Jump to content

Search the Community

Showing results for tags 'ios'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 268 results

  1. Microsoft To Do on iOS gets a rich entry bar and natural language processing Microsoft's To Do app on iOS has received an update through the App Store, bringing along a rich entry bar, which lets users choose a due date, reminders, and set recurring events directly from the entry bar for new items. This feature was already available on Windows and Android, so it's only natural that it would make its way everywhere. Perhaps more interestingly, though, Microsoft has also added natural language processing to the entry bar, and that feature is exclusive to iOS for now. This means that, if you write down a task include words like "tomorrow" or "tonight", To Do will automatically be able to choose a due date and reminder times for that task. Microsoft said it'll be working to bring the feature to Android eventually. Aside from that, the update includes minor improvements, such as improved colors for the sidebar in dark mode, new illustrations, and some bug fixes. You can download To Do for iOS from the App Store. Meanwhile, Android users enrolled in the beta program have also received an update recently. While it doesn't bring natural language processing, it does make it possible to drag and drop text from other apps into To Do. It also brings push notifications to shared lists. The Android version of Microsoft To Do can be found on the Play Store, where you can also register in the beta program to get new features early. Source: Microsoft To Do on iOS gets a rich entry bar and natural language processing (Neowin)
  2. Microsoft is killing off its Cortana mobile apps everywhere except the U.S. next year If you're a fan of Microsoft's Cortana virtual assistant and you live outside of the U.S., you're in for some bad news, although that should frankly be no surprise. The company is ending support for the Cortana mobile app on iOS and Android as of January 31, as noted in a support document published this week. The support document is from the UK, as Microsoft isn't killing the app if you're in the United States. Indeed, the page also notes that Cortana is being removed from Microsoft Launcher on Android, something that was previously reported earlier this month, and that news is also exclusive to those outside of the U.S. Instead, Microsoft's strategy is to integrate its digital assistant into its various Microsoft 365 apps, such as Office, To Do, and so on. The Redmond firm was clear that it's not actually killing off Cortana, but only the mobile apps and the integration with Microsoft Launcher. It's unclear why the apps will continue to be supported in the U.S., so it's entirely possible that those will be removed at a later date as well. Source: Microsoft is killing off its Cortana mobile apps everywhere except the U.S. next year (Neowin)
  3. Apple bans vaping apps from the iOS App Store Customers can continue using apps they've already downloaded. Enlarge / Woman smoking electronic cigarette. BSIP/UIG/Getty Apple has removed all 181 vaping-related apps from the iOS App Store, Axios reported on Friday morning. The move follows rising concern about the possible health impacts of vaping. Some of the banned apps provided news and information about vaping. Some were vaping-themed games. There were also apps that allowed users to adjust the temperature and other settings on their vaping devices. To avoid breaking functionality for existing customers, Apple is allowing them to continue using vaping apps already on their devices—and to transfer them to new devices. But new users won't be able to download these apps, and new vaping apps can't be published on Apple's store. Since their inception, e-cigarettes have faced questions about their safety. Manufacturers have portrayed them as a safer alternative to cigarettes, but critics—including the Food and Drug Administration—say companies haven't proven these claims scientifically. The technology is so new that the long-term health impacts aren't yet clear. Critics are particularly worried about rising teen vaping. While conventional teen smoking has been on the decline for decades, those gains have been largely offset by a rise in e-cigarette use among high school students. The Food and Drug Administration is planning to ban flavored vaping products to reduce their appeal to children. In recent months, health officials have confronted a more urgent problem: hundreds of people have fallen ill after using vaping devices. Officials have linked most of the illnesses to off-brand vaping liquids—especially those involving THC, the main active ingredient in marijuana. One possible culprit: a form of vitamin E, common in skin creams, that may become harmful to the lungs if vaporized. This form of vitamin E has been found in some vaping liquids. So far, these acute health problems seem to afflict a small minority of vaping users who use vaping liquids from unofficial sources. Consumers who stick to mainstream vaping products do not seem to have been affected. Source: Apple bans vaping apps from the iOS App Store (Ars Technica)
  4. A Facebook VP says the company is looking into it Facebook might have another security problem on its hands, as some people have reported on Twitter that Facebook’s iOS app appears to be activating the camera in the background of the app without their knowledge. Facebook says it’s looking into what’s happening. There are a couple ways that this has been found to happen. One person found that the camera UI for Facebook Stories briefly appeared behind a video when they flipped their phone from portrait to landscape. Then, when they flipped it back, the app opened directly to the Stories camera. You can see it in action here (via CNET😞 It’s also been reported that when you view a photo on the app and just barely drag it down, it’s possible to see an active camera viewfinder on the left side of the screen, as shown in a tweet by web designer Joshua Maddux: Maddux says he could reproduce the issue across five different iPhones, which were all apparently running iOS 13.2.2, but he reportedly couldn’t reproduce it on iPhones running iOS 12. Others reported they were able to replicate the issue in replies to Maddux’s tweet. CNET and The Next Web said they were able to see the partial camera viewfinder as well, and The Next Web noted that it was only possible if you’ve explicitly given the Facebook app access to the camera. In my own attempts, I couldn’t reproduce the issue on my iPhone 11 Pro running iOS 13.2.2. Guy Rosen, Facebook’s VP of integrity, replied to Maddux this morning to say that the issue he identified “sounds like a bug” and that the company is looking into it. With the second method, the way the camera viewfinder is just peeking out from the left side of the screen suggests that the issue could be a buggy activation of the feature in the app that lets you swipe from your home feed to get to the camera. (Though I can’t get this to work, either.) I don’t know what might be going on with the first method — and with either, it doesn’t appear that the camera is taking any photos or actively recording anything, based on the footage I’ve seen. But regardless of what’s going on, unexpectedly seeing a camera viewfinder in an app is never a good thing. People already worry about the myth that Facebook is listening in to our conversations. A hidden camera viewfinder in its app, even if it’s purely accidental, might stoke fears that the company is secretly recording everything we do. Hopefully Facebook fixes the issues soon. And you might want to revoke the Facebook app’s camera access in the meantime, just to be safe. Source: Facebook’s iOS app might be opening the camera in the background without your knowledge (via The Verge) p/s: The news was posted under Security & Privacy News, instead of Mobile News as this news talks about privacy issue on Facebook's iOS app with regards to the camera bug.
