Jump to content

Search the Community

Showing results for tags 'ios'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. vissha

    DroidKit 1.0.0.20210916

    Lost your precious photos, important WhatsApp messages, or other valued data? Your phone got frozen, stuck on black screen, touch screen not working, or suffered another system issue? Forgot your lock screen password? Stopped by the FRP lock on your Samsung device? Don't panic. DroidKit is an all-round Android savior that can not only get lost data back to your phone, but also bring your dead phone back to life. Reliable as a pro, yet easy as pie. Save You from Phone Disasters at The Very First Moment - Recover lost photos, WhatsApp chats, messages, and more without root. - Remove lock screen on Android devices and bypass Samsung FRP lock. - Fix system issues and reinstall/upgrade OS for Samsung phones & tablets. - Clear system junk and unneeded files to speed up your phone, all in a tap. - No skills required. Save your data and phone with simple clicks in minutes. Recover Lost Data from Your Phone Instantly without Root DroidKit understands how frustrating it can be when losing data, whether it's precious memories or information that can be used as evidence in court. With the innovative Quick Recovery technique, it performs a fast scan of your phone storage, and salvages photos, WhatsApp chats and files, messages, contacts, and more essential data up to 13 types, covering almost everything you need daily. All Android phones and tablets supported. No root of your device. No tech skills required. No need to wait for days. You can get back what's lost with a few simple clicks, immediately. Go to The Ultimate Solution - Deep Recovery Besides, DroidKit also has the Deep Recovery mode, which makes a more in-depth scan of every corner in your phone storage, to find out all the deleted data that's not been overwritten yet. Built on the unparalleled NO-DATA-LOSS technology, it guarantees the highest success rate in retrieving lost data among the industry. Apart from Phone, You Can Also Retrieve Data from: Google Account Scan and preview your data in Google backups, WhatsApp backups, Google Photos/Contacts/Calendar, and feel free to pick up what you need without full restore. Crashed Phone You can even extract data from a system broken Samsung phone, to your new Android phone or to a computer, at your choice. Formatted SD Card No matter you mistakenly deleted files or formatted the SD card completely, DroidKit can always recover your lost photos, videos, and other files without a hassle. Bring Your Dead Phone Back to Life Right Away More than just rescuing your data, DroidKit rescues your inaccessible device as well, no matter it's crashed or locked. No need to send your phone out for days or even months. Get back a nicely-working device in minutes. Remove Screen Locks of Any Kind Forgot your lock screen password? Fingerprint or face unlock does not work? Not able to enter PIN on a cracked screen? No matter why you're blocked, DroidKit can help you regain access to your phone immediately. It removes all types of screen locks, whether it's PIN, password, pattern, fingerprint, or facial recognition. Samsung, LG, Motorola, and all other Android devices supported. No root required. All you need to do is a couple of clicks. Bypass FRP Lock Easily and Instantly Purchased a second-hand phone with FRP lock on? Accidentally stuck in FRP lock after a factory reset, but forgot the account details? Just bypass it! With the customized solutions designed for each Android version and device model, DroidKit guarantees the highest success rate in the industry. As a non-tech friendly solution, it asks for no tech knowledge or skills at all. You can regain access to your phone instantly without a hitch. Fix All Android OS Issues without Root No matter which type of Android issues you came across, DroidKit can fix it, without rooting your device. It handles all system problems, including black screen, frozen, touch screen not working, apps crashing, camera failed, etc. To ensure you the highest success rate, DroidKit intelligently fixes the issue with a customized solution designed for each Android OS and device model. No technical skills needed. It's easy to revive your phone like a pro right at home. Free Up Space and Speed Up Your Phone in A Click Don't let your device be cluttered up with junk. If you used to spend hours searching for what's eating the phone storage, and decide what's safe to delete, then DroidKit saves all those tedious and risky tasks for you. It smartly finds and categorizes caches, background apps, APK files, and large files on your phone. You can then view the files clearly, and feel free to wipe them all with a click or only those you don't need. No risk of mistakenly deleting system files to cause app crashes or even Android crashes. All Android phones and tablets supported. You'll enjoy a faster device with enough storage for new photos or apps. Version: 1.0.0 - 05.27 2021 Provide 4 data recovery modes: WhatsApp Recovery, Quick Recovery from Device, Deep Recovery from Device, and Data Recovery from SD Card. Support to extract data from 3 types of sources: from a system crashed device, from Google account, and from an SIM card. Unlock all types of screen locks on Android devices, such as PIN, password, pattern, fingerprint ID, face recognition, etc. Bypass FRP lock on any Samsung device running Android 6-10. Fix all Android system issues on any Samsung device. Clear system junk from all Android devices, including cached files, background apps, apk files, and large files. Home: https://www.imobie.com/droidkit/ Changelog & Tech Specs: https://www.imobie.com/droidkit/specs.htm Download - Installer Free Trial: https://www.imobie.com/go/download.php?product=dk PreActivated EXE: Site: https://www.mirrored.to Sharecode [?]: /files/0JOKYMH1/DroidKit.1.0.0.20210916_PA.rar_links
  2. WhatsApp is rolling out end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing your chats, regardless of where they are stored. Currently, WhatsApp allows you to create backups of all your chats and store them on online storage services. For iOS users, your backups are stored on iCloud, and for Android, they are stored on Google Drive. While conversations on WhatsApp are end-to-end encrypted (e2ee), the backups stored on cloud services are not and could theoretically be accessed by anyone who has access to your phone or takes it over via a SIM swap attack. By backing up your chats, if WhatsApp is ever installed again on your current device or a new one, the app will restore your backed-up chat messages. WhatsApp gets end-to-end encrypted chat backups Starting today, Facebook announced that WhatsApp is rolling out a new feature where you can perform end-to-end encryption of your chat backups, regardless of where they are stored. While this feature is not rolled out to everyone yet, users will be able to assign a password that only they know to be used to encrypt backups before they are uploaded to iCloud or Google Drive. "You can now secure your end-to-end encrypted backup with either a password of your choice or a 64-digit encryption key that only you know," Facebook announced today. "Neither WhatsApp nor your backup service provider will be able to read your backups or access the key required