×
IT

How Apple Plans To Update New iPhones Without Opening Them (arstechnica.com) 42

An anonymous reader writes: What if you could update the device while it's still in the box? That's the latest plan cooked up by Apple, which is close to rolling out a system that will let Apple Stores wirelessly update new iPhones while they're still in their boxes. The new system is called "Presto." French site iGeneration has the first picture of what this setup looks like. It starts with a clearly Apple-designed silver rack that holds iPhones and has a few lights on the front. The site (through translation) calls the device a "toaster," and yes, it looks like a toaster oven or food heating rack.

Bloomberg's Mark Gurman has been writing about whispers of this project for months, saying in one article that the device can "wirelessly turn on the iPhone, update its software and then power it back down -- all without the phone's packaging ever being opened." In another article, he wrote that the device uses "MagSafe and other wireless technologies." The iGeneration report also mentions that the device uses NFC, and there are "templates" that help with positioning the various-sized iPhone boxes so the NFC and wireless charging will work. With that wireless charging, downloading, and installing, all while being isolated in a cardboard box, Apple's "toaster" probably gets pretty hot.

IOS

Recent 'MFA Bombing' Attacks Targeting Apple Users (krebsonsecurity.com) 14

An anonymous reader quotes a report from KrebsOnSecurity: Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. [...]

What sanely designed authentication system would send dozens of requests for a password change in the span of a few moments, when the first requests haven't even been acted on by the user? Could this be the result of a bug in Apple's systems? Kishan Bagaria is a hobbyist security researcher and engineer who founded the website texts.com (now owned by Automattic), and he's convinced Apple has a problem on its end. In August 2019, Bagaria reported to Apple a bug that allowed an exploit he dubbed "AirDoS" because it could be used to let an attacker infinitely spam all nearby iOS devices with a system-level prompt to share a file via AirDrop -- a file-sharing capability built into Apple products.

Apple fixed that bug nearly four months later in December 2019, thanking Bagaria in the associated security bulletin. Bagaria said Apple's fix was to add stricter rate limiting on AirDrop requests, and he suspects that someone has figured out a way to bypass Apple's rate limit on how many of these password reset requests can be sent in a given timeframe. "I think this could be a legit Apple rate limit bug that should be reported," Bagaria said.

Software

Apple Announces WWDC 2024 Event For June 10 (macrumors.com) 24

Apple today announced that its 35th annual Worldwide Developers Conference (WWDC) is set to take place June 10 through 14, 2024. It'll be an online event open to all developers at no cost. MacRumors reports: Apple will hold a WWDC 2024 keynote event on Monday, June 10 to show off iOS 18, iPadOS 18, tvOS 18, macOS 15, watchOS 11, and visionOS 2. The keynote event will be available on the Apple Developer app, the Apple website, and YouTube, with Apple also planning to share videos and information all week long.

Though WWDC 2024 is an online event, Apple is once again planning a special event for select developers and students, which is set to take place on June 10 at the Apple Park campus in Cupertino, California. Attendees will be able to watch the keynote and State of the Union presentations at Apple Park, as well as meet Apple employees and attend the Apple Design Awards. Apple will provide developers with additional information about WWDC 2024 through email, the Apple Developer app, and the Apple Developer website.

The Courts

Consumers Sue Apple, Taking Page From Justice Department Lawsuit (reuters.com) 116

Apple has been hit with a flurry of new consumer lawsuits accusing the iPhone maker of monopolizing the smartphone market, piggybacking on a sweeping antitrust case lodged by the U.S. Justice Department and 15 states last week. From a report: At least three proposed class actions have been filed since Friday in California and New Jersey federal courts by iPhone owners who claim Apple inflated the cost of its products through anticompetitive conduct. The lawsuits, seeking to represent millions of consumers, mirror the Justice Department's claims that Apple violated U.S. antitrust law by suppressing technology for messaging apps, digital wallets and other items that would have increased competition in the market for smartphones.
Android

DOJ Antitrust Lawsuit Says Apple Is Causing Android Users 'Social Stigma' (404media.co) 237

FrankOVD shares a report: Here's a paragraph from the DOJ's antitrust lawsuit against Apple in full: "In addition to degrading the quality of third-party messaging apps, Apple affirmatively undermines the quality of rival smartphones. For example, if an iPhone user messages a non-iPhone user in Apple Messages -- the default messaging app on an iPhone -- then the text appears to the iPhone user as a green bubble and incorporates limited functionality: the conversation is not encrypted, videos are pixelated and grainy, and users cannot edit messages or see typing indicators.