  5. Only available in Brazil Instagram has launched a new video editing tool in Brazil that copies some of the best-known features of TikTok. As reported by TechCrunch and Variety, the tool is called Reels and is available on both iOS and Android. There’s no word on whether it will be launched in other countries, but it’s certainly likely if the tool is a success. With Reels, users can record 15-second videos, adjust their speed, set them to music, or borrow audio from others’ videos — similar to the “Duet” feature in TikTok. They can share them to their stories, send them via DMs, or post them to a new section of Instagram’s Explore tab called Top Reels, where the company is hoping the best clips will go viral. It seems like a clever way for Instagram to leverage its existing network of users in order to take on TikTok. Facebook has previously tried to clone the app’s success with a standalone product called Lasso but it’s difficult to build a user base from scratch. Instagram previously had great success with this tactic copying Snapchat’s signal Stories feature in 2016. You can watch a quick demo of Reels below: It’s clear that Instagram is trying to steal TikTok’s thunder, but the company’s director of product management, Robby Stein, told TechCrunch that there was more than one way to skin a cat. “No two products are exactly the same, and at the end of the day sharing video with music is a pretty universal idea we think everyone might be interested in using,” said Stein. “The focus has been on how to make this a unique format for us.” The Verge previously reported that the new tool might be called Scenes, after a similar feature was spotted by Jane Manchun Wong, a software engineer who’s made a name for herself reverse engineering code from top apps. It now seems Scenes is actually Reels. We’ve known for a while that Facebook is extremely keen to counter TikTok’s rise. As well as launching Lasso, Mark Zuckerberg revealed the company’s ambitions regarding the Chinese app in audio leaked to The Verge in October. The Facebook CEO indicated then that Instagram would probably have to be enlisted in the fight against the new upstart. TikTok has “married short-form, immersive video with browse,” said Zuckerberg. “So it’s almost like the Explore Tab that we have on Instagram.” Now is certainly a good time for TikTok’s competitors to pounce (Google is also reportedly working on its own response). The app has seen huge growth but is facing trouble from regulators, including a US national security review. For TikTok, the clock is ticking. Update November 12th, 7:23AM ET: Story has been updated to incorporate news of the launch of Reels. Source: Instagram is testing a new video editing tool called Reels that copies TikTok’s best features (via The Verge)
  6. In order to make small firms sell goods more easily, WhatsApp has added a new feature to its WhatsApp Business app called catalogs. Catalogs are accessible via a business’s profile page and users can scroll through the different products to see a description and price. This will cut out the need for back and forward messaging between customers and businesses. For each product, businesses can attach a price, a description, and a product code. Not only does this speed custom up but it also makes smaller businesses look more professional. According to WhatsApp, catalogs are stored in the cloud which saves both customers and businesses storage space on their devices. Setting up a new catalog is pretty easy; head into the WhatsApp Business app and go to settings, then go to Business Settings and select Catalog, from here you can add products. Once you’re happy with the details just hit save. In order to promote your products, you can attach them from the catalog directly into chats. The feature is available now for WhatsApp Business on both Android and iPhone in Brazil, Germany, India, Indonesia, Mexico, the U.K., and the U.S. If your country is not listed, don’t worry, WhatsApp will roll out the feature to the rest of the world soon. Source: WhatsApp Business app gains catalog feature to help small firms (via Neowin)
  7. Apple rolls out iOS 13.2.2 update with fix for annoying multitasking bug Apps won’t close in the background so quickly anymore Apple has just released iOS and iPadOS 13.2.2, with a fix for a frustrating bug that led apps to close in the background much quicker than usual. Even a jump between two apps could be enough for Safari windows to reload or to lose your place in a YouTube video. The issue is also fixed in the iOS 13.3 update that went into beta testing this week, but it’s great to see that Apple is fast-tracking a fix to all customers. iOS 13.2.2 also addresses an issue where iPhones could “temporarily lose mobile signal after a call” and another “where mobile data may temporarily not be available.” I’ve randomly lost data — despite my iPhone showing full bars — when coming up from the subway occasionally, so hopefully that bug is now gone thanks to those fixes. Apple also notes that this patch “resolves an issue where charging may be interrupted on YubiKey Lightning-powered accessories” and clears up a bug that caused some replies to S/MIME messages between Exchange accounts to be unreadable. The iOS and iPadOS 13.2.2 update should be available now from your settings menu. Source: Apple rolls out iOS 13.2.2 update with fix for annoying multitasking bug (The Verge)
  8. The ProtonMail app on iOS is now fully open source Proton Technologies AG has announced that its ProtonMail app on iOS is now fully open source, with the code now available on GitHub. Giving some reasons for the open sourcing of the app, the firm said that it believes “in transparency, the power of community, and building a more private and secure future for all.” The open sourcing of the app follows a security audit of the software carried out by the security firm SEC Consult. Proton said that by opening up its code, it helps build the trust of its users who can see what the app does and can even use the source code to build their own version of the app if they don’t trust the binaries being distributed. Commenting on the open sourcing of the application, Proton said: “Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.” Accompanying the release of the source code, the firm has also documented the iOS security model which can help the public review some of the more unintelligible code found within the app. With the source code now open, reviewing the code for bugs is an option if you’d like to earn some money via the ProtonMail bug bounty programme. Also, if you’re new to the Swift programming language and creating apps for iOS, reviewing existing programs and seeing how they work is a great way to improve your coding skills. Source: The ProtonMail app on iOS is now fully open source (Neowin)
  9. Google News now displays stories in two languages in a single feed Google rolled out today a new update for its news aggregator app on Android and iOS, enabling users to view articles in two languages with only a single feed. The new capability is available across 141 countries, with support for 41 languages. The search giant said in a blog post that the new update aims to provide assistance to users who are in the habit of consuming news across multiple languages. This activity proves to be challenging for people as they need to look for stories across various apps. With the latest change to the Google News app, users can view news content in two languages and read headlines and stories in each language at the same time. For example, news stories can be displayed in both English and Hindi simultaneously so that users can keep tabs on events occurring in India. That means users can receive updates from local publishers and articles about any topics from any part of the world. The changes won't affect your existing personalization preferences. More importantly, you will stay up-to-date with relevant news stories from your chosen languages. You can enable the new feature by heading over to the language settings in the Google News app and picking two language options. Source: Google News now displays stories in two languages in a single feed (Neowin)
  10. Google's decade-old feature used in Chrome to reduce browsing history is now available for location services in Android. After announcing it twice in the past year, Google is keeping its promise and unrolling Incognito mode for Maps for its Android users, the company confirmed in a blog post. Modeled after the same tool that can be used in Chrome since 2008 to visit web pages without any browsing history being recorded within the platform, the new feature will prevent users' activity in Maps from being saved to their Google account. This means that, when it is switched on, you can search and view locations without having any information added to your Google account history – making, for instance, Google's personalized recommendations a lot more neutral, since they are based on your personal data. Maps will also stop sending you notifications, updating your location history and sharing your location. Google first announced that Incognito would be released for Maps a few months ago, and more recently reiterated that the feature was coming soon. Eric Miglia, director of privacy and data protection office at Google, said: "managing your data should be just as easy as making a restaurant reservation or using Maps to find the fastest way back home". While Incognito is indeed easy to switch on – users simply have to tap the option on their profile picture in Maps – there is a caveat. "Turning on Incognito mode in Maps does not affect how your activity is used or saved by internet providers, other apps, voice search, and other Google services", reads the announcement. In other words, turning the feature on minimizes the information stored in users' personal Google accounts, but it doesn't do much to stop third-parties from accessing that data. It is therefore useful for those who wish to get rid of personalized recommendations prompted by Google, but it should not be seen as an entirely reliable privacy tool. When it is switched on, Incognito also stops some key features from running, which include Google Assistant's microphone in navigation, so it might not be a tool that commuters will be using at all times. As well as Incognito for Maps, Google teased two other services to enhance privacy protection in its services last month. YouTube will have a history auto-delete option, and Google Assistant will be getting voice commands that let users manage the Assistant's own privacy settings. The company's attempts to strengthen privacy controls for its users comes at the same time as loopholes emerged in Chrome's Incognito mode. Websites were found to be able to detect visitors based on whether or not an API was available in Chrome's FileSystem, which let them enforce free article limits in the case of news websites, for instance. Although Google modified its FileSystem in Chrome 76 to prevent this, website developers have again been crafting methods to bypass the new system. Incognito for Maps is expected to hit iOS soon, but no precise date was confirmed by Google. Source: Google Maps on Android user? Now you can switch to incognito mode (via ZDNet) p/s: While this news talks about new feature on Google Maps app in Android and iOS and initially intending to post under Mobile Software News, this news is better suited to be posted under Secuirty and Privacy News section, as this news holds greater emphasis on security and privacy features on Google Maps app, including Incognito mode.
