Apple XcodeGhost Malware More Malicious Than Originally Reported 79

An anonymous reader writes: Details were scant when Apple confirmed the XcodeGhost malware had infiltrated the iOS App Store. The company didn't say which specific iOS vulnerabilities were exposed and didn't indicate how its iPhone users were affected. However, a Palo Alto Networks security analyst is reporting that XcodeGhost had been used to phish for iCloud passwords, and more specific details are emerging. According to the Networkworld article: "URLs can be sent to the iOS device and opened. This isn't limited to HTTP and FTP URLs, but includes local URLs, such as itunes:// and twitter:// that iOS can be used for inter-app communications. For example, this could be used to force automatic phone calls to premium phone numbers, which can charge up to $1 per minute in some cases. Some iOS password manager apps use the system clipboard to paste passwords into the login dialog. As another example, the XcodeGhost malware can read and write data in the user's clipboard, which would allow it to snatch a password."

Number of XcodeGhost-Infected iOS Apps Rises 169

An anonymous reader writes: As the list of apps infected with the XcodeGhost malware keeps expanding, Apple, Amazon and Baidu are doing their best to purge their online properties of affected apps, malicious Xcode installers, and C&C servers used by the attackers to gather the stolen information and control the infected apps/devices. China-based jailbreaking Pangu Team claims that the number of infected app is higher than 3,400, and have offered for download a free app that apparently detects the Trojanized apps.

Apple's iOS 9 Breaks VPNs 88

An anonymous reader writes with a report from The Stack that researchers have discovered a crucial security problem in the latest version of iOS 9: it breaks VPN connections to corporate servers. According to the linked piece, "The flaw was first detected in the iOS 9 beta, and has not been fixed in the released version. Neither has the bug been removed in the current iOS 9.1 beta." The workaround might not be what you want to hear, either, if you've happily upgraded to the latest version: it's to downgrade to iOS 8.4.1.

Apple Cleaning Up App Store After Its First Major Attack 246

Reuters reports that Apple is cleaning up hundreds of malicious iOS apps after what is described as the first major attack on its App Store. Hundreds of the stores apps were infected with malware called XcodeGhost, which used as a vector a counterfeit version of iOS IDE Xcode. Things could be a lot worse, though: Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack. Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

Microsoft and Others Mean Stiff Competition For Apple iPad Pro 279

MojoKid writes: When Microsoft first announced the Surface Pro back in 2012, many Apple fans snickered. Here was Microsoft, releasing a somewhat thick and heavy tablet that not only had a kickstand, but also an odd cover that doubled as a keyboard. And to top things off, the device made use of a stylus. Steve Jobs famously said in 2010, "If you see a stylus, they blew it." But Microsoft forged ahead with the Surface Pro 2, and later with the Surface Pro 3. Not only were customers becoming more aware of the Surface but competitors were also taking note. We've seen Lenovo introduce the ideapad MIIX 700, which incorporates its own kickstand and an Intel Skylake-based Core m7 processor. And most recently, we've seen Apple pull a literal 180 on this design and platform approach, announcing the iPad Pro — a device that features a fabric keyboard cover similar in concept to the Surface Pro and a stylus. Dell and ASUS have also brought compelling offerings to the table as well. However, the big head-to-head competition will no doubt be between the Surface Pro 4, which is set to be unveiled early next month and Apple's iPad Pro when it finally goes on sale.

Appeals Court Bans Features From Older Samsung Phones 69

walterbyrd writes with news that Apple has finally emerged victorious in a long-standing patent case against Samsung — though it's more of a moral victory than a practical one. Samsung is no longer allowed to sell some of its older phones unless the company disables features that infringe upon Apple patents. "The market impact will likely be limited, since the lawsuit was filed in 2012 and covers products that came out that year, like the Galaxy S3. Furthermore, software updates to Samsung software mean that the patents may not be infringed anymore. For instance, Samsung's Android phones no longer use a 'slide to unlock' feature on the bottom of the phone. In dissent, U.S. Circuit Judge Sharon Prost paints a sharply different picture (PDF) from the majority. 'This is not a close case,' she writes, noting that Apple's patents cover a spelling correction feature it doesn't use, and two others cover 'minor features' out of 'many thousands.'"

