Apple rolls major Safari redesign out to Macs ahead of Monterey release

Safari's new look (and some light fixtures?)

Enlarge / Safari’s new look (and some light fixtures?) (credit: Apple)

This week, Apple released Safari 15 for macOS Big Sur and Catalina. Among other things, the new update includes a major design overhaul—plus the ability to roll back to the old layout and look if you’re not a fan.

Apple released major software updates for all of its platforms except macOS on Monday. The updates were timed closely with the release of new iPhone, iPad, and Apple Watch models.

But last week’s product launch event didn’t include Macs, which are expected to get some more focused attention by the end of the year, alongside an announcement about the release date of macOS Monterey.

Read 7 remaining paragraphs | Comments

#apple, #macos, #macos-big-sur, #macos-monterey, #safari, #safari-15, #tech, #web-browser

Apple users warned: Clicking this attachment will take over your macOS

Apple users warned: Clicking this attachment will take over your macOS

Enlarge (credit: Dmitry Chernyshov)

A code execution bug in Apple’s macOS allows remote attackers to run arbitrary commands on your device. And the worst part is, Apple hasn’t fully patched it yet, as tested by Ars.

Those shortcut files can take over your Mac

Independent security researcher Park Minchan has discovered a vulnerability in the macOS that lets threat actors execute commands on your computer. Shortcut files that have the inetloc extension are capable of embedding commands inside. The flaw impacts macOS Big Sur and prior versions.

“A vulnerability in the way macOS processes inetloc files causes it to run commands embedded inside, the commands it runs can be local to the macOS allowing the execution of arbitrary commands by the user without any warning / prompts,” explains Minchan. “Originally, inetloc files are shortcuts to an Internet location, such as an RSS feed or a telnet location; and contain the server address and possibly a username and password for SSH and telnet connections; can be created by typing a URL in a text editor and dragging the text to the Desktop.”

Read 10 remaining paragraphs | Comments

#apple, #biz-it, #bug, #code-execution, #macos, #rce, #remote-code-execution, #tech, #vulnerability

Apple fixes security vulnerabilities in new versions of iOS, macOS, and watchOS

The back of the iPhone 12 mini

Enlarge / The iPhone 12 mini. (credit: Samuel Axon)

Today, Apple released new versions of its iOS and iPadOS 14, macOS Big Sur, and watchOS 7 operating systems. The updates hit just one day before Apple is expected to reveal its new iPhone and Apple Watch models and the release dates for iOS 15 and watchOS 8.

These updates are security-related across the board, and they add no new features or functionality at all.

Specifically, two main issues have been addressed across Apple’s platforms, one with Core Graphics and the other with WebKit. In both cases, maliciously crafted content (PDFs or web content) could be used for arbitrary code execution. Apple also says these updates fix an issue that allowed attackers to bypass Apple protections intended to stop code execution via Messages.

Read 4 remaining paragraphs | Comments

#apple, #ios, #ios-14, #ios-14-8, #ipados, #ipados-14, #ipados-14-8, #macos, #macos-big-sur, #macos-big-sur-11-6, #tech, #watchos, #watchos-7, #watchos-7-6-2

macOS Big Sur 11.5.2 is here, but it doesn’t seem to do much

An iMac with a keyboard and trackpad

Enlarge / The front of the 24-inch iMac with Apple’s M1 chip. (credit: Samuel Axon)

Today, Apple released a new version of its Mac operating system, macOS Big Sur. The new update is labeled macOS Big Sur 11.5.2, but there aren’t any new features or major security updates. Rather, macOS 11.5.2 focuses on “bug fixes.” In fact, these are Apple’s release notes for the latest version of Big Sur, in their entirety:

macOS 11.5.2 includes bug fixes for your Mac.

As you can see, the release notes do not specify which bugs have been fixed and mention no new features. Apple maintains a support page where it details the security updates within a given release, too. But that’s bare for this release. “This update has no published CVE entries,” it says.

While Apple often (but not always) releases software updates for many or all of its platforms at the same time, macOS was alone today—at least in terms of public releases. Today also saw major new beta releases of iOS 15, watchOS 8, macOS Monterey, and more.

Read 2 remaining paragraphs | Comments

#apple, #mac, #macos, #macos-11-5, #macos-11-5-2, #macos-big-sur, #tech

Parallels Desktop 17 is here and ready to run Windows 11 on M1 Macs

Parallels Desktop 17 has arrived with support for macOS Monterey and Windows 11. Further, the popular virtualization software for Macs is now a universal binary, making deployment a little less complicated for many IT professionals.

Note that you can only run ARM versions of Windows (10 or 11) on Macs with Apple Silicon chips like the M1. Both Windows 10 and 11 for ARM are available as Insider Preview builds. On the other hand, Parallels can run versions of Windows going back as far as XP if you’re running it on an Intel Mac. A number of Linux distros are also supported, though Intel Macs gain access to more of those than M1 Macs do.

If you have access to those Insider Preview builds, you can run most Windows applications on your M1 Mac, Parallels’ developers say, because Windows on ARM can run both 32-bit and, more recently, 64-bit x86 applications. That said, even on machines it’s designed to run on, Windows on ARM can be occasionally fussy about x64 apps. So your mileage will likely vary depending on what you’re trying to do.

Read 5 remaining paragraphs | Comments

#apple-silicon, #desktop-virtualization, #m1, #macos, #macos-monterey, #parallels, #parallels-desktop, #parallels-desktop-17, #tech, #tpm, #virtual-machines, #virtualization, #windows, #windows-10, #windows-11

Apple says it will begin scanning iCloud Photos for child abuse images

Later this year, Apple will roll out a technology that will allow the company to detect and report known child sexual abuse material to law enforcement in a way it says will preserve user privacy.

Apple told TechCrunch that the detection of child sexual abuse material (CSAM) is one of several new features aimed at better protecting the children who use its services from online harm, including filters to block potentially sexually explicit photos sent and received through a child’s iMessage account. Another feature will intervene when a user tries to search for CSAM-related terms through Siri and Search.

Most cloud services — Dropbox, Google, and Microsoft to name a few — already scan user files for content that might violate their terms of service or be potentially illegal, like CSAM. But Apple has long resisted scanning users’ files in the cloud by giving users the option to encrypt their data before it ever reaches Apple’s iCloud servers.

Apple said its new CSAM detection technology — NeuralHash — instead works on a user’s device, and can identify if a user uploads known child abuse imagery to iCloud without decrypting the images until a threshold is met and a sequence of checks to verify the content are cleared.

News of Apple’s effort leaked Wednesday when Matthew Green, a cryptography professor at Johns Hopkins University, revealed the existence of the new technology in a series of tweets. The news was met with some resistance from some security experts and privacy advocates, but also users who are accustomed to Apple’s approach to security and privacy that most other companies don’t have.

Apple is trying to calm fears by baking in privacy through multiple layers of encryption, fashioned in a way that requires multiple steps before it ever makes it into the hands of Apple’s final manual review.

NeuralHash will land in iOS 15 and macOS Monterey, slated to be released in the next month or two, and works by converting the photos on a user’s iPhone or Mac into a unique string of letters and numbers, known as a hash. Any time you modify an image slightly, it changes the hash and can prevent matching. Apple says NeuralHash tries to ensure that identical and visually similar images — such as cropped or edited images — result in the same hash.

Before an image is uploaded to iCloud Photos, those hashes are matched on the device against a database of known hashes of child abuse imagery, provided by child protection organizations like the National Center for Missing & Exploited Children (NCMEC) and others. NeuralHash uses a cryptographic technique called private set intersection to detect a hash match without revealing what the image is or alerting the user.

The results are uploaded to Apple but cannot be read on their own. Apple uses another cryptographic principle called threshold secret sharing that allows it only to decrypt the contents if a user crosses a threshold of known child abuse imagery in their iCloud Photos. Apple would not say what that threshold was, but said — for example — that if a secret is split into a thousand pieces and the threshold is ten images of child abuse content, the secret can be reconstructed from any of those ten images.

Read more on TechCrunch

It’s at that point Apple can decrypt the matching images, manually verify the contents, disable a user’s account and report the imagery to NCMEC, which is then passed to law enforcement. Apple says this process is more privacy mindful than scanning files in the cloud as NeuralHash only searches for known and not new child abuse imagery. Apple said that there is a one in one trillion chance of a false positive, but there is an appeals process in place in the event an account is mistakenly flagged.

Apple has published technical details on its website about how NeuralHash works, which was reviewed by cryptography experts.

But despite the wide support of efforts to combat child sexual abuse, there is still a component of surveillance that many would feel uncomfortable handing over to an algorithm, and some security experts are calling for more public discussion before Apple rolls the technology out to users.