to unlock it." Users must also use this same password to restore any backups in the future, preventing them from being accessed by anyone else. How WhatsApp performs end-to-end encrypted backups Source: Facebook Facebook states that they are rolling this feature out slowly to those running the latest version of WhatsApp, so it may take some time before it reaches everyone. When it is rolled out to your device, you can enable WhatsApp end-to-end encrypted backups using these steps: Open WhatsApp. Open Settings. Tap Chats > Chat Backup > End-to-end Encrypted Backup. Tap Continue, then follow the prompts and enter a password or key when asked. Tap Done, and wait for WhatsApp to prepare your end-to-end encrypted backup. While creating an encrypted backup, the app may prompt you to connect your device to power. Once end-to-end encrypted backups are enabled, you will not be able to restore any backups to your device without knowing the password. You can always disable this feature by going back into the End-to-end Encrypted Backup setting and turning it off. WhatsApp rolls out iOS, Android end-to-end encrypted chat backups
  3. Early this month, Microsoft announced that Microsoft Teams iOS app will soon support Apple CarPlay feature. This support is now available for everyone with the latest Teams update in App Store. You can now connect Teams to CarPlay for handsfree calling and to join your next meeting. You can also join meetings hands-free using Siri. You can download the app here from Microsoft Teams. Microsoft Teams iOS app gets Apple CarPlay support
  4. Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. The unknown researcher who found the four zero-days reported them to Apple between March 10 and May 4. However, the company silently patched one of them in July with the release of 14.7 without giving credit in the security advisory. "When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update," the researcher said earlier today. "There were three releases since then and they broke their promise each time." "Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience," Apple told him when asked why the list of fixed iOS security bugs didn't include his zero-day. Since then, all attempts made to get an explanation for Apple's failure to fix the rest of these unpatched vulnerabilities and for their refusal to credit them were ignored even though more security advisories, for iOS 14.7.1, iOS 14.8, and iOS 15.0, have since been published. An Apple spokesperson was not available for comment when BleepingComputer reached out for more details. PoC exploit code published on GitHub After Apple refused to respond to explanation requests, today the researcher published proof-of-concept exploit code for all four iOS zero-days he reported on GitHub, together with apps that harvest sensitive information and displays it in the user interface: Gamed 0-day (iOS 15.0): Bug exploitable through user-installed apps from App Store and giving unauthorized access to sensitive data normally protected by a TCC prompt or the platform sandbox ($100,000 on the Apple Security Bounty Program page): Apple ID email and full name associated with it Apple ID authentication token which allows accessing at least one of the endpoints on *.apple.com on behalf of the user Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user's interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts) Complete file system read access to the Speed Dial database and the Address Book database, including contact pictures and other metadata like creation and modification dates (I've just checked on iOS 15, and this one is inaccessible, so that one must have been quietly fixed recently) Nehelper Enumerate Installed Apps 0-day (iOS 15.0): Allows any user-installed app to determine whether any app is installed on the device given its bundle ID. Nehelper Wifi Info 0-day (iOS 15.0): Makes it possible for any qualifying app (e.g., possessing location access authorization) to gain access to Wifi information without the required entitlement. Analyticsd (fixed in iOS 14.7): Allows any user-installed app to access analytics logs: medical information (heart rate, count of detected atrial fibrillation and irregular heart rhythm events) menstrual cycle length, biological sex and age, whether the user is logging sexual activity, cervical mucus quality, etc. device usage information (device pickups in different contexts, push notifications count and user's action, etc.) screen time information and session count for all applications with their respective bundle IDs information about device accessories with their manufacturer, model, firmware version, and user-assigned names application crashes with bundle IDs and exception codes languages of web pages that users viewed in Safari Exploit code confirmed to work on 15.0 Apple did not reply to BleepingComputer's email to validate any of the researcher's claims. However, software engineer Kosta Eleftheriou confirmed that the app designed to exploit Gamed zero-day and harvest sensitive user information works on iOS 15.0, the latest iOS version. "All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected," the researcher said, referring to the analyticsd zero-day silently patched in iOS 14.7. "That's why it's very hypocritical of Apple to claim that they deeply care about privacy. All this data was being collected and available to an attacker even if 'Share analytics' was turned off in settings. "My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI - in 120). I have waited much longer, up to half a year in one case," the researched added. Other security researchers and bug bounty hunters have also gone through a similar experience when reporting vulnerabilities to Apple's product security team via the Apple Security Bounty Program. Just this year, some of them have reported that they weren't paid the amount listed on the official bounty page [1, 2] or haven't received any payment at all, others that they have been kept in the dark for months on end with no replies to their messages. Others have also said their bugs were silently fixed with Apple refusing to give them credit, just as it happened in this case. Researcher drops three iOS zero-days that Apple refused to fix
