Lit Apple Mac, iPhone, iPad User Group

sandysgeek said:

Instagram isn’t the only online service experiencing an outage this morning. Apple has acknowledged an ongoing issue with iCloud Mail as well.

Apple says “some users are affected” by the outage and “may be unable to send, receive, or access mail.” The iCloud status board only lists Mail as experiencing issues, however, so all other services should be working as expected.

At the time of writing, the outage has been listed for just over two hours.

In the meantime, you may experience turbulence when trying to use your Apple email account today. You can also check for updates on Apple online service outages here.

Click to expand...

[Update: Resolved]
iCloud Mail was resolved during the past hour


Some users were affected

Users may have been unable to send, receive or access mail.

Apple delays rollout of CSAM detection system and child safety features




Last month, Apple announced a handful of new child safety features that proved to be controversial, including CSAM detection for iCloud Photos. Now, Apple has said they will “take additional time” to refine the features before launching to the public.
Ad

In a statement Apple said:

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”

Click to expand...

Apple’s new child safety features were set to launch as part of updates to iOS 15, iPadOS 15, and macOS Monterey later this year. There is now no word on when the company plans to roll out the features. Apple’s statement today does not provide any details on what changes the company could make to improve the system.

As a refresher, here’s the basics of how the CSAM detection system would work as currently designed:

Apple’s method of detecting known CSAM is designed with user privacy in mind. Instead of scanning images in the cloud, the system performs on-device matching using a database of known CSAM image hashes provided by NCMEC and other child safety organizations. Apple further transforms this database into an unreadable set of hashes that is securely stored on users’ devices.

Before an image is stored in iCloud Photos, an on-device matching process is performed for that image against the known CSAM hashes. This matching process is powered by a cryptographic technology called private set intersection, which determines if there is a match without revealing the result. The device creates a cryptographic safety voucher that encodes the match result along with additional encrypted data about the image. This voucher is uploaded to iCloud Photos along with the image.

Click to expand...

Upon announcement, the new CSAM detection technology received quite a bit of pushback and criticism from privacy advocates. Apple, however, doubled down on the feature multiple times, and said that its implementation would actually be more privacy-preserving than technology used by other companies like Google and Facebook.

It was also revealed through this process that Apple already scans iCloud Mail for CSAM, with the expansion applying to iCloud Photos.

Other child safety features announced by Apple last month, and also now delayed, include communications safety features in Messages and updated knowledge information for Siri and Search.





IMO, this controversy isn't over

If it's not misinformation, it's hypocrites blasting Apple, yet they steal people's information without your consent much less knowledge, to cell site simulators- How law enforcement can track you.

New Apple Card users can earn $50 in Daily Cash bonus with Panera Bread promo





Apple is teaming up with Panera Bread in the United States for an exclusive new promotion. After teaming up for 3% cash back last year, new Apple Card users can now earn a $50 in Daily Cash when they spend $50 or more at Panera Bread with Apple Pay.
Ad

Panera Bread and Apple announced the promotion in an email today. The deal applies to new Apple Card users who open an account between September 1 and November 16.

Here are the full details from Apple and Panera Bread:

Valid only for new Apple Card holders who open an account 9/1/21 through 11/16/21, and spend $50 or more at Panera Bread using Apple Card with Apple Pay within 30 days of opening an Apple Card account. Accounts opened prior to 9/1/21 or after 11/16/21 do not qualify. Limit one offer per account. $50 cash back is earned as Daily Cash and is transferred to your Apple Cash card after $50 worth of transactions have posted to your Apple Card account

Click to expand...

Apple Card offers 1% Daily Cash on all transactions, 2% on all Apple Pay transactions, and 3% on transactions through select retailers. Here is the full list of places where you can get 3% cash back with Apple Card:

• Exxon and Mobil gas stations
  
  
• Nike
  
  
• Panera Bread
  
  
• Apple (Hardware and Services)
  
  
• T-Mobile
  
  
• Walgreens
  
  
• Duane Reade
  
  
• Uber and Uber Eats

Last month, Apple also started promoting other exclusive offers for Apple Card users through the Wallet application, including promotions for Apple News+ and free coffee from Panera Bread.

You can apply for an Apple Card in the Apple Wallet app on iPhone.

History of Apple giving ground on App Store rules

Apple’s strategy to fight off antitrust regulators: Fix the App Store one rule at a time





Tim Cook, chief executive officer of Apple Inc., center, arrives at U.S. district court in Oakland, California, on Friday, May 21, 2021.



In the past few weeks, Apple has made several changes to its App Store rules, allowing a larger number of companies to access a lower commission rate or evade Apple’s mandatory 15% to 30% cut entirely.

But while the concessions can seem like a shift in Apple’s approach to App store policy, when examined in the history of the App Store, they are a clear continuation of strategy going back to 2008.

Apple has historically made small changes to its “guidelines,” a 13,000-word document that says what iPhone apps can and can’t do, while defending its core interests that Apple has the right to determine which software can operate on iPhones, and set its own financial terms for those developers.

Apple has also not yet changed its policy of taking 30% of in-app gaming purchases, which comprise the largest category of App Store revenue. Apple’s App Store grossed $64 billion or more in total sales in 2020, according to analysis based on Apple disclosures.

JPMorgan analyst Samik Chatterjee said in a recent note that he believed the financial impact on the company on one emailing change would be “modest” and other tweaks reducing Apple’s cut for some apps to 15% would be “minimal.”

The regulators and developers who criticize Apple’s App Store have a variety of complaints in the past decade: Its 30% cut is too high, its manual App Review process is arbitrary and powerful, the App Store depresses prices for software and teaches consumers that updates are free.

So Apple has carved out categorical exceptions to the 30% fee, allowed software makers the ability to appeal or challenge its rules, and changed single rules in response to lawsuits or media attention.

Events in the coming months may force Apple to tweak its policies again. A decision in a trial with Epic Games is expected in the coming weeks. The European Union is examining penalties and remedies after finding Apple violated antitrust laws after a Spotify complaint. South Korea recently passed a law that could force it to allow customers to use alternative billing systems.

But looking at App Store history, it’s likely that Apple will continue to push in private negotiations and public lobbying for smaller, non-structural changes to the App Store that address some complaints but does not change its control over iPhone software.


Controversial from the beginning

Apple’s App Store has faced controversy since its launch in 2008. A year after that, the FCC probed the company over its refusal to approve the Google Voice app.

Now there is more regulatory pressure from countries and developers around the world, and it is leading to more rule changes. Apple made some of the recent concessions because of settlements in a developer class action lawsuit in the United States and an agreement with Japan’s Fair Trade Commission, although Apple is applying the changes around the world.

Those tweaks essentially allow companies like Spotify and Tinder’s parent company Match Group to bypass Apple’s sometimes 30% cut of gross sales, addressing a standing complaint that dates back at least five years. Apple also reduced its take to 15% for news apps that participate in Apple News, its own news app.

Apple officials say they are meaningful changes that address key concerns from software makers.

Some of Apple’s opponents, even those that have petitioned for those changes, say that they don’t go far enough, and are part of a pattern of dividing its critics by placating some of them with one-off rule changes.

“Our goal is to restore competition once and for all, not one arbitrary, self-serving step at a time,” Spotify CEO Daniel Ek tweeted this week in response to Apple’s in-app linking rule change.

“Apple’s strategy is Divide and Conquer: carve off special deals for different developer segments,” Epic Games CEO Tim Sweeney said last month in a statement to CNBC in response to Apple’s news app concession.

Epic Games is suing Apple seeking to be able to install its own app store on iPhones — which is the big change that Apple wants to fight off.


A history of Apple changing App Store rules


2009: Apple does not approve Google Voice, FCC investigates. A year after the App Store went live, the FCC started probing it over its refusal to approve the Google Voice app, which acted as a second phone number.

Apple responded to the FCC, providing many details about its app review process for the first time, and arguing that it had the right to reject entire categories of apps.

In its letter, Apple also detailed for the first time its Executive Review Board, a body headed by Apple executive Phil Schiller, which makes final decisions on “new and complex issues.”

The Google Voice app was eventually approved in late 2010.


2011: Apple requires in-app payments for digital goods, creates the “reader rule.” In-app purchases with a 30% fee were introduced in early 2009. But in February 2011, Apple significantly tightened its control over the App Store by announcing it planned to force companies to use Apple’s in-app purchase system if they offered digital subscriptions.

At first, Apple offered exceptions for products like Kindle or the New York Times, where users may have purchased e-books or digital subscriptions off-app. But companies still needed to implement in-app purchases with Apple’s cut, at the same price as their off-app subscriptions.