A big question is why now and not sooner. Apple said its privacy-preserving CSAM detection did not exist until now. But companies like Apple have also faced considerable pressure from the U.S. government and its allies to weaken or backdoor the encryption used to protect their users’ data to allow law enforcement to investigate serious crime.

Tech giants have refused efforts to backdoor their systems, but have faced resistance against efforts to further shut out government access. Although data stored in iCloud is encrypted in a way that even Apple cannot access it, Reuters reported last year that Apple dropped a plan for encrypting users’ full phone backups to iCloud after the FBI complained that it would harm investigations.

The news about Apple’s new CSAM detection tool, without public discussion, also sparked concerns that the technology could be abused to flood victims with child abuse imagery that could result in their account getting flagged and shuttered, but Apple downplayed the concerns and said a manual review would review the evidence for possible misuse.

Apple said NeuralHash will roll out in the U.S. at first, but would not say if, or when, it would be rolled out internationally. Until recently, companies like Facebook were forced to switch off its child abuse detection tools across the bloc after the practice was inadvertently banned. Apple said the feature is technically optional in that you don’t have to use iCloud Photos, but will be a requirement if users do. After all, your device belongs to you but Apple’s cloud does not.

#apple, #apple-inc, #cloud-applications, #cloud-services, #computing, #cryptography, #encryption, #facebook, #federal-bureau-of-investigation, #icloud, #ios, #iphone, #johns-hopkins-university, #law-enforcement, #macos, #privacy, #security, #technology, #u-s-government, #united-states, #webmail

iPadOS 14.7 and macOS Big Sur 11.5 come with plenty of bug fixes and security updates

The front of the 2019 iPad Air

Enlarge / The front of the 2019 iPad Air, which has since been replaced with a more modern design. (credit: Samuel Axon)

Apple has released new versions of its iPadOS and macOS operating systems just a couple of days after the company updated iOS, watchOS, and tvOS.

The iPadOS update adds some new features and shares a lot with its iOS counterpart, while the macOS release is a modest one that focuses on a couple of bug fixes.

It’s unusual for an iPadOS update to arrive after an iOS update, and it’s likely that Apple delayed iPadOS at the last minute to address some issue, but we don’t know for sure. In any case, the update is here now.

Read 7 remaining paragraphs | Comments

#apple, #ipados, #ipados-14-7, #macos, #macos-big-sur, #macos-big-sur-11-5, #tech

macOS Monterey’s public beta is live

Yesterday Apple unleashed a whole bunch of new public betas on the world: iOS 15, iPadOS 15 and watchOS 8. Today the company is back with another big software puzzle piece announced at WWDC in June.

Following three weeks of developer beta, the public beta version of macOS 12.0 Monterey is now live for download (i.e. has begun a rollout that often takes a little time to make its way to everyone).

Any beta version of an operating system comes with the usual caveats/caution against downloading it on your primary machine, but at very least, this ought to be sufficiently more stable than what first rolled out to developers in June. Listen, I’m not going to tell you how to live your life.

Image Credits: Brian Heater

I don’t always open these sorts of writeups with system compatibility, but it probably ought to be singled out for Monterey. After all, this is the first full new OS release since the company made the first Apple silicon Macs available last year. Naturally, it will be available for all of the systems sporting a first-party Apple processor.

Intel Macs are more of a grab bag, though support goes back for several years, in most cases.  A nod to Macrumors, who compiled the following list,

  • iMac‌ – Late 2015 and later
  • ‌iMac‌ Pro – 2017 and later
  • ‌MacBook Air‌ – Early 2015 and later
  • MacBook Pro – Early 2015 and later
  • Mac Pro – Late 2013 and later
  • Mac mini – Late 2014 and later
  • MacBook – Early 2016 and later

The dates are shifted up by a year or so from the Big Sur compatibility break down, which makes some sense.

Okay, so what do you get if you bite the bullet and download today? The biggest changes come to Safari, FaceTime, along with the addition of the Universal Control feature that unifies peripherals across devices and Shortcuts, an iOS feature that will replace macOS mainstay, Automater.

Image Credits: Brian Heater

Some initial thoughts — Let’s start with Safari. The browser gets some key updates with every major macOS refresh, but this is one of the largest in recent memory. There was some concern following the keynote that the updates would only introduce confusion for many users. And certainly it’s true that people hate disruptions to their workflow – this is likely one of a handful of reasons I’ve never seriously concerned switching to Safari as a default every day browser. Change is hard, friends. Of course, change is also a necessary part of evolving. In either case, I haven’t been using Monterey intimately enough to offer something more definitive on the Safari experience.

There’s a pretty radical difference up front:

Image Credits: Brian Heater

It might not seem like much, but after so many generations of the task bar serving as the driving force, it’s admittedly a pretty bold change at the center of the browser. Your mileage will vary, of course, but the idea at the heart of it is tying the field to the individual tabs, rather than having it more of a constant presence. There’s more control of of the tabs, as well, in the form of Tab Groups, which allow you to essentially bookmark a bunch of sites together, so you can group them into things like Home and Work (assuming those ever become separate things again).

If you know anything about how Apple makes software, it shouldn’t come as any surprise that those groups get synced across devices via your Safari account. This is the kind of feature that could break either way for folks — it either means getting more organized or just creating a whole bunch of news groups of infinite tabs.

Image Credits: Apple

The additions to Facetime are a pretty welcome pandemic no-brainer. The biggest addition is a code a lot of third-parties attempted to crack over the past year, bringing the ability to stream movies and TV shows on FaceTime calls with friends, in order to watch together. Again, it’s a very pandemic-friendly product that will likely continue to have appeal, since teleconferencing certainly isn’t going anywhere.

In addition to Apple products like TV+ and Music, it will work with a bunch of launch partners, including, Disney+, Hulu, HBO Max, NBA, Twitch, TikTok, MasterClass, ESPN+, Paramount+ and PlutoTV. The company is also opening its API to developers, because, honestly, this thing really needs YouTube and Netflix.

Developing…

 

 

#apple, #apps, #macos

These macOS Monterey features won’t work on Intel Macs

A page on Apple’s website has revealed that several features of macOS Monterey, the new version of the software that runs on Macs, won’t work on legacy Macs with Intel processors.

Rather, those features will require the Apple-designed M1 chip (or presumably its upcoming successors) found in new Macs the company has introduced since late last year.

That means that the following Macs in Apple’s lineup will be needed to use the features in question:

Read 7 remaining paragraphs | Comments

#apple, #apple-m1, #apple-silicon, #intel, #m1, #macos, #macos-monterey, #tech, #wwdc-2021

Here are some macOS Monterey features the WWDC keynote didn’t mention

A laptop computer displays a video call as well as web browsing.

Enlarge / A promotional image of macOS Monterey. (credit: Apple)

As is always the case with each Worldwide Developers Conference keynote, Apple’s 90-minute presentation yesterday covered what Apple deems the biggest features of its new operating systems. But the company by no means covered every change coming to Macs.

We’ve singled out a few changes that didn’t get much fanfare yesterday but are nonetheless interesting or exciting for macOS or iOS users. This is by no means a complete list of changes. Fortunately, if you want that, the Apple website offers an “all new features” page for macOS.

That said, here are some changes we thought were worth surfacing real quick as WWDC rolls on.

Read 15 remaining paragraphs | Comments

#apple, #macos, #macos-monterey, #tech

Apple’s RealityKit 2 allows developers to create 3D models for AR using iPhone photos

At its Worldwide Developer Conference, Apple announced a significant update to RealityKit, its suite of technologies that allow developers to get started building AR (augmented reality) experiences. With the launch of RealityKit 2, Apple says developers will have more visual, audio, and animation control when working on their AR experiences. But the most notable part of the update is how Apple’s new Object Capture technology will allow developers to create 3D models in minutes using only an iPhone.

Apple noted during its developer address that one of the most difficult parts of making great AR apps was the process of creating 3D models. These could take hours and thousands of dollars.

With Apple’s new tools, developers will be able take a series of pictures using just an iPhone (or iPad or DSLR, if they prefer) to capture 2D images of an object from all angles, including the bottom.

Then, using the Object Capture API on macOS Monterey, it only takes a few lines of code to generate the 3D model, Apple explained.

Image Credits: Apple

To begin, developers would start a new photogrammetry session in RealityKit that points to the folder where they’ve captured the images. Then, they would call the process function to generate the 3D model at the desired level of detail. Object Capture allows developers to generate the USDZ files optimized for AR Quick Look — the system that lets developers add virtual, 3D objects in apps or websites on iPhone and iPad. The 3D models can also be added to AR scenes in Reality Composer in Xcode.

Apple said developers like Wayfair, Etsy and others are using Object Capture to create 3D models of real-world objects — an indication that online shopping is about to get a big AR upgrade.

