Apple has spent years reinforcing macOS with new security features to make it tougher for malware to break in. But a newly discovered vulnerability broke through most of macOS' newer security protections with a double-click of a malicious app, a feat not meant to be allowed under Apple's watch. From a report: Worse, evidence shows a notorious family of Mac malware has already been exploiting this vulnerability for months before it was subsequently patched by Apple this week. Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn't reviewed the app -- a process Apple calls notarization -- or if it doesn't recognize its developer, the app won't be allowed to run without user intervention.

But security researcher Cedric Owens said the bug he found in mid-March bypasses those checks and allows a malicious app to run. Owens told TechCrunch that the bug allowed him to build a potentially malicious app to look like a harmless document, which when opened bypasses macOS' built-in defenses when opened. "All the user would need to do is double click -- and no macOS prompts or warnings are generated," he told TechCrunch. Owens built a proof-of-concept app disguised as a harmless document that exploits the bug to launch the Calculator app, a way of demonstrating that the bug works without dropping malware. But a malicious attacker could exploit this vulnerability to remotely access a user's sensitive data simply by tricking a victim into opening a spoofed document, he explained.

Apple on Monday released iOS 14.5, which bring a range of new features to iPhone, including the ability to unlock iPhone with Apple Watch while wearing a face mask, more diverse Siri voices, new privacy controls, skin tone options to better represent couples in emoji, and much more. iOS 14.5 builds on the reimagined iPhone experience introduced in iOS 14, and is available today as a free software update. Regarding the new privacy controls, Apple has described it as: App Tracking Transparency requires apps to get the user's permission before tracking their data across apps or websites owned by other companies for advertising, or sharing their data with data brokers. Apps can prompt users for permission, and in Settings, users will be able to see which apps have requested permission to track so they can make changes to their choice at any time.

Apple on Monday said it will establish a new campus in North Carolina that will house up to 3,000 employees, expand its operations in several other U.S. states and increase its spending targets with U.S. supplierst. From a report: Apple said it plans to spend $1 billion as it builds a new campus and engineering hub in the Research Triangle area of North Carolina, with most of the jobs expected to focus on machine learning, artificial intelligence, software engineering and other technology fields. It joins a $1 billion Austin, Texas campus announced in 2019. The iPhone maker said it would also establish a $100 million fund to support schools in the Raleigh-Durham area of North Carolina and throughout the state, as well as contribute $110 million to help build infrastructure such as broadband internet, roads, bridges and public schools in 80 North Carolina counties.

Apple also said it expanded hiring targets at other U.S. locations to hit a goal 20,000 additional jobs by 2026, setting new goals for facilities in Colorado, Massachusetts and Washington state. In Apple's home state of California, the company said it will aim to hire 5,000 people in San Diego and 3,000 people in Culver City in the Los Angeles area. Apple also increased a U.S. spending target to $430 billion by 2026, up from a five-year goal of $350 billion Apple set in 2018, and said it was on track to exceed.

The chief executives of Facebook and Apple have opposing visions for the future of the internet. Their differences are set to escalate later today. The New York Times: At a confab for tech and media moguls in Sun Valley, Idaho, in July 2019, Timothy D. Cook of Apple and Mark Zuckerberg of Facebook sat down to repair their fraying relationship. For years, the chief executives had met annually at the conference, which was held by the investment bank Allen & Company, to catch up. But this time, Facebook was grappling with a data privacy scandal. Mr. Zuckerberg had been blasted by lawmakers, regulators and executives -- including Mr. Cook -- for letting the information of more than 50 million Facebook users be harvested by a voter-profiling firm, Cambridge Analytica, without their consent. At the meeting, Mr. Zuckerberg asked Mr. Cook how he would handle the fallout from the controversy, people with knowledge of the conversation said. Mr. Cook responded acidly that Facebook should delete any information that it had collected about people outside of its core apps.

Mr. Zuckerberg was stunned, said the people, who were not authorized to speak publicly. Facebook depends on data about its users to target them with online ads and to make money. By urging Facebook to stop gathering that information, Mr. Cook was in effect telling Mr. Zuckerberg that his business was untenable. He ignored Mr. Cook's advice. Two years later, Mr. Zuckerberg and Mr. Cook's opposing positions have exploded into an all-out war. On Monday, Apple plans to release a new privacy feature that requires iPhone owners to explicitly choose whether to let apps like Facebook track them across other apps. One of the secrets of digital advertising is that companies like Facebook follow people's online habits as they click on other programs, like Spotify and Amazon, on smartphones. That data helps advertisers pinpoint users' interests and better target finely tuned ads. Now, many people are expected to say no to that tracking, delivering a blow to online advertising -- and Facebook's $70 billion business.

At the center of the fight are the two C.E.O.s. Their differences have long been evident. Mr. Cook, 60, is a polished executive who rose through Apple's ranks by constructing efficient supply chains. Mr. Zuckerberg, 36, is a Harvard dropout who built a social-media empire with an anything-goes stance toward free speech. Those contrasts have widened with their deeply divergent visions for the digital future. Mr. Cook wants people to pay a premium -- often to Apple -- for a safer, more private version of the internet. It is a strategy that keeps Apple firmly in control. But Mr. Zuckerberg champions an "open' internet where services like Facebook are effectively free. In that scenario, advertisers foot the bill. The relationship between the chief executives has become increasingly chilly, people familiar with the men said. While Mr. Zuckerberg once took walks and dined with Steve Jobs, Apple's late co-founder, he does not do so with Mr. Cook. Mr. Cook regularly met with Larry Page, Google's co-founder, but he and Mr. Zuckerberg see each other infrequently at events like the Allen & Company conference, these people said.