NFL Commentators Still Calling Microsoft's Surface Tablets "iPads" 262

AmiMoJo writes: Back in 2013, Microsoft inked a $400 million deal with the NFL to promote the Surface. Unfortunately for Microsoft, commentators and even players couldn't help themselves from referring to the tablets as iPads. Last year, announcers referred to the Surface as an "iPad-like tablet,", while Chicago Bears quarterback called them "knockoff iPads". It happened on more than one occasion, and while you can bet that Microsoft and the NFL have been in talks with announcers and players about the goof, little progress is being made. This year, the problem persists.

Apple's First Android App, Move To iOS, Is Getting Killed With One-Star Reviews 206

An anonymous reader writes: Apple today launched Move to iOS, the company's first Android app built in-house. As we noted earlier, "It should surprise no one that the first app Apple built for Android helps you ditch the platform." The fact that the app is getting flooded with one-star reviews is not particularly surprising, either. At the time of publication, the app has an average rating of 1.8. The larger majority (almost 79 percent) are one-star reviews, followed by five-star reviews (almost 19 percent).

Apple's First Android App Makes It Easy To Move To iOS 174

Mark Wilson writes: Apple has released its first ever Android app. No, there's not an Android version of Safari or anything like that, but a tool designed to simplify the process of switching to iOS. The predictably named Move to iOS will appeal to anyone who was persuaded to switch allegiances by the release of the iPhone 6s and iPhone 6s Plus, or indeed iOS 9. The app can be used to move contacts, messages, photos and more to a new iPhone or iPad, and is compatible with phones and tablets running Android 4.0 and newer. It works slightly differently to what you may have expected. Rather than uploading data to the cloud, it instead creates private Wi-Fi network between an Android and iOS device and securely transfers it.

Apple's 16GB IPhone 6S Is a Serious Strategic Mistake 324 writes: Matthew Yglesias writes at Vox that Apple's recent announcement of an entry level iPhone 6S is a serious strategic mistake because it contains just 16GB of storage — an amount that was arguably too low even a couple of years back. According to Yglesias, the user experience of an under-equipped iPhone can be quite bad, and the iPhone 6S comes with features — like the ability to shoot ultra-HD video — that are going to fill up a 16GB phone in the blink of an eye. "It's not too hard to figure out what Apple is up to here," writes Yglesias. "Leaving the entry-level unit at 16GB of storage rather than 32GB drives higher profit margins in two ways. One, it reduces the cost of manufacturing the $649 phone, which increases profit margins on sales of the lowest-end model. Second, and arguably more important, it pushes a lot of people who might be happy with a 32GB phone to shell out $749 for the 64GB model."

But this raises the question of what purpose is served by Apple amassing more money anyhow. Apple pays out large (and growing) sums of cash to existing shareholders in the form of dividends and buybacks, but its enormous cash stockpile keeps remorselessly marching up toward $200 billion. "Killing the 16GB phone and replacing it with a 32GB model at the low end would obtain things money can't buy — satisfied customers, positive press coverage, goodwill, a reputation for true commitment to excellence, and a demonstrated focus on the long term. A company in Apple's enviable position ought to be pushing the envelop forward on what's considered an acceptable baseline for outfitting a modern digital device, not squeezing extra pennies out of customers for no real reason."

Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System 94

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

Can We Trust Apple To Make a Good Games Console? 174

An anonymous reader writes: The Apple TV took center stage at the company's recent press event. It's getting its own operating system, better support for watching movies and listening to music, and full integration with Siri. All to be expected. But Apple is also pushing for the device to become a hub connecting mobile gaming with your TV. This article questions whether Apple has the chops to become a serious contender in living room gaming. Quoting: "[T]he subtext was clear: Apple thinks it can take on Nintendo for third place in the console market. The problem is, even while it's parading game developers on stage, it's still not clear if Apple actually wants to take on the console market. The inconsistency within the company when it comes to games is painful to see, and shows no sign of abating any time soon. ... The iPhone is the largest games store on the planet, and it's managed by a company whose attitude to the medium is 'go write a book.' That hasn't stopped magnificent art being made for Apple's platforms, but it has stopped some, such as Sweatshop HD, which was pulled from the app store in 2013."