Wayfair, for example, is using Object Capture to develop tools for their manufacturers so they can create a virtual representation of their merchandise. This will allow Wayfair customers to be able to preview more products in AR than they could today.

Image Credits: Apple (screenshot of Wayfair tool))

In addition, Apple noted developers including Maxon and Unity are using Object Capture for creating 3D content within 3D content creation apps, such as Cinema 4D and Unity MARS.

Other updates in RealityKit 2 include custom shaders that give developers more control over the rendering pipeline to fine tune the look and feel of AR objects; dynamic loading for assets; the ability to build your own Entity Component System to organize the assets in your AR scene; and the ability to create player-controlled characters so users can jump, scale and explore AR worlds in RealityKit-based games.

One developer, Mikko Haapoja of Shopify, has been trying out the new technology (see below) and shared some real-world tests where he shot objects using an iPhone 12 Max via Twitter.

Developers who want to test it for themselves can leverage Apple’s sample app and install Monterey on their Mac to try it out.

read more about Apple's WWDC 2021 on TechCrunch

#animation, #apple, #apple-inc, #apps, #ar, #augmented-reality, #computing, #ios, #ipad, #iphone, #macos, #mobile, #online-shopping, #realitykit, #unity, #wayfair, #wwdc-2021

macOS 12 Monterey upgrades Continuity with Universal Control

During the WWDC conference today, Apple unveiled the new macOS 12 Monterey. A major feature in the macOS update is Universal Control, which builds upon the Continuity features first introduced in OS X Yosemite. For years, it’s been possible to open a news article on your iPhone and keep reading it on your MacBook, or to copy and paste a link from your iPad to your iMac. But Universal Control takes these features further.

With Universal Control, you can use a single mouse and keyboard to navigate across multiple Apple devices at once. This functionality works across more than two devices – in the demo video, the feature is used to seamlessly move across an iPad, MacBook, and iMac. Users can drag and drop files across multiple devices at once, making it possible, for example, to use a multi-screen setup while editing video on Final Cut Pro.

What’s possible in Universal Control isn’t necessarily new – this has been made possible before through third party apps. Plus, in 2019, Apple debuted Sidecar, which allowed users to connect their iPad as a second monitor for their MacBook or iMac. But, Universal Control improves upon Sidecar – and maybe renders it obsolete – by allowing users to link any Apple devices together, even if it’s not an iPad. Though this update may not be ground-breaking, it’s a useful upgrade to existing features.

read more about Apple's WWDC 2021 on TechCrunch

#apple, #apple-inc, #apps, #computers, #imac, #ios, #ipad, #iphone, #mac-os-x, #macintosh, #macos, #sidecar, #tablet-computers, #wwdc-2021

Apple is bringing Shortcuts to the Mac and starts transition from Automator

Apple has announced the next major version of macOS at WWDC 2021 — macOS Monterey. Among other features, Apple is going to release Shortcuts on macOS. It’s going to look and work a lot like Shortcuts on iOS and iPadOS.

“The Mac has a long history of automation with command line, shell scripts, Apple scripts and Automator. And on iOS, we've made automation even easier with Shortcuts,” SVP of Software Engineering Craig Federighi said. “And this year we're bringing Shortcuts to the Mac.”

In the new Shortcuts app, you can see a gallery of popular shortcuts. It’s going to be interesting to see what exactly you can trigger with shortcuts, but you can expect to be able to launch apps, create GIFs, send a message, create an email, launch a website, etc.

After that, you can trigger your shortcuts in the right column of the Finder, in the menubar and in Spotlight. You can also trigger them with Siri.

With this announcement, Apple is also setting the stage for the end of Automator. “This is just the start of a multi-year transition Automator will continue to be supported, and you can import Automator workflows into beginning one with shortcuts,” Federighi said.

If you read between the lines, it sounds like Apple doesn’t plan to add new features to Automator. Shortcuts is the future of automation on macOS, iOS and iPadOS.

read more about Apple's WWDC 2021 on TechCrunch

#apple, #apps, #automation, #automator, #developer, #macos, #macos-monterey, #shortcuts

Apple unveils macOS 12 Monterey

The past year has seen some of the most dramatic updates to Macs in recent memory. At last year’s WWDC, Apple announced its long-awaited move from Intel chip’s to its own first party silicon. By the end of the year, the company launched the first three M1 Macs, along with Big Sur, one of the biggest updates to macOS.

At this morning’s kickoff to WWDC, the company unveiled macOS 12 — named, you guessed it, Monterey. Universal Control is the top line new feature here, which further bridges the gap between desktop and tablet. Sticking the iPad next to a Mac, you can move the cursor between devices using the same trackpad and keyboard. The feature works on up to three devices at once.

AirPlay to Mac also blurs that let’s you cast content directly to your big desktop screen — that’s nice for weirdos like me who don’t have a TV. Shortcuts are also now available on macOS, allowing for simpler automation that the existing Automater. Users will be able to import Automater workflows directly to the desktop version of the popular mobile app. It will be a multi-year transition, but rip Automater — you will be missed (kind of). Shortcuts will be coming to Siri, Spotlight, the menu bar and Finder to start.

Safari is getting some updates, of course. The biggest piece of news on the browser front is the arrival of Tab Groups — which is more or less as it sounds. Users can group tabs into bundles, which can be shared with other users. That’s a lot of content and will probably require a rethink of many users workflows. But at least the tab bar itself is getting cleaner and more streamlined.

Also new are desktop extensions that can now be with iOS and iPadOS. Desktops also now support Spatial Audio on the AirPods Pro, while LaunchPad now features a games folder to get that content all in one place.

Some nice additions, but as expect, Monterey doesn’t represent as big an update as Big Sur. There are some nice new features here, but it seems likely that much of the big news is happening under the hood, as the company continues to refine the Apple Silicon experience across its new systems.

 

read more about Apple's WWDC 2021 on TechCrunch

#apple, #apps, #mac, #macos, #wwdc-2021

Apple announces macOS Monterey, the next Mac desktop operating system

In a virtual presentation at the WWDC 2021 conference today, Apple executives outlined the company’s plans for macOS Monterey, the latest major software release for the Mac family of computers.

The new name follows Apple’s California landmark-based naming scheme for recent macOS releases, dating back to the launch of OS X Mavericks in 2013.

As for what’s included in the update, macOS Monterey introduces a new feature called “Universal Control,” which allows users to share control of Mac and iPad devices with a single mouse and keyboard. Apple SVP of Software Engineering Craig Federighi demonstrated the ability to set an iPad near a Mac, move the cursor of the latter toward the former, and have the iPad automatically recognize it. This makes it possible to directly drag and drop files between the devices, for instance. Apple demonstrated this feature working across an iMac, MacBook, and iPad in concert.

Read 4 remaining paragraphs | Comments

#apple, #macos, #macos-12, #tech

Live from Apple’s WWDC 2021 keynote

And we’re back. Well, not back-back. But we’re here in the San Jose McEnery Convention Center of the mind. The parking is awful and the hotels all got booked up five months ago, so we’re taking the CalTrain in from Redwood City (of the mind).

We’ve got a full house at this morning’s virtual kick off to Apple’s annual developer conference. And good thing, too. It’s shaping up to be a packed event. You can read more about that here. You can also check out Apple’s own livestream here. And, of course, we’ll be breaking out the biggest news into bite-sized chunks.

As always, the kickoff event is focused on Apple’s (numerous) operating systems: iOS/iPadOS, macOS, watchOS, tvOS and, perhaps, a new homeOS. Often times that also comes with some new hardware. After all, you’ll need something to run those operating systems on.

Matthew will be leading the show, with help from various the TC team. Things kick off today at 10AM PT/1PM ET.

 

read more about Apple's WWDC 2021 on TechCrunch

#apple, #apps, #hardware, #ios, #ipados, #liveblog, #macos, #tc, #wwdc, #wwdc-2021

24-inch iMac review: There’s still no step three

The 2021, 24-inch iMac with Apple's M1.

Enlarge / The 2021, 24-inch iMac with Apple’s M1. (credit: Samuel Axon)

Much has been written about people embracing nostalgia for comfort during the COVID-19 pandemic. With the new 24-inch iMac’s bright colors and simplistic design, Apple seems to be indulging in the pangs of nostalgia, too.

But the new iMac’s nostalgia is only skin deep. Inside, it has arguably the most advanced CPU currently sold in consumer devices: the M1. This chip is equally at home in an iPad and a Mac, yet the M1 delivers performance that rivals or beats some of the best desktop chips available in some cases.

Even though the M1 offers enough performance to attract power users, this new iMac isn’t really for them. Rather, the 24-inch iMac is first and foremost about simplicity. It’s a computer that promises users they won’t have to think about how to configure or maintain a system. It’s a computer that’s more concerned about fitting into the room than it is about taking you somewhere else.