This didn’t work for many publishers, who wanted to retain their direct relationship with customers. By June, Apple had backtracked on some of its more draconian guidelines, allowing companies to pass on the 30% fee to customers or to, if they chose, not offer an Apple in-app purchase at all.

Shortly afterwards, Apple’s marketing chief Phil Schiller started to question Apple’s 30% fee, and suggested lower revenue sharing levels, such as 20%, according to an email released as part of the Epic Games trial.

This is when Apple started to put its first restrictions on redirecting users in-app to the publisher’s website, which were reversed in recent weeks.


2016: Apple reduces cut for 2nd year of subscriptions to 15%. By 2015, Spotify had publicly challenged tested Apple’s restrictions on subscriptions, first by emailing customers to tell them it’s less expensive to subscribe directly, instead of through the App Store. This was against Apple’s guidelines, and its one of the rules that was officially clarified as part of Apple’s concessions last month.

Shortly afterwards, Spotify removed Apple in-app purchases entirely and started a process of challenging Apple’s rules with government regulators.

In 2016, Apple announced that it would alter its revenue sharing agreement, specifically for subscription apps. Apple still charged 30% for the first year of a subscription, but subscribers who lasted more than 12 months would cost the app a lower, 15% rate of gross sales. Apple also opened subscription billing to all App Store apps and introduced search ads, which let developers pay for better placement on an App Store search page.

The announcement was also months after Schiller publicly took over oversight of the App Store, replacing services head Eddy Cue, although Schiller had been involved with App Store policy since the beginning.

Although Schiller is no longer a senior vice president at Apple, he remains an Apple employee with the title “fellow,” and continues to lead App Store policy.


2019: Apple backtracks on parental control apps, introduces appeals process. By the time Apple’s annual developer conference kicked off in 2020, the App Store had received considerable antitrust attention, specifically to its ability to reject apps, especially apps that competed with Apple features, such as parental control apps which gave users the ability to set screen time limits for kids.

Apple reversed some of its policies about parental control apps in 2019 after negative media attention, allowing some of them onto the store, and creating software tools that they could use to build their apps.

But the skirmish highlighted that Apple’s App Review process was arbitrary, and sometimes held up app updates over minor details or, worse, because the app didn’t comply with in-app purchase rules.

Developer protests over App Review continued to grow through 2020, and at Apple’s annual developer’s conference, Apple said that it would implement an appeals system for developers to challenge Apple’s rules, although many app makers say it hasn’t solved their complaints with the approval process.


2020: Apple reduces cut to 15% for small companies. Last November, Apple introduced the Small Business Program, a high-profile olive branch to lawmakers and app developers.

It reduced the take from 30% to 15% for any company making less than $1 million per year through the App Store. But because apps are a winner-take-most business, it didn’t hurt Apple’s finances too badly — one estimate at the time suggested the top 1% of app publishers generate 93% of App Store revenue. But it did cut the fees for the majority of individual app developers.

Documents from a settlement in 2021 said that the creation of the Small Business Program was because of a class-action lawsuit.


2021: Apple reduces cut to 15% for news apps that participate in Apple News, allows developers to direct users to alternative payment systems. Antitrust attention on the App Store heated up in 2021. Earlier this year, Apple CEO Tim Cook testified at a trial over App Store practices against Epic Games. Multiple states and the U.S. Congress saw bills introduced which could force Apple to allow alternative app stores.

In August, Apple reduced its subscription cut for any publisher from 30% to 15%, addressing a segment of developers who had fought off App Store changes back in 2011. There was a catch though — those news apps had to participate in Apple’s news aggregator.( News apps are not the main moneymaker on the App Store.)

Apple also settled a class-action lawsuit with smaller U.S. developers, paying $100 million and clarifying guidelines about apps emailing their own customers.

In September, Apple settled with the Japanese FTC and said that “reader” apps could link out to sign up customers for subscriptions on their own websites. All three of these changes addressed concerns that first popped up in 2011 when Apple created the reader rule.

Apple officially announces September 14 event for iPhone 13 and more





Apple has officially confirmed its highly anticipated iPhone 13 and Apple Watch Series 7 event for September 14. The event will be completely virtual and streamed from Apple Park. Apple is teasing the September event with the tagline: “California streaming.”


Apple September event is official

Apple’s September 14 event will be held at 10 a.m. PT/1 p.m. ET. This marks the second year in a row that Apple has held its annual September event completely virtually due to the COVID-19 pandemic.

The September 14 event will be live-streamed across Apple’s website, on the company’s YouTube channel, and via the Apple TV application on iPhone, iPad, Mac, and Apple TV.


What to expect

At this year’s September Apple event, Apple is expected to officially take the wraps off of the iPhone 13. The new iPhone is expected to bring a handful of new features. Rumors changes include a smaller notch, camera enhancements, ProMotion 120Hz display technology, and more.

The Apple Watch Series 7 is also likely to be announced during the September 14 event. With an all-new design and larger display, the Apple Watch Series 7 is shaping up to be a notable update. With that being said, however, reports indicate that Apple is facing production issues that could severely constrain supply.

Apple is also planning new AirPods that could be announced at the September event. AirPods 3 are rumored to feature a design similar to AirPods Pro, but without replaceable eartips.

Other possible hardware announcements include a new iPad mini and a new entry-level iPad. You should not, however, expect new Macs to be announced at the September event, with Apple likely saving those for a separate event in October or November.

Also expected is Apple to announce the official release dates for its next round of software updates during the event. This includes iOS 15, watchOS 8, and tvOS 15. macOS Monterey, on the other hand, is likely not coming until sometime later this Autumn.


Greg Joswiak @gregjoz
We’re California Streaming on September 14th. See you real soon. 🏞 #AppleEvent



https://twitter.com/gregjoz/status/1435272731746979840

Apple Child Sex Abuse Scanning Is Too Clever For It's Own Good

Apple’s Child Sex-Abuse Tool Is Too Clever for Its Own Good







Too clever

Apple Inc.’s plan to scan iPhones for child-abuse images is past the point of repair. A complete overhaul is in order.

The company said last Friday that it will delay implementation of the software, following a backlash from privacy groups, security experts and many customers. Apple said it’ll spend a few months taking in additional feedback to make improvements “before releasing these critically important” features.

The statement seems to suggest Apple will make minor adjustments and then roll out something similar to its current proposal. At this point, though, Apple should probably recognize that anything designed to examine the personal contents of people’s phones is a lost cause.

First, let’s look at the details. After facing pressure from governments to do more to battle child pornography and exploitation, Apple unveiled its plan last month to offer three new tools. They included the ability for parents to be notified when their children receive or send explicit photos over Apple Messages, the option to report child abuse using the Siri voice assistant and a new system to detect Child Sexual Abuse Material (CSAM) stored in users’ iCloud photo libraries.

The last measure received the harshest criticism from privacy advocates. Rather than scanning photos after they are uploaded to cloud services, Apple created an elaborate new system that looks at images on a customer’s device. For any iCloud Photos user, the software would compare what is essentially the digital fingerprint of each image to databases of known illegal photos on the iPhone itself. Once a number threshold of matches is met, Apple would review each incident manually and then, if valid, report it to the National Center for Missing and Exploited Children, an organization that works with U.S. law enforcement agencies.

While it may be technically accurate that Apple’s on-device matching technique is more secure and privacy-conscious, convincing people this is the case has proven extremely difficult. I consider myself to be technically proficient, but I had to read Apple’s 12-page documentation multiple times to get a sense of how it all works. The average person isn’t going to make the effort to understand the nuances.

After the recent public debate, the concept of scanning someone’s personal device—no matter how ingenious the method—has become repellent. Fight for the Future, a digital rights advocacy group, is organizing protests outside of Apple Stores next week to call for the permanent cancellation of the program, citing privacy concerns.

Then there is the slippery slope argument. Privacy groups are also worried once the technology for fingerprinting CSAM photos is set up, authoritarian governments may ask for surveillance of other types of content on personal devices. These concerns are legitimate. While Apple has explicitly said it would refuse such requests, what happens when there is a court order or legislation that requires it? Once the system is implemented, it opens the door for misuse.

That is why the company should instead just copy the practices of its main technology rivals. Facebook Inc., Alphabet Inc.’s Google and Microsoft Corp. scan for CSAM photos after they’re uploaded. It’s not a perfect solution. Apple would need to look through more photos instead of a small subset. But it is easier for users to accept the idea that images sent for storage on the internet may get examined for illegal content.