  11. No more distractions WhatsApp’s latest iOS update stops showing an unread notification badge on its app icon for messages you’ve muted. It’s a minor but welcome change that arrived with version 2.19.110 of the iOS app. The change applies for both individual and group chats. The messaging app’s mute feature is invaluable if you want to reduce distractions, particularly if you’re a participant in any large group chats. Before the update, muting a chat would only stop your phone from vibrating and playing a notification sound when it received a new message, while doing nothing about the anxiety-inducing red notification badge placed on the app’s icon on the home screen. The new update only affects iOS users. On Android, meanwhile, WhatsApp has a separate “Show notifications” toggle which you can either tick or untick when you’re muting a chat. Source: WhatsApp fixes the notification badge on muted iOS chats (via The Verge)
  12. The Hammerhead True Wireless earbuds have a low 60ms latency mode One of the worst things about using wireless headphones while gaming on an Android phone is the latency. Whether the fault lies with the OS or the manufacturing (or both), I’ve found that most headphones — even expensive ones like the Sony WH-1000X M3s — aren’t able to keep up with what’s on the screen. It’s infuriating, and it’s a situation that Razer’s $99 Hammerhead True Wireless earbuds aim to take on. These new truly wireless earbuds, which Razer announced today, have a minuscule 60ms latency once “Gaming Mode” is enabled via a dedicated app for iOS and Android. The result should align what you’re hearing with what is on the screen. Razer claims that its earbuds utilize a customized version of Bluetooth 5.0 to allow this feature to work and to preserve audio quality and battery life in the low-latency mode. To turn it on, just tap three times on the earbud. At a press briefing, I got to try out the Hammerhead True Wireless, and this low-latency mode seemed to work at times while falling out of step other times. My time with the earbuds was brief, and the press room was loud, so I won’t be able to place final judgment on the quality of the feature (or the sound quality, in general) until I have more time with them. The Hammerhead True Wireless are somewhat similar in design to the AirPods in that they don’t rely on ear tips to fit in your ears, though they include a few silicon sleeves to help you find a better fit. Once you pop them out of the case, which charges via USB-C, they rest in your ears. This is great from a usability standpoint, but it’s not so great if you’re looking for a set of wireless earbuds that can block out external noise. If that’s the case, something like the AirPods Pro might be a better choice. The Hammerhead True Wireless offer IPX4 water resistance and three hours of use per charge. The included case offers four recharges, totaling 12 hours of battery life. (This is on the low-end of life expectancies per charge compared to other competing models.) Basic tasks like changing the song, picking up calls, or activating your preferred voice assistant are handled with touch controls on the earbuds. If you want to adjust the volume, you’ll need to do it from your phone. The $99 price tag seems fair for what’s being offered, but these earbuds might have a tough time standing out from the crowd if the Gaming Mode doesn’t make a huge difference when you’re gaming on an Android phone. We will test them more to find out if the low-latency mode makes or breaks these earbuds. The Razer Hammerhead True Wireless are available now on Razer.com. Source: Razer’s first truly wireless earbuds aim to fix gaming audio lag on Android (via The Verge)
  13. Everything you need to know about iOS and iPadOS 13.2 AirPods Pro support, Deep Fusion photography, and new emoji are part of the update. First image of article image gallery. Please visit the source link to see all images. Today, Apple released iOS 13.2, iPadOS 13.2, and tvOS 13.2 for supported iPhone, iPod touch, iPad, and Apple TV devices. The company also released a minor update labeled iOS 12.4.3 for iPhones and iPads that saw end-of-support with last month's iOS 13 release. iOS and iPadOS 13.2 represents the first major new feature release since iOS 13 came out several weeks ago. Up to this point, Apple's unusually frequent updates have been focused on either bug fixes or on introducing features that were originally planned for the first version of iOS 13. There's a mixture of new and previously planned here, but it marks the biggest update yet for iOS 13 users. Additions include Deep Fusion computational photography for better low- and mid-light photos on the latest iPhones, the ability to opt-out or opt-in to sharing Siri voice recordings with Apple, support for AirPods Pro and the Announce Messages with Siri feature, a bunch of new emoji, new smart home features, and a number of bug fixes. The updates are available today on all devices already supported by iOS 13, tvOS 13, and iPadOS. Table of Contents iOS 13.2 and iPadOS 13.2 Choose whether to share Siri recordings with Apple Support for AirPods Pro and Announce Messages with Siri Deep Fusion computational photography 59 new emoji Smart home features and HomeKit Bug fixes, security updates, and other small changes For older devices: iOS 12.4.3 13.2 for Apple TV and HomePod This update caps a rapid post-launch release cadence Full iOS 13.2 and iPadOS 13.2 update notes iOS 13.2 and iPadOS 13.2 Choose whether to share Siri recordings with Apple Like many of its peers in the tech industry, Apple recently found itself the subject of criticism for how it worked with third-party contractors to process and analyze recordings of its users' interactions with Siri in its efforts to improve the virtual assistant. Reports indicated that Apple's contractors reviewed Siri recordings as part of a process to increase accuracy but that the contractors heard personal conversations and even sex. Devices sometimes even made accidental activations. Apple has sought to position Siri as the privacy-friendly alternative to Google Assistant or Amazon Alexa, and Apple responded to the criticism swiftly by suspending that program and its relationship with the contractors. From that point on, only Apple employees would be able to analyze the recordings, the company said, and a software update would make even that opt-in. First image of article image gallery. Please visit the source link to see all images. iOS and iPadOS 13.2 represent that next step in Apple's efforts to address those complaints. Once users update, turning their devices on for the first time after said update will present them with a question: do you want to share Siri recordings with Apple for optimization purposes or not? Users make a decision one way or the other before proceeding to use the device, though they can change it later in the Settings app. This essentially makes sharing these recordings opt-in only. Support for AirPods Pro and Announce Messages with Siri First image of article image gallery. Please visit the source link to see all images. Today, Apple also announced a new hardware product: AirPods Pro, more expensive versions of the popular AirPods wireless earbuds that feature improved sound quality, active noise cancelation, and some other new features. iOS 13.2 is timed closely with that release (AirPods Pro will be available on October 30), and updating your paired iPhone, iPad, or iPod touch to iOS 13.2 is required to use them, as the update adds features like the ability to enable or disable noise cancelation from your phone. iOS and iPadOS 13.2 also bring a new feature to second-generation AirPods, Beats Pro, and AirPods Pro: "Announce Messages with Siri." When this is enabled, Siri can read your incoming text messages to you through your AirPods without requiring you to unlock your phone first. Deep Fusion computational photography Supported on the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max only, Deep Fusion captures multiple images at different exposure levels in rapid succession, then does a machine learning-driven, "pixel-by-pixel" analysis of the images. Apple says it composites what it deems to be the highest-quality parts of hte images into one image to reduce noise, better represent details and texture, and generally improve photo quality. In practice, this means that the phone takes four images: three normal photos, and one long-exposure shot. It takes what it considers the best-quality normal photo and merges it with the long-exposure shot, then runs four different processing steps to come out with a final image. It is similar in basic concept to Smart HDR, an existing feature for iPhone cameras, but it differs in the steps it takes and how many images it uses. As with other computational photography features, this happens under the hood and is largely not under your control. You cannot disable or enable it; the phone will decide to use Deep Fusion when the lighting calls for it; Apple says this feature is intended for "mid- to low-light scenes." 