Read 49 remaining paragraphs | Comments

#24-inch-imac, #all-in-one, #apple, #apple-m1, #apple-silicon, #desktop, #features, #gadgetology, #imac, #m1, #mac, #macos, #review, #tech

What to expect from WWDC 2021

All things considered, Apple put together a pretty slick all-virtual WWDC last year. Where other companies like Microsoft and Google have opted for a more live (or live-style) experience, the company was parading its execs through a series of smooth drone shots and slick transitions. And with the first year under its belt, it will be fun to see how the company outdoes itself.

As far as news goes, the WWDC keynote kickoff is always packed — and this year is no different. In fact, there’s a good chance that we could see even more. In addition to the standard developer-focused updates to iOS/iPadOS, watchOS, macOS, tvOS and the like, we could well see some new hardware dropping at the event.

As ever, we’ll be breaking the news live, and this time out, we’re bringing back the liveblog. So, you know, lots of different ways to follow along live. The event kicks off at 10AM PT/1PM ET on Monday, June 7.

Speaking of, you can also check out the YouTube livestream here:

As usual, iOS is the tentpole attraction here — if nothing else, because Apple sells more iPhones than anything else. That was certainly the case last year, when the company’s latest 5G devices provided much needed relief in an otherwise flagging mobile market.

At least right off the bat, iOS 15 doesn’t look like as radical an update as the latest version of Android. But a lot can happen between today and Monday morning. The top line issue (at least for now) seems to be updates to notifications. According to reports, the new version of the mobile operating system will offer customizable notifications based on status — meaning things like sleeping, working and driving.

The operating system is also believed to be getting a whole slew of new accessibility features.

Apple 2021 iPad Pro overview

Image Credits: Apple

Perhaps even bigger news is a long-awaited update to iPadOS 15. The dated software was a sticking point in our latest iPad Pro review, and it seems the company is finally making some key strides to further distance its tablet operating system from the mobile one. For most intents and purposes, the current execution is effectively a scaled-up version of iOS for the tablet.

Not a ton of details yet, but the home screen is reportedly set to get some major updates, including widgets. One imagines the company will be pushing to make better use of all that added real estate. It should also be getting some of the new iOS updates, including those new notifications and a big overhaul for iMessage.

a new iPhone 12 package on top of a MacBook Pro package.

YOKOHAMA, KANAGAWA, JAPAN – 2020/10/31: In this photo illustration a new iPhone 12 package on top of a MacBook Pro package. (Photo Illustration by Stanislav Kogiku/SOPA Images/LightRocket via Getty Images)

After the big overhaul that was Big Sur, we’re expecting smaller waves from macOS 12. The big news here may be hardware. Rumors surround an update to Apple’s blazing-fast M1 chip. The M1X (as it’s currently being called) could well arrive alongside brand new 14- and 16-inch MacBook Pros, which would finally put a little sunlight between the high and low end of Apple’s laptop line.

Apple Watch Series 5

Image Credits: Brian Heater

Also, watchOS seems due for a big update, even if information is pretty scant so far. New health features are always a sure bet — especially now that Apple is competing with the newly combined Google and Fitbit (not to mention that recently announced assist from Samsung).

Then there’s homeOS, the most intriguing mystery of the bunch. Job listings have pointed to the mysterious operating system — that could have just been a typo (later changed to “HomePod” in the listing).

Image Credits: Apple

This being a rumor roundup, we’ll point the compelling possibility that it might be something larger — perhaps a more unifying home operating system designed to work with existing and forthcoming Apple home products. Perhaps something that integrates a bit more closely with tvOS. A longstanding rumor centers around a new Apple TV device, but so far we’ve not seen a lot of confirmation on that front.

Other rumors involve a new Mac Mini (though we just saw a refresh late last year). Rumors around Beats Studio Buds are enticing as well. After all, when LeBron is seen sporting your unannounced hardware, people are going to talk. Traditionally, however, Apple has opted to let the Beats team do its own announcements, saving these big events for its own self-branded audio products like AirPods.

read more about Apple's WWDC 2021 on TechCrunch

#apple, #apps, #events, #hardware, #ios, #ios-15, #macbook, #macos, #watchos, #wwdc, #wwdc-2021

WWDC 2021: What to expect from Apple’s next keynote

Apple kicks off its annual developer conference, WWDC, with a keynote presentation on Monday. As was the case last year, WWDC will be an online-only affair, but don’t let that fool you: We think this is going to be an eventful keynote. Expect multiple interesting announcements for users living in or following Apple’s ecosystem of hardware, software, and services.

The focus of WWDC is almost always on Apple’s software, and rightly so. This is an event primarily meant to engage with developers and encourage them to create new software experiences for Apple’s various platforms.

For that reason, we should, of course, expect detailed information about the new versions of iOS, iPadOS, macOS, watchOS, and tvOS.

Read 35 remaining paragraphs | Comments

#apple, #apple-m1, #apple-m1x, #apple-m2, #apple-silicon, #features, #homeos, #homeos-15, #imac, #ios, #ios-15, #ipados, #ipados-15, #m1, #m1x, #m2, #mac-mini, #macbook-pro, #macos, #macos-12, #tech, #tvos, #tvos-15, #watchos, #watchos-8, #wwdc-2021

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

Enlarge (credit: Getty Images)

Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said.

The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that run on iOS. When the vulnerability was fixed almost three weeks ago by open source developers outside of Apple, the fix’s release notes said that the bug caused Safari to crash. In fact, a researcher from security firm Theori said the flaw is exploitable, and despite the availability of a fix, it still hasn’t made its way into either iOS or macOS.

Mind the gap

“This bug yet again demonstrates that patch-gapping is a significant danger with open source development,” Theori researcher Tim Becker wrote in a post published Tuesday. “Ideally, the window of time between a public patch and a stable release is as small as possible. In this case, a newly released version of iOS remains vulnerable weeks after the patch was public.”

Read 9 remaining paragraphs | Comments

#apple, #biz-it, #exploits, #ios, #macos, #tech, #vulnerabilities, #zerodays

Actively exploited macOS 0day let hackers take screenshots of infected Macs

Gloved hands manipulate a laptop with a skull and crossbones on the display.

Enlarge (credit: CHUYN / Getty Images)

Malicious hackers have been exploiting a vulnerability in fully updated versions of macOS that allowed them to take screenshots on infected Macs without having to get permission from victims first.

The zeroday was exploited by XCSSET, a piece of malware discovered by security firm Trend Micro last August. XCSSET used what at the time were two zerodays to infect Mac developers with malware that stole browser cookies and files; injected backdoors into websites; stole information from Skype, Telegram, and other installed apps; took screenshots; and encrypted files and showed a ransom note.

A third zeroday

Infections came in the form of malicious projects that the attacker wrote for Xcode, a tool that Apple makes available for free to developers writing apps for macOS or other Apple OSes. As soon as one of the XCSSET projects was opened and built, TrendMicro said, the malicious code would run on the developers’ Macs. An Xcode project is a repository for all the files, resources, and information needed to build an app.

Read 10 remaining paragraphs | Comments

#biz-it, #macos, #macs, #malware, #tech, #transparency-consent-and-control

Apple just dropped a whole bunch of OS updates and WWDC info

How’s your Monday going? If you’re Apple, the answer is probably somewhere between “very busy” to “gaaaaaaah.” The company just dropped a whole bunch of new OS updates today, including iOS, macOS, watchOS and tvOS, all ahead of the upcoming Worldwide Developers Conference, which kicks off (virtually) on June 7.

Indeed, iOS and iPadOS are the headliners here — if for no other reason than the fact that they’ll impact the most devices. The public release of iOS/iPadOS 14.6 brings a couple of biggish features, including the addition of paid podcast subscriptions and Apple Card Family, both announced at a recent hardware event.

The former allows podcasters to charge for subscriptions to their show (imagine that!), with Apple taking a 30% commission for the first year. That will halve in a year. The latter, meanwhile, makes it possible for Apple Card owners to effectively split a card, with the various responsibilities that entails.

CEO Tim Cook noted at the time of announcement:

One of the things that became apparent to us in the beginning [of launching Apple Card] was a lack of fairness in the way the industry calculated credit scores when there were two holders of a credit card. One of you got the benefit of building a good credit history, and the other did not. We want to reinvent the way this works.

MacOS 11.4 brings support for additional graphics cards, a number of bug fixes and, like the new iOS, support for paid podcast subs. Ditto that last part and Apple Card Family for the new watchOS 7.5, along with support for additional health features in Malaysia and Peru, as well as expense tracking for the Apple Card. TVOS/HomePod 14.6, meanwhile, are getting bug fixes and some color balance changes for the former.