Sometimes companies can be too clever for their own good. The sooner Apple realizes this public relations battle is unwinnable, the better. Otherwise, fear of corporate surveillance may dominate the conversation surrounding iPhones for a long time.






More info on #nospyphone Apple Retail Store protest on September 13th at 6:00pm local time, and the opportunity to add your name to the following petition here.

Scan encrypted messages for CSAM, says British government

UK government backs Apple, and wants to scan encrypted messages for CSAM







The British government has expressed support for Apple’s now-delayed CSAM scanning plans, and says that it wants the ability to scan encrypted messages for CSAM, even where end-to-end encryption is used.

The country is offering to pay anyone who can find a way “to keep children safe in environments such as online messaging platforms with end-to-end encryption” …

Home Secretary Priti Patel made the announcement, which included support for Apple’s plans.

Recently Apple have taken the first step, announcing that they are seeking new ways to prevent horrific abuse on their service. Apple state their child sexual abuse filtering technology has a false positive rate of 1 in a trillion, meaning the privacy of legitimate users is protected whilst those building huge collections of extreme child sexual abuse material are caught out. They need to see though that project.

But that is just one solution, by one company, and won’t solve everything. Big Tech firms collectively need to take responsibility for public safety and greater investment is essential. Today I am launching a new Safety Tech Challenge Fund. We will award five organisations from around the world up to £85,000 each to develop innovative technology to keep children safe in environments such as online messaging platforms with end-to-end encryption.

Click to expand...

She repeats the government’s oft-expressed objection to end-to-end encrypted messaging, and attempts to imply that it is a new plan, rather than something that has been used for many years by services like iMessage, FaceTime, WhatsApp, Telegram, and Signal.

Your messages are already encrypted as they travel from your device to a technology company’s systems. End-to-end encryption takes this further, so that neither the platform operator nor police can see the content – even when it’s essential for safety reasons that they do so […]

The introduction of end-to-end encryption must not open the door to even greater levels of child sexual abuse – but that is the reality if plans such as those put forward by Facebook go ahead unchanged.

Click to expand...

The reality here is that Facebook Messenger is the only major messaging platform that doesn’t already offer E2E encryption as standard, and even that allows some users to enable it via the Secret Conversations feature. Facebook’s plans to make this standard is simply catching up with the industry standard for private messaging.

The government’s call for help is vaguely worded, and offers a maximum of £85k ($117K) to each successful applicant.

The Fund will award five organisations from around the world up to £85,000 each to develop innovative technology to keep children safe in environments such as online messaging platforms with end-to-end encryption […]

Applications open today, with a deadline of 6 October. The Fund will run for five months from November 2021. Technologies will be evaluated by independent academic experts.

Click to expand...

Apple was somehow taken by surprise by widespread objections to its own plans, and now says that it will take additional time to make privacy improvements.

Several Apple Products Currently Experiencing Delayed Shipping Times

Several Apple products, including recently launched devices, are currently experiencing delayed shipping times, a possible sign that the ongoing chip shortage could be more significantly impacting Apple and its products.







During the company's third-quarter earnings call, Apple CEO Tim Cook warned that the chip shortage that has plagued the industry for the last few months would impact iPhone shipments this year. While Cook was likely referencing constraints with the upcoming iPhone 13, the shortage could be creeping onto existing models.

Ahead of an expected refresh or update, the current and soon-to-be last generation devices can be expected to be depleted in stock as Apple makes room for the newer models. As a result, select configurations of the iPhone 11 and iPhone 12 are showing up to two weeks for shipments at the time of writing.

Similarly, across the Apple Watch lineup, some models of the aluminum case of the Series 6 are at least three to four weeks out, while stainless steel models are entirely sold out or at least three weeks away. Next Tuesday, September 14, Apple is expected to release the *iPhone 13* and Apple Watch Series 7 to replace the existing models.

While the *iPhone* and Apple Watch are soon getting updated, likely resulting in the delayed shipments, other products are less certain. For example, the 24-inch iMac, powered with the M1 Apple silicon chip, is currently at least three to four weeks out. As a matter of fact, all products with the *M1* Apple silicon chip are currently experiencing some form of delay.







For instance, depending on configuration, the *M1* 13-inch MacBook Air, MacBook Pro, Mac mini, and the 11-inch and 12.9-inch iPad Pro are listing three days or up to a week for shipments, though specific timeframes will fluctuate. Under normal circumstances, depending on location, products may be available for same-day delivery.

The *M1* Apple silicon chip was announced in November of last year, and since its announcement, Apple has expanded it to more products, including the *iPad Pro*. The out-of-normal shipping times for multiple *M1* products could act as further proof that the chip shortage is directly limiting *M1* production, hindering shipping times and general availability.

In the last several months, several reports have suggested that Apple's suppliers are struggling to keep up with demand. Specifically, the company's suppliers for mini-LED displays to be used in upcoming MacBook Pros have reportedly struggled to reach satisfactory output levels, possibly pushing Apple to invest in procuring additional suppliers.

Chattanooga Times Free Press turns to iPads as its digital future





Chattanooga Times Free Press publisher discusses digital edition of newspaper - 3:28

Walter E. Hussman Jr., publisher of the Times Free Press and chairman of WEHCO Media Inc., discusses the replica edition of the newspaper, which is available on an iPad or phone app.

https://www.youtube.com/watch?v=pL1E0ZKDB3c









The publisher of the Chattanooga Times Free Press is investing millions of dollars in a plan to convert the newspaper's print subscribers to a mostly digital format.

The newspaper publisher has bought thousands of Apple iPads to give to subscribers. Delivery of a physical newspaper will cease by mid-2022 with the exception of the Sunday edition.

Starting Monday, the newspaper will begin converting daily print subscribers to a replica of the daily newspaper available on the tablet. The replica — which looks exactly like the print paper but has some additional features and functionality — will be available every day, usually by 4 a.m. The print edition will also be delivered on Sundays.

The digital conversion is necessary for the newspaper to remain profitable and continue to serve the Chattanooga area with quality local journalism, said Walter E. Hussman Jr., publisher of the Times Free Press and chairman of WEHCO Media Inc.

WEHCO Media is the parent company of the Times Free Press plus 10 other daily newspapers, as well as weekly newspapers and companies that offer cable and broadband.

"If we didn't do this, we wouldn't be able to continue to publish the kind of paper we publish in Chattanooga," Hussman said. "We wouldn't be able to cover as many meetings. We wouldn't be able to serve as the watchdog function we serve as a vital journalistic Fourth Estate institution. For us to do this, we can keep our newsroom basically intact. It's the way for us to maintain good, quality journalism and fulfill our function."

Hussman said he chose to cut the cost of printing and distributing the paper rather than reducing the size of the news staff or the number of pages in the paper.

"We really thought about it and we thought, you know, wouldn't it be a lot better if we could give people the exact same news product and advertising product in the exact same format, but do it digitally, instead of in print?" he said. "If we did, we could eliminate a lot of production costs, a lot of distribution costs and a lot of newsprint expenses."

Hussman started converting other papers to the digital replica format in 2018, starting with the Arkansas Democrat-Gazette. He said he did so "out of necessity" in order to take a newspaper that had begun losing money out of the red and to create a business model that is sustainable.

TO LEARN MORE

You may call (423) 757-6262 to schedule an appointment to learn how to use the replica edition of the iPad or wait until you receive a letter in the mail.

Click to expand...

Hussman said the economics of newspaper publishing in the United States has changed. In 2006, newspaper advertising revenue for American newspapers peaked at $47 billion, he said, but by 2017, that revenue had declined to under $12 billion as Facebook and Google gained a larger share of advertising revenue.

That number continued to decline, with the newspaper industry in 2020 reporting $8.8 billion in advertising, according to the Pew Research Center. Last year was the first time the industry earned more money from circulation than advertising.

Hussman said the digital replica plan requires a $6.1 million investment from the company. Most of that, $4.4 million, is to purchase iPads, and $1.7 million will go mostly toward training and some marketing.

Subscribers who agree to pay the minimum rate of $34 a month will receive a new Apple iPad so they can read the digital replica of the newspaper served via an app that readers can download on the iPads. The app also is available for smartphones.

Hussman said readers in Arkansas at first were reluctant and skeptical, but after reading the newspaper on the iPad, many said they liked it better than the print edition. The replica edition offers features impossible in print — readers can enlarge the type; all photos are in color; some stories are enriched by multiple photos; video is available for some stories; the app also will read the story out loud; and it will store 60 past editions of the newspaper.

