close
  • chevron_right

    iOS 16.4.1 and macOS 13.3.1 address two security vulnerabilities

    news.movim.eu / ArsTechnica · Friday, 7 April - 20:41

Three iPhones on a wooden picnic bench, with prominent cameras visible

Enlarge / The backs of the iPhone 14, iPhone 14 Pro, and iPhone 14 Pro Max. (credit: Samuel Axon)

Apple has released bug fix and security updates for several of its operating systems, including iOS 16.4.1, iPadOS 16.4.1, and macOS Ventura 13.3.1.

The iOS and iPadOS updates don't add any new features. Their main purpose is to address two separate major security vulnerabilities, and the release notes include two big fixes.

Apple details the bug fixes as follows:

Read 4 remaining paragraphs | Comments

  • chevron_right

    Apple rolls out iOS 16.4 and macOS Ventura 13.3 with new emoji and features

    news.movim.eu / ArsTechnica · Monday, 27 March - 19:33

The 2021, 24-inch iMac with Apple's M1.

Enlarge / The 2021, 24-inch iMac with Apple's M1. (credit: Samuel Axon)

Apple released new updates for most of its software platforms today, including macOS Ventura 13.3, iOS 16.4, iPadOS 16.4, tvOS 16.4, and watchOS 9.4.

These are all feature updates, meaning they actually add new functionality in addition to fixing bugs or addressing security vulnerabilities.

iOS and iPadOS 16.4 add a number of minor features. The headliner is (of course) 21 new emojis, like new heart colors, additional animals, and a shaking head. Beyond that, though, Apple says you'll see improved voice isolation on phone calls, support for notifications from web apps that have been added to your phone's home screen, new ways to weed out duplicates in your Photos library, and a number of bug fixes.

Read 4 remaining paragraphs | Comments

  • chevron_right

    20 years later, Second Life is launching on mobile

    news.movim.eu / ArsTechnica · Thursday, 16 March - 12:28

Second Life mobile preview.

Remember Second Life ? The virtual world launched on the desktop web back in 2003 with 3D avatars and spaces for various social activities. Believe it or not, it has been running continually this entire time—and now it's coming to mobile for the first time.

In fact, this will be the first time that Second Life has expanded beyond the PC (across Windows, macOS, and Linux) in any form.

In a post to the virtual world's community web forum , a community manager for Second Life developer Linden Lab shared a video with some details about the mobile version's development, and announced that a beta version of the mobile app will launch sometime this year.

Read 5 remaining paragraphs | Comments

  • Sc chevron_right

    Apple Patches iPhone Zero-Day

    news.movim.eu / Schneier · Thursday, 15 December - 16:43

The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.”

News :

Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.

WebKit bugs are often exploited when a person visits a malicious domain in their browser (or via the in-app browser). It’s not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device’s operating system and the user’s private data. WebKit bugs can be “chained” to other vulnerabilities to break through multiple layers of a device’s defenses.

  • Sc chevron_right

    Apple’s Lockdown Mode

    news.movim.eu / Schneier · Sunday, 31 July, 2022 - 18:21 · 1 minute

I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.

At launch, Lockdown Mode includes the following protections:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

What Apple has done here is really interesting. It’s common to trade security off for usability, and the results of that are all over Apple’s operating systems—and everywhere else on the Internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.

There aren’t a lot of people who need Lockdown Mode, but it’s an excellent option for those who do.

News article .

EDITED TO ADD (7/31): An analysis of the effect of Lockdown Mode on Safari.

Collabora Office (@CollaboraOffice@mastodon.social)