Enlarge / A Pixel 3, messaging a savvy iPhone owner, one with the kinds of concerns Beeper hopes to resolve for its customers. (credit: Kevin Purdy)

In the past week, I have sent an iMessage to one friend from a command-line Python app and to another from a Pixel 3 Android phone.

Sending an iMessage without an Apple device isn't entirely new, but this way of doing it is. I didn't hand over my Apple credentials or log in with my Apple ID on a Mac server on some far-away rack. I put my primary SIM card in the Pixel, I installed Beeper Mini , and it sent a text message to register my number with Apple. I never gave Beeper Mini my Apple ID.

From then on, my iPhone-toting friends who sent messages to my Pixel 3 saw them as other-iPhone blue, not noticeably distracting green. We could all access the typing, delivered/read receipts, emoji reactions, and most other iPhone-to-iPhone message features. Even if I had no active Apple devices, it seems, I could have chosen to meet Apple users where they were and gain end-to-end encryption by doing so.

Enlarge (credit: Getty Images )

Researchers in Google's Threat Analysis Group have been as busy as ever, with discoveries that have led to the disclosure of three high-severity zero-day vulnerabilities under active exploitation in Apple OSes and the Chrome browser in the span of 48 hours.

Apple on Thursday said it was releasing security updates fixing two vulnerabilities present in iOS, macOS, and iPadOS. Both of them reside in WebKit, the engine that drives Safari and a wide range of other apps, including Apple Mail, the App Store, and all browsers running on iPhones and iPads. While the update applies to all supported versions of Apple OSes, Thursday’s disclosure suggested in-the-wild attacks exploiting the vulnerabilities targeted earlier versions of iOS.

“Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1,” Apple officials wrote of both vulnerabilities, which are tracked as CVE-2023-42916 and CVE-2023-42917.

Enlarge / Apple wants to build more of its A- and M-series chips in the United States. (credit: Apple)

Late last year, Apple CEO Tim Cook announced that the company would definitely be buying chips made at Taiwan Semiconductor's new Arizona-based fab once it had opened. Apple working with TSMC isn't new; most, if not all, of the processors currently sold in Apple's products are made on one of TSMC's many manufacturing nodes. But being able to buy them from a US-based facility would be a first.

The issue, as outlined by some TSMC employees speaking to The Information in September , is that the Arizona facility would manufacture chips, but it wouldn't be building a facility to handle packaging. And without packaging, the Arizona factory would essentially be a "paperweight," requiring any chips made there to be shipped to Taiwan for assembly before they could be put in any products.

Today Apple announced that it had solved that particular problem, partnering with a company called Amkor to handle chip packaging in Arizona. Amkor says that it will invest $2 billion to build the facility, which will "employ approximately 2,000 people" and "is targeted to be ready for production within the next two to three years." Apple says that it has already worked with Amkor on chip packaging for "more than a decade."

Enlarge / The active cooling chips are labeled and located in the upper-left corner near a custom heatsink in the 15-inch MacBook Air. (credit: Frore Systems )

What if laptops could get fan-level cooling without moving parts? We could get thinner laptops, for one. We could also potentially squeeze more performance out of today's already impressively thin designs.

That's what San Jose, California startup Frore Systems is trying to convince laptop makers of as it looks for the first OEM to adopt what it describes as the first solid-state active cooling chip.

Most recently, the company equipped the M2 15-inch MacBook Air with three of its chips, dubbed AirJet Minis. Media witnesses to a recent demonstration reported that the chips helped bring MacBook Pro-comparable performance to sustained heavy workloads on the MacBook Air.

Enlarge (credit: Apple)

Apple has repeatedly trumpeted the success of its financial services, a product lineup that now encompasses the Apple Card credit card, high-interest savings accounts, and a buy-now-pay-later service called Apple Pay Later .

But even if those products have proven reasonably popular with consumers, they haven’t been working out for the bank that Apple has partnered with to supply those services. Goldman Sachs’ consumer services have been losing the company billions of dollars, according to reporting from Bloomberg , CNBC , and The New York Times , among others. These losses have been driven in part by a much higher-than-usual loss rate on its credit card loans—meaning that people with Goldman-backed credit cards like the Apple Card are actually making their payments less often than people with credit cards from other banks.

Today, The Wall Street Journal reports that Apple has sent Goldman Sachs a proposal that will end their partnership within the next 12 to 15 months, leaving Apple to find a new backer for its financial products.

Enlarge (credit: Pool / Pool | Getty Images Europe )

The latest advertiser fallout on X , the platform formerly known as Twitter, could end up costing Elon Musk's company much more than the $11 million in revenue that the company previously estimated could be "at risk" due to backlash over antisemitic content on X.

According to internal X sales team documents reviewed by The New York Times , X may lose "up to $75 million" as more than 100 major brands—including Airbnb, Amazon, Coca-Cola, Google, Microsoft, Netflix, and Uber—have stopped advertising, while "dozens" more are considering pausing ads on the platform.

These sales team documents, The Times reported, "are meant to track the impact of all the advertising lapses" in November. On top of noting which brands have stopped advertising, the documents also flag brands at risk of halting ads. Ultimately, the sales team's goal is listing "how much ad revenue X employees fear the company could lose through the end of the year if advertisers do not return," The Times reported.

Enlarge (credit: Apple)

Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12.

The CVE-2023-41064 and CVE-2023-41061 flaws were reported by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Also dubbed "BLASTPASS," Citizen Lab says that the bugs are serious because they can be exploited just by loading an image or attachment, which happens regularly in Safari, Messages, WhatsApp, and other first- and third-party apps. These bugs are also called "zero-click" or "clickless" vulnerabilities.

Citizen Lab also said that the BLASTPASS bug was "being used to deliver NSO Group’s Pegasus mercenary spyware ," the latest in a long line of similar exploits that have been used to infect fully patched iOS and Android devices.

Enlarge / Is this the new face of the tabletop RPG player? Demeo maker Resolution Games thinks it might be.

Resolution Games today announced that a version of Demeo —the developer's popular virtual reality (VR) and mixed reality (MR) tabletop RPG simulator—is in "active development" for the Apple Vision Pro headset. The title is among the first VR/MR games to be officially confirmed for Apple's highly anticipated $3,500 wearable computing device , which is expected early next year.

After Demeo 's launch in 2021 , Resolution Games added a Mixed Reality update late last year that places in-game objects on top of a view of the real world (via passthrough cameras on compatible headsets like Meta's Quest 2 and Quest Pro and the upcoming Quest 3 ). A "Mixed Reality 2.0" update for the game, launching today, adds support for controller-free hand-tracking as well as "co-location" of mixed reality items, which can now appear in the same place for multiple users in the same physical room.

Those kinds of MR features will be useful on the Apple Vision Pro, which doesn't use handheld controllers and is primarily focused on MR apps that can be layered over a view of the real world. But Resolution Games says Vision Pro will also support a "fully virtual" version of the game that doesn't integrate passthrough images.