The roll-out of the digital replica edition will be accompanied with intense customer service. Representatives of the paper will meet one-on-one with subscribers who need tutorials on iPad operation or on how to access the digital paper. The company will hire some customer service staff members and bring some from Arkansas.

Training sessions will be offered at sites such as hotel conference rooms and community centers or even at a subscriber's home. COVID-19 safety protocols will be in place.

Subscribers will be converted in phases and notified in advance when their conversion phase is coming up.

Jeff DeLoach, president of the Times Free Press, said the Chattanooga community is fortunate to have a private owner like Hussman, who is also a journalist and believes in a strong newsroom.

"Walter's announcement with this decision is an example of taking a bold step so we can continue to serve our community in the best way possible," DeLoach said. "The majority of American communities served by newspapers do not have this type of leadership and have seen their local newspapers decline significantly in both the size of their newsrooms and the quality and quantity of local news content."

DeLoach said this plan is a positive for readers and advertisers.

"This decision means the Times Free Press will be able to serve our community with first-class quality journalism for years to come, and in an even more modern manner," he said.

In addition to ensuring the continuation of quality journalism in this community, the plan adds digital components that enhance the value of the paper to both readers and advertisers, DeLoach said.

This step is part of the evolution of the newspaper, he said.

The Times Free Press — or some version of it — has served its community for a century and a half, since 1869 when the Chattanooga Daily Times, which later became the Chattanooga Times — was created. Today's paper is the product of a merger more than two decades ago. Hussman purchased the Chattanooga Free Press in 1998 and the Chattanooga Times in 1999 and united the two papers under the title it bears to this day. The Hussman family has owned newspapers for four generations.

In addition to offering the digital replica edition, the Times Free Press will continue to publish news on its website, timesfreepress.com.

Apple says iOS 14.8 patches iPhone attack that defeated Blastdoor protections





Apple has published a full support document detailing what’s new in iOS 14.8, watchOS 7.6.2, iPadOS 14.8, and macOS Big Sur 11.6. Apple says that the updates address security vulnerabilities that “may have been actively exploited in the wild.”

Update: Citizen Lab has published a new report today with more details on the vulnerabilities. The gist of it? Update all of your devices ASAP.

Most notably, Apple says that iOS 14.8 and iPadOS 14.8 both address CoreGraphics and WebKit vulnerabilities that may have been actively exploited. The CoreGraphics vulnerability was reported by The Citizen Lab, which discovered a zero-click iPhone attack that defeated Apple’s Blastdoor protections back in August.

The vulnerability reported by The Citizen Lab is believed to have been used to target Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware.



In a support document posted today, Apple outlines the vulnerability and its fix:

CoreGraphics

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

Click to expand...

There is also a fix for a WebKit vulnerability:

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30858: an anonymous researcher

Click to expand...

The full details on today’s security updates can be found at the following links:

• Security Update 2021-005 Catalina
  
  
• macOS Big Sur 11.6
  
  
• watchOS 7.6.2
  
  
• iOS 14.8 and iPadOS 14.8

Protests hit Apple stores across the US the night before iPhone 13 launch

PHOTOS & VIDEO: Protests hit Apple stores across the US the night before iPhone 13 launch #AppleEvent







Protesters with banners and signs are gathering outside Apple stores in major cities across the US, demanding the company commit to never implementing its misguided on-device photo and message scanning proposal

The night before Apple’s much-hyped iPhone 13 rollout tomorrow, the company is facing protests at its retail stores across the US. Organized by Fight for the Future, the Electronic Frontier Foundation, and a network of volunteers, the protests are demanding that Apple permanently shelve their dangerous proposal to install photo and message scanning malware on millions of people’s devices. The company already announced it was delaying the misguided proposal after widespread backlash from security experts and human rights experts. Protesters are calling on them to publicly commit to never implementing it.







Protests are organized in Boston, New York City, Washington D.C., Atlanta, Chicago, San Francisco, Portland (OR), Minneapolis, Aventura, FL, Tucson, and Houston. While Apple may have recently announced it would postpone the rollout of its scanning software, technologists, human rights organizations, and Apple users are unwilling to let up until it is fully cancelled.

SEE PHOTOS AND VIDEO OF PROTESTERS AVAILABLE FOR USE BY PRESS HERE: https://drive.google.com/drive/u/0/folders/19Stvm1FAusRHffVR4ngPfP2bi3qRWSHl



Groups say that if Apple moves forward with this plan, it will have massive consequences—not only on the phones of millions of people, but on everyones’ ability to communicate without being under constant surveillance. As a purported champion of privacy, Apple should use its position in the industry to protect more people, including children, by encrypting iCloud and addressing security vulnerabilities in iMessage.







"Apple can’t just shove this horrible phone scan plan to the side in order to avoid bad press during its Apple Event," says Caitlin Seeley George (she/her), campaign director at Fight for the Future. "If Apple moves forward with installing this software it would be a total game changer—opening up the door to unprecedented surveillance and forcing the entire communications industry to follow suit. We can’t let this happen, which is why people are showing up to call out Apple’s hypocrisy and demand it put an end to this phone scan plan."







"Let’s be perfectly clear: you can’t be a values-driven privacy-focused company and an aspiring monopoly with authoritarian policies at the same time," added Fight for the Future director Evan Greer (she/her). "Apple’s proposal to forcibly install what amounts to malware on millions of people’s phones is just the latest misstep from a company that already has a dodgy track record when it comes to human rights. Apple’s glimmering reputation as the good guys of Silicon Valley is crumbling. If they truly care about the safety of our children, and ensuring they grow up in a future where basic rights are protected, Apple should be expanding and strengthening encryption on their devices, not undercutting it. Listen to security experts. Encrypt iCloud and fix the vulnerabilities in iMessage. Publicly commit to never implementing on-device content scanning."







"Users want the devices they have purchased to work for them—not to spy on them for others," said Joe Mullin, a policy analyst on EFF’s activism team. "Delaying the program is a step in the right direction, but it is not enough. Apple needs to take the next step to protect its users and abandon the program."



"Apple promises us privacy, but delivers surveillance," said Surveillance Technology Oversight Project (S.T.O.P.) Executive Director Albert Fox Cahn. "This software will almost certainly make mistakes, and when it does, the results could be deadly, particularly for LGBTQ+ youth. Apple’s software can be hijacked by authoritarian governments in the future to scan users’ devices, giving repressive regimes unprecedented powers to suppress dissent. The same tool that scans for photos today could easily scan for religious or political texts tomorrow."

Apple event 2021: iPhone 13, new iPads and Apple Watch unveiled

Here’s what Apple announced at its iPhone 13 event







Apple kicked off its fall product event on Tuesday by diving right into lots of product announcements.

Here’s what Apple announced:


- The new iPad and iPad mini


- The Apple Watch Series 7


- The iPhone 13 and iPhone 13 mini


- The iPhone 13 and iPhone 13 Pro Max


The new iPads will go on sale after the event on Tuesday and ship next week. The new iPhones go on sale on Friday, Sept. 17 and ship on Friday, Sept. 24. The Apple Watch Series 7 will ship later this fall. OF note: it didn’t announce new AirPods.



Apple previews shows on its streaming service, Apple TV+





Apple opened its show not with new hardware, but with a short video highlighting some of its shows on the Apple TV+ streaming service. The company is bankrolling billions of dollars of new video content, including shows starring Reese Witherspoon and Jon Stewart. It costs $4.99 per month or is bundled with other Apple services.



Apple announces new low-cost iPad, iPad Mini



Apple CEO Tim Cook moved on to product announcements, starting with a new iPad. The video was recorded in an empty auditorium.

Apple’s lowest-cost iPad, simply called iPad, is getting an update with a faster A13 processor and a better, 12-megapixel front-facing camera for improved video calls, like on Zoom. It has a wider lens to capture more people in a single scene and can have an LTE wireless connection.







It costs $329 with 64GB of storage. That’s more storage but the same starting price as before. It goes on sale next week.

Apple also announced a new iPad Mini, which has a smaller 8.3-inch screen. It has a redesign featuring a new, flatter design language, like the iPhone 12. It has smaller bezels with no fingerprint sensor on the front and comes in several colors, including purple. It has a 12-megapixel rear camera and stereo speakers.







The Touch ID sensor has been built into the top button, which turns the screen on and off. It uses an USB-C connector, instead of Apple’s proprietary Lightning connector. It can support a 5G wireless connection. It works with Apple’s stylus, the second-generation Pencil.

It starts at $499 and hits stores next week, Apple said.