59 new emoji As has become an annual custom, there are a bunch of new emoji. Apple's update notes say there are over 70, but it depends on how you count; they're are 59 new emoji concepts, but it's more than 70 if you account for versions for each gender. There are more than 200 if you factor in skin tone. First image of article image gallery. Please visit the source link to see all images. Additions include, but are not limited to, individuals in a wheelchair or with a cane, a bionic arm, swimsuits, an ice cube, butter, waffles, seeing-eye dogs, a sloth, a skunk, a Saturn-like planet with rings, coach cars, snorkeling gear, a banjo, a fire axe, a kite, a stethoscope, and, well, numerous others. All these new emojis will automatically appear as options in the iPod touch, iPhone, or iPad's built-in emoji picker keyboard. Listing image by Samuel Axon Smart home features and HomeKit Apple has teased this feature before, and it's now here; iOS 13.2 introduces HomeKit Security Video. (HomeKit is Apple's smart home platform.) Announced at the company's developer conference back in June, HomeKit Secure Video is Apple's answer to features from Google and others that automatically record short videos of people, animals, or cars that come into view of any home security cameras you have that are HomeKit-compatible. Unlike offerings from some other smart home companies, Apple executives noted on the stage, this implementation does not immediately upload your footage to the cloud for analysis. Rather, it analyzes and processes the videos on a local device like an iPad, HomePod, or Apple TV, then encrypts them and places them in iCloud storage "where no one, not even Apple, can see it." Videos are stored for free for up to 10 days, and don't count against users existing iCloud storage plans. Users can access the videos themselves, or decrypt them with a key that is only available to them. Additionally, Apple's update notes say that with this update, "HomeKit enabled routers put you in control of what your HomeKit accessories communicate with over the internet or in your home." Bug fixes, security updates, and other small changes As is the case with virtually every iOS or iPadOS software update, Apple has fixed a number of bugs. Issues addressed include one that frequently led to users being unable to pull up the on-screen keyboard when trying to perform a search, another that caused Messages to display phone numbers instead of contact names, and yet another that saw users' newly created notes vanishing in the Notes app. There are a few others too, and Apple claims "improved performance when using AssistiveTouch to activate App Switcher." Users should also see stored passwords appear as options more often within third-party apps. This isn't documented in the patch notes, but Apple has renamed the "Rearrange Apps" option that appears when you do a long-press on a home screen app icon to "Edit Home Screen." Also, there is now an option right there in that pop-up context menu to delete that app directly; you previously had to go into the rearrange apps mode and then tap an X on the app in question, so this removes some steps to perform that action. You can also now edit your video capture settings from right inside the Camera app on the iPhone 11, 11 Pro, and 11 Pro Max, and there are new privacy settings that relate to Apple's opt-in Research app. Apple includes a plethora of security updates with each release, and typically documents them on its website. Counter to the usual, that list of updates is not currently available, but the site promises they're forthcoming. For older devices: iOS 12.4.3 iOS 13 already ended support for a number of older devices, including the following: iPhone 5s iPhone 6 iPhone 6 Plus iPad Air iPad mini 2 iPad mini 3 iPod touch (6th generation) Today, the company released a new software update for those devices that are not supported by iOS 13.2: iOS 12.4.3. Reports indicate that this is a very minor update that improves device security in the face of new threats, and that it brings minor two-factor authentication improvements to those devices. Apple recently also issued a pop-up notification warning to iPhone 5 users that if they don't upgrade to at least iOS 10.3.4 by November 3, they could lose network connectivity and access to services like the App Store and iCloud. The iPhone 5 has not been sold since late 2013. Some other older iPhones must update to avoid a bug that would make GPS features nonfunctional, as well. 13.2 for Apple TV and HomePod While iOS and iPadOS saw major updates today, Apple also released smaller packages for HomePods and modern Apple TV devices. Like its iPhone and iPad counterparts, tvOS 13.2 lets users decide whether they want to share Siri audio recording with Apple. Users will be presented with an explanation and a choice on whether to opt-in once when they boot up the device after updating. It seems plausible that the tvOS update also lays some groundwork for Apple TV+, the streaming media service Apple plans to launch in just a couple of days, but we can't be sure from the information Apple has released. The HomePod software update is more substantial, though it is technically classified as a subset of iOS 13.2. HomePod-releated release notes are as follows: iOS 13.2 provides support for new HomePod features: The ability for HomePod to recognize the voices of different family members to provide a personalized experience Handoff music, podcasts or phone calls by bringing your iPhone close to HomePod Add music to your HomeKit scenes Play relaxing high-quality soundtracks with Ambient Sounds Set sleep timers to fall asleep to music or Ambient Sounds This update caps a rapid post-launch release cadence As we’ve noted before, this continues to reflect a very aggressive update cadence. When Apple released iOS 12, the first bug fix update (12.0.1) came about three weeks later, and the first major feature update (12.1) arrived after that. From there, users waited more than a month for the following bug fix update (12.1.1). By contrast, iOS 13 released on September 19, with the first feature release (iOS 13.1) a mere 5 days later on September 24. Two bug fix releases—13.1.1 and 13.1.2—followed within just one week, with a third arriving on October 15. Apple has clearly changed its internal development processes for software updates. This could be in response to public criticisms of bugs in iOS 12, as well as a rocky launch for iOS 13. Reviewers and early adopters widely noted that iOS 13 had some kinks at launch, and it didn’t instill confidence that Apple both held key iOS 13 features for 13.1, and actually launched the newest version of macOS weeks after the mobile operating system hit. While it’s difficult to see behind Apple’s curtain and ascertain why iOS 13—which we deemed a major and attractive update despite its roughness around the edges—has had such a fast-paced launch period, former Apple engineer David Shayer wrote an article for TidBits speculating as to why Apple found itself in this situation, which could shed some light on it. Among his theories: lack of strong reporting tools for non-crashing bugs, triage and scheduling challenges, and ballooning complexity, among other things. In any case, this marks the second major feature release for iOS 13, and whereas iOS 13.1 primarily just introduced features that were meant for the initial iOS 13 launch, iOS 13.2 is in both timing and feature set an equivalent to iOS 12.1—the first major “new features” update after the launch. Full iOS 13.2 and iPadOS 13.2 update notes Here are the complete update notes for iOS 13.2 written by Apple. The iPadOS 13.2 notes are the same, but with the omission of the camera features. iOS 13.2 introduces Deep Fusion, an advanced image processing system that uses the A13 Bionic Neural Engine to capture images with dramatically better texture, detail, and reduced noise in lower light, on iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max. Additional features include updated and additional emoji, Announce Messages for AirPods, support for AirPods Pro, HomeKit Secure Video, HomeKit enabled routers, and new Siri privacy settings. This update also contains bug fixes and improvements. Camera Deep Fusion for iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max uses the A13 Bionic Neural Engine to capture multiple images at various exposures, run a pixel-by-pixel analysis, and fuse the highest quality parts of the images together resulting in photos with dramatically better texture, details, and reduced noise, especially for mid to low light scenes Ability to change the video resolution directly from the Camera app for iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max Emoji Over 70 new or updated emoji, including animals, food, activities, new accessibility emoji, gender neutral emoji, and skin tones selection for couple emoji AirPods support Announce Messages with Siri to read your incoming messages aloud to your AirPods AirPods Pro support Home App HomeKit Secure Video enables you to privately capture, store, and view encrypted video from your security cameras and features people, animal, and vehicle detection HomeKit enabled routers put you in control of what your HomeKit accessories communicate with over the internet or in your home Siri Privacy settings to control whether or not to help improve Siri and Dictation by allowing Apple to store audio of your Siri and Dictation interactions Option to delete your Siri and Dictation history from Siri Settings This update also includes bug fixes and other improvements. This update: Fixes an issue that may prevent passwords from autofilling in 3rd party apps Resolves an issue that may prevent the keyboard from appearing when using Search Addresses an issue where swipe to go home might not work on iPhone X and later Fixes an issue where Messages would only send a single notification when the option to repeat alerts was enabled Addresses an issue where Messages may display a phone number instead of a contact name Resolves an issue that caused Contacts to launch to the previously opened contact instead of the contact list Fixes an issue that may prevent Markup annotations from being saved Resolves an issue where saved notes could temporarily disappear Fixes an issue where iCloud Backup might not successfully complete after tapping Backup Now in Settings Improves performance when using AssistiveTouch to activate App Switcher For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222 Source: Everything you need to know about iOS and iPadOS 13.2 (Ars Technica) (To view the article's image galleries, please visit the above link)