Along with all of this, the company also announced the slate of programming for this year’s virtual WWDC. Things will kick off on June 7 at 10 a.m. PT with the keynote. That’s where the big news on the latest version of all of the above will be announced — and, hopefully, some hardware, as well. At 2 p.m. the company will be offering more information with its annual Platforms State of the Union.

The full schedule is available here.

#apple, #apps, #events, #ios, #macos, #tvos, #wwdc, #wwdc-2021

Apple 24-inch M1 iMac review

Last September we concluded our 27-inch iMac review thusly,

“The big open question mark here is what the future looks like for the iMac — and how long we’ll have to wait to see it. That is, of course, the perennial question for hardware upgrades, but it’s exacerbated by the knowledge of imminent ARM-based systems and rumors surrounding a redesign.”

It was, as these things go, less than a full-throated endorsement of Apple’s latest all-in-one. We certainly weren’t alone in the assessment. It was a weird liminal zone for the computer — and Macs in general. At WWDC in June, the company had taken the unusual step of announcing its move from Intel to its own in-house chips without any hardware to show for it.

The reasoning was sound. The company was looking to help developers get out ahead of launch. It was going to be a heavy lift — the first time the Mac line had seen such a seismic shift since 2005. Fifteen years is a long time, and that’s a lot of legacy software to contend with. While the move wouldn’t outright break every piece of MacOS software, it was certainly in devs’ best interest to optimize for the new hardware, by way of the Mac Mini developer kit the company was offering. The full transition to the new silicon, Apple noted, would take two years.

Apple M1 chip

Image Credits: Apple

In November, the company debuted the first M1 Macs: a new Mac Mini, MacBook Air and 13-inch MacBook Pro. We spent several thousand words reviewing all three systems, but ultimately Matthew put it pretty succinctly, “Apple’s new M1-powered MacBook shows impressive performance gains that make Intel’s chips obsolete overnight.”

Which is, you know, a rough look for an all-in-one launched a mere two months before. That goes double for a system that hadn’t seen a fundamental redesign in some time. Two months after launch, the 2020 iMac was already starting to feel old.

Image Credits: Brian Heater

Fast-forward to last month, when Apple announced the new iMac amid a flurry of hardware news. This, it seems, was the iMac we’d been waiting for. The new system brought the most fundamental redesign in a decade, with an ultra-compact new form factor, improvements to audio and video (a big sticking point in the remote work era) and, perhaps most importantly, the new M1 chip.

Image Credits: Brian Heater

The biggest thing the 2020 system has going for it is that it’s, well, big. Having used a 27-inch iMac for much of my day-to-day work throughout the pandemic, I’m honestly surprised by how much I miss those extra three inches. I’d initially assumed that added bit of screen real estate was going to be fairly negligible once you’ve passed the 20-inch threshold, but turns out, like anything else, it takes some getting used to.

There’s an immediate upside, too, of course. I was genuinely surprised by how compact the new design is, compared to past iMacs. In spite of adding 2.5 inches to the display size over the 21.5-inch, the new system is an extremely thin 11.5 mm (or 14.7 when the stand is factored in).

The overarching theme for the system is “cute.” This is not a word I often apply to technology. Words like “cool” or “sleek” are generally go-tos here. But I’m at a loss for a better word to describe what feels like a true spiritual successor to the iMac G3. The colorful line of all-in-ones ushered in Steve Jobs’ second triumphant stint with the company, arriving at the tail end of a decade in a year personified by the Volkswagen’s New Beetle.

Of course, the design language has evolved dramatically in the nearly quarter-century since the first iMac arrived, owing to changing styles and, of course, ever-reducing component sizes. The flat-panel design arrived early this century and settled into the most recent design around 2012. Sure, there have been plenty of updates since then, but nine years is a long time for an Apple design to go without a major refresh.

Image Credits: Brian Heater

It finds the company moving from what was ostensibly an industrial design to something more warm and welcoming. The color is the thing here. It was the most frequently discussed question around the TechCrunch (virtual) offices. Everyone wants to know which we’d be getting. Mine landed with a yellow hue — something nice, light and spring. Honestly, it’s more of a gold than I expected, with a bright and shiny glean to it. I will advise that anyone who plans to buy one of these systems visit an Apple Store if there’s one nearby if you’re comfortable doing so. It’s really the sort of thing that really benefits from being seen in person, if possible.

That goes double here — since, boy howdy, is Apple on theme. The keyboard matches, the cables match, the desktop wallpaper matches, the adorable packaging matches (it’s a fun unboxing experience, as those things go) and even little touches like the OS buttons match. The latter two, obviously, are something you’re able to futz around with a bit. But the system and even the keyboard is a bit more of a commitment, really. After all, this is probably the kind of thing you’re going to want to hold onto for a number of years, so lighting and interior decorating are both worth considering before you make your decision. I recognize this is an odd thing to think about when talking about a desktop computer, but, well, it’s the iMac.

The company is offering an AR iOS app for seeing how the new iMac will fit in with its surroundings, which is a clever — and probably useful — touch. The system also weighs in at less than 10 pounds. This is admittedly not something I’ve given much thought to with desktops. “Portable” is a weird way to describe the form factor, but particularly compared to other desktop systems, it kind of fits? At the very least, it’s not entirely out of the realm of possibility that you can occasionally move the thing from room to room, as needed.

Image Credits: Brian Heater

In broad strokes, the front of the system is similar to that of the past iMacs, though the bottom panel and its large Apple logo have been swapped out of a streak of color. The pane of glass lies flush with the screen and a not insignificant white bezel that frames it. The bezel, combined with the panel, comprises a not insignificant amount of real estate below the display, likely owing to the placement of components and the downward-firing speaker grille that runs the full length of the computer’s bottom. Up top is the newly upgraded 1080p HD Webcam — the first on any Mac.

As with past iMacs, the system sits atop a stand. In the case of the yellow model, at least, the stand is a notably darker hue than the front of the system. There’s a VESA mount option configurable upon purchase, but the stand itself is very much not designed to be user replaceable. The hinge’s action is smooth. I found myself pivoting the system up and down semi-regularly to better frame myself in the webcam, and did so with ease.

Image Credits: Brian Heater

There’s a 3.5 mm headphone jack on the left — hello, old friend. I much prefer this placement to the rear of the device, which requires the cable to wrap around the side or bottom.

Image Credits: Brian Heater

A hole inside the stand is designed for cables to be run through — specifically power. Magsafe — er, the magnetic charging connector — really popped up unexpectedly here. It’s less about the quick release that you would find on the old MacBooks and more about the ease of simply snapping the cable in place. I suspect that people are less likely to trip over a desktop cable that never (or at least rarely) moves.

Image Credits: Brian Heater

The big update to the power cable situation is, of course, the addition of ethernet to the brick. The brick is quite a bit larger — especially if you’re accustomed to dealing with MacBooks. But likely it will be out of the way. What it does bring is the removal of some additional clutter on the back of the system and helps keep the computer itself that much thinner. For most people in most cases that can access a hardwired connection, it’s a nice addition.

Image Credits: Brian Heater

The port situation, on the other hand, is decidedly less so. I like ports. I have lots of stuff that need plugging in to the back of the computer and ports are probably the best case to plug ’em. The entry-level system has two Thunderbolt/USB ports. You can upgrade that to four. Definitely do this. Seriously. You’re not going to regret it.

I’m someone who keeps the wireless keyboard and trackpad/mouse plugged in most of the time. I know, it kind of defeats the purpose, but worrying about charging accessories is not another stress I need in my life right now. So that’s two ports right there. I also have some AV accessories and suddenly, boom, you’re out of ports.

The $1,299 version of the system ships with the Magic Keyboard. It’s pretty much the same as other Magic Keyboards of recent vintage. It’s not for everyone, I know. Those who love mechanical keyboards will find something to be desired in the tactility, but it’s a step up from MacBooks and I’ve certainly grown accustomed to using it. There’s no number pad on the base model, but the coloring coordinates with the Mac.

Image Credits: Brian Heater

With the $1,699 model, you get upgraded to a version with Touch ID — something that’s been a long time coming on the desktop system. Like other Macs (and older iPhones), the fingerprint scanning login is nearly instantaneous. As has been the case for a while, if you’re an Apple Watch wearer, that will log you in as well, but the addition of Touch ID on the desktop is great. The base version comes with the Magic Mouse. It’s $50 to upgrade to a Trackpad and $129 for a combo. I’ve grown fond of the Trackpad, so that’s where I’d probably land here (I doubt many people will have a need for both).

Image Credits: Brian Heater

As ever, I understand the many reasons the company has pushed its line to USB-C — it’s especially obvious when you see how much room has been freed up on the rear of the device. But man, I miss having those legacy USB-A ports on the 2020 iMac. Meantime, you might want to toss a couple of A to C USB adapters into your basket before check out. That’s kind of just life with Apple, though. Courage, and all that.

