Apple

Five People Hacked Apple for 3 Months and Here’s What They Found →

October 9, 2020 · 09:43

Sam Curry:

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.

There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.

As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).

I was genuinely surprised Apple reacted so fast. The whole thing is well worth a read.

You Download the App and It Doesn’t Work — Accepted and Rejected →

June 21, 2020 · 22:17

I don’t know who made this website (click the title and go see it for yourself), but this it has a few perfect examples of the App Store’s inconsistencies in their guidelines. They let things slide for some, for years, but not for others. Oh yeah, and if you’re huge, like Netflix, you’re good.

The WWDC 2020 keynote is coming up in less than 24 hours and I’ll be really curious as to what Apple has to say.

Apple’s Butterfly Keyboard Might Make a Comeback →

June 3, 2020 · 10:02

L0vetodream on Twitter:

apple did not give up on butterfly keyboard, they are trying to improve on the structure, and solve the issue, we might see it comes back again in future.

L0vetodream’s leaks are 90.5% accurate, according to AppleTrack.org, so I’m really hoping this is one of those that he get’s wrong. I have been using the butterfly mechanism on my own MacBook Pro for years now (since December 2016) and having had the chance to use the new MacBook Pro 16″ (late 2019) and MacBook Air (early 2020) for a month or so, typing on them daily, the new/old scissor mechanism, with twice the key travel, is clearly superior for my needs and preferences.

Reuters: Flaw in iPhone and iPads May Have Allowed Hackers to Steal Data for Years →

April 22, 2020 · 21:11

Christopher Bing:

The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019. Zuk Avraham, ZecOps’ chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins. 

An Apple spokesman acknowledged that a vulnerability exists in Apple’s software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally. 

Apple declined to comment on Avraham’s research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

Dark Sky Acquired by Apple →

March 31, 2020 · 23:26

Adam Grossman:

Today we have some important and exciting news to share: Dark Sky has joined Apple.

Our goal has always been to provide the world with the best weather information possible, to help as many people as we can stay dry and safe, and to do so in a way that respects your privacy.

There is no better place to accomplish these goals than at Apple. We’re thrilled to have the opportunity to reach far more people, with far more impact, than we ever could alone.

The iOS apps will remain without change, Android and Wear OS are being shut down by July, and the API isn’t accepting new sign-ups but will continue to function without change through the end of 2021.

Reorg Puts Panos Panay in Charge of Windows →

February 6, 2020 · 02:07

Mehedi Hassan:

What is more interesting, however, is rumours that Panos Panay was reportedly looking for a new role — either inside, or outside of Microsoft. Apparently, Panay considered a leave of absence from Microsoft and might have even considered joining Apple. Mary Jo Foley was unable to confirm this with more sources, so the credibility of this remains uncertain.

I hope Microsoft deviates from the route they have taken (similarly to what Apple is doing) and refrains from charging exorbitant prices for RAM and SSD upgrades. If not then they should at least be industry standard off-the-shelf parts, so users can upgrade them themselves. This is one of the aspects of Apple’s hardware I loathe — I don’t like to feel screwed.

Apple Dropped Plan for Encrypting iCloud Backups →

January 21, 2020 · 15:11

Joseph Menn, reporting for Reuters:

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

In private talks with Apple soon after, representatives of the FBI’s cyber crime agents and its operational technology division objected to the plan, arguing it would deny them the most effective means for gaining evidence against iPhone-using suspects, the government sources said.

When Apple spoke privately to the FBI about its work on phone security the following year, the end-to-end encryption plan had been dropped, according to the six sources. Reuters could not determine why exactly Apple dropped the plan.

“Legal killed it, for reasons you can imagine,” another former Apple employee said he was told, without any specific mention of why the plan was dropped or if the FBI was a factor in the decision.

That person told Reuters the company did not want to risk being attacked by public officials for protecting criminals, sued for moving previously accessible data out of reach of government agencies or used as an excuse for new legislation against encryption.

If this is true, then Apple’s pro-privacy campaign is only true if you refrain from using iCloud. Unfortunately, iCloud Backup is the only automatic backup system supported by iOS, although you can go back to making local and secure iTunes backups instead. We of course have no real clue whether our particular backups were accessed or not, but I assume nobody is searching people’s data who stay away from legal trouble.