Apple announces new Apple Watch Series 7


Apple announced the Apple Watch Series 7.

The new models have more than 20% screen area over last year’s Series 6 models but retain an industrial design with rounded edges. Apple said the screen is more crack-resistant and it charges faster.







Apple has redesigned its software to fit more information on the screen, the company said. It comes with several new watch faces, including a face that tracks time zones around the world.

The entry-level model is available in five colors, including blue, and red. It also comes in aluminum, steel and titanium cases, all of which have different prices. Previous Apple Watch bands will still work with the new models, the company said.

Apple didn’t reveal a release date for the new models but said they would be available “later this fall.”







Apple Watch Series 7 doesn’t have firm launch date







Apple’s production delays are catching up to the company. Instead of offering a specific, near-term release date for its newest Apple Watch, it just said it would be released sometime this fall.

The company had reportedly delayed production in August of new Apple Watch models because it is encountering challenges manufacturing them.

It’s not completely unusual for the company. Last year, two iPhone 12 models were released in October and two other models were released in November, both weeks later than Apple’s typical schedule. But that seemed due to the ongoing Covid pandemic rather than production problems.



Apple’s workout service expands internationally, will be available in new languages






Apple’s health guru and fitness instructor, Jay Blahnik, said the company will expand its workout streaming subscription, Fitness+, to several new countries. It’s currently available only in a few nations which speak English. Apple will make videos in six new languages, including Spanish.

Fitness+ is one of the new subscriptions the company is relying on to get Apple users to spend more money on the company’s services. It’s now adding workouts for winter sports, and is adding social features, called Group Workouts.

Apple is bundling three-month trials with new Apple Watches.

Apple announces iPhone 13 with smaller notch and bigger battery



The iPhone 13 has a smaller display cutout, or “notch,” at the top of the screen, as well as larger batteries that provide the devices with between 1.5 and 2.5 more hours of battery life than last year’s models, depending on device size, Apple said.

Otherwise, the new iPhone 13 mostly has the same design as last year with new camera modules arranged diagonally. One camera is a 12-megapixel wide-angle lens, with a big sensor that captures 50% more light, Apple said. The other is an ultra-wide lens.

One of the camera improvements is a new “cinematic mode” that can hold focus on a moving subject.







It also has a bigger battery and brighter screen, Apple said. It comes in two sizes, 5.4 inches, and 6.1 inches, and five colors.

It has a new Apple-designed chip powering it, which the company is calling the A15 Bionic. It has six cores and a specialized portion for running artificial intelligence algorithms.

Like last year’s model, the new iPhones will have 5G connectivity. Apple said it works on carriers in 60 countries.

The iPhone 13 mini costs $699 and the iPhone 13 costs $799, Apple said, the same prices as last year. The devices now start with 128GB of storage space, an increase over last year.





iPad specs





iPhone 13



Apple announces high-end iPhone 13 Pro models with bigger batteries







Apple announced the iPhone 13 Pro and iPhone 13 Pro Max with longer battery life.

The iPhone 13 Pro should have a 1.5-hour longer battery life and its bigger sibling will have a 2.5-hour longer battery life, Apple said. The iPhone 13 Pro starts at $999 and the Pro Max starts at $1,099, the same prices as last year. Apple also has added a larger 1TB storage option.

The new iPhones will go on sale on Sept. 24, Apple said.

They have the same screen sizes as last year’s models, with a 6.1-inch version and a bigger 6.7-inch version. This year’s models also come in a “Sierra Blue” version.

The biggest distinguishing characteristic between iPhone’s base models and its Pro models is that they have three rear-facing cameras, including a zoom lens, a wide lens and an ultra-wide camera, which can focus on objects as close as 2 centimeters away.

The iPhone 13 Pro has a display that Apple calls “Super Retina XDR with ProMotion” that has twice the refresh rate as previous iPhones. This means that scrolling on an iPhone should look smoother with less lag.

The Pro models have the same chip as the main iPhones, the A15 Bionic, Apple said.

This year’s models are still constructed out of stainless steel, Apple’s marketing chief. Greg Joswiak, said.



You know all you wanted was a bigger battery







Despite all the talk about improved camera features during the iPhone 13 unveiling, the average person probably won’t notice much of a difference over last year’s model.

But here’s what you will notice: better battery life. Apple put a larger battery in the iPhone 13 and iPhone 13 mini. The company said it will last up to an hour and a half longer than the iPhone 12.

This is good news for fans of the iPhone 13 mini. Last year, critics panned the iPhone 12 mini’s battery for not lasting as long as the bigger models.



Tim Cook wraps up the launch event







Apple CEO Tim Cook returned to the stage in an empty auditorium to wrap up the event and the company’s announcement, exiting to another montage of beautiful California landmarks.

Apple announced new iPads, iPhones and Apple Watch models. It did not, contrary to some predictions, release new AirPods headphones.

Apple shares in-depth ‘guided tour’ of iPhone 13 and iPhone 13 Pro [Video]




After opening up preorders for the iPhone 13 lineup, Apple has shared a new in-depth video diving into the new features and benefits of its latest smartphones from the new camera advancements, ProMotion 120Hz display, battery life, and more.

Filmed from Apple’s LA Tower Theatre store, the new detailed iPhone 13 walkthrough is a seven-minute look into what the new smartphones bring to the table.

Highlights include looking at the new Cinematic mode video feature, improved low-light camera performance, 3x optical zoom, durability and water resistance, battery and display, ProMotion on the iPhone 13 Pro and Pro Max, and more.

The video tour offers a really high production value with the new features shown off in real-world examples.

Apple’s also included helpful chapter markers for the various sections of the video guide.


A Guided Tour of iPhone 13 & iPhone 13 Pro | Apple - 7:29
https://www.youtube.com/watch?v=72cAe_2LAFQ

Find the right iPhone for you. Let’s walk through the new iPhone 13 mini, iPhone 13, iPhone 13 Pro, and iPhone 13 Pro Max as we explore the incredible new features, sizes, and colors available.

Learning about the new models and the differences between them will help you decide which is the right one for you.

00:00 - Introduction
00:12 - Four new iPhone models
01:25 - Video
01:31 - Cinematic mode: Adding dramatic depth effects
02:56 - Improved low-light performance
03:36 - Durability: Ceramic Shield and water resistance
04:10 - Battery & Display
04:29 - Super Retina XDR display with ProMotion
05:06 - Photography
05:15 - Photographic Styles: A new level of personalization
06:06 - Macro photography with iPhone 13 Pro
06:20 - 3x optical zoom on iPhone 13 Pro


Compare all four new iPhone models: https://apple.co/3tLlwfk

Meet the new iPhone family: https://apple.co/3nHbtam

These are the iPhone and iPod models compatible with iOS 15





Apple today released iOS 15, the next major update to the iPhone and iPod touch operating system. Before you update to iOS 15, make sure you have a compatible iOS device.

Surprisingly, iOS 15 is compatible with every iPhone and iPod touch model that currently runs on iOS 14. This means that iPhone 6s users and later, as well as 7th generation iPod touch users, can now install the iOS 15 update.

Here’s the full list with every iPhone and iPod touch model supported by iOS 15:

• iPhone 6s and 6s Plus
  
  
• iPhone SE (1st gen)
  
  
• iPhone 7 and 7 Plus
  
  
• iPhone 8 and 8 Plus
  
  
• iPhone X
  
  
• iPhone XS and XS Max
  
  
• iPhone 11
  
  
• iPhone 11 Pro and 11 Pro Max
  
  
• iPhone 12 mini and iPhone 12
  
  
• iPhone 12 Pro and iPhone 12 Pro Max
  
  
• iPhone 13 and iPhone 13 Pro Max
  
  
• iPhone SE (2nd gen)
  
  
• iPod touch (7th gen)

It’s worth mentioning that Apple hadn’t discontinued any iPhone or iPod touch models last year with iOS 14 when compared to those already supporting iOS 13, so some of the devices listed above are now getting another extra year of lifetime with iOS 15.

iOS 15 is now available to the public following beta period since June. The update brings fundamental changes to notification management with a new Focus mode, new features in iMessage, more privacy controls, Find My support when the device is turned off, and much more.

iPadOS 15 now available to all iPads supported by iPadOS 14, here's the full list





After three months of testing, iPadOS 15 is finally available. Here are all the iPads compatible with the new software that was first announced during the WWDC21 keynote.

As Apple did with iPadOS 14, all the same iPads can run the new iPadOS 15 software. This new version will help users be more productive and taking the versatility of the iPad even further.

iPadOS 15 introduces a new multitasking experience, with Split View and Slide Over functions easy to discover and use.