I do wonder if this means the company is positioning the M1 line for the return of an iMac Pro. Stranger things have happened. For now, of course, the company is more focused on the Mac Pro at the much higher end.

Image Credits: Bryce Durbin/TechCrunch

As expected, the new M1 chip breathes new life into the system. Take our Geekbench 5 scores: 1,720 Single and 7,606 multi-core. That blows the average of 1,200 and 6,400 for the 21.5-inch system out of the water. Things understandably take a dip with the Rosetta (Intel) version at 1,230 and 5,601, respectively, but it’s still solid performance running through a translation layer. But it also points to why Apple was so proactive about getting developers on-board with the new silicon. On the whole, the gains are in-line with the the other new M1 systems we’ve seen — which is to say a nice, healthy leap forward into the future of the Mac.

Image Credits: Bryce Durbin/TechCrunch

If you want to know how much of your workflow will be impacted, this resource is a good place to start. On the whole, I found that most of my day to day apps were fine. There are outliers, of course. Spotify and Audacity are right there. Performance is impacted in both case, but on a whole, they worked okay through Rosetta. Usage is more resource-intensive, though.

Image Credits: Bryce Durbin/TechCrunch

Spotify is probably a question of how many resources the Apple Music competitor wants to put into a new version, while Audacity is likely more of an issue of how many resources the organization has at its disposal. The further you move away from big names like Microsoft and Adobe, the more of a crapshoot it is. But there are some support issues with bigger names still, as well. For instance, I upgraded to the Apple silicon version of Zoom, but downgraded when I discovered it doesn’t work with the Intel-only version of the Canon EOS webcam software I use.

Image Credits: Bryce Durbin/TechCrunch

I recognize this is an extremely specific issue, but, then, workflows are extremely specific. As M1 systems become the mainstream of Macs, however, developers ultimately won’t really have much of a choice. Support Apple Silicon or risk becoming obsolete. Growing pains are essentially unavoidable with this sort of shift, but the results really speak for themselves. Apple Silicon is the future of Macs and it’s a fast-booting, smooth-moving future, indeed.

I can practically see the Apple team shouting at me when I mention the external mics and cameras I use to record video for work. After all, the new iMac sees the biggest upgrade to these things in some time. The best time for a new microphone system and the first 1080p HD camera on a Mac would have been last year, as the pandemic was beginning to transform the way we work and meet. The second best time, of course, is now.

Apple did tout an improved camera system on last year’s MacBook, but that was more to do with the image signal processing on the chips. That goes a ways toward improving things like white balance, but a truly meaningful improvement to imaging generally also requires new camera hardware. Take a look at the below images.

Image Credits: Brian Heater

That’s the 2020 iMac on the left and new M1 iMac on the right. Forgetting (hopefully) for a moment my droopy, partially paralyzed face (2020, am I right?), the image is night and day here — and not just because I’m slightly better put together all of these pandemic months later. The change that comes from upgrading from 720p to 1080p is just immediately apparent in term of image quality. I anticipate Apple upgrading its systems across the board, because teleconferencing is just life now.

iMac 2020:


iMac 2021:

Along with camera, the mic system got a nice upgrade. I’ve re-recorded the same audio that I did back in November on the old system. The three microphone array is crisper and much clearer, eliminating much of the background noise hiss. The six-speaker audio system is an improvement, as well. I found it worked well with music and movies, but could be less clear for teleconferencing, depending on the quality of the other attendee’s mic. The audio could be a bit bass-heavy for my taste.

On the whole, for most people, day to day, I think the audio and video upgrades are plenty. If you use your system for the occasional Zoom calls and some music listening, you should be fine. Depending on what you’re looking to get out of these things, though, a decent external camera, mic or speaker is never a bad investment.

The new iMac represents a nice leap forward for the desktop all-in-one in some key fundamental ways, breathing new life into one of the company’s most popular systems that’s long been in need need of a makeover. I miss some ports and now feel spoiled having had an SD reader on the 2020 model. I would also love to see a 27-inch version of the system on the market at some point (iMac Pro reboot, anyone?). On the whole the system is less targeted at creative pros than other models have been in the past — though the M1 and its on-board ML are still capable of impressive audio, video and still image editing.

But a cute, color coordinated design and some long overdue upgrades to teleconferencing elements aside, Apple Silicon is rightfully taking centerstage here as it did with the MacBooks and Mac Mini before it. The pricing on the systems was a source of some confusion around these parts when first announced. The very base-level version runs $1,299, while the tip-top level goes up to $2,628 with all the bells and whistles.

At the most basic level, there are three main configurations:

  • $1,299 gets you an 8-core CPU and 7-Core GPU, 8GB RAM, 256GB storage, two USB ports, standard Magic Keyboard
  • $1,499 upgrades the GPU to eight cores, adds ethernet and two USB ports and brings Touch ID to the keyboard
  • $1,699 upgrades storage to 512GB (Our configuration as tested)

The systems are available for pre-order now and will start arriving in customers’ homes this Friday.

#apple, #apple-silicon, #hardware, #imac, #m1, #macos, #reviews, #tc

Actively exploited Mac 0-day neutered core OS security defenses

Actively exploited Mac 0-day neutered core OS security defenses

Enlarge (credit: Getty Images)

When Apple released the latest version 11.3 for macOS on Monday, it didn’t just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms, some that were in place for more than a decade.

Together, the defenses provide a comprehensive set of protections designed to prevent users from inadvertently installing malware on their Macs. While one-click and even zero-click exploits rightfully get lots of attention, it’s far more common to see trojanized apps that disguise malware as a game, update, or other desirable piece of software.

Protecting users from themselves

Apple engineers know that trojans represent a bigger threat to most Mac users than more sophisticated exploits that surreptitiously install malware with minimal or no interaction from users. So a core part of Mac security rests on three related mechanisms:

Read 16 remaining paragraphs | Comments

#biz-it, #exploits, #file-quarantine, #gatekeeper, #macos, #malware, #notarization, #shlayer, #tech, #vulnerabilities

New versions of macOS, watchOS, and tvOS hit supported devices today

MacBook Air laptops, new and old.

Enlarge / MacBook Air laptops, new and old. (credit: Lee Hutchinson)

After an extended beta-testing period, Apple launched updates for all of its operating systems today, including macOS, iOS, iPadOS, watchOS, and tvOS.

In general, the updates are focused on supporting the various new products Apple announced last week, as well as implementing App Tracking Transparency, fixing bugs, and adding new features and tweaks to existing software like Safari, Music, and Reminders.

We’ll discuss iOS and iPadOS (as usual, arguably the biggest updates) in another article. For now, here’s what you can expect to see in today’s tvOS, watchOS, and macOS updates.

Read 18 remaining paragraphs | Comments

#app-tracking-transparency, #apple-tv, #apple-tv-4k, #apple-watch, #mac, #macos, #macos-11-big-sur, #macos-big-sur-11-3, #tech, #tvos, #tvos-14, #tvos-14-5, #watchos, #watchos-7, #watchos-7-4

A software bug let malware bypass macOS’ security defenses

Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS’ newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple’s watch.

Worse, evidence shows a notorious family of Mac malware has already been exploiting this vulnerability for months before it was subsequently patched by Apple this week.

Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn’t reviewed the app — a process Apple calls notarization — or if it doesn’t recognize its developer, the app won’t be allowed to run without user intervention.

But security researcher Cedric Owens said the bug he found in mid-March bypasses those checks and allows a malicious app to run.

Owens told TechCrunch that the bug allowed him to build a potentially malicious app to look like a harmless document, which when opened bypasses macOS’ built-in defenses when opened.

“All the user would need to do is double click — and no macOS prompts or warnings are generated,” he told TechCrunch. Owens built a proof-of-concept app disguised as a harmless document that exploits the bug to launch the Calculator app, a way of demonstrating that the bug works without dropping malware. But a malicious attacker could exploit this vulnerability to remotely access a user’s sensitive data simply by tricking a victim into opening a spoofed document, he explained.

GIF showing a proof of concept app opening uninhibited on an unpatched macOS computer.

The proof-of-concept app disguised as a harmless document running on an unpatched macOS machine. (Image: supplied)

Fearing the potential for attackers to abuse this vulnerability, Owens reported the bug to Apple.

Apple told TechCrunch it fixed the bug in macOS 11.3. Apple also patched earlier macOS versions to prevent abuse, and pushed out updated rules to XProtect, macOS’ in-built anti-malware engine, to block malware from exploiting the vulnerability.

Owens asked Mac security researcher Patrick Wardle to investigate how — and why — the bug works. In a technical blog post today, Wardle explained that the vulnerability triggers due to a logic bug in macOS’ underlying code. The bug meant that macOS was misclassifying certain app bundles and skipping security checks, allowing Owens’ proof-of-concept app to run unimpeded.