That said, Apple should definitely introduce end-to-end encryption for iCloud backups, or educate its users about the dangers of using iCloud Backup at the very least.

The Apple Archive by Sam Henri Gold →

January 17, 2020 · 09:35

Sam Henri Gold created The Apple Archive and it contains the most amazing collection of videos, photos, PDFs, screenshots, and other memorabilia, published since Apple’s conception. Make sure to go check it out (click the title of this post to get there) and if you like what you see, you can help Sam keep the lights on by donating some money — it costs him around 456 USD per year to keep the site running.

Epic Apple Debugging Story →

December 2, 2019 · 22:27

Cameron Esfahani on Twitter:

My first full time job at Apple was working on QuickDraw. The team was very small: the manager and one other engineer. Right before I started, Apple shipped the first PPC Macs. The QD team had done a lot of work for that so they took long, deserved, multi week vacations.

Read the whole thread.

(It would be so much better if these kinds of stories were posted to blogs, not Twitter.)

Apple Changes Crimea Map to Meet Russian Demands →

November 28, 2019 · 14:05

BBC:

Apple has complied with Russian demands to show the annexed Crimean peninsula as part of Russian territory on its apps.

Russian forces annexed Crimea from Ukraine in March 2014, drawing international condemnation.

The region, which has a Russian-speaking majority, is now shown as Russian territory on Apple Maps and its Weather app, when viewed from Russia.

But the apps do not show it as part of any country when viewed elsewhere.

It appears to be a limit based on what App Store a user has chosen (Russian in this case) and this is yet another appalling case of Apple bending over backwards to please an authoritarian regime.

Google, which also produces a popular Maps app, also shows Crimea as belonging to Russia when viewed from the country. The changes happened in March.

Apple is, however, not alone.

Apple Has Locked Guilherme Rambo Out of His Developer Account →

November 20, 2019 · 18:50

Guilherme Rambo:

I’ve been unable to access my Apple developer account since August. When I try to access any part of the developer portal, like the beta downloads page or the certificates control panel, I get redirected to a contact form that reads “Need assistance with accessing your developer account?”. My developer team doesn’t show up in Xcode anymore. I’m also unable to manage certificates or send builds of my employer’s developer team apps while logged in to my developer account in Xcode because it says it’s “disabled for security reasons”. The push notification service denies any requests I make to it. Back when the issue first began, I filled out that form and got a case number (20000057023991), with the promise that support would get back to me “in one to two business days”.

No explanation given since August and this situation has started to affect his income and his users. Stuff like this should not take place.

Update

Apple has resolved Gui’s issues.

Goldman Sachs’ Response to Apple Card Sexism Claims →

November 15, 2019 · 13:04

Ben Lovejoy:

The bank originally issued a brief statement stating that each person’s credit line is evaluated uniquely, based on a range of factors that include income, credit score, debt, and how debt has been managed. Taking all of this into account, it says, different family members could be offered different limits.

When the controversy didn’t go away, Goldman issued a new statement stating that its evaluation system is not aware of the gender or marital status of the applicant, and offered to re-evaluate the credit limit of anyone who felt an error had been made.

I’d guess they have no clue how the algorithm works and are scrambling to find anyone that does.

Apple Card’s Sexist Algorithm →

November 10, 2019 · 10:30

DHH on Twitter:

It gets even worse. Even when she pays off her ridiculously low limit in full, the card won’t approve any spending until the next billing period. Women apparently aren’t good credit risks even when they pay off the fucking balance in advance and in full.

So obviously we both furiously signup for the fucking $25/month credit-check bullshit shakedown that is TransUnion. Maybe someone stole my wife’s identity? Even though we’ve verified there was nothing wrong previously. Guess what: HER CREDIT SCORE WAS HIGHER THAN MINE!!!

Carmine Granucci on Twitter:

Just read this thread. My wife has a way better score than me, almost 850, has a higher salary and was given a credit limit 1/3 of mine. We had joked that maybe Apple is just sexist. Seems like it’s not a joke. Beyond f’ed up.