Plex Is Coming To Apple TV 89

sfcrazy writes: Apple announced that it is turning Apple TV into a platform, opening it up for third party developers. They have already published the beta of tvOS and tvOS SDK, which developers can play with. Which means Plex is now a possibility on Apple TV. The founder of Plex said, "There is no question we will be able to offer Plex on the platform. There are multiple ways to go about it, based on the tvOS SDK we now have access to. We are now evaluating the best path for Plex and will begin work in earnest once we have evaluated the options. The ability to access great and proven iOS frameworks on the device is great for developers like us — we know the stuff is solid and will perform really well. Our goal is to enable people to enjoy Plex on the hardware platforms of their choice, and there is no doubt this will be a top platform for us."

Why Apple's iPhone Upgrade Program Is a Bad Deal For Most 279

Mark Wilson writes: You may have heard that Apple had a little get together today. There were lots of big launches — the iPhone 6S, the iPhone 6S Plus, and the iPad Pro. Those waiting for an iPhone fix were given quite a lot of get excited about, but like your friendly local drug dealer, Apple has a 'sweetener' to help ensure its customers just keep on coming back for more: the iPhone Upgrade Program which lets you upgrade to a new iPhone every year as long as you keep paying each month. On the face of it, it might seem like a good deal — particularly as the price includes Apple Care — but is that really the case? What Apple's actually doing is feeding the habit of iPhone junkies, keeping their addiction going a little bit longer, and a little bit longer, and a little bit longer. In reality, Apple would like you to perma-rent your iPhone and keep paying through the nose for it. Ideally forever.

Adblock Plus Returns To Android and Arrives On iPhone For First Time 102

Mickeycaskill writes: Adblock Plus has returned to Android — two and a half years after ad blocking services were removed from Google Play — and has been released on iOS for the first time. Adblock Browser for Android has been in beta since late May, with well over 300,000 people downloading the beta in the browser's first week. Meanwhile the arrival of the app on iPhone means developer Eyeo has beaten Apple to the punch, as the company has confirmed iOS 9 will feature an adblocker built into Safari. "With the popularity of the iOS platform in places like the US, we considered it critical to offer an app in the Apple App Store," said Till Faida, co-founder of Adblock Plus. "We're thankful to Apple for working with us on this project and we look forward to their new iOS 9, which will give web developers additional ad-blocking tools. It's a big step for this industry."

Apple To FBI: Encryption Rules Out Handing Over iMessage Data In Real Time 306

Mark Wilson writes that Apple has balked at a court order to provide the FBI with the contents of text messages among users of its iMessage service, claiming that the encryption it uses to protect these messages makes handing over the messages themselves impossible. From the article: The Justice Department obtained a court order that required Apple to provide real time access to text messages sent between suspects in an investigation involving guns and drugs. Apple has responded by saying that the fact iMessage is encrypted means that it is simply not able to comply with the order. The stand-off between the US government and Apple could last for some time as neither side is willing — or possibly able — to back down.

Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance 115

An anonymous reader writes: Fusion has an op-ed where Ryan Calo, Assistant Professor of Law at the University of Washington, argues Google, Apple, and Microsoft pushing back against government surveillance may be our only real hope for privacy. He writes: "Both Google and Yahoo have announced that they are working on end-to-end encryption in email. Facebook established its service on a Tor hidden services site, so that users can access the social network without being monitored by those with access to network traffic. Outside of product design, Twitter, Facebook and Microsoft have sent their formidable legal teams to court to block or narrow requests for user information. Encryption tools have traditionally been unwieldy and difficult to use; massive companies turning their attention to better and simpler design, and use by default, could be a game changer. Privacy will no longer be accessible only to tech-savvy users, and it will mean that those who do use encryption will no longer stick out like sore thumbs, their rare use of hard-to-use tools making them a target."

Apple's Privacy Policies Are Keeping Data Scientists Away 117

An anonymous reader writes: The Cupertino-based global device giant is falling behind in the race to create 'predictive' services for smartphones because its privacy policies are too protective of the end-user. Data retention policies on user-centric information gathered into its Siri 'personal assistant' product is a reasonably generous six months, whilst information retained from the user's exploration of Apple Maps expires after only 15 minutes. As a consequence Apple's smartphones attempt to crunch a great deal of user-data locally rather than in the cloud.