  5. Apple has deprecated the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in recently launched iOS and macOS versions and plans to remove support in future releases altogether. TLS is a secure communication protocol designed to protect users from eavesdropping, tampering, and message forgery while accessing and exchanging information over an Internet connection using client/server applications. The original TLS 1.0 specification and its TLS 1.1 successor have been used for almost 20 years (with TLS 1.0 first defined in 1999 and TLS 1.1 in 2006). The Internet Engineering Task Force (IETF) approved TLS 1.3, the next major version of the TLS protocol, in March 2018, after four years of discussions and 28 protocol drafts. TLS 1.0/1.1 deprecation update "As part of ongoing efforts to modernize platforms, and to improve security and reliability, TLS 1.0 and 1.1 have been deprecated by the Internet Engineering Task Force (IETF) as of March 25, 2021," Apple said. "These versions have been deprecated on Apple platforms as of iOS 15, iPadOS 15, macOS 12, watchOS 8, and tvOS 15, and support will be removed in future releases." The company advised developers whose apps still use the legacy TLS protocols to begin planning for a transition to TLS 1.2 or higher in the near future. For apps using the App Transport Security (ATS) networking security feature on all connections (enabled by default for apps linked against iOS 9.0 or macOS 10.11 SDKs or later), which requires that all connections are secured with reliable TLS certificates and ciphers, no action is required. Apple recommends switching directly to TLS 1.3 as it is a faster and more secure protocol than TLS 1.2 by adding support to the latest TLS version and removing these deprecated Security.framework symbols from apps: tls_protocol_version_t.TLSv10 tls_protocol_version_t.TLSv11 tls_protocol_version_t.DTLSv10 Ongoing effort to move away from outdated traffic encryption protocols Apple's update follows a joint announcement from Microsoft, Google, Apple, and Mozilla from October 2018, saying that the four organizations will start retiring insecure TLS protocols starting with the first half of 2020. In August 2020, Microsoft enabled TLS 1.3 by default in the latest Windows 10 Insider builds. "TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible," Microsoft said. In January, the NSA shared guidance on detecting and replacing outdated Transport Layer Security (TLS) protocol versions with up-to-date and secure variants. "Obsolete configurations provide adversaries access to sensitive operational traffic using a variety of techniques, such as passive decryption and modification of traffic through man-in-the-middle attacks," the NSA said. "Attackers can exploit outdated transport layer security (TLS) protocol configurations to gain access to sensitive data with very few skills required." Apple will disable insecure TLS in future iOS, macOS releases
  6. The feature is back, after missing iOS 15’s launch day SharePlay has returned in the iOS 15.1 beta, according to 9to5Mac, after Apple delayed the major iOS 15 feature to “later this fall” instead of having it launch alongside the OS upgrade as planned. It’s not the only feature that’s hasn’t made it to release yet, but it could be a useful one during the ongoing pandemic — it lets you watch videos, screen share, or listen to music with other people over a FaceTime call. Its existence in Tuesday’s new beta could indicate that it could be coming sooner than later, though that’s not a sure thing. MacRumors reports that the 15.1 beta also lets users add their COVID vaccine card to the Wallet app, once you’ve first added it to Health. Similar to how Google’s version of this feature works, you’ll have to get your vaccine info from your medical provider or your state’s healthcare system before you can add it to your phone. Apple says the feature uses the SMART Health Card format, which is currently supported by a handful of states and some major vaccination providers. The list includes states like California, Hawaii, New York, and Louisiana, as well as pharmacy providers like CVS, Rite Aid, and Walmart, but you can click the link for the full details. As always, check with your local healthcare provider for more info. You can add verified vaccine records from certain health providers. Image: Apple These features showing up in the iOS 15.1 beta don’t necessarily mean they’ll be in the final iOS 15.1 release — after all, SharePlay was introduced during the iOS 15 beta, but was later removed. However, Apple does still say that SharePlay will ship “later this fall,” and there’s only so much time left for that (plus, it would be a bit odd if it was removed from another beta). The vaccine card feature will be included in an “upcoming software update,” according to the company, so it’s possible it’s further out. It also may be a bit before we see iOS 15.1, given that iOS 15 was just released yesterday (iOS 14.1 came about a month after iOS 14). But if this early beta is any indication, it could be bringing some nice new features with it when it does show up. iOS 15.1’s first beta suggests we could see SharePlay soon
  7. WhatsApp multi-device support, which allows you to send and receive WhatsApp messages on your desktop without being connected to your phone, is now available in the stable version of the iOS app. Previously it was only available to WhatsApp Testflight users on iOS, which is an extremely limited and mostly closed group of users. If you have version 2.21.180.14 of the app, you may be offered the prompt to link devices. You can link up to 4 devices, including a macOS/Windows computer, a WhatsApp Web session, or a Portal, but only one, your main device can be a phone. Once linked, you can send messages without your phone needing to be connected to the Internet. The feature may be rolling out gradually to users, so be sure to update your app regularly. via XDA-Dev WhatsApp multi-device support now available on iOS
  8. vissha

    DroidKit 1.0.0.20210528

    Lost your precious photos, important WhatsApp messages, or other valued data? Your phone got frozen, stuck on black screen, touch screen not working, or suffered another system issue? Forgot your lock screen password? Stopped by the FRP lock on your Samsung device? Don't panic. DroidKit is an all-round Android savior that can not only get lost data back to your phone, but also bring your dead phone back to life. Reliable as a pro, yet easy as pie. Save You from Phone Disasters at The Very First Moment - Recover lost photos, WhatsApp chats, messages, and more without root. - Remove lock screen on Android devices and bypass Samsung FRP lock. - Fix system issues and reinstall/upgrade OS for Samsung phones & tablets. - Clear system junk and unneeded files to speed up your phone, all in a tap. - No skills required. Save your data and phone with simple clicks in minutes. Recover Lost Data from Your Phone Instantly without Root DroidKit understands how frustrating it can be when losing data, whether it's precious memories or information that can be used as evidence in court. With the innovative Quick Recovery technique, it performs a fast scan of your phone storage, and salvages photos, WhatsApp chats and files, messages, contacts, and more essential data up to 13 types, covering almost everything you need daily. All Android phones and tablets supported. No root of your device. No tech skills required. No need to wait for days. You can get back what's lost with a few simple clicks, immediately. Go to The Ultimate Solution - Deep Recovery Besides, DroidKit also has the Deep Recovery mode, which makes a more in-depth scan of every corner in your phone storage, to find out all the deleted data that's not been overwritten yet. Built on the unparalleled NO-DATA-LOSS technology, it guarantees the highest success rate in retrieving lost data among the industry. Apart from Phone, You Can Also Retrieve Data from: Google Account Scan and preview your data in Google backups, WhatsApp backups, Google Photos/Contacts/Calendar, and feel free to pick up what you need without full restore. Crashed Phone You can even extract data from a system broken Samsung phone, to your new Android phone or to a computer, at your choice. Formatted SD Card No matter you mistakenly deleted files or formatted the SD card completely, DroidKit can always recover your lost photos, videos, and