Apple Mail Stores Encrypted Emails in Plain Text Database (Fix Included!) →

November 7, 2019 · 10:03

Bob Gendler:

The main thing I discovered was that the snippets.db database file in the Suggestions folder stored my emails. And on top of that, I found that it stored my S/MIME encrypted emails completely UNENCRYPTED. Even with Siri disabled on the Mac, it still stores unencrypted messages in this database! […]

[…] This completely defeats the purpose of utilizing and sending an encrypted email. […]

Another database, entities.db, stores records of people’s names, email, and phone numbers you’ve corresponded with. Although the phone number may not be in your contact list, data from emails such as signature blocks and forward information are stored. It’s like an address book built for you. This could be touchy, as it may allow quick and easy access to some potentially sensitive information.

Bob mentions a few fixes you should definitely check out if you’re using encrypted email.

It’s been 100 days since I’ve alerted Apple, we’ve seen a security update to macOS Sierra 10.12, security updates to macOS High Sierra 10.13, Supplemental Updates to macOS Mojave 10.14, a security update to macOS Mojave 10.14, macOS Catalina 10.15.0 released, Supplemental Update to 10.15.0, and 10.15.1 release.

For a company that prides itself on security and privacy, the lack of attention to detail on an issue like this completely and totally surprises me.

Sadly, I am still not surprised that they react selectively to security issues. This problem hasn’t been fixed in years and it appears that not much has changed.

Why Does Apple Do Business in China ‘If This Is The Type of Shit They Pull’? →

October 10, 2019 · 08:53

John Gruber, for Daring Fireball:

The question is: Why do business in China if this is the type of shit they pull?

Money. And this is despite Tim Cook’s outburst in 2014:

“We do things for other reasons than a profit motive, we do things because they are right and just,” Mr Cook growled. Whether in human rights, renewable energy or accessibility for people with special needs, “I don’t think about the bloody ROI,” Mr Cook said, in the same stern, uncompromising tone that Apple employees hope they never have to hear. “Just to be very straightforward with you, if that’s a hard line for you … then you should get out of the stock.”

It seems that it all depends on how large that profit motive is.

Shame on Apple for catering to the Chinese government. At this point, the company needs something akin to the recent #BlizzardBoycott.

A Message About iOS Security →

September 6, 2019 · 19:17

Apple:

Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.

Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs.

We now have two sides to the story. Where does the truth lie?

Apple Contractors ‘Regularly Hear Confidential Details’ on Siri Recordings →

July 27, 2019 · 01:09

Alex Hern, reporting for The Guardian:

Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or “grading”, the company’s Siri voice assistant, the Guardian has learned.

Although Apple does not explicitly disclose it in its consumer-facing privacy documentation, a small proportion of Siri recordings are passed on to contractors working for the company around the world. They are tasked with grading the responses on a variety of factors, including whether the activation of the voice assistant was deliberate or accidental, whether the query was something Siri could be expected to help with and whether Siri’s response was appropriate […]

“There’s not much vetting of who works there, and the amount of data that we’re free to look through seems quite broad. It wouldn’t be difficult to identify the person that you’re listening to, especially with accidental triggers – addresses, names and so on.

This is unacceptable.

Keep a Stiff Upper Lip (WWDC Feedback) →

July 11, 2019 · 13:05

Daniel Kennet:

I’m a person that would describe myself as “slightly introverted”. I cannot begin to describe how deeply uncomfortable it was to walk into the registration room on Sunday to multiple employees cheering and clapping at me, trying to give me high fives. I understand the want to make people excited, but this needs to have its limits. During the conference, I got cheered and high-fived pretty much the entire week for things like:

  • Picking up a bag of chips.
  • Walking down some stairs.
  • Coming out of the toilet.
  • Walking back up the earlier-mentioned stairs.
  • Walking down the street outside the conference when I was going somewhere else.

I’m not especially introverted and I generally find Apple’s “high five culture” strange.

July 9, 2019 · 20:20

The Surface Pro 6 got a quad-core 8th gen. 15W CPU in October 2019 2018. It took Apple 9 months to add 15W Intel parts to 13-inch MacBook Pros.

It’s things like this, that piss me off most.

Jony Ive to Form Independent Design Company With Apple as Client →

June 27, 2019 · 23:27

Apple PR:

Apple today announced that Sir Jony Ive, Apple’s chief design officer, will depart the company as an employee later this year to form an independent design company which will count Apple among its primary clients. While he pursues personal projects, Ive in his new company will continue to work closely and on a range of projects with Apple.

