together into a consistent and privacy-enhanced, yet desirable, smartphone OS + web-services. A crowdfunding campaign has just started on Kickstarter to fuel early developments.
"iOS is proprietary and I prefer Open Source Software," Gaël writes on Hacker Noon, while also adding that "like millions of others, I'VE BECOME A PRODUCT OF GOOGLE... I'm not happy because Google has become too big and is tracking us by catching a lot of information about what we do. They want to know us as much as possible to sell advertising..."

"People are free to do what they want. They can choose to be volunteery slaves. But I do not want this situation for me anymore. I want to reconquer my privacy. My data is MY data. And I want to use Open Source software as much as possible."
Software

Apple Says Apps Must Now Disclose Odds For Loot Boxes (kotaku.com) 88

Apple has revised the guidelines for its App Store, including a provision that loot boxes must be transparent about their odds. "Apps offering 'loot boxes' or other mechanisms that provide randomized virtual items for purchase must disclose the odds of receiving each type of item to customers prior to purchase," reads the new rule, which will affect the most popular games on iOS, including Hearthstone, The Simpsons Tapped Out, and Clash Royale. Kotaku reports: Loot boxes, which have always been common in the world of iOS gaming, are virtual grab bags that can give players a host of items ranging from common to rare. Most of the time, you can buy these loot boxes not just for in-game currency but for real money, which has led some players to classify them as gambling -- a label that the Entertainment Software Rating Board doesn't acknowledge. As rage over these practices gets louder and louder, Apple's move is the first of what may be many steps that game publishers and distributors voluntarily take in an attempt to avoid regulation from outside bodies.
Operating Systems

Slashdot Asks: Should Tech Companies End the One-Year Software Update Cycle? 187

Software giants Google, Microsoft, Apple and others release a major software update to their desktop and mobile operating system (and OS for other platforms they have) each year. This model seemed viable -- to a consumer -- until a few years ago -- the days when shiny new features were exciting -- but of late the number of bugs that companies are failing to patch before shipping these operating systems has seemingly gone off the roof. For instance, Apple has released more than 10 software updates since seeding out iOS 11 in September this year (up from seven last year). Similar is the case with macOS.

The situation has gotten so dire that IT admins in many corporate environments are waiting for as long as six months before they are certain that it is fine to get the staff to move to the "newer" major software update. For companies like Apple, new software update also means a business opportunity. Several of the new features that they ship with the new update doesn't work with older iPhone and iPad models. And as we learned this week, new major software updates could hinder the performance of old gadgets. With these things in mind, should industry at large consider prolonging the duration between two major software updates? Or should they stick with a one-year software cycle model?
Iphone

Apple Confirms iPhone With Older Batteries Will Take Hits On Performance (theverge.com) 172

An anonymous reader quotes a report from The Verge: Reddit users have noticed that Apple appears to be slowing down old iPhones that have low-capacity batteries. While many iPhone users have experienced perceived slowdowns due to iOS updates over the years, it appears that there's now proof Apple is throttling processor speeds when a battery capacity deteriorates over time. Geekbench developer John Poole has mapped out performance for the iPhone 6S and iPhone 7 over time, and has come to the conclusion that Apple's iOS 10.2.1 and 11.2.0 updates introduce this throttling for different devices. iOS 10.2.1 is particularly relevant, as this update was designed to reduce random shutdown issues for the iPhone 6 and iPhone 6S. Apple's fix appears to be throttling the CPU to prevent the phone from randomly shutting down. Geekbench reports that iOS 11.2.0 introduces similar throttling for low iPhone 7 low-capacity batteries.

When reached for comment, Apple basically confirmed the findings to The Verge, but disputes the assumed intention: "Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices. Lithium-ion batteries become less capable of supplying peak current demands when in cold conditions, have a low battery charge or as they age over time, which can result in the device unexpectedly shutting down to protect its electronic components. Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down during these conditions. We've now extended that feature to iPhone 7 with iOS 11.2, and plan to add support for other products in the future."

Desktops (Apple)

Apple Plans Combined iPhone, iPad and Mac Apps To Create One User Experience (bloomberg.com) 247

An anonymous reader shares a Bloomberg report: Apple's iPhone and iPad introduced a novel way of interacting with computers: via easy-to-use applications, accessible in the highly curated App Store. The same approach hasn't worked nearly as well on Apple's desktops and laptops. The Mac App Store is a ghost town of limited selection and rarely updated programs. Now Apple plans to change that by giving people a way to use a single set of apps that work equally well across its family of devices: iPhones, iPads and Macs. Starting as early as next year, software developers will be able to design a single application that works with a touchscreen or mouse and trackpad depending on whether it's running on the iPhone and iPad operating system or on Mac hardware, according to people familiar with the matter. Developers currently must design two different apps -- one for iOS, the operating system of Apple's mobile devices, and one for macOS, the system that runs Macs. With a single app for all machines, Mac, iPad and iPhone users will get new features and updates at the same time.
Cellphones

Ask Slashdot: Are There Any Alternatives To Android Or iOS? 304

An anonymous Slashdot reader is asking whether or not there are any alternatives to Android or iOS smartphones: Like most of us, I've owned a few smartphones over time, ranging from a Nokia E71 to a Samsung Android phone and now, an Apple iPhone. It is close to phone upgrade time, and I've been reviewing the features that I use on my phone. When I think honestly about it, the only features I really need are:

1. Phone calls (loads of conference calls, for which I use a wired headset with a microphone)
2. SMS Messaging (unlimited on my plan)
3. Navigation (very important, and is probably the most-used app on my phone)
4. Occasional internet browsing

All of this could be done by the Nokia E71, when Nokia Maps was a thing. If I want to move away from Apple, Google and the like, do I have any options now? Are there any trustable (and by trustable, I mean avoiding unknown Chinese manufacturers) phones in the market today that could do all four and (ideally) have better battery life than one day?
Bug

Apple Seems To Have Forgotten About the Whole 'It Just Works' Thing (zdnet.com) 242

Adrian Kingsley-Hughes, writing for ZDNet: "It just works." This is the phrase that Steve Jobs trotted out year after year to describe products or services that he was unveiling. Well, Steve is now long gone, and so it the ethos of "it just works." 2017 was a petty bad year for Apple software quality. Just over the past few weeks we seen both macOS and iOS hit by several high profile bugs. And what's worse is that the fixes that Apple pushed out -- in a rushed manner -- themselves caused problems. A serious -- and very stupid -- root bug was uncovered in macOS. The patch that Apple pushed out for the root bug broke file sharing for some. Updating macOS to 10.13.1 after installing the root patch rolled back the root bug patch. iOS 11 was hit by a date bug that caused devices to crash when an app generated a notification, forcing Apple to prematurely release iOS 11.2. iOS 11.2 contained a HomeKit bug that broke remote access for shared users. And this is just a selection of the bugs that users have had to contend with over the past few weeks. And it's not just been limited to the past few weeks. There's no such thing as perfect code, and sometimes high-profile security vulnerabilities can result in patches being pushed out that are not as well tested as they could be. But on the other hand, Apple isn't some budget hardware maker pushing stuff out on a shoestring and scrabbling for a razor-thin profit margin.

Slashdot Top Deals