other files without a hassle. Bring Your Dead Phone Back to Life Right Away More than just rescuing your data, DroidKit rescues your inaccessible device as well, no matter it's crashed or locked. No need to send your phone out for days or even months. Get back a nicely-working device in minutes. Remove Screen Locks of Any Kind Forgot your lock screen password? Fingerprint or face unlock does not work? Not able to enter PIN on a cracked screen? No matter why you're blocked, DroidKit can help you regain access to your phone immediately. It removes all types of screen locks, whether it's PIN, password, pattern, fingerprint, or facial recognition. Samsung, LG, Motorola, and all other Android devices supported. No root required. All you need to do is a couple of clicks. Bypass FRP Lock Easily and Instantly Purchased a second-hand phone with FRP lock on? Accidentally stuck in FRP lock after a factory reset, but forgot the account details? Just bypass it! With the customized solutions designed for each Android version and device model, DroidKit guarantees the highest success rate in the industry. As a non-tech friendly solution, it asks for no tech knowledge or skills at all. You can regain access to your phone instantly without a hitch. Fix All Android OS Issues without Root No matter which type of Android issues you came across, DroidKit can fix it, without rooting your device. It handles all system problems, including black screen, frozen, touch screen not working, apps crashing, camera failed, etc. To ensure you the highest success rate, DroidKit intelligently fixes the issue with a customized solution designed for each Android OS and device model. No technical skills needed. It's easy to revive your phone like a pro right at home. Free Up Space and Speed Up Your Phone in A Click Don't let your device be cluttered up with junk. If you used to spend hours searching for what's eating the phone storage, and decide what's safe to delete, then DroidKit saves all those tedious and risky tasks for you. It smartly finds and categorizes caches, background apps, APK files, and large files on your phone. You can then view the files clearly, and feel free to wipe them all with a click or only those you don't need. No risk of mistakenly deleting system files to cause app crashes or even Android crashes. All Android phones and tablets supported. You'll enjoy a faster device with enough storage for new photos or apps. Version: 1.0.0 - 05.27 2021 Provide 4 data recovery modes: WhatsApp Recovery, Quick Recovery from Device, Deep Recovery from Device, and Data Recovery from SD Card. Support to extract data from 3 types of sources: from a system crashed device, from Google account, and from an SIM card. Unlock all types of screen locks on Android devices, such as PIN, password, pattern, fingerprint ID, face recognition, etc. Bypass FRP lock on any Samsung device running Android 6-10. Fix all Android system issues on any Samsung device. Clear system junk from all Android devices, including cached files, background apps, apk files, and large files. Home: https://www.imobie.com/droidkit/ Changelog & Tech Specs: https://www.imobie.com/droidkit/specs.htm Download - Installer Free Trial: https://www.imobie.com/go/download.php?product=dk PreActivated EXE: Site: https://www.mirrored.to Sharecode: /files/6ZAQ23TS/DroidKit.1.0.0.20210528_PA.rar_links
  9. Microsoft Remote Desktop app has received an update on iOS and Mac. The update brings a large number of fixes and improvements. You can read the full official changelog below. The iOS app for iPad and iPhone has been updated to version 10.3.2 and has the following changelog: Additional two-column thumbnail view for larger iPhones. Revamped PC thumbnail styling. Cleaned up PC bookmark list view (only available on iPhones). Press-and-hold semantics for PC bookmarks and workspace headers. New context menus for interaction with PC bookmarks and workspaces. Ability to duplicate PC bookmarks. Full preview of the PC bookmark thumbnail after a press-and-hold. New pull-down menu for interaction with the Connection Centre. Pull-to-refresh behaviour for subscribed workspaces. Animated sorting of PC bookmarks by name or last connected time. Auto-expanded search field on iPads. The Microsoft Remote Desktop Mac app was updated to version 10.6.8 with the following changelog: In this release we’ve worked through some bugs that were hanging around in our backlog. Some items we addressed include: Added background refresh for subscribed workspaces. Fixed an issue where the session window may jump to another monitor when auto-reconnect kicks in. Fixed an issue where the session window would sometimes be enlarged after connecting. Addressed an issue where the name of a redirected folder would be incorrect in the remote session. Fixed a bug that made it difficult to resize remote app windows. Improved the error messages that are displayed when user accounts fail to update. Fixed an issue where window titles in the list of connected remote apps were blank. Addressed a multimon issue where the mouse cursor shape would not update correctly when dragging between monitors. Added a checkbox to General Preferences to enable/disable Microsoft Teams optimizations. Added UI to report if a remote app could not be launched on the server due to not being on the system allow list. Fixed an issue where the session window could not be made wider when placed at the top or bottom of the screen. Addressed scenarios where the mouse cursor would disappear while connected to a remote PC. Deletion of an Azure Virtual Desktop workspace now correctly removes all associated workspaces. Fixed an issue where adding a folder to redirect to a bookmark would enable the “Add” button with an empty PC name. Addressed an issue where double-clicking the title bar incorrectly stretched the session window. Updated the mouse to change to a hand glyph when hovering over a red input error indicator. Fixed an issue where the session window would flash rapidly in the “Mission Control” or “Application windows” view. In addition, we have continued to make updates to improve connectivity and performance metrics when connecting to Azure Virtual Desktop. Note that by default subscribed workspaces are refreshed every six hours. This interval can be changed using the ClientSettings.WorkspaceAutoRefreshInterval user default (minimum is 30 minutes and maximum is 24 hours). You can download and install the Microsoft Remote Desktop app from the below link. The Mac app can be found here. ‎Remote Desktop Mobile Developer: Microsoft Corporation Price: Free via onMSFT Microsoft Remote Desktop for iOS and Mac updated (changelog)
  10. Microsoft has announced that the Outlook mobile apps for iOS and Android will soon stop synching calendars from Facebook, Meetup, and Evernote. The feature will stop functioning on the 13th of September 2021, and Microsoft will pop up a reminder 2 weeks prior to the feature being disabled. Microsoft is not offering a work-around for this feature at this date. Outlook for iOS and Android to stop syncing with Facebook, Meetup, and Evernote Calendars