  14. Apple has confirmed that 17 malware iPhone apps were removed from the App Store after successfully hiding from the company’s app review process. The apps were all from a single developer but covered a wide range of areas, including a restaurant finder, internet radio, BMI calculator, video compressor, and GPS speedometer … The apps were discovered by mobile security company Wandera, which said that the apps did what they claimed while secretly committing fraud in the background. Although no direct harm was done to app users, the activity would be using up mobile data, as well as potentially slowing the phone and accelerating battery drain. Wandera said the malware iPhone apps evaded Apple’s review process because the malicious code was not found within the app itself, but the apps were instead getting instructions on what to do from a remote server. Apple says it is improving its app review process to detect this approach. The same server was also controlling Android apps. In at least one of those cases, weaker security in Android meant that the app was able to do more direct harm. The apps were all from AppAspect Technologies. iOS aims to guard against this by sandboxing. Each app gets its own private environment, so cannot access system data or data from other apps unless using processes specifically permitted and monitored by iOS. However, Wandera cautions that there have been examples of the sandbox failing, giving three examples of this. Wandera is the same company that warned how a Siri feature could be used for phishing non-technically knowledgeable iPhone users. Apple confirmed the removal of the 17 apps to ZDNet. Source: 1. 17 malware iPhone apps removed from App Store after evading Apple’s review (via 9to5Mac) - Main article 2. Trojan malware infecting 17 apps on the App Store (via Wandera) - Main reference to the article p/s: The list of 17 apps that are mentioned on the article are as follows:
  15. Microsoft's OneDrive app for iOS has received some attention over the last few months, particularly when it has come to revamping its design and also dark mode support for iOS 13. Microsoft's cloud storage app has already picked up a few updates so far in October to correct problems with the share extension, adding multiple window support, and improving the performance of search results for business users. Today, OneDrive for iOS has picked up a number of bug fixes in Version 11.5 specifically for iPad in addition to other problems that have become apparent with the app when running on iOS 13. Here's what's included in the latest version of the app released today: The iPad command menu would jump around on screen like a less fun version of whack a mole. We've dialed down our menu's energy level to a 7, and it will now stay in one place. Notification badges for uploading photos, those red doodads with the number, would show when Camera Upload was turned off. We have revised our abacus logic, and these notifications now know the difference between on and off. iOS 13 users who opened the share sheet and subsequently tried to change sharing options would experience the app to crash. This has been fixed and has given us the opportunity to shamelessly plug our industry leading sharing options. When in the Photos view, rotating the phone sideways could cause the app to crash. This made Zero G photo viewing nearly impossible - so it's been fixed. Sharing a file from split screen on an iPad would cause the app to crash. Sharing is caring but this wasn't very caring of us. This has been fixed. We had a bit of a layout blunder where certain text was getting cut off in some screens. This has been fixed, and our eloquent text can once again be fully appreciated. If any of the above issues have been plaguing your user experience, you can either check for updates via the App Store app on your device or you can visit the App Store listing here and tap on "Update" to get the process underway manually. Source: 1. Latest OneDrive for iOS update squashes numerous iPad and iOS 13 bugs (via Neowin) - original article 2. Microsoft OneDrive app updates on iOS with important iPad and iOS 13 fixes and improvements (via ONMSFT) - main reference to the original article
  16. There may be multiple different players in the jailbreak community all looking to offer solutions, but we’ve always admired those who keep trying to produce great work for the benefit of device owners. That admiration is extended to CoolStar, most recently for his creation and publishing of the Electra jailbreak for iOS 11, and the fact that it’s been tirelessly updated. Well, there is now a new update available, and it’s one you’re going to want to take notice of as it features a very special addition. CoolStar and his band of highly-capable merry men have finally released the final 1.0.x version of Electra jailbreak, complete with Cydia Installer support built right in. This version of Electra jailbreak is deemed stable enough and hence is marked as 1.0 rather than any beta or RC. Just about anyone can go ahead and download it right now. For those who don’t know, Electra works with iOS 11.0-11.1.2 firmwares and is compatible with all 64-bit devices, including iPhone X, as long as those devices are running the aforementioned compatible firmwares. This is because Electra is based of Ian Beer’s exploit which was only applicable on iOS 11.0-11.1.2. Original released back as beta in January sans Cydia, this latest final version of the tool is the first jailbreak for iOS 11 which offers support for Cydia out-of-the-box. As for the jailbreak process, it pretty much remains exactly the same. Once the latest version of the Electra jailbreak is downloaded, and the IPA is sideloaded to the device, the jailbreak process will be exactly as it was previously, but this time with the added benefit of actually installing a usable version of Cydia to the device. And yes, that means that compatible tweaks and packages will be able to be installed through the Cydia interface. Here are important notes from changelog of Electra 1.0.x: An APFS snapshot is created of / so you may revert it at a later date if needed Substitute, Tweak Loader and Substrate Compatibility Layer available from Electra repo Many packages need to be updated for both Electra and iOS 11 (make sure they’re updated before installing as they may not work yet) It’s great news for device owners that CoolStar and his highly capable team have once again put the effort to the benefit of the jailbreak community even before Saurik could come up with his own “promised” jailbreak with iOS 11 Cydia update. Final version of Electra jailbreak for iOS 11 can be downloaded from coolstar.org/electra/. Once downloaded, you can follow our guide here on how to jailbreak your device using Electra: How To Jailbreak iOS 11.1.2 Using Electra With Cydia [Tutorial]. Redmondpie.com
  17. The latest Edge for iOS beta update (Version 44.9.0) comes with new improvements. First, Edge browser now supports dark mode on iOS 13 devices. Second, Tracking Prevention is now available on Edge for iOS. Third, Microsoft has expanded the available search engine list by adding top search engines. Finally, this update also includes general bug fixes and performance improvements. Download the latest update here from Test Flight app on your iOS device. Source