In simple terms, macOS apps aren’t a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located. But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings.

Wardle described the bug as rendering macOS’ security features as “wholly moot.” He confirmed that Apple’s security updates have fixed the bug. “The update will now result in the correct classification of applications as bundles and ensure that untrusted, unnotarized applications will (yet again) be blocked, and thus the user protected,” he told TechCrunch.

With knowledge of how the bug works, Wardle asked Mac security company Jamf to see if there was any evidence that the bug had been exploited prior to Owens’ discovery. Jamf detections lead Jaron Bradley confirmed that a sample of the Shlayer malware family exploiting the bug was captured in early January, several months prior to Owens’ discovery. Jamf also published a technical blog post about the malware.

“The malware we uncovered using this technique is an updated version of Shlayer, a family of malware that was first discovered in 2018. Shlayer is known to be one of the most abundant pieces of malware on macOS so we’ve developed a variety of detections for its many variants, and we closely track its evolution,” Bradley told TechCrunch. “One of our detections alerted us to this new variant, and upon closer inspection we discovered its use of this bypass to allow it to be installed without an end user prompt. Further analysis leads us to believe that the developers of the malware discovered the zero-day and adjusted their malware to use it, in early 2021.”

Shlayer is an adware that intercepts encrypted web traffic — including HTTPS-enabled sites — and injects its own ads, making fraudulent ad money for the operators.

“It’s often installed by tricking users into downloading fake application installers or updaters,” said Bradley. “The version of Shlayer that uses this technique does so to evade built-in malware scanning, and to launch without additional ‘Are you sure’ prompts to the user,” he said.

“The most interesting thing about this variant is that the author has taken an old version of it and modified it slightly in order to bypass security features on macOS,” said Bradley.

Wardle has also published a Python script that will help users detect any past exploitation.

It’s not the first time Shlayer has evaded macOS’ defenses. Last year, Wardle working with security researcher Peter Dantini found a sample of Shlayer that had been accidentally notarized by Apple, a process where developers submit their apps to Apple for security checks so the apps can run on millions of Macs unhindered.

#apple, #apple-inc, #apps, #author, #computing, #macos, #macos-big-sur, #macos-mojave, #malware, #patrick-wardle, #security, #security-breaches, #software, #technology

Here are the updates that didn’t make it in Apple’s livestream yesterday

Promotional image of a casually dressed man speaking in front of a giant video display.

Enlarge / Apple presents the new iPad Pro at its April 20, 2021 event. (credit: Apple)

Apple crammed quite a few announcements into a short, one-hour presentation yesterday: new iPad Pros, new iMacs, a new Apple TV 4K, and the long-rumored launch of AirTags, to name a few. But for everything Apple executives and product managers said onstage, there was something else that didn’t get mentioned (or got passed over quickly, perhaps).

Many of these smaller details were hidden on product, specs, or support pages after Apple updated its website with the event’s new products. This isn’t a comprehensive list of all the things that changed on Apple’s website, but we’re picking some of the most interesting ones.

Let’s start with OS updates.

Read 37 remaining paragraphs | Comments

#120hz, #apple, #apple-card, #apple-card-family, #apple-podcasts, #apple-podcasts-subscriptions, #apple-tv, #apple-tv-4k, #apple-tv-hd, #apple-watch, #applecare, #ethernet, #ios, #ios-14-5, #ipad-pro, #ipados, #ipados-14-5, #m1, #mac-mini, #macos, #macos-big-sur-11-3, #magic-keyboard, #podcasts, #ram, #siri-remote, #spring-loaded, #tech, #tvos, #tvos-14-5, #watchos, #watchos-7-4

Apple announces new M1-based iMac in 7 fancy colors

Apple announced iMac updates today at its event in Brooklyn, New York. As expected, the updates improve the desktop’s performance with new processors while maintaining the design we’ve known iMacs to have for the past couple of years.

Apple says the new system was designed from the ground up around the M1 system on a chip (SoC), allowing for a much smaller motherboard and cooling system than that seen in the company’s earlier Intel-powered iMacs. The new iMac’s overall volume is down by 50 percent and comes in at only 11 mm thick, with a single sheet of glass across the entire front of the device.

The iMac comes with a 4.5K Retina 24-inch display with very small bezels, resulting in a device not much larger than earlier 21-inch iMacs. The new displays also include TruTone technology, which dynamically adjusts color temperature in response to changes in the surrounding ambient light.

Read 7 remaining paragraphs | Comments

#apple, #imac, #macos, #tech

Collaborative iOS app Craft Docs secures $8M, led by Creandum and a ‘Skyscanner Mafia’

Launched in only November last year, the Craft Docs app — which was built from the ground up as an iOS app for collaborative documents — has secured an $8 million Series A round led by Creandum. Also participating was InReach Ventures, Gareth Williams, former CEO and co-founder of Skyscanner, and a number of other tech entrepreneurs, many of whom are ex-Skyscanner.

Currently available on iOS, iPadOS and MacOS, Craft now plans to launch APIs, extended integrations, and a browser-based editor in 2021. It has aspirations to become a similar product to Notion, and the founder and CEO Balint Grosz told me over a Zoom call that “Notion is very much focused around writing and wikis and all that sort of stuff. We have a lot of users coming from Notion, but we believe we have a better solution for people, mainly for written content. Notion is very strong with its databases and structural content. People just happen to use it for other stuff. So we are viewed as a very strong competitor by our users, because of the similarities in the product. I don’t believe our markets overlap much, but right now from the outside people do switch from Notion to us, and they do perceive us as being competitors.”

He told me this was less down to the app experience than “the hierarchical content. We have this structure where you can create notes within notes, so with every chunk of text you add content and navigate style, and add inside of that – and notion has that as well. And that is a feature which not many products have, so that is the primary reason why people tend to compare us.”

Craft says it’s main advantages over Notion are UX; Data storage and privacy (Craft is offline first, with real-time sync and collaboration; you can use 3rd party cloud services (i.e. iCloud); and integrations with other tools.

Orosz was previously responsible for Skyscanner’s mobile strategy after the company acquired his previous company, Distinction.

Fredrik Cassel, General Partner at Creandum, said in a statement: “Since our first discussions we’ve been impressed by both the amount of love users have for Craft, as well as the team’s unique ability to create a product that is beautiful and powerful at the same time. The upcoming features around connectivity and data accessibility truly set Craft apart from the competition.”

Craft ipad app

Craft ipad app

Roberto Bonazinga, Co-founder at InReach Ventures, added: “We invested in Craft on day zero because we were fascinated by the clarity and the boldness of Balint’s vision – to reinvent how millions of people can structure their thoughts and write them down in the most effective and beautiful way.”

The launch and funding of the Craft startup suggests there is something of a “Skyscanner Mafia” emerging, after its acquisition by Trip.com Group (formerly Ctrip), the largest travel firm in China, $1.75 billion in 2016.

Other backers of the company include Carlos Gonzalez (former CPO at Skyscanner, CTPO at GoCardless), Filip Filipov (former VP Strategy at Skyscanner), Ross McNairn (former CEO at Dorsai, CPO at TravelPerk), Stefan Lesser (former Technology and Partnership Manager at Apple) and Akos Kapui (Former Head of Technology at Skyscanner, VP of Engineering at Shapr3D).

#app-store, #apple, #ceo, #china, #co-founder, #creandum, #distinction, #europe, #general-partner, #inreach-ventures, #macos, #notion, #operating-systems, #skyscanner, #software, #tc, #travel, #trip-com, #yo

Apple will reveal the next versions of iOS, macOS at WWDC21, starting June 7

A disembodied cartoon head sure is excited.

Enlarge / Apple’s splash image for WWDC 2021, which references a meme from last year. (credit: Apple)

Apple will host its annual Worldwide Developers Conference (WWDC) on schedule this year, with the event kicking off on June 7 and concluding on June 11. Like last year, it will be an online-only affair as the world continues to grapple with the COVID-19 pandemic. All the event’s offerings will be free for anyone who has an Apple developer account.

The company typically uses this event to announce new versions of its various operating systems (macOS, iPadOS, iOS, watchOS, and tvOS) and detail the software’s new features and changes. WWDC is sometimes, though not always, used to announce new hardware products, too, and it’s often the event Apple uses to explain very major changes in direction, should they be imminent. For example, Apple revealed the details of its custom-made silicon transition at last year’s conference.

Apple’s press release notes that the usual components will be there. There will be a keynote to kick things off, followed by “state of the union” presentations that drill deeper on each platform. Then, Apple will offer video sessions on specific features—using the Metal graphics API to make augmented reality applications, in one hypothetical example—throughout the week. The conference will also include one-on-one lab appointments “offering technical guidance” to developers, Apple says.