With the Quick Note feature, users can seamlessly take notes with the Apple Pencil and share them with all their Apple devices. iPadOS 15 also introduces new widget layouts for the Home Screen and App Library offer simple ways to personalize the iPad experience and organize apps.

iPadOS 15 also brings for the first time the Translate app, which delivers new features for translating text and conversations. Users can now build apps for iPhone and iPad, on iPad, with Swift Playgrounds.

Here’s the full list of iPads compatible with iPadOS 15:

• iPad 5th generation
  
  
• iPad 6th generation
  
  
• iPad 7th generation
  
  
• iPad 8th generation
  
  
• iPad Air 2nd generation
  
  
• iPad Air 3rd generation
  
  
• iPad Air 4th generation
  
  
• iPad mini 4th generation
  
  
• iPad mini 5th generation
  
  
• 9.7-inch iPad Pro 1st generation
  
  
• 12.9-inch iPad Pro 1st generation
  
  
• 9.7-inch iPad Pro 2nd generation
  
  
• 12.9-inch iPad Pro 2nd generation
  
  
• 10.5-inch iPad Pro
  
  
• 12.9-inch iPad Pro 3rd generation
  
  
• 11-inch iPad Pro
  
  
• 12.9-inch iPad Pro 4th generation
  
  
• 11-inch M1 iPad Pro
  
  
• 12.9-inch M1 iPad Pro

Even the models with the A9 chip, released in 2015, are still being supported by Apple.

Some Users Plagued by Incorrect 'iPhone Storage Almost Full' Alert iOS 15

Some Users Plagued by Incorrect 'iPhone Storage Almost Full' Alert After Updating to iOS 15

Just two days after Apple released iOS 15 and iPadOS 15 to the public, a new wave of user reports from social media are already pointing to some widespread bugs, this time pertaining to reported storage on a device.







A flood of users has taken to Twitter over the last 24-48 hours to share their experience that after updating to *iOS 15*, they see an "iPhone Storage Almost Full" warning inside of Settings, despite their *iPhone* having a sufficient amount of storage left. Apple Support's Twitter account is riddled with users reporting the bug.



https://twitter.com/monica__melanie/status/1440037440601743360?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1440037440601743360%7Ctwgr%5E%7Ctwcon%5Es1_c10


https://twitter.com/luarasaurus/status/1440044531383029769?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1440044531383029769%7Ctwgr%5E%7Ctwcon%5Es1_c10


https://twitter.com/3_Blind_Moose/status/1440180586623111170?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1440180586623111170%7Ctwgr%5E%7Ctwcon%5Es1_c10


https://twitter.com/ishanprakash/status/1440322038019735558?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1440322038019735558%7Ctwgr%5E%7Ctwcon%5Es1_c10


https://twitter.com/OlisHelpDesk/status/1440611718170701837?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1440611718170701837%7Ctwgr%5E%7Ctwcon%5Es1_c10


Annoyingly, the warning inside of Settings can't be dismissed, and tapping on it only takes users to the *iPhone* Storage page within Settings, where they're reminded that their device, in the majority of cases, still has an adequate amount of storage left. A post on Apple Support's Community Forums, which has racked up over 900 views at the time of writing in just over 13 hours, also includes users reporting the bug.

The warning, however, is not the only storage-related bug that's irking some users. Other reports on Twitter indicate that *iOS 15* has resulted in a bug in which the amount of available storage on a device is sometimes shown to be more than the device's capacity. In other cases, an *iOS 15* bug results in the wrong tabulation for how much storage a user's content is taking up.


https://twitter.com/Chibibowa/status/1440006320095121414?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1440006320095121414%7Ctwgr%5E%7Ctwcon%5Es1_c10



In all cases, Apple Support is advising users to restart their devices, but that does little to address the problem. Some of the bugs experienced by users appeared during the beta testing period for *iOS 15* over the summer, which is meant to fix as many bugs and issues as possible before the update becomes widely available.

This week, Apple began testing iOS and iPadOS 15.1; however, given the widespread nature of these bugs, Apple may decide to release iOS 15.0.1 to address the storage bug and other improvements and security enchantments.

Apple releases iOS 12.5.5 for older iPhones and iPads with important security updates





Apple is rolling out iOS 12.5.5 to older iPhone and iPad models today. The company says the update includes notable security fixes and improvements, and is recommended for all users.

The update is available for the iPad Air, the iPad mini 2, and iPad mini 3, as well as the 6th gen iPod touch, iPhone 5s, iPhone 6, and iPhone 6 Plus. All of these devices were dropped from support with iOS 13, but Apple has continued to update them with important security fixes since then. Apple had previously rolled out iOS 12.5.4 in June with security fixes for WebKit vulnerabilities and other issues.

“This update provides important security updates and is recommended for all users,” Apple says in the release notes for iOS 12.5.5.

Apple instructs users to visit its security updates website for more information about what’s new in iOS 12.5.5:


CoreGraphics

• Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  
  
• Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  
  
• Description: An integer overflow was addressed with improved input validation.
  
  
• CVE-2021-30860: The Citizen Lab

WebKit

• Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  
  
• Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  
  
• Description: A use after free issue was addressed with improved memory management.
  
  
• CVE-2021-30858: an anonymous researcher

XNU

• Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
  
  
• Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
  
  
• Description: A type confusion issue was addressed with improved state handling.
  
  
• CVE-2021-30869: Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero

Security researcher accuses Apple of ignoring multiple iOS 15 zero-day vulnerabilitie





Apple overhauled its security bounty program back in 2019 by making it open to anyone, increasing payouts, and more. However, the program has seen a good amount of criticism from the infosec community. Now another security researcher has shared their experience claiming that Apple didn’t give them credit for one zero-day flaw they reported which was fixed and that there are three more zero-day vulnerabilites in iOS 15.

Security researcher illusionofchaos shared their experience in a blog post including the claim that Apple has known about and is ignoring three zero-day vulnerabilities since March and they are in iOS 15.

I want to share my frustrating experience participating in Apple Security Bounty program. I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Click to expand...

illusionofchaos says they asked Apple again for an explanation including that they would make their research public – in line with responsible disclosure guidelines – and Apple didn’t respond.

Ten days ago I asked for an explanation and warned then that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would. My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI – in 120). I have waited much longer, up to half a year in one case.

Click to expand...

illusionofchaos shared details on the three other zero-day vulnerabilities that they found which include the “Gamed 0-day,” “Nehelper Enumerate Installed Apps 0-day,” and “Nehelper Wifi Info 0-day” including proof of concept source code.


Here’s an overview of each one:

Gamed 0-day

Any app installed from the App Store may access the following data without any prompt from the user:

• Apple ID email and full name associated with it
  
  
• Apple ID authentication token which allows to access at least one of the endpoints on *.apple.com on behalf of the user
  
  
• Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user’s interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts)
  
  
• Complete file system read access to the Speed Dial database and the Address Book database including contact pictures and other metadata like creation and modification dates (I’ve just checked on iOS 15 and this one inaccessible, so that one must have been quietly fixed recently)

Nehelper Enumerate Installed Apps 0-day

The vulnerably allows any user-installed app to determine whether any app is installed on the device given its bundle ID.


Nehelper Wifi Info 0-day

XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, com.apple.developer.networking.wifi-infoentiltlement check is skipped. Ths makes it possible for any qualifying app (e.g. posessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.


Two perspectives

Stepping back to look at the big picture, Apple has said its bug bounty program is a “runaway success” while the infosec community has shared a variety of specific criticisms and concerns about the program. These include claims that Apple has not responded or not responded promptly and also that Apple has not paid for flaws discovered that meet the bounty programs guidelines.

Notably, earlier this month we learned that Apple hired a new leader for its security bounty program with the goal of “reforming it.”

Third-party apps limited to 60Hz animations on iPhone 13 Pro [update]





Update: Apple has officially responded that some of the behaviours described below are the result of an OS bug. Full support for 120Hz in third-party apps is coming soon. Original story below.



One of the biggest new features exclusive to the iPhone 13 Pro and iPhone 13 Pro Max this year is the inclusion of high-refresh rate displays, or what Apple calls “ProMotion.”

That means the iPhone 13 Pro models feature new OLED displays that can refresh their screen content at up to 120 times per second, or 120Hz. However, developers receiving their phones today have discovered that, in many circumstances, their animations can only run at 60Hz — the same as the cheaper iPhone 13 and iPhone 13 mini, as well as prior iPhone generations.