"This signals to users that rival smartphones are lower quality because the experience of messaging friends and family who do not own iPhones is worse -- even though Apple, not the rival smartphone, is the cause of that degraded user experience. Many non-iPhone users also experience social stigma, exclusion, and blame for 'breaking' chats where other participants own iPhones. This effect is particularly powerful for certain demographics, like teenagers -- where the iPhone's share is 85 percent, according to one survey. This social pressure reinforces switching costs and drives users to continue buying iPhones -- solidifying Apple's smartphone dominance not because Apple has made its smartphone better, but because it has made communicating with other smartphones worse."

EU

EU Launches Probes Into Apple, Meta, Google Under New Digital Competition Law (europa.eu) 20

The European Union has launched investigations into Apple, Meta and Google under its sweeping new digital-competition law, adding to the regulatory scrutiny large U.S. tech companies are facing worldwide. From a report: The suite of probes [Editor's note: the link may be paywalled; official press release here] announced Monday are the first under the EU's Digital Markets Act law, which took effect earlier this month. They come less than a week after the Justice Department sued Apple over allegations it makes it difficult for competitors to integrate with the iPhone, ultimately raising prices for customers. Apple and Google will now face EU scrutiny of how they are complying with rules that say they must allow app developers to inform customers about alternative offers outside those companies' main app stores. The European Commission, the EU's executive arm, said it is concerned about constraints the tech companies place on developers' ability to freely communicate with users and promote their offers.

The bloc will also examine changes that Google made to how its search results appear in Europe. The new digital competition law says companies cannot give their own services preference over similar services that are offered by rivals. Another probe will look at how Apple complies with rules that say users should be able to easily remove software applications and change default settings on their iPhones, as well as how the company shows choice screens that offer alternative search engine and browser options.

Desktops (Apple)

Apple Criticized For Changing the macOS version of cURL (daniel.haxx.se) 75

"On December 28 2023, bugreport 12604 was filed in the curl issue tracker," writes cURL lead developer Daniel Stenberg: The title stated of the problem in this case was quite clear: flag -cacert behavior isn't consistent between macOS and Linux , and it was filed by Yuedong Wu.

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error. This particular behavior and functionality in curl has been established since many years (this option was added to curl in December 2000) and of course is provided to allow users to know that it communicates with a known and trusted server. A pretty fundamental part of what TLS does really.

When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.

"We don't consider this something that needs to be addressed in our platforms," Apple Product Security responded. Stenberg's blog post responds, "I disagree."

Long-time Slashdot reader lee1 shares their reaction: I started to sour on MacOS about 20 years ago when I discovered that they had, without notice, substituted their own, nonstandard version of the Readline library for the one that the rest of the Unix-like world was using. This broke gnuplot and a lot of other free software...

Apple is still breaking things, this time with serious security and privacy implications.

Security

New 'GoFetch' Apple CPU Attack Exposes Crypto Keys (securityweek.com) 40

"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers.
The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.
Apple

DOJ Blames Apple For Failure of Amazon Fire Phone, Windows Phone and HTC 246

DOJ, in the court filing (PDF): Many prominent, well-financed companies have tried and failed to successfully enter the relevant markets because of these entry barriers. Past failures include Amazon (which released its Fire mobile phone in 2014 but could not profitably sustain its business and exited the following year); Microsoft (which discontinued its mobile business in 2017); HTC (which exited the market by selling its smartphone business to Google in September 2017); and LG (which exited the smartphone market in 2021). Today, only Samsung and Google remain as meaningful competitors in the U.S. performance smartphone market. Barriers are so high that Google is a distant third to Apple and Samsung despite the fact that Google controls development of the Android operating system.
Apple

DOJ Lawsuit Against Apple is Headline Grabber But Poses Limited Near-Term Impact (techcrunch.com) 59

An anonymous reader shares a report: The U.S. Department of Justice filed a lawsuit against Apple Thursday, accusing the company led by CEO Tim Cook of engaging in anti-competitive business practices. The allegations include claims that Apple prevents competitors from accessing certain iPhone features and that the company's actions impact the "flow of speech" through its streaming service, Apple TV+.

However, even if the DOJ proves any of the allegations, it is highly unlikely that Apple will face material changes for years, as history shows that such lawsuits often take a significant amount of time to reach the trial, let alone a resolution. The DOJ's ongoing case against Google, filed in 2020, only went to trial in 2023, with no remedies or financial implications expected for up to two more years.

This is not the first time Apple has faced legal action from the DOJ. In 2012, the agency sued Apple for conspiring with publishers to increase ebook prices, a lawsuit that was not settled until 2016. "Precedents suggest that resolution of the complaint will take three to five years, including appeals," Bernstein analysts wrote in a note.