  18. Cloudflare's Warp VPN is now available to all: a first look Cloud provider Cloudflare launched its privacy-focused DNS service 1.1.1.1 in 2018 and published apps for Android and iOS in the same year. The company announced its Warp vpn service in April 2019 and invited users from all over the world to join a waiting list to test it. The once-restricted VPN service is now available to everyone who downloads and installs the company's 1.1.1.1: Faster & Safer Internet application for Android or iOS. Warp establishes a VPN connection on the device to route traffic through Cloudflare servers; this hides the device's IP address and may improve performance. Cloudflare suggests that Warp+ users see a 30% improvement in performance on average when loading websites. Cloudflare Warp The 1.1.1.1 application installs a VPN profile on the user's device when the option is selected. Cloudflare promises that it collects "as little data as possible" and that it won't "sell, rent, share or otherwise disclose" personal information. The app displays the terms on first start; these reveal what Cloudflare collects and what it does with the data. Data may include the app installation id, the amount of data transferred through Cloudflare's network, and the average speed. The registration ID is a unique random number that is assigned to each profile. Cloudflare notes that it is used for the referral system. The basic version of Warp is free and it has no traffic restrictions. Warp+ is an add-on service that improves the performance of connections made on the device by "avoiding traffic jams" and picking the fastest routes. Users may refer others to receive up to 1 Gigabyte of Warp+ traffic for free per month. Each referral that meets the criteria adds 100 Megabytes to the referring account. The second option that is available is to pay $4 per month to get Warp+ Unlimited which enables Warp+ for the duration of the subscription. The Cloudflare DNS service 1.1.1.1 is always enabled and it may also be used without Warp if that is desired. The application works automatically once you have set up the VPN connection. It requires no registration. The main interface displays a huge toggle to connect and disconnect the VPN. The 1.1.1.1 app displays a prompt when you disconnect that lists the following options: Pause for 15 minutes. Pause for 1 hour. Pause for this Wi-Fi. Until I turn it back on. The pause for this Wi-Fi option requires that you give the app location permissions. On Android, you get a notification that informs you when you are connected and controls to stop the connection from the notification area. The app has just a few settings. You may switch from using 1.1.1.1 with Warp to just 1.1.1.1 there, enable the dark theme, and open the connection options to disable the app for select applications. Some applications may not work correctly when you are connected to the VPN; this may be the case for applications that restrict content regionally. Use the whitelist to exclude these to continue using them. Two connection options -- protocol options and tunnel mode -- were grayed out in the Android version that I tested. Experience I ran several speed tests to test the performance of the service. The speed tests, e.g, Fast.com, were promising as the connection was maxed out when I ran them. It is possible that this may change in the coming weeks when more and more users start to use the application. I did not notice any improvements in regards to the loading of websites but the loading was certainly not slower than before. I did not test Warp+ but plan to do so in the future to see if it speeds up the loading significantly. All sites and services that I tried worked fine and without hitches. It needs to be noted that the app does not include any content blocking or protective features that other applications of its kind sometimes offer. The 1.1.1.1 application gives users no control over servers and regions that it connects to. In fact, there is zero information about the server and region that you get connected to while using the application. A quick IP check revealed that Cloudflare routed me through data servers in Germany. I would have preferred an option to pick another region/country. Closing Words Cloudflare's 1.1.1.1: Faster & Safer Internet application brings the company's DNS server and VPN service to Android and iOS. The VPN is free to use and without bandwidth limitations, but it limits options and features, and gives no control over regions and servers. Performance was excellent on the other hand and you get the benefits of being connected to a VPN. Cloudflare is not without criticism though and there will certainly be Internet users who won't go anywhere near the application. Privacy-wise, I'm worried about the unique ID associated with an account even though Cloudflare states that it is only used for the referral system. It may be better than requiring users to create an account to use the application, however. Source: Cloudflare's Warp VPN is now available to all: a first look (gHacks - Martin Brinkmann)
  19. Authenticator is an open-source 2-step verification app for iOS When it comes to iOS, open-source apps are something of a rarity but that doesn't mean they don't exist. If you're looking for an alternative for Google Authenticator, Microsoft Authenticator, LastPass Authenticator, or Authy, you may want to give Authenticator a chance. Authenticator for iOS Why? Do you really want to hand over the two-factor authentication process to these big companies or proprietary software? This is a TOTP (time-based one-time password) app and does not require an Internet connection because of that. The app is probably one of the simplest that you will come across in the niche; it just has the option to add/remove accounts and that is about it. Well, the only other option that is available is the "Digit Grouping". You can either choose to display the codes in 3 x 2-digit pair groups, or 2 x 3-digit groups. Once you have installed Authenticator on your iPhone or iPad, you will see a nearly blank screen with a few buttons on start. Adding an account to Authenticator Authenticator supports adding accounts using QR codes and manually adding accounts. Refer to your email/social network account's website to set up 2-step verification. Once you get to the page where you are asked to scan a "QR code", run Authenticator and tap on the + button to add an account. Point the camera to the QR code on the computer's screen. The app should add the account, and display the 6-digit code for it on the screen. Now, most websites which you're setting up 2-step authentication for will require you to enter the TOTP to confirm that it has been configured correctly. Manually setting up 2FA tokens: Tap on the plus button, and then on the edit button (note and pencil icon) on the top and you will see a screen which asks for the following: Issuer (website's name) Account name ([email protected]) Secret Key You can obtain the secret key for your account from its associated website. You can set TOTP or Counter based tokens, and set it to 6, 7 or 8 digits, SHA-1, SHA-256 or SHA-512. Where it lacks and shines Personally, I would have liked it if the app asked me for a PIN code or password to unlock the 2FA database. An extra layer of security is always a good idea even if it would rely on TouchID or the device's PIN. You may reduce the issue by setting the screen timeout to the minimum and not the 2-minute default on iOS. On the bright side, it does not store your 2FA tokens in the cloud in any form. There is no way to backup (or export) your tokens on the other hand. And the fact that Authenticator is open source, unlike nearly every iOS 2-factor authentication app out there, makes it priceless in my opinion. A 2-step verification enabled account is nearly hacker-proof, read Martin's article for more information. Here's some advice regarding 2FA apps. Use an open source app whenever possible. Do not use SMS based 2-factor verification systems (I think Yahoo still uses this) as the text message protocol is not secure. Use an app which works completely offline if possible; this is not only better as it will work in regions with bad Internet reception or if the mobile provider has issues, it is also better for security as you eliminate transfers and don't risk losing access to accounts if you lose your phone or device. It is not a good idea to use the password manager for 2FA as well if the manager supports it as you would put all eggs in a basket. At the very least, make sure you're using separate databases for your 2FAs and passwords. But I'd use separate apps for 2FA and passwords. In case of cloud-based password managers that also support 2FA, think about it. If the password database or service is breached, so is your 2FA. Always have backup or recovery codes at hand in case something goes terribly wrong. Most services support these during creation. Source: Authenticator is an open-source 2-step verification app for iOS (gHacks)