“Jony is a singular figure in the design world and his role in Apple’s revival cannot be overstated, from 1998’s groundbreaking iMac to the iPhone and the unprecedented ambition of Apple Park, where recently he has been putting so much of his energy and care,” said Tim Cook, Apple’s CEO. “Apple will continue to benefit from Jony’s talents by working directly with him on exclusive projects, and through the ongoing work of the brilliant and passionate design team he has built. After so many years working closely together, I’m happy that our relationship continues to evolve and I look forward to working with Jony long into the future.”

Design team leaders Evans Hankey, vice president of Industrial Design, and Alan Dye, vice president of Human Interface Design, will report to Jeff Williams, Apple’s chief operating officer. Both Dye and Hankey have played key leadership roles on Apple’s design team for many years. Williams has led the development of Apple Watch since its inception and will spend more of his time working with the design team in their studio.

Sounds like Apple didn’t have a lot to say in the matter.

MacOS: How to Enable Full Mitigation for Microarchitectural Data Sampling (MDS) Vulnerabilities →

May 17, 2019 · 12:39

Apple Support:

Intel has disclosed vulnerabilities called Microarchitectural Data Sampling (MDS) that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues.

This option is available for macOS Mojave, High Sierra and Sierra and may have a significant impact on the performance of your computer […]

Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance […]

You probably don’t need to enable these mitigations unless you’re a secret agent but I’m pretty sure this is really helping push the transition from Intel to ARM inside Apple.

Apple’s Tariff Tradeoff: Raise Phone Prices or Suffer Margin Hit →

May 16, 2019 · 11:59

Mark Gurman, for Bloomberg:

In late November, Trump told the Wall Street Journal he might impose tariffs on mobile phones and laptops, and said consumers “could stand” a 10% increase in prices “very easily” […]

I’m sure that “said consumers” completely agree with Trump.

A $1,249 iPhone XS Max with 256 gigabytes of storage has $453 worth of parts, according to TechInsights. A 25% levy on that would be $113, raising the purchase price by about 9%. Apple’s other models, the iPhone XS and the iPhone XR, could face a similar increase, according to estimates. In a recent note to investors, Morgan Stanley estimated that a $999 iPhone XS would cost $160 more. JPMorgan analysts forecast a 14% price increase […]

If Apple passes the whole tariff cost to U.S. consumers, demand could drop by 10% to 40%, Cowen’s Sankar estimated on Tuesday. That, in turn, may slice earnings per share by 1% to 4% in fiscal 2020, the analyst said.

So, Apple could “very easily” lose between 10% and 40% in new iPhone sales. I guess that means that the free 5 GB iCloud tier isn’t going up in size anytime soon.

Apple is the MacBook Pro’s Biggest Enemy →

May 8, 2019 · 23:00

Rob Griffiths, on Robservatory:

To sum it up, the extra $300 on the Touch Bar machine gets you:

  • An OLED display strip embedded above the keyboard
  • A CPU that’s one generation newer—with faster clock speeds and twice the cores
  • Faster graphics
  • A True Tone display
  • Two additional Thunderbolt 3 ports
  • Bluetooth 5.0—faster, longer range, lower power draw
  • Touch ID

All that for $300—from the same company that charges $600 for a 32GB iMac RAM upgrade that you can buy for under $200. There’s no doubt which machine you’d order—and which machine Apple wants you to order—if you were in the market and didn’t mind the Touch Bar: The non-Touch Bar Mac is clearly inferior to the Touch Bar version.

I have refused to upgrade my MacBook Pro (without TouchBar) to a newer model, and will continue to do so, until Apple decides to (1) make the Touch Bar optional or (2) bring the model without the Touch Bar up-to-date. I will not pay absurd prices for old tech — Apple is insulting its users by even offering that config. I don’t consider the MacBook Air to be a replacement either — it has a 7W CPU while the old Airs had 15W parts (as does the non-Touch Bar MBP). And yes, I tried to live with the Touch Bar. It did not end well — I ended up returning two models.

Apple prides itself on customer loyalty but they’re extremely close to losing me. When the time comes for me to upgrade, if they don’t offer what I need, I’ll just go with another brand.