China

Apple Held Talks With China's Baidu Over AI for Its Devices (wsj.com) 5

Apple has held preliminary talks with Baidu about using the Chinese company's generative AI technology in its devices in China, the latest example of the iPhone maker's efforts to widen its AI capabilities. From a report: The U.S. tech giant has been exploring using external partners to help accelerate its AI ambitions. It has held discussions with companies including Google and OpenAI about using their technology to power its mobile features. In China, Apple has been looking for a local generative AI model provider, mainly because China requires such models to be vetted by its cyberspace regulator before being launched to the public, people familiar with the matter said.
Apple

Apple Launches All-In-One 'Manuals, Specs, and Downloads' Website (macrumors.com) 13

Apple has launched a new "Documentation" page to its website that provides links to user guides, repair manuals, tech specs, software downloads, and more for a variety of its products. MacRumors reports: Some of this information was previously found across separate pages on Apple's website, and it has now been combined in one place for convenient access. The page includes categories for the Mac, iPhone, iPad, iPod, Vision Pro, Apple Watch, Apple TV, AirPods, HomePod, displays like the Studio Display and Pro Display XDR, accessories like the Apple Pencil and Magic Keyboard, and software. There is also a search tool on the page that provides links to support documents and other relevant information based on the keywords entered.
The Courts

Epic, Spotify, Others Back DOJ Lawsuit Against Apple (appfairness.org) 68

The Coalition for App Fairness, an industry body that represents Epic, Spotify, Match Group and Proton among others, issued the following statement following the U.S. announcing it had sued Apple: "With today's announcement, the Department of Justice is taking a strong stand against Apple's stranglehold over the mobile app ecosystem, which stifles competition and hurts American consumers and developers alike. The DOJ complaint details Apple's long history of illegal conduct -- abusing their App Store guidelines and developer agreements to increase prices, extract exorbitant fees, degrade user experiences, and choke off competition. The DOJ joins regulators around the world, who have recognized the many harms of Apple's abusive behavior and are working to address it. As this case unfolds in the coming years more must be done now to end the anticompetitive practices of all mobile app gatekeepers. It remains imperative that Congress pass bipartisan legislation, like the Open App Markets Act, to create a free and open mobile app marketplace." Further reading: Apple Loses $115 Billion in Market Value as Regulators Close In.
Desktops (Apple)

Unpatchable Vulnerability in Apple Chip Leaks Secret Encryption Keys (arstechnica.com) 85

A newly discovered vulnerability baked into Apple's M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. From a report: The flaw -- a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols -- can't be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

The threat resides in the chips' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it's actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel's 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years. Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

United States

US Sues Apple, Alleges Tech Giant Exploits Illegal Monopoly (wsj.com) 125

The Justice Department sued Apple on Thursday, alleging the tech giant blocked software developers and mobile gaming companies from offering better options on the iPhone, resulting in higher prices for consumers. WSJ: The government's antitrust complaint, filed in a New Jersey federal court, alleges Apple used its control of the iPhone to prevent competitors from offering innovative services such as digital wallets and limited the functionality of hardware products that compete with Apple's own devices. The suit also claims that Apple makes it difficult for users to switch to devices that don't use Apple's operating system, such as Android smartphones.

"Consumers should not have to pay higher prices because companies violate the antitrust laws," Attorney General Merrick Garland said in a statement. Apple said it plans to vigorously defend against the lawsuit. "This lawsuit threatens who we are and the principles that set Apple products apart in fiercely competitive markets," an Apple spokesman said in a statement. "If successful, it would hinder our ability to create the kind of technology people expect from Apple -- where hardware, software, and services intersect." The case against Apple is the last shoe to drop on the big four tech giants by U.S. antitrust officials.

Bug

macOS Sonoma 14.4 Bug 'Destroys Saved Versions In iCloud Drive' (macrumors.com) 32

The macOS Sonoma 14.4 update introduces a bug affecting iCloud Drive's versioning system, where users with "Optimize Mac Storage" enabled can lose all previous versions of a file removed from local storage. MacRumors reports: Versions are normally created automatically when users save files using apps that work with the version system in macOS. According to The Eclectic Light Company's Howard Oakley, users running macOS 14.4 that have "Optimize Mac Storage" enabled should be aware that they are at risk of losing all previously saved versions of a file if they opt to remove it from iCloud Drive local storage: "In previous versions of macOS, when a file is evicted from local storage in iCloud Drive [using the Remove Download option in the right-click contextual menu], all its saved versions have been preserved. Download that file again from iCloud Drive, and versions saved on that Mac (but not other Macs or devices) have remained fully accessible. Do that in 14.4, and all previous versions are now removed, and lost forever."