  20. Apple takes flak for disputing iOS security bombshell dropped by Google Apple statement alienates the security community when the company needs it most. Enlarge Maurizio Pesce Apple is taking flak for disputing some minor details of last week’s bombshell report that, for at least two years, customers' iOS devices were vulnerable to a sting of zeroday exploits, at least some of which were actively exploited to install malware that stole location data, passwords, encryption keys, and a wealth of other highly sensitive data. Google’s Project Zero said the attacks were waged indiscriminately from a small collection of websites that “received thousands of visitors per week.” One of the five exploit chains Project Zero researchers analyzed showed they “were likely written contemporaneously with their supported iOS versions.” The researcher’s conclusion: “This group had a capability against a fully patched iPhone for at least two years.” Earlier this week, researchers at security firm Volexity reported finding 11 websites serving the interests of Uyghur Muslims that the researchers believed were tied to the attacks Project Zero identified. Volexity’s post was based in part on a report by TechCrunch citing unnamed people familiar with the attacks who said they were the work of nation—likely China—designed to target the Uyghur community in the country’s Xinjiang state. Breaking the silence For a week, Apple said nothing about any of the reports. Then on Friday, it issued a statement that critics are characterizing as tone-deaf for its lack of sensitivity to human rights and an overfocus on minor points. Apple officials wrote: Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts. First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously. Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case. Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs. Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe. One of the things most deserving of criticism was the lack of sensitivity the statement showed for the Uyghur population, which over the past decade or longer has faced hacking campaigns, internment camps, and other forms of persecution at the hands of the Chinese government. Rather than condemning an egregious campaign perpetrated on a vulnerable population of iOS users, Apple seemed to be using the hacking spree to assure mainstream users that they weren’t targeted. Conspicuously missing from the statement was any mention of China. Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute, summed up much of this criticism by tweeting: “The thing that bugs me most about Apple these days is that they are all-in on the Chinese market and, as such, refuse to say something like ‘A government intent on ethnic cleansing of a minority population conducted a mass hacking attack on our users.’" The statement also seemed to use the fact that “fewer than a dozen” sites were involved in the campaign as another mitigating factor. Project Zero was clear all along that the number of sites was “small” and they had only a few thousand of visitors each month. More importantly, the size of the campaign had everything to do with decisions made by the attackers and little or nothing to do with the security of iPhones. Two months or two years? One of the few factual assertions Apple provided in the statement is that the websites were probably operational for only about two months. A careful parsing of the Project Zero report shows researchers never stated how long the sites were actively and indiscriminately exploiting iPhone users. Rather, the report said, an examination of the five attack chains made up of 14 separate exploits suggested that they gave the hackers the ability to infect fully up-to-date iPhones for at least two years. These points prompted satiric tweets similar to this one from Juan Andrés Guerrero-Saade, a researcher at Alphabet-owned security firm Chronicle: “‘It didn’t happen the way they said it happened, but it happened, but it wasn’t that bad, and it’s just Uyghurs so you shouldn’t care anyways. No advice to give here. Just move along.’” Satire aside, Apple seems to be saying that evidence suggests that the sites that Google found indiscriminately exploiting the iOS vulnerabilities were operational for only two months. Additionally, as reported by ZDNet, a researcher from security firm RiskIQ claims to have uncovered evidence that the websites didn't attack iOS users indiscriminately, but rather only visitors from certain countries and communities. If either of those points are true then it’s worth taking note, since virtually all media reports (including the one from Ars) have said sites indiscriminately did so for at least two years. Apple had an opportunity to clarify this point and say precisely what it knows about active use of the five iPhone exploit chains Project Zero found. But Friday’s statement said nothing about any of this, and Apple representatives didn’t respond to a request to comment for this post. A Google spokesman said he didn’t know precisely how long the small collection of websites identified in the report were operational. He said he’d try to find out, but didn’t respond further. In a statement, Google officials wrote: “Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.” A missed opportunity Former NSA hacker and founder of the firm Rendition Infosec Jake Williams told Ars that ultimately, the time the exploit sites were active is immaterial. “I don’t know that these other 22 months matter,” he explained. “It feels like their statement is more of a straw man to deflect away from the human rights abuses.” Also missing from Apple’s statement is any response to the blistering criticism the Project Zero report made of Apple’s development process, which the report alleges missed vulnerabilities that in many cases should have been easy to catch with standard quality-assurance processes. “I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle,” Project Zero researcher Ian Beer wrote in an overview of last week’s report. “The root causes I highlight here are not novel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users.” Another key criticism is that Apple's statement has the potential to alienate Project Zero, which according to a Google spokesman has to date privately reported more than 200 vulnerabilities to Apple. It’s easy to imagine that it wasn’t easy for Apple to read last week’s deep-dive report publicly documenting what is easily the worst iOS security event in its 12-year history. But publicly challenging a key ally on such minor details with no new evidence does not create the best optics for Apple. Apple had an opportunity to apologize to those who were hurt, thank the researchers who uncovered systemic flaws that caused the failure, and explain how it planned to do better in the future. It didn't do any of those things. Now, the company has distanced itself from the security community when it needs it most. Source: Apple takes flak for disputing iOS security bombshell dropped by Google (Ars Technica)
  21. Pokémon Masters has only been available on iOS and Android devices for four days, but the battle-focused Pokémon game has already reached 10 million downloads. The free-to-play game released on August 29. Masters is tracking much better than a 2018 Pokémon mobile game, Pokémon Quest. It took just less than seven months to reach 10 million installs, according to mobile market analyst Sensor Tower. Quest was also available on Switch, while Masters is only on mobile. Sensor Tower also noted that Masters has made $10 million in revenue in those first four days. While many Pokémon experiences focus on capturing and collecting the pocket monsters, Masters is all about battles. It focuses on the franchise’s trainers and gym leaders, and you use them to compete in 3-vs.-3 fights against computer opponents. The Japanese company DeNA developed and published Pokémon Masters. Source
  22. The mobile port costs $5. Stranger Things 3: The Game arrived on consoles and PC alongside the third season of Netflix's hit sci-fi/horror show earlier this summer. Now you can get in on the pixellated fun on iOS and Android too. The mobile port costs $5, which is cheaper than on other platforms. It follows the previous mobile title Stranger Things: The Game, which debuted alongside the second season and was a freebie. It seems you can get together with your friends for local co-op this time around, and you might be able to hook up a controller to play Stranger Things 3 instead of using touchscreen controls. If you're still as hungry as a demodog for more Stranger Things games, Netflix is far from done on that front. It's planning to release a mobile RPG next year. Source