Inside Microsoft’s Surprise Decision to Work With Google on Its Edge Browser →

May 6, 2019 · 22:08

Tom Warren:, writing for The Verge:

Something had to give. Microsoft had to change its Edge browser in a big way. That meeting with Nadella ultimately led to Microsoft’s huge decision to jettison the browser it built in house and start from scratch using Chromium as a new foundation. The stakes for success couldn’t be much higher: the future of Windows and the web itself could hinge on this project. 

This is the story of how Microsoft made that monumental decision and what could happen next.

I’m not personally interested in Edge or particularly happy that Microsoft joined the Blink/Chromium camp. I would have definitely been more please had they based Edge on WebKit or Gecko…

And speaking of WebKit…

I’m deeply disappointed in Apple for discontinuing Safari for Windows and not expanding to Linux and other operating systems. I don’t trust Google or Microsoft’s priorities (Google’s especially), and Chrome needs to lose some market share for our benefit. History has shown that a monopoly in the browser department doesn’t end well. Apple had the unique ability to challenge Google on competing desktop OSes and they forfeited that fight. Yes, Safari is holding its own on mobile. For now. That could change, when something new comes along, replacing our iOS and Android devices. At this point, all I can do is also root for Mozilla and Firefox.

The Next Wave of Apple’s Marzipan Apps for MacOS →

April 6, 2019 · 10:45

Steve Troughton-Smith:

I am now fairly confident based on evidence I don’t wish to make public at this point that Apple is planning new (likely UIKit) Music, Podcasts, perhaps even Books, apps for macOS, to join the new TV app. I expect the four to be the next wave of Marzipan apps. Grain of salt, etc.

I hope they still keep iTunes around. (I assume) I’m one of the few people who actually like it.

Bad UI: MacOS 10.14’s Software Update Release Notes →

April 4, 2019 · 11:32

John Gruber, on Daring Fireball:

If this sheet were part of a student’s assignment in an intro to Mac programming class, a good teacher would send it back and explain how to make a sheet resizable, how to make text selectable (and thus copy-able), and how to make URLs clickable. But this isn’t a student assignment. It’s MacOS system software.

Apple’s operating systems aside, I still remember when I was excited when they announced new first-party software. Today, not so much.

’Apple’s Plan Is to Put a Ding in Your Pocketbook’ →

April 4, 2019 · 11:30

Farhad Manjoo, for The New York Times:

So now, instead of selling better stuff to more people, Apple’s new plan is to sell more stuff to the same people. “Today is going to be a very different kind of event,” said Tim Cook, Apple’s chief executive, taking the stage.

It was not. From start to finish, Apple’s affair was a brushed-aluminum homage to sameness — a parade of services that start-ups and big rivals had done earlier, polished with an Apple-y sheen of design and marketing. Among other offerings, Apple showed off a service for subscribing to news on your phone and a credit card, and it offered vague details about a still-in-development TV service involving Steven Spielberg and Oprah Winfrey (who are not exactly edgy or up-and-coming).

None of these efforts look terrible. Some, like the news service, might be handy. Yet they are all so trifling and derivative. As the analyst Ben Thompson noted, Apple’s crush of me-too announcements falls far short of Mr. Jobs’s goal of putting “a ding in the universe.” As I watched Apple’s event, I felt the future shrink a little. In its gilded middle age, Apple is turning into something like a digital athleisure brand, stamping out countless upscale accessories for customers who love its one big thing, a company that has lost sight of the universe and is content merely to put a ding in your pocketbook.

The only Apple product in recent memory, which truly changed anything, were the AirPods, and they’re not even close to putting ‘a ding in the universe’. Quite frankly, it just feels as if Apple is stagnating, and because of that, it’s focusing on milking its customers for every last penny, during this absence of ideas.

Apple Cancels AirPower →

March 29, 2019 · 22:24

Matthew Panzarino, for TechCrunch:

“After much effort, we’ve concluded AirPower will not achieve our high standards and we have cancelled the project. We apologize to those customers who were looking forward to this launch. We continue to believe that the future is wireless and are committed to push the wireless experience forward,” said Dan Riccio, Apple’s senior vice president of Hardware Engineering in an emailed statement today.

Not that I was interested, but… damn!