  11. Apple says that more than 215,000 iOS apps were blocked by its App Store's App Review team for privacy violations in 2020, while another 150,00 were rejected because they were spamming or misleading iOS users. The company also blocked 48,000 applications from being published on the App Store due to using undocumented or having hidden features. Ninety-five thousand additional apps were also removed from the App Store for using bait-and-switch tactics where new features and capabilities were added to fundamentally change their functionality after being approved. In total, during 2020, almost 1 million problematic new apps and nearly 1 million app updates were removed or rejected by the App Review team — described as "an essential line of defense" — for various reasons and blocked from landing on the App Store. "In just the last few months, for example, Apple has rejected or removed apps that switched functionality after initial review to become real-money gambling apps, predatory loan issuers, and pornography hubs; used in-game signals to facilitate drug purchasing; and rewarded users for broadcasting illicit and pornographic content via video chat," the company said earlier this week. Apple: $1.5 billion in fraud prevented in a year Apple also says that it could protect its customers from $1.5 billion in potentially fraudulent transactions throughout 2020. It also prevented the use of over 3 million stolen cards on Apple's online store platforms and banned roughly 1 million accounts from ever making transactions again. "Financial information and transactions are some of the most sensitive data that users share online. Apple has invested significant resources in building more secure payment technologies like Apple Pay and StoreKit, which are used by more than 900,000 apps to sell goods and services on the App Store," Apple added. "For example, with Apple Pay, credit card numbers are never shared with merchants — eliminating a risk factor in the payment transaction process." Likely a response to Epic Games lawsuit claims While Apple hasn't exactly revealed the reason behind unveiling last year's fraud prevention efforts, the timing suggests that it is linked to its ongoing Epic Games lawsuit. The lawsuit was sparked by Apple removing Fortnite from the App Store in August 2020 after it was 'upgraded' with its own in-app payment system, designed to circumvent Apple's standard 30% fee of all App Store transactions. The presser was most likely issued to shed light on how its payment protection and App Review systems are defending customers and not stifling competition, as Epic Games said in court documents [PDF] filed last year. Epic Games has filed legal papers in response to Apple, read more here: https://t.co/c4sgvxQUvb — Fortnite (@FortniteGame) August 13, 2020 In the antitrust suit filed against Apple, Epic Games is not seeking any damages but only injunctive relief to force Apple to "allow fair competition" on the App Store. Source
  12. Amazon’s free streaming service gets its own dedicated mobile apps Amazon’s free streaming service IMDb TV now has its own dedicated app for the iPhone, iPad, and Android after launching on other major platforms earlier this year. IMDb TV is a dedicated hub for free, ad-supported movies and series as well as its own dedicated originals produced by Amazon Studios. Previously, you could find IMDb TV’s content slate in the primary IMDb app, but a standalone streaming app for the service was not available for iOS and Android. A spokesperson told The Verge the content is still available to stream through IMDb, but the new IMDb TV app was “designed for the streaming experience.” IMDb TV’s content slate is quite good, even if its originals have struggled to make as much of a splash as titles from larger premium services. But if you don’t mind ads, there’s a ton of great stuff to stream for free on the service, including documentaries, sci-fi titles, dramas, and plenty of TV to binge. Mad Men, How to Train Your Dragon, Schitt’s Creek, and Lost are all currently streamable on the service. Plus, through a recently announced deal with Universal, IMDb TV will also exclusively stream some live-action and animated titles from the studio following their release in theaters and a brief pay-one premiere on Peacock. The app was previously made available on the majority of major streaming devices and some smart TVs, including Fire TV, Roku, Xbox, Android TV, Android TV OS devices, newer LG Smart TVs, PlayStation 4, Chromecast with Google TV, and Nvidia Shield. It’s also available as a free channel within the Prime Video experience. IMDb TV app finally arrives on iOS and Android
  13. Google today announced a new update to Google Maps iOS app which brings three new features. First, Google Maps on iOS now supports dark mode. This feature will be rolling out in the coming weeks and you can turn it on by going to Settings > Dark mode > On. Second, Google Maps iOS now has a new nearby traffic widget which will allow you to have a glance exactly what traffic is like from your home screen. With the new Google Maps search widget, you can search for your favorite places or navigate to frequent destinations with just a quick tap. Here’s how you can enable these widgets: From your home screen, touch and hold a widget or an empty area until your apps jiggle. In the upper-left corner, tap the Add button. Search for and tap the Google Maps app. Swipe to select a widget, then tap Add Widget. Tap Done. Third, you can now share your real-time location via iMessage. Tap on the new Google Maps button in iMessage and your location will be shared for one hour by default, with the option to extend up to three days. To end your share, you can tap the “stop” button on the thumbnail. Source: Google Google Maps for iOS gets three new features including the dark mode
  14. Latest iOS Office Insider Preview Build adds a ton of useful new features Microsoft yesterday released a new update for Office for iOS Insiders, adding a ton of new features for Word, Excel, PowerPoint, and Office Mobile. This new Office version 2.52 (21072700) adds a status indicator to AutoSave-enabled files so that users can be confident that their changes are securely saved in the cloud. The new Office build also allows you to download PDFs in Office mobile app so that you can access them offline. The ability to extract text or table content using the Lens camera is another useful feature in this Office Insider build. The latest Office update includes one of the most requested features, which is the ability to reorder scanned documents at the time of capture. With the latest Office update installed, Office users on iPad will also be able to copy all the formatting from one object (cell or range) and apply it to another in a single click. You can learn more about the new features from the official changelog below. Changelog Word, Excel, PowerPoint, and Office Mobile AutoSave status indicator added No one wants to worry about losing their work! That’s why we’ve added a status indicator to any AutoSave-enabled files on iOS. Now the save status is clearly shown beside the file name in the app, so you can be confident that your changes are securely saved in the cloud. Office Mobile Access your PDFs offline You can’t always count on having an online connection to access your information. Now you can download your PDFs in Office Mobile, allowing you to access them when you’re offline. To download the online PDF file to your device, just tap the Cloud icon (to the