Read 3 remaining paragraphs | Comments

#apple, #ios, #ipados, #macos, #swift, #tech, #tvos, #watchos, #wwdc, #wwdc-2021

It’s been 20 years since the launch of Mac OS X

Promotional image from Apple event.

Enlarge / When presenting a new path forward, Apple CEO Tim Cook put the ARM transition up with the Mac’s other big transitions: PowerPC, MacOS X, and Intel. (credit: Apple)

It was two decades ago to the day—March 24, 2001—that Mac OS X first became available to users the world over. We’re not always big on empty sentimentality here at Ars, but the milestone seemed worthy of a quick note.

Of course, Mac OS X (or macOS 10 as it was later known) didn’t quite survive to its 20th birthday; last year’s macOS Big Sur update brought the version number up to 11, ending the reign of X.

But despite its double life on x86 and ARM processors and its increasingly close ties to iOS and iPadOS, today’s macOS is still very much a direct descendant of that original Mac OS X release. Mac OS X, in turn, evolved in part from Steve Jobs’ NeXT operating system—which had recently been acquired by Apple—and its launch was the harbinger of the second Jobs era at Apple.

Read 6 remaining paragraphs | Comments

#apple, #mac, #mac-os, #mac-os-x, #macos, #tech

Apple updates Pages, Numbers, and Keynote to 11.0

This week, Apple updated its suite of iWork apps for both iOS and macOS. Pages, Numbers, and Keynote are now in version 11.0, and while the changes aren’t dramatic, there are some small quality-of-life tweaks here.

On iOS, most of the listed updates apply to every app in the suite. They include onscreen keypads for entering numerical values in places where that wasn’t as easy to do before, the ability to make edit mode the default viewing mode for every document you open, new editing controls in the Arrange Inspector, a new gesture for adding or removing objects, and the ability to include phone number links.

Numbers has one minor, app-specific change: you can now exclude the summary worksheet when you export your spreadsheet to Excel.

Read 4 remaining paragraphs | Comments

#apple, #ios, #iwork, #keynote, #macos, #numbers, #pages, #tech

Valve releases Steam Link app on Apple’s Mac App Store

A screenshot from Steam Link for macOS.

Enlarge / A screenshot from Steam Link for macOS. (credit: Valve)

Valve has launched a standalone app for Steam Link on Apple’s macOS App Store, adding a new option for Mac users who want to play games on machines that are often labeled as poor choices for gaming.

Steam Link allows users to stream games from a gaming PC to a supported device on the same local network and to play those games with a MFI or Steam controller.

Valve already offered a full Steam app for macOS, but it takes up 1GB of space and has a reputation for being clunky. In contrast, the Steam Link app has a minimalist interface that appears to be designed with game controller peripherals in mind.

Read 6 remaining paragraphs | Comments

#apple, #games, #mac, #macos, #steam, #steam-link, #streaming, #tech, #valve

Apple releases important iPhone, iPad, Mac, and Watch security patches

Apple has released a set of security updates for iPhones, iPads, and Macs, and Watches. There are no new features — but these are updates you will still want to install.

As part of these security fixes, iPhones and iPads will update to iOS and iPadOS 14.4.1, watchOS users will update to 7.3.2, and macOS Big Sur will update to 11.2.3. Those on older versions of macOS can install the latest version of Safari, bumping the version to 14.0.3.

Apple says these are “important” security updates and are “recommended for all users.”

These patches fix the same vulnerability — a memory corruption bug in WebKit, the engine that powers Apple’s Safari browser. The bug can be triggered by visiting a malicious web page containing code that can exploit the vulnerability. Once exploited, an attacker can run malicious code on the affected Apple device.

The bugs were reported by Google and Microsoft, but are not believed to be actively exploited by malicious hackers unlike recent security flaws.

Last month, Apple pushed out iOS 14.4 to fix three WebKit vulnerabilities that were being “actively exploited.” The vulnerabilities were chained together to break into the underlying iPhone software.

If you haven’t already, update today.

#apple, #apple-inc, #computing, #ios, #ipads, #iphone, #mach, #macos, #macos-big-sur, #microsoft, #operating-systems, #safari, #security, #smartphones, #software

Visual Studio Code now runs natively on M1 Macs

The 2020, M1-equipped Mac mini.

Enlarge / The 2020, M1-equipped Mac mini. (credit: Samuel Axon)

Microsoft has released a new version of source-code editor Visual Studio Code that runs natively on Apple Silicon Macs like the MacBook Air, MacBook Pro, and Mac mini models with Apple M1 chips.

The change came in Visual Studio Code 1.54 (now 1.54.1 thanks to a bug fix update), which is available as a universal 64-bit binary, as is standard for apps with Apple Silicon support. That said, Microsoft also offers downloads for x86-64 and Arm64 versions specifically, if desired.

There are no differences in features between the two versions, of course. And the non-Apple Silicon version worked just fine on M1 Macs previously via Rosetta, but Microsoft says M1 users can expect a few optimizations with the new binaries:

Read 5 remaining paragraphs | Comments

#apple, #apple-silicon, #arm, #ide, #m1, #macos, #microsoft, #microsoft-visual-studio-code, #programming, #tech, #vs-code, #x86

Version 2 of Google’s Flutter toolkit adds support for desktop and web apps

At an online event, Google today announced Flutter 2, the newest version of its open-source UI toolkit for building portable apps. While Flutter started out with a focus on mobile when it first launched two years ago, it spread its wings in recent years and with version 2, Flutter now supports web and desktop apps out of the box. With that, Flutter users can now use the same codebase to build apps for iOS, Android, Windows, MacOS, Linux and the web.

“The big thing that justifies the major version number shift is, of course, the availability of web and desktop support,” Flutter product lead Tim Sneath told me. “And that’s just a fairly profound pivot. It’s rare for products that you suddenly have all these additional endpoints.”

Image Credits: Google

He noted that because of Flutter’s open-source nature, web and desktop support had been “cooking in the open” for a while, so the addition of these endpoints isn’t a surprise. A lot of that work in getting these new platforms ready for the 2.0 release involved getting the performance up to par on these new platforms.

It’s worth noting, though, that Flutter desktop support is still behind an early-release flag in Flutter’s stable release channel and Google says developers should think of it as a “beta snapshot.” Web support, however, has transitioned from beta to stable and has become just another target for building apps with Flutter.

Image Credits: Google

On the web platform, specifically, Sneath noted that the team deliberately started out with a very standard, DOM-centric approach. But while that worked fine, it also meant performance was held back by that, especially for more advanced features. Over the course of the last year or so, the team started working on what it calls Canvas Kit. This WebAssembly-based project takes the same Skia graphics engine that powers Android and Chrome itself and makes it available to web apps.

“What that’s meant is that we can now essentially bypass the core HTML — sort of the document-centric parts of the web platform — and really use the app-centric parts of the web platform without leaving [behind] things like auto-complete of text or passwords and all the things that keep the web feeling very unique,” Sneath said.

Image Credits: Google

On the desktop, Google is announcing that Canonical is going all-in on Flutter and making it the default choice of all its future desktop and mobile apps.

Microsoft, too, is expanding its support for Flutter and working with Google on Windows support for Flutter. Given Microsoft’s interest in Android, that’s maybe no huge surprise, and indeed, Microsoft today is releasing contributions to the Flutter engine to help support foldable Android devices.

In total, Google notes, there are now over 15,000 packages for Flutter and Dart from companies like Amazon, Microsoft, Adobe, Huawei, Alibaba, eBay and Square.

As always, there are dozen of other smaller updates to Flutter in this update, too.

Looking ahead, Sneath noted that the Flutter team plans to spend more time on Flutter as a framework for embedded devices and other somewhat non-traditional platforms. He also noted that the team is interested in how Flutter can help power ambient computing experiences.

“As we think about the ambient computing worlds where there are these core premises behind the ambient computing aspects — things like: can it be searched easily? Can people make money off of the apps that they build and do it in a responsible way? We’re building support for those kinds of services. Better analytics, better ads frameworks, connectivity into things like Firebase and Google Cloud, so that people can not just take advantage of Flutter but the broader ecosystem services that Google provides,” Sneath explained.

#android, #chrome-os, #developer, #ebay, #flutter, #google, #linux, #macos, #microsoft, #microsoft-windows, #software, #tc, #web-apps, #web-development, #web-programming

New malware found on 30,000 Macs has security pros stumped

Close-up photograph of Mac keyboard and toolbar.

Enlarge (credit: Jayson Photography / Getty Images)

A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Also curious, the malware comes with a mechanism to completely remove itself, a capability that’s typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists.

Read 10 remaining paragraphs | Comments

#biz-it, #m1, #macos, #macs, #malware,