As it stands with iOS 15.0, ProMotion takes effect in third-party apps when scrolling or doing full-screen transitions. That means that you will still get a very fluid and responsive experience when scrolling your Twitter timeline, for instance.

However, almost all other animations are capped at 60Hz in third-party apps. This includes special effects and animations for custom components. It can be particularly jarring for the same third-party app to feature smooth scrolling but then less-smooth interaction experience elsewhere. Developer of the Apollo Reddit client Christian Selig has already reported complaints about this from his customers.

A workaround hidden plist-key has been discovered that lifts the limit for SceneKit and SpriteKit based applications, and Dice by PCalc developer James Thomson is currently seeing if it will pass App Review. However, most animations in iOS apps are driven by the Core Animation framework and remain limited to 60Hz, even in the presence of this special undocumented plist entry.

Interestingly, these limits do not apply to third-party apps running on the iPad Pro, which has featured a 120Hz display since 2017.

Apple appears to have specially carved out these restrictions for the new iPhone models. One source suggested that this had been implemented for battery life reasons. However, we don’t know for sure if that is the case.

Perhaps more conspiratorially, examination of iOS 15 code indicates that only third-party apps are being constrained. Code in the OS exempts first-party Apple apps and allows them to run at full 120Hz animation speed all the time.





Apple’s apps appear to be exempt from these frame rate restrictions



Apple touts ProMotion on the iPhone as an adaptive system that ramps up and ramps down depending on what the user is doing. For instance, if the screen is dormant, the phone can lower itself to a 10Hz refresh rate to save power. However, customers and developers reasonably expected that app animations would be able to take advantage of the 120Hz hardware for super fluid animations, just like they can get with scrolling. Apple’s apps certainly seem allowed to do just that, as all apps can on the iPad Pro, but not third-party apps on the iPhone 13.

It’s still possible this is all just a bug in the 15.0 implementation, but it sadly seems unlikely in the presence of the code evidence.

Apple says 3d-party apps will be able to take full advantage of iPhone 13 ProMotion

Apple says third-party apps will be able to take full advantage of iPhone 13 ProMotion display, software fix forthcoming







Following initial testing of iOS 15 that found many third-party apps could not exceed the standard 60Hz refresh rate of the iPhone 13 Pro’s ProMotion screen, Apple has now clarified the situation. The good news is that developers will be able to take full advantage of the 120Hz display soon.

Apple says that developers will need to add a new Info.plist key to opt-in, and documentation is coming soon. In addition, a forthcoming software update will resolve a bug where animations driven by Core Animation were not able to reach the maximum 120Hz refresh rates.

Standard animations and scrolling interactions are automatically enhanced by ProMotion without developers having to write any custom code. This includes the power efficiency savings at times when the screen can ramp down to 10Hz, not just maxing out at fluid 120Hz.

For battery life reasons, apps will need to opt-in to 120Hz support if they are doing particular custom rendering, like games. The complete steps that developers need to follow will be officially documented soon.

The non-technical summary is: animations in third-party apps will be able to be just as smooth as Apple’s apps in the fullness of time.

Apple promises fix for broken ‘Unlock with Apple Watch’ feature on iPhone 13





iPhone 13 launched this Friday. While customers around the globe were happy to receive their brand new phone, it didn’t take long for them to realize that the “Unlock with Apple Watch” feature wasn’t working. Today, Apple addressed this issue on a support document page.

According to the “If Unlock with Apple Watch isn’t working on your iPhone 13” support page, Apple says “this issue will be fixed in an upcoming software update.”

Apple has identified an issue where Unlock with Apple Watch may not work with iPhone 13 devices. You might see “Unable to Communicate with Apple Watch” if you try to unlock your iPhone while wearing a face mask, or you might not be able to set up Unlock with Apple Watch.

Click to expand...

As for now, the company suggests for iPhone 13 users turn off the “Unlock with Apple Watch” feature and use their passcode to unlock the phone instead. To do that, just. go to the Apple Watch settings, then “Face ID & Passcode.”







This feature has proven really useful during the pandemic. Since many places in the world still require masks when indoors, unlocking the iPhone with the Apple Watch is really useful.

With Apple acknowledging this issue, it probably won’t take long for users to be able to download iOS 15.0.1 in the coming days.

Spotify battery drain complaints; company says it is investigating





Complaints about very high Spotify battery drain on iOS 15 and iOS 14.8 have been acknowledged by the company, which it says it is investigating …

There have been a flurry of Reddit posts and tweets about the problem.

“Seemingly out of nowhere, Spotify has started to drain my battery severely the past few days. A workout that used to consume 10-15% of my battery now takes 40-60% and my battery gets hot whenever the app is open.”

“Spotify draining iPhone 12 Pro at an absurd rate. This just started today it seems. iOS 15 […] For example, 30% usage of my total battery and Spotify has been used maybe 1/4 total time that of texts, Facebook, etc.”

“I’m still on 14.8 and having the same issue […] Doing a reinstall or “clean reinstall” does not help. Turning off background app refresh doesn’t work. Logging out doesn’t work. Nothing Spotify suggests works because it appears to be a bug. I had to delete Spotify today and I’m doing a free trial of Apple Music. I can’t afford to have this app destroy my battery.”

“I used to get through my 8 hour day at work listening to Spotify and still have 50-60 percent battery. Now my phone dies about 4 hours in.”

“iOS 15 iPhone 12 Mini (new, 100% battery capacity). Phone getting extremely hot, plus 1% battery drain per minute caused by Spotify app use only. Tried all recommended actions; none worked. Issue started last week.”

“@Spotify in the past few days the iOS app has been draining my iPhone battery incredibly fast.”

Click to expand...

Spotify has acknowledged the reports and says it will report back on its findings.

Thanks for your reports about battery drainage while updating from iOS 14.8 to .15 on both firmware versions during the past days. We’ve passed your info on to the relevant team and we can confirm they are currently looking into it.

Aside from trying restarting and/or a clean reinstall of the app, it’d be great if you’d give disabling Background App Refresh a shot: this could be found under Settings -> General -> Background App Refresh.

Thanks! We’ll keep you posted and let you know as soon as we have any updates on this.

Click to expand...

Apple Gift Card Heist: Stolen Store Worker Devices Let Scammers Cash in

The Apple gift card heist: How scammers stole an alleged $1.5 million using Apple employees' own devices





A shrewd scheme worthy of a heist movie.



One cool and cloudy day in the Texan suburb of Southlake, Jason Tout-Puissant sat outside the local Apple Store and quietly stole $50,000-worth of gift cards from Apple.

1,500 miles away in New York, his partner-in-crime Syed Ali walked into an Apple Store the same day and used those digital gift cards to acquire thousands of dollars' worth of high-end electronics.

And then, prosecutors say, they did it again, over and over and over.

The pair were part of a sophisticated, multi-year plot that defrauded Apple out of more than $1.5 million, US prosecutors have said. In a shrewd scheme worthy of a heist movie, they executed their plan using Apple's own technology — in particular, Apple retail store employees' specialized devices.

The case has quietly spent the last few years winding its way through the courts, according to documents reviewed, and both men have now pleaded guilty to wire fraud in the Southlake store caper (earlier filings by prosecutors allege a series of similar incidents at various Apple stores). They are awaiting sentencing in the coming weeks.

The crime shows how in the digital age, traditional smash-and-grab robberies are being superseded by more sophisticated schemes — and how technology companies' own tools can be used against them.

Apple, currently valued at $2.4 trillion, has some of the most valuable stores in the world. Even in an era of online shopping, the airy, open retail spaces make an average of more than $5,500 per square foot, according to a 2017 analysis by retail estate analytics firm CoStar — almost double the amount that jeweler Tiffany & Co generates.

And with Apple's signature brushed aluminium products lying around on every table, the stores can be a magnet for criminals.

A 17-member gang was busted in 2018 charging into multiple Apple Stores across California and grabbing merchandise before hightailing it in a getaway car, making more than $1 million before they were caught. Across Manhattan in 2020, thieves tracked recent Apple Store customers and grabbed their pricey purchases when they weren't looking. A Texan was jailed in 2021 for stealing $26,000-plus of merchandise in Arkansas, and was implicated in a string of other thefts from Missouri to Oklahoma.





The Apple Store in Southlake Texas where Jason Tout-Puissant stole $50,000 in gift cards.



But all these schemers went for the Apple products on display. Tout-Puissant and Ali found a far more profitable target: Apple employees' devices.