left of the triple-dot menu indicator). Contextual actions: image to text and table Now you can easily extract text or table content from an image using the Lens camera. To use the feature, launch the Lens camera and tap the new Actions mode. Select the text section of the image, then tap Continue. You can then export the text to Word, copy it, or share it. Handwriting support with Image to Text With this feature, you can now digitize your handwritten notes and take them anywhere on your device. To try the feature out, just tap Actions > Image to Text. (This feature is currently available only in English-language versions of Office Mobile.) Reorder scanned documents One of the top user requests for the scan function in Office Mobile is the ability to reorder scanned documents at the time of capture. Now you can! To try this out, capture some images using the Lens scan, and then tap More > Reorder to place the documents in any order you like. Excel Quickly copy all formatting with Format Painter You asked, we delivered! The Format Painter feature is now available on Excel for the iPad, with the same capabilities as on the desktop. Format Painter enables you to copy all the formatting from one object (cell or range) and apply it to another in a single click. To try it out, select a cell you want to copy all formatting from. Then tap on the Format Painter icon (on the Home tab) and select the cells you want to copy the formatting to. Tap on the icon again to turn the feature off. If you are an Insider, you can download the latest Office app updates on your iOS device and try out these new improvements. Latest iOS Office Insider Preview Build adds a ton of useful new features
  15. Mozilla VPN unveils major security boost Split tunneling is now available in Mozilla VPN on iOS and Android Mozilla VPN users will now be able to choose which apps they want to use the company's VPN service as Mozilla has launched a new split tunneling feature. Since its launch last year, the Firefox maker has added a number of new features to its VPN while also making it available on more platforms and in even more countries. Now as a result of user feedback, Mozilla has added split tunneling to its VPN and this feature allows users to divide their internet traffic by choosing which apps will connect through an encrypted VPN tunnel and which ones will connect to an open network. Split tunneling is available for Mozilla VPN on both iOS and Android and once enabled, users will be able to prioritize how each of their apps connect to the internet when their VPN is turned on. This feature can be quite useful as users can secure apps that manage downloads, file-sharing and browsing with a VPN while still being able to use apps such as Netflix that often block VPN connections. Captive portal In addition to split tunneling, Mozilla recently added a new feature that allows users of its VPN service to connect to public Wi-Fi securely. With a VPN enabled, users may be blocked from seeing a café or public Wi-Fi network's landing page also known as a captive portal which they need to interact with in order to connect. For this reason, Mozilla VPN will now show a notification to let users know that they'll need to turn off their VPN before connecting. Once connected, they'll receive a separate notification letting them know they can now connect using the company's VPN service. Finally Mozilla has announced that it will continue to honor the $4.99 subscription fee for users from the US, Canada, the UK, Singapore, Malaysia and New Zealand that signed up for its VPN service when it first launched last year. However, new customers in these countries that sign up now can still get the same low monthly rate by opting for a 12 month Mozilla VPN subscription. Mozilla VPN unveils major security boost
  16. Microsoft To Do for iOS updated with hashtag picker Microsoft recently released a minor update to the To Do app on Apple App Store. This v2.49 update comes with better support for hashtags. The full changelog reads: We have added a Hashtag Picker. Now, you can quickly add hashtags to your tasks. We fixed some bugs related to attachments and app badges. Microsoft To Do is the task management app that makes it easy to stay organized and manage your life. In February, Microsoft announced the availability of Microsoft To Do widgets for iOS 14 devices. With the new widgets, you can view your to-do lists from your home screen. Microsoft To Do will allow you to add any of the following three types of widgets. Your Tasks Widget My Day Widget Add Task Widget You can download the updated Microsoft To Do app here from Apple App Store. ‎Microsoft To Do Developer: Microsoft Corporation Price: Free via the WC Microsoft To Do for iOS updated with hashtag picker
  17. An explosive spyware report shows limits of iOS, Android security Amnesty International sheds alarming light on an NSO Group surveillance tool. The shadowy world of private spyware has long caused alarm in cybersecurity circles, as authoritarian governments have repeatedly been caught targeting the smartphones of activists, journalists, and political rivals with malware purchased from unscrupulous brokers. The surveillance tools these companies provide frequently target iOS and Android, which have seemingly been unable to keep up with the threat. But a new report suggests the scale of the problem is far greater than feared—and has placed added pressure on mobile tech makers, particularly Apple, from security researchers seeking remedies. This week, an international group of researchers and journalists from Amnesty International, Forbidden Stories, and more than a dozen other organizations published forensic evidence that a number of governments worldwide—including Hungary, India, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates—may be customers of the notorious Israeli spyware vendor NSO Group. The researchers studied a leaked list of 50,000 phone numbers associated with activists, journalists, executives, and politicians who were all potential surveillance targets. They also looked specifically at 37 devices infected with, or targeted by, NSO's invasive Pegasus spyware. They even created a tool so you can check whether your iPhone has been compromised. NSO Group called the research "false allegations by a consortium of media outlets" in a strongly worded denial on Tuesday. An NSO Group spokesperson said, "The list is not a list of Pegasus targets or potential targets. The numbers in the list are not related to NSO Group in any way. Any claim that a name in the list is necessarily related to a Pegasus target or potential target is erroneous and false." On Wednesday, NSO Group said it would no longer respond to media inquiries. NSO Group isn't the only spyware vendor out there, but it has the highest profile. WhatsApp sued the company in 2019 over what it claims were attacks on over a thousand of its users. And Apple's BlastDoor feature, introduced in iOS 14 earlier this year, was an attempt to cut off "zero-click exploits," attacks that don't require any taps or downloads from victims. The protection appears not to have worked as well as intended; the company released a patch for iOS to address the latest round of alleged NSO Group hacking on Tuesday. In the face of the report, many security researchers say that both