  23. Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers. Apple has mistakenly made it a bit easier to hack iPhone users who are on the latest version of its mobile operating system iOS by unpatching a vulnerability it had already fixed. Hackers quickly jumped on this over the weekend, and publicly released a jailbreak for current, up-to-date iPhones—the first free public jailbreak for a fully updated iPhone that's been released in years. Security researchers found this weekend that iOS 12.4, the latest version released in June, reintroduced a bug found by a Google hacker that was fixed in iOS 12.3. That means it’s currently relatively easy to not only jailbreak up to date iPhones, but also hack iPhone users, according to people who have studied the issue. “Due to 12.4 being the latest version of iOS currently available and the only one which Apple allows upgrading to, for the next couple of days (till 12.4.1 comes out), all devices of this version (or any 11.x and 12.x below 12.3) are jail breakable—which means they are also vulnerable to what is effectively a 100+ day exploit,” said Jonathan Levin, a security researcher and trainer who specializes in iOS, referring to the fact that this vulnerability can be exploited with code that was found more than 100 days ago. Pwn20wnd, a security researcher who develops iPhone jailbreaks, published a jailbreak for iOS 12.4 on Monday. For years, jailbreaks have been held closely to the chest by security researchers, because the ability to jailbreak an iPhone means the ability to hack it. As we've reported several times, exploits for the iPhone can sell for millions of dollars, which means that no one has been willing to release jailbreak code publicly because Apple will quickly patch it. A security researcher who hacks iPhones for a living, and who spoke on condition of anonymity because he wasn’t authorized to speak to the press, said that organizations that have the expertise to target iPhones can now use a bug in Safari, for example, to “ hack any up to date iPhone.” While it’s still not trivial to hack an iPhone remotely—even with the availability of this bug—the barriers to entry are now much lower. Apple did not immediately respond to a request for comment. Ned Williamson, who works at Google Project Zero, confirmed that the jailbreak works on his iPhone XR. “A user apparently tested the jailbreak on 12.4 and found that Apple had accidentally reverted the patch,” Williamson told Motherboard. The researcher told Motherboard that “somebody could make a perfect spyware” taking advantage of Apple’s mistake. For example, he said, a malicious app could include an exploit for this bug that allows it to escape the usual iOS sandbox—a mechanism that prevents apps from reaching data of other apps or the system—and steal user data. Another scenario is a hacker including the exploit in a malicious webpage, and pairing it with a browser exploit, according to the researcher. “It is very likely that someone is already exploiting this bug for bad purposes,” Pwn20wnd said. Several iPhone users on Twitter claimed to have successfully jailbroken their up to date iPhones with Pwn20wnd jailbreak. iPhone security experts are warning users to be careful what apps they download. “I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what Apps they download from the Apple AppStore,” Stefan Esser, a well-known researcher who teaches iOS hacking, wrote on Twitter. “Any such app could have a copy of the jailbreak in it.” Source
  24. How to set up a VPN in iOS manually Earlier we told you how to configure custom DNS and Apple Safari in iOS. Continuing with our security focused tutorials, we are going to teach you how to set up a VPN in iOS manually. Normally, when you buy a VPN subscription, you will use the app provided by the service. These VPN apps are designed for simplicity, and employ a login-and-use method. While that is the easiest way to get a VPN working on your device, it isn't the only way. Depending on the app in question, it may also not be the best way if you experience stability or performance issues when you use an application to connect to a VPN server. Say, if you want to use a VPN connection in a specific protocol (IKEv2, IPSec, L2TP) or to connect to your workplace's VPN, you will need to configure the settings manually on your iPhone or iPad. It can enhance your security greatly but at a cost, you will only be able to connect to a particular server that you select. To change the server, you'll need to edit the VPN configuration again, as opposed to merely tapping a button in the app to select a different server location. How to set up a VPN in iOS manually Open the Settings app. Navigate to the "General" section and scroll down till you see the "VPN" option. Note: If you have already used a VPN before, you may have a "VPN" toggle in the side bar of the Settings screen. That's literally just a switch, and cannot be used to configure the VPN. You will need to follow step 2, to set up the connection. Tap on "Add VPN Configuration". Select the VPN type: IKEv2 or IPSec or L2TP. Enter the following details in the VPN configuration screen. For IKEv2 Description - Give it a name Server - The IP address of the VPN server you want to connect to. Remote ID - Enter the same IP address. Local ID - Not required. Leave it blank. User Authentication - Username/Certificate Username - Your VPN account's username. Password - The password for the account. Proxy - Off Note: Username is the easier option of the two, but some VPNs may not support it. In that case, you will be asked to install a security certificate on your device, to communicate with the VPN's servers. 6. Hit Done in the top right corner of the screen. 7. Enable the VPN from the toggle on the side bar, or from the VPN settings page. You will need to visit the support portal of your VPN service to get the manual configuration details (also called native protocols) which you need to enter in the VPN set up screen. This method is common across all recent versions of iOS. I tested this on iOS 13 beta and it works flawlessly on both IPSec and IKEv2. In case the VPN connection failed, you don't have to start from scratch. Just go back to the VPN section in iOS' settings, and use the "Edit" option to modify the fields. Please be aware that some VPN services use a different authentication method for manual settings. Using your regular account username and password will not authenticate the connection. You may be required to use your account's dashboard to create a new configuration. This will generate a random username and password to authenticate your account for the specific protocol. Just FYI, there is a new protocol called WireGuard, which promises faster encryption and better speeds. It isn't available for use yet, but is expected to be supported by all major services and operating systems. Source: How to set up a VPN in iOS manually (gHacks)
  25. The six bugs, if sold on the black market, would have brought in well over $5 million. Two members of Project Zero, Google's elite bug-hunting team, have published details and demo proof-of-concept code for five of six "interactionless" security bugs that impact the iOS operating system and can be exploited via the iMessage client. All six security flaws were patched last week, on July 22, with Apple's iOS 12.4 release. Details about one of the "interactionless" vulnerabilities have been kept private because Apple's iOS 12.4 patch did not completely resolve the bug, according to Natalie Silvanovich, one of the two Google Project Zero researchers who found and reported the bugs. Four bugs lead to no-user-interaction RCEs According to the researcher, four of the six security bugs can lead to the execution of malicious code on a remote iOS device, with no user interaction needed. All an attacker needs to do is to send a malformed message to a victim's phone, and the malicious code will execute once the user opens and views the received item. The four bugs are CVE-2019-8641 (details kept private), CVE-2019-8647, CVE-2019-8660, and CVE-2019-8662. The linked bug reports contain technical details about each bug, but also proof-of-concept code that can be used to craft exploits. The fifth and sixth bugs, CVE-2019-8624 and CVE-2019-8646, can allow an attacker to leak data from a device's memory and read files off a remote device --also with no user interaction. While it is always a good idea to install security updates as soon as they become available, the availability of proof-of-concept code means users should install the iOS 12.4 release with no further delay. Bugs worth well over $5 million The bugs were discovered by Silvanovich and fellow Google Project Zero security researcher Samuel Groß. Silvanovich will be holding a presentation about remote and interactionless iPhone vulnerabilities at the Black Hat security conference that will be held in Las Vegas next week. "There have been rumors of remote vulnerabilities requiring no user interaction being used to attack the iPhone, but limited information is available about the technical aspects of these attacks on modern devices," reads an abstract of Silvanovich's talk. "This presentation explores the remote, interaction-less attack surface of iOS. It discusses the potential for vulnerabilities in SMS, MMS, Visual Voicemail, iMessage and Mail, and explains how to set up tooling to test these components. It also includes two examples of vulnerabilities discovered using these methods." Silvanovich's talk is set to garner a lot of attention next week. Until today, no-user-interaction iOS bugs were usually found in the arsenal of exploit vendors and makers of legal intercept tools and surveillance software. Such vulnerabilities are the holy grail of any attacker, allowing them to hack into victims' devices undetected. When sold on the black market, vulnerabilities like these can bring a bug hunter well over $1 million, according to a price chart published by Zerodium. It wouldn't be an exaggeration to say that Silvanovich just published details about exploits worth well over $5 million, and most likely valued at around $10 million. Another exploit vendor, Crowdfense, told ZDNet that considering the no-click attack chain and the fact that the vulnerabilities worked on recent versions of iOS exploits like these could easily be valued between $2 million and $4 million each, for a total value of between $20 million and $24 million. Source
×
×
  • Create New...