Apple's retail employees are equipped with a special machine called an "Isaac." The handheld device is a familiar sight to anyone who's ever bought something at an Apple store — it lets employees roam the store floor and sell products to customers wherever they are, avoiding the need for old-fashioned cash registers or check-out aisles. But unlike traditional checkout aisle cash-registers — as Ali and Tout-Puissant realized — the handheld Isaac devices are also stealable.

According to court filings, Tout-Puissant allegedly walked into Apple Stores "around the United States" numerous times and walked out with Isaac devices. He then sat outside the same stores — still connected to the store WiFi network — and used the robbed employee's account to acquire thousands of dollars in digital gift cards.

Tout-Puissant texted these gift cards to Ali and another unnamed co-conspirator, who could then casually walk into unsuspecting Apple Stores in other states across the country and convert the pilfered gift cards into high-value electronics purchases, according to the filings.

In a display of brand loyalty that Apple is unlikely to appreciate, the conspirators used Apple products and services every step of the way to defraud the company. After using Apple's Isaac device to issue himself gift card codes, Tout-Puissant loaded the codes into Apple's old wallet app Passbook to generated QR codes, which he then screenshotted on his own iPhone and sent to Ali using Apple's now-discontinued messaging app iChat, allowing Ali to walk into another Apple Store to swap them with unsuspecting Apple employees for Apple hardware products.

It's not clear from court filings exactly how Tout-Puissant was able to to get away with repeatedly stealing the Isaac devices from Apple stores, and a spokesperson for US Attorney's Office, Northern District of Texas declined to comment.

The scheme took place between 2015 and 2017, prosecutors said in court filings, and allegedly netted the accomplices a collective $1.5 million-worth of gift cards that could be turned into resellable electronics. The Southlake, Texas, haul, which totalled $50,000 across 26 digital gift cards, was just one small part of that, prosecutors' filings allege.





Apple "Isaac" handheld sales devices like this one were stolen and used to fraudulently issue new gift cards.



The duo were charged in connection with the heists in 2019, but Jason Tout-Puissant was already on law enforcement's radar.

A 29-year-old New Yorker who operated a repair shop on Long Island, he had been arrested at Fort Lauderdale airport in Florida attempting to fly to Texas in December 2016, after TSA agents found 60 counterfeit credit cards in his bags, as well as specialized machines for reading and writing credit cards, according to court filings.

He pleaded guilty to aggravated identity theft and other crimes not connected to the Apple gift card thefts, and was sentenced to roughly three years' imprisonment.

Tout-Puissant had been caught on camera stealing Isaac devices, but the FBI turned to technological means to track Ali down, getting a warrant to track his cellphone via GPS. The first arrest attempt went awry: Investigators accidentally grabbed Syed Ali's identically named brother, Syed Ali, instead. They managed to arrest the correct Syed Ali in southern Brooklyn in March of 2019.

Ali cracked first, pleading guilty in 2019 to wire fraud. He subsequently turned on Tout-Puissant, agreeing to assist prosecutors in building a case against him. His partner-in-crime held out until 2021, and finally pleaded guilty in mid-May to the appropriation of $50,000 of gift cards from Southlake, just weeks before a scheduled jury trial.

Ali remains in Brooklyn, afflicted with an unspecified illness, and is currently due to be sentenced on October 4. Tout-Puissant is in custody ahead of his own sentencing. A lawyer for Tout-Puissant declined to comment, and Ali's lawyer did not respond to a request for comment. Both could face up to 20 years in prison and $250,000 fines.

The court documents do not make clear whether Tout-Puissant and Ali were responsible for all $1.5 million in alleged gift card thefts or if other unindicted co-conspirators also played a role.

The case isn't the only time big companies' tech tools have been abused by opportunists. In August 2021, an unofficial tour guide at Disney World in Florida was caught using an apparently stolen iPad loaded with a Disney employee-only app that lets VIP users skip the lines for attractions at the theme park.

It's unclear whether Apple has made changes to its system to prevent future crooks from carrying out the same scheme.

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

The new $30 AirTag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the AirTag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website.







The AirTag’s “Lost Mode” lets users alert Apple when an AirTag is missing. Setting it to Lost Mode generates a unique URL at https://found.apple.com, and allows the user to enter a personal message and contact phone number. Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see that unique Apple URL with the owner’s message.

When scanned, an AirTag in Lost Mode will present a short message asking the finder to call the owner at at their specified phone number. This information pops up without asking the finder to log in or provide any personal information. But your average Good Samaritan might not know this.

That’s important because Apple’s Lost Mode doesn’t currently stop users from injecting arbitrary computer code into its phone number field — such as code that causes the Good Samaritan’s device to visit a phony Apple iCloud login page.





A sample “Lost Mode” message



The vulnerability was discovered and reported to Apple by Bobby Rauch, a security consultant and penetration tester based in Boston. Rauch said the AirTag weakness makes the devices cheap and possibly very effective physical trojan horses.

“I can’t remember another instance where these sort of small consumer-grade tracking devices at a low cost like this could be weaponized,” Rauch said.

Consider the scenario where an attacker drops a malware-laden USB flash drive in the parking lot of a company he wants to hack into. Odds are that sooner or later some employee is going to pick that sucker up and plug it into a computer — just to see what’s on it (the drive might even be labeled something tantalizing, like “Employee Salaries”).

If this sounds like a script from a James Bond movie, you’re not far off the mark. A USB stick with malware is very likely how U.S. and Israeli cyber hackers got the infamous Stuxnet worm into the internal, air-gapped network that powered Iran’s nuclear enrichment facilities a decade ago. In 2008, a cyber attack described at the time as “the worst breach of U.S. military computers in history” was traced back to a USB flash drive left in the parking lot of a U.S. Department of Defense facility.

In the modern telling of this caper, a weaponized AirTag tracking device could be used to redirect the Good Samaritan to a phishing page, or to a website that tries to foist malicious software onto her device.

Rauch contacted Apple about the bug on June 20, but for three months when he inquired about it the company would say only that it was still investigating. Last Thursday, the company sent Rauch a follow-up email stating they planned to address the weakness in an upcoming update, and in the meantime would he mind not talking about it publicly?

Rauch said Apple never acknowledged basic questions he asked about the bug, such as if they had a timeline for fixing it, and if so whether they planned to credit him in the accompanying security advisory. Or whether his submission would qualify for Apple’s “bug bounty” program, which promises financial rewards of up to $1 million for security researchers who report security bugs in Apple products.

Rauch said he’s reported many software vulnerabilities to other vendors over the years, and that Apple’s lack of communication prompted him to go public with his findings — even though Apple says staying quiet about a bug until it is fixed is how researchers qualify for recognition in security advisories.

“I told them, ‘I’m willing to work with you if you can provide some details of when you plan on remediating this, and whether there would be any recognition or bug bounty payout’,” Rauch said, noting that he told Apple he planned to publish his findings within 90 days of notifying them. “Their response was basically, ‘We’d appreciate it if you didn’t leak this.'”

Rauch’s experience echoes that of other researchers interviewed in a recent Washington Post article about how not fun it can be to report security vulnerabilities to Apple, a notoriously secretive company. The common complaints were that Apple is slow to fix bugs and doesn’t always pay or publicly recognize hackers for their reports, and that researchers often receive little or no feedback from the company.

The risk, of course, is that some researchers may decide it’s less of a hassle to sell their exploits to vulnerability brokers, or on the darknet — both of which often pay far more than bug bounty awards.

There’s also a risk that frustrated researchers will simply post their findings online for everyone to see and exploit — regardless of whether the vendor has released a patch. Earlier this week, a security researcher who goes by the handle “illusionofchaos” released writeups on three zero-day vulnerabilities in Apple’s iOS mobile operating system — apparently out of frustration over trying to work with Apple’s bug bounty program.

Ars Technica reports that on July 19 Apple fixed a bug that llusionofchaos reported on April 29, but that Apple neglected to credit him in its security advisory.

“Frustration with this failure of Apple to live up to its own promises led illusionofchaos to first threaten, then publicly drop this week’s three zero-days,” wrote Jim Salter for Ars. “In illusionofchaos’ own words: ‘Ten days ago I asked for an explanation and warned then that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would.'”

Rauch said he realizes the AirTag bug he found probably isn’t the most pressing security or privacy issue Apple is grappling with at the moment. But he said neither is it difficult to fix this particular flaw, which requires additional restrictions on data that AirTag users can enter into the Lost Mode’s phone number settings.

“It’s a pretty easy thing to fix,” he said. “Having said that, I imagine they probably want to also figure out how this was missed in the first place.”