Apple and Google can and should do more to protect their users against these sophisticated surveillance tools "It definitely shows challenges in general with mobile device security and investigative capabilities these days," says independent researcher Cedric Owens. "I also think seeing both Android and iOS zero-click infections by NSO shows that motivated and resourced attackers can still be successful despite the amount of control Apple applies to its products and ecosystem." Tensions have long simmered between Apple and the security community over limits on researchers' ability to conduct forensic investigations on iOS devices and deploy monitoring tools. More access to the operating system would potentially help catch more attacks in real time, allowing researchers to gain a deeper understanding of how those attacks were constructed in the first place. For now, security researchers rely on a small set of indicators within iOS, plus the occasional jailbreak. And while Android is more open by design, it also places limits on what's known as "observability." Effectively combating high-caliber spyware like Pegasus, some researchers say, would require things like access to read a device's filesystem, the ability to examine which processes are running, access to system logs, and other telemetry. A lot of criticism has centered on Apple in this regard, because the company has historically offered stronger security protections for its users than the fragmented Android ecosystem. "The truth is that we are holding Apple to a higher standard precisely because they're doing so much better," says SentinelOne principal threat researcher Juan Andres Guerrero-Saade. "Android is a free-for-all. I don't think anyone expects the security of Android to improve to a point where all we have to worry about are targeted attacks with zero-day exploits." In fact, the Amnesty International researchers say they actually had an easier time finding and investigating indicators of compromise on Apple devices targeted with Pegasus malware than on those running stock Android. "In Amnesty International's experience there are significantly more forensic traces accessible to investigators on Apple iOS devices than on stock Android devices, therefore our methodology is focused on the former," the group wrote in a lengthy technical analysis of its findings on Pegasus. "As a result, most recent cases of confirmed Pegasus infections have involved iPhones." Some of the focus on Apple also stems from the company's own emphasis on privacy and security in its product design and marketing. "Apple is trying, but the problem is they aren't trying as hard as their reputation would imply," says Johns Hopkins University cryptographer Matthew Green. Even with its more open approach, though, Google faces similar criticisms about the visibility security researchers can get into its mobile operating system. "Android and iOS have different types of logs. It's really hard to compare them," says Zuk Avraham, CEO of the analysis group ZecOps and a longtime advocate of access to mobile system information. "Each one has an advantage, but they are both equally not sufficient and enable threat actors to hide." Apple and Google both appear hesitant to reveal more of the digital forensic sausage-making, though. And while most independent security researchers advocate for the shift, some also acknowledge that increased access to system telemetry would aid bad actors as well. "While we understand that persistent logs would be more helpful for forensic uses such as the ones described by Amnesty International's researchers, they also would be helpful to attackers," a Google spokesperson said in a statement to WIRED. "We continually balance these different needs." Ivan Krstić, head of Apple security engineering and architecture, said in a statement that "Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree the iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data." The trick is to strike the right balance between offering more system indicators without inadvertently making attackers' jobs too much easier. "There is a lot that Apple could be doing in a very safe way to allow observation and imaging of iOS devices in order to catch this type of bad behavior, yet that does not seem to be treated as a priority," says iOS security researcher Will Strafach. "I am sure they have fair policy reasons for this, but it's something I don't agree with and would love to see changes in this thinking." Thomas Reed, director of Mac and mobile platforms at the antivirus maker Malwarebytes, says he agrees that more insight into iOS would benefit user defenses. But he adds that allowing special, trusted monitoring software would come with real risks. He points out that there are already suspicious and potentially unwanted programs on macOS that antivirus can't fully remove because the operating system endows them with this special type of system trust, potentially in error. The same problem of rogue system analysis tools would almost inevitably crop up on iOS as well. "We also see nation-state malware all the time on desktop systems that gets discovered after several years of undetected deployment," Reed adds. "And that's on systems where there are already many different security solutions available. Many eyes looking for this malware is better than few. I just worry about what we'd have to trade for that visibility." The Pegasus Project, as the consortium of researchers call the new findings, underscore the reality that Apple and Google are unlikely to solve the threat posed by private spyware vendors alone. The scale and reach of the potential Pegasus targeting indicates that a global ban on private spyware may be necessary. "A moratorium on the trade in intrusion software is the bare minimum for a credible response—mere triage," NSA surveillance whistleblower Edward Snowden tweeted on Tuesday in reaction to the Pegasus Project findings. "Anything less and the problem gets worse." On Monday, Amazon Web Services took its own step by shutting down cloud infrastructure linked to NSO. Regardless of what happens to NSO Group in particular, or the private surveillance market in general, user devices are still ultimately where clandestine targeted attacks from any source will play out. Even if Google and Apple can't be expected to solve the problem themselves, they need to keep working on a better way forward. This story originally appeared on wired.com. An explosive spyware report shows limits of iOS, Android security
  18. Facebook advertisers are panicking after iOS cuts off key tracking data Facebook’s ads aren’t as effective after iOS privacy changes, advertisers say. Facebook’s ability to track users and show them certain ads appears to be tanking thanks to Apple’s “ask not to track” feature, according to some advertisers. Apple rolled out the privacy prompt in late April with iOS 14.5. Since then, nearly half of all iOS devices worldwide have at least version 14.5 installed, according to Statcounter, and a vast majority of these devices' users have chosen to deny Facebook and other apps the ability to track them. Nearly three months after the feature's launch, just 17 percent of users worldwide have opted in, according to analytics company Flurry. The changes could have a significant effect on Facebook’s bottom line. Eric Seufert, an analyst who writes Mobile Dev Memo, forecasts that if only 20 percent of users consent to tracking, Facebook’s revenue could drop 7 percent in the first full quarter that the opt-in prompt is active (the forthcoming third quarter). The company warned back in February that the iOS changes would curtail its ability to track users across the Internet. “It’s been pretty devastating for, I would say, the majority of advertisers,” Seufert told Bloomberg. “The big question is: Are we seeing just short-term volatility where we can expect a move back to the mean, or is this a new normal?” Enlarge / The Settings menu for managing tracking on a per-app basis in iOS. Samuel Axon It may be some time before advertisers have an answer to that question. Facebook initially appeared to be taking the low opt-in rate in stride, with media buyers not noticing significant changes. But that has apparently changed in recent weeks, with some buyers reporting that ad effectiveness began dropping this month. Some advertisers, like e-commerce sites, appear to be hit particularly hard. Many retailers run software like Shopify, which shares customer data, including details about purchases that customers make on the site, with Facebook. That allows Facebook to refine its “lookalike” audiences, which advertisers buy access to so they can target other people who may be interested in buying the same thing. One way Facebook could deepen its data pipeline would be to deepen its integration in retailer's online stores, which it appears to be doing with the rollout of Facebook Pay for e-commerce platforms like Shopify. Before the new iOS feature was rolled out, media buyers reported that Facebook could capture as much as 95 percent of sales made on their clients’ sites. Now, many media buyers are reporting that Facebook is capturing only 50 percent of sales. One buyer reports that, with one client, just 3 percent of sales are showing up in Facebook’s ad manager. Other people visit e-commerce sites without purchasing anything, and to close the deal, retailers will “retarget” those users, showing them ads on Facebook for an item they viewed but didn’t buy. Those ads aren’t possible when “ask not to track” is enabled. "We believe that personalized ads and user privacy can coexist, without the collateral damage caused by App Tracking Transparency," a Facebook spokesperson told Ars. "We're also working on our own solutions to help businesses and investing in privacy-enhancing technologies designed to minimize the data we process, while still allowing us to show relevant ads and measure ad effectiveness." As users have asked Facebook not to track them, the company’s feedback loop has broken for a portion of its audience, costing it a key source of data. Though iOS doesn’t run on a majority of mobile devices, it does have a significant footprint in some of the world’s largest advertising markets, including the US. The US market is so important to advertisers that Flurry breaks out the country’s iOS tracking opt-in rate separately. Just 10 percent of US users opt in to tracking, compared with 17 percent worldwide. By opting out at such high rates, US iOS users could have a particularly significant impact on Facebook’s revenue. In the US and Canada last year, the company made five times more advertising revenue per user than its worldwide average. What happens to that number in the third quarter will reveal the extent to which tracking opt-out threatens the company’s earnings. Facebook advertisers are panicking after iOS cuts off key tracking data
  19. Google Meet now lets you blur or replace your background on iOS Google rolled out last month the ability to blur or replace video chat backgrounds in Meet on Android. At that time, the search giant vowed to expand the feature to iOS sometime in the future. Today, the search giant made good on its promise as it announced the availability of the feature on Apple's mobile devices. You can now blur or replace your background with any image hand-picked by Google. This includes photos of office spaces, landscapes, and abstract backgrounds, among others. On top of Google's recommended image, you can also set your own photos as your meeting background. This is in contrast to how the feature is implemented in Android, where you can choose only from Google's pre-selected images. That said, the Mountain View-based giant promised to add the ability to select your personal images as your background on Android soon. The feature comes in handy if you want to customize your background or put your messy surroundings out of sight when videoconferencing. And like on Android, you will need to manually switch on the capability on iOS since it's turned off by default. You can head over to Meet's support page to learn how to enable the feature. In terms of compatibility, the feature works only with iPhone 8 and up, iPad 5th generation and up, or iOS 12 and later. It's now available to all Workspace and G Suite Basic/Business customers as well as those who are using personal Google accounts. Google Meet now lets you blur or replace your background on iOS
  20. iOS zero-day let SolarWinds hackers compromise fully updated iPhones Flaw was exploited when government officials clicked on links in LinkedIn messages. The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a “likely Russian government-backed actor” exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn. Moscow, Western Europe, and USAID Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said. The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium—the name the company uses to identify the hackers behind the SolarWinds supply chain attack—first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency’s account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency. The federal government has attributed last year’s supply chain attack to hackers working for Russia’s Foreign Intelligence Service (abbreviated as SVR). For more than a decade, the SVR has conducted malware campaigns targeting governments, political think tanks, and other organizations in countries like Germany, Uzbekistan, South Korea, and the US. Targets have included the US State Department and the White House in 2014. Other names used to identify the group include APT29, the Dukes, and Cozy Bear. In an email, Shane Huntley, the head of Google's Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine. “These are two different campaigns, but based on our visibility, we consider the actors behind the WebKit 0-day and the USAID campaign to be the same group of actors,” Huntley wrote. “It is important to note that everyone draws actor boundaries differently. In this particular case, we are aligned with the US and UK governments' assessment of APT 29.” Forget the sandbox Throughout the campaign, Microsoft said, Nobelium experimented with multiple attack variations. In one wave, a Nobelium-controlled web server profiled devices that visited it to determine what OS and hardware the devices ran on. If the targeted device was an iPhone or iPad, a server used an exploit for CVE-2021-1879, which allowed hackers to deliver a universal cross-site scripting attack. Apple patched the zero-day in late March. In Wednesday’s post, Stone and Lecigne wrote: After several validation checks to ensure the