• chevron_right

      Apple Patches iPhone Zero-Day

      news.movim.eu / Schneier · Thursday, 15 December, 2022 - 16:43

    The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.”

    News :

    Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.

    WebKit bugs are often exploited when a person visits a malicious domain in their browser (or via the in-app browser). It’s not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device’s operating system and the user’s private data. WebKit bugs can be “chained” to other vulnerabilities to break through multiple layers of a device’s defenses.

    • chevron_right

      iPhone Malware that Operates Even When the Phone Is Turned Off

      news.movim.eu / Schneier · Tuesday, 17 May, 2022 - 20:59

    Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.

    t turns out that the iPhone’s Bluetooth chip­ — which is key to making features like Find My work­ — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

    […]

    The research is the first — or at least among the first — to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.

    The research is fascinating, but the attack isn’t really feasible. It requires a jailbroken phone, which is hard to pull off in an adversarial setting.

    Slashdot thread .

    • chevron_right

      What to expect from Apple’s September 14 “California Streaming” event

      Samuel Axon · news.movim.eu / ArsTechnica · Wednesday, 8 September, 2021 - 22:01 · 1 minute

    Futuristic glass-walled building permits views of surrounding forest.

    Enlarge / The waiting area of the Steve Jobs Theater at Apple's Cupertino campus. (credit: Samuel Axon)

    On September 14 at 10 am PDT (1 pm EDT), Apple will host its first product-launch event in several months. Once again, it will be an online-only event . But as with other recent online events from Apple, we expect it to be as jam-packed with announcements as ever.

    It's likely to focus on the iPhone, but revelations about the Apple Watch, AirPods, and maybe the iPad are likely, too. We'll be liveblogging the event as it happens on Tuesday, of course, but until then, consider what you're about to read our best attempt at setting expectations and making predictions about what's coming.

    In so many ways, Apple has gotten easier to read and predict in recent years—certainly compared to the years during Steve Jobs' second tenure as CEO. Apple has settled into something of a cadence with its main product lines, making it a bit easier to see what may be coming. The company's products are still disruptive, but now they do it in a subtle, iterative ways and often in areas that aren't as flashy as what we saw in the 2000s—like health care, for example.

    Read 33 remaining paragraphs | Comments

    index?i=9oVywx9qh4s:LqIHPyU2wJI:V_sGLiPBpWUindex?i=9oVywx9qh4s:LqIHPyU2wJI:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Apple invests $45 million more in Gorilla Glass-maker Corning

      Samuel Axon · news.movim.eu / ArsTechnica · Monday, 10 May, 2021 - 21:19

    • Corning's glass products, close up. [credit: Apple ]

    Apple has invested an additional $45 million in US-based Corning Incorporated, the maker of Gorilla Glass, the companies announced today.

    A news release from Apple says the investment will help "expand Corning's manufacturing capacity in the US" and "drive research and development into innovative new technologies that support durability and long-lasting product life."

    The investment will come out of Apple's $5 billion Advanced Manufacturing Fund, which was established in 2017 to invest in manufacturing jobs and infrastructure in the United States related to Apple's products like the iPhone.

    Read 6 remaining paragraphs | Comments

    index?i=AoRCZN_nXGU:MeqZKpGddvk:V_sGLiPBpWUindex?i=AoRCZN_nXGU:MeqZKpGddvk:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Mathias Poujol-Rost ✅ · Friday, 5 March, 2021 - 14:54

      Contact publication

    Indice de réparabilité : pourquoi les iPhone ont les plus mauvaises notes
    • chevron_right

      The next iPhone MagSafe accessory could be a magnetic battery pack

      Samuel Axon · news.movim.eu / ArsTechnica · Friday, 19 February, 2021 - 19:17

    • This is the current MagSafe charger, which is sold separately from the iPhone 12. [credit: Samuel Axon ]

    Bloomberg has published yet another report sharing details of a planned Apple product launch. This time, the publication's sources say Apple is working on a magnetically attached battery pack for iPhones—it would be the first Apple-designed iPhone battery pack that does not double as a case.

    The accessory would use the MagSafe feature introduced with the iPhone 12 lineup in October. It would magnetically attach to the back of new iPhones and presumably provide power wirelessly via the Qi standard that iPhones have adopted. According to Bloomberg's sources, the first prototypes have a "white rubber exterior."

    Apple has also already shipped some MagSafe accessories for the iPhone, including a charging cable that uses the magnets and other components to optimally align the charging coils and produce faster charging speeds than were possible with previous iPhone models with non-MagSafe Qi charging capability.

    Read 5 remaining paragraphs | Comments

    index?i=cZsljNKrxvo:FTLzgp6QKsk:V_sGLiPBpWUindex?i=cZsljNKrxvo:FTLzgp6QKsk:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Apple starts hiring engineers to work on 6G modems

      Samuel Axon · news.movim.eu / ArsTechnica · Thursday, 18 February, 2021 - 19:20

    The iPhone 12 and 12 Pro, side-by-side

    Enlarge / The iPhone 12 and 12 Pro, side by side. (credit: Samuel Axon)

    Apple has posted multiple job listings indicating that it is hiring engineers to work on 6G technology internally so it does not have to rely on partners like Qualcomm as the next generation of wireless technology hits several years down the line.

    The job listings, which were first spotted and reported by Bloomberg , include titles like "Wireless Research Systems Engineer - 5G/6G" and "RAN1/RAN4 Standards Engineer."

    The listings have statements like "You will be part of a team defining and doing research of next-generation standards like 6G," "You will research and design next-generation (6G) wireless communication systems for radio access networks with emphasis on the PHY/MAC/L2/L3 layers," "Participate in industry/academic forums passionate about 6G technology," and "Contribute to future 3GPP RAN work items on 6G technology."

    Read 6 remaining paragraphs | Comments

    index?i=aPlZyQP1FFs:SRh0xDNCt5c:V_sGLiPBpWUindex?i=aPlZyQP1FFs:SRh0xDNCt5c:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      New iMessage Security Features

      Bruce Schneier · news.movim.eu / Schneier · Friday, 29 January, 2021 - 15:21

    Apple has added added security features to mitigate the risk of zero-click iMessage attacks.

    Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.

    Groß notes that memory corruption based zero-click exploits typically require exploitation of multiple vulnerabilities to create exploit chains. In most observed attacks, these could include a memory corruption vulnerability, reachable without user interaction and ideally without triggering any user notifications; a way to break ASLR remotely; a way to turn the vulnerability into remote code execution;; and a way to break out of any sandbox, typically by exploiting a separate vulnerability in another operating system component (e.g. a userspace service or the kernel).