Oakley said his own tests confirmed that this behavior does not happen in macOS Sonoma 14.3 or macOS Ventura, so it is exclusive to macOS 14.4. For users who have already updated, he suggests either not saving files to iCloud Drive at all, or turning off Optimize Mac Storage. To perform the latter in System Settings, click your Apple ID, select iCloud, and then toggle off the switch next to "Optimize Mac Storage." You may need to perform this action twice -- reports suggest it can turn back on by itself. For a more exhaustive account of the problem, see Oakley's subsequent post.

EU

EU's Vestager Warns About Apple, Meta Fees, Disparaging Rival Products (reuters.com) 28

EU antitrust chief Margrethe Vestager on Tuesday warned Apple and Meta on their new fees for their services, saying that this may hinder users from enjoying the benefits of the Digital Markets Act which aims to give them more choices. From a report: Apple announced a slew of changes in January in a bid to comply with the landmark EU tech legislation which requires it to open up its closed eco-system to rivals.

A new fee structure includes a core technology fee of 50 euro cents per user account per year that major app developers will have to pay even if they do not use any of Apple's payment services, which has triggered criticism from rivals such as Fortnite creator Epic Games. Vestager said the new fees have attracted her attention. "There are things that we take a keen interest in, for instance, if the new Apple fee structure will de facto not make it in any way attractive to use the benefits of the DMA. That kind of thing is what we will be investigating," she told Reuters in an interview.
Further reading: Apple Working on Solution for App Store Fee That Could Bankrupt Viral Apps.
Businesses

Apple Working on Solution for App Store Fee That Could Bankrupt Viral Apps (macrumors.com) 91

Joe_Dragon shares a report: Since Apple announced plans for the 0.50 euro Core Technology Fee that apps distributed using the new EU App Store business terms must pay, there have been ongoing concerns about what that fee might mean for a developer that suddenly has a free app go viral. Apple's VP of regulatory law Kyle Andeers today met with developers during a workshop on Apple's Digital Markets Act compliance. iOS developer Riley Testut, best known for Game Boy Advance emulator GBA4iOS, asked what Apple would do if a young developer unwittingly racked up millions in fees.

Testut explained that when he was younger, that exact situation happened to him. Back in 2014 as an 18-year-old high school student, he released GBA4iOS outside of the App Store using an enterprise certificate. The app was unexpectedly downloaded more than 10 million times, and under Apple's new rules with Core Technology Fee, Testut said that would have cost $5 million euros, bankrupting his family. He asked whether Apple would actually collect that fee in a similar situation, charging the high price even though it could financially ruin a family. In response, Andeers said that Apple is working on figuring out a solution, but has not done so yet. He said Apple does not want to stifle innovation and wants to figure out how to keep young app makers and their parents from feeling scared to release an app.

Google

Apple Is in Talks To Let Google's Gemini Power iPhone Generative AI Features (bloomberg.com) 52

Apple is in talks to build Google's Gemini AI engine into the iPhone, Bloomberg News reported Monday, citing people familiar with the situation, setting the stage for a blockbuster agreement that would shake up the AI industry. From the report: The two companies are in active negotiations to let Apple license Gemini, Google's set of generative AI models, to power some new features coming to the iPhone software this year, said the people, who asked not to be identified because the deliberations are private. Apple also recently held discussions with OpenAI and has considered using its model, according to the people.
AI

Apple Acquires Startup DarwinAI As AI Efforts Ramp Up 16

According to Bloomberg, Apple has acquired Canada-based AI startup DarwinAI for an undisclosed sum. Macworld reports: Apple has reportedly folded the DarwinAI staff into its own AI team, including DarwinAI co-founder Alexander Wong, an AI researcher at the University of Waterloo who "has published over 600 refereed journal and conference papers, as well as patents, in various fields such as computational imaging, artificial intelligence, computer vision, and multimedia systems."

According to its LinkedIn profile, DarwinAI is "a rapidly growing visual quality inspection company providing manufacturers an end-to-end solution to improve product quality and increase production efficiency." In layman's terms, that means Apple is likely interested in DarwinAI to streamline its manufacturing to be more efficient. That's something that could save Apple a ton of money in annual costs.

Far more interesting to our consumer devices, however, is Bloomberg's report that DarwinAI's tech can be used to make AI models more efficient in general. Apple has been said to want any generative AI features to run on the device rather than the cloud, so models will need to be as small as possible and DarwinAI could definitely help there.
Last month, Apple CEO Tim Cook said the iPhone maker sees "incredible breakthrough potential for generative AI, which is why we're currently investing significantly in this area. We believe that will unlock transformative opportunities for users when it comes to productivity, problem solving and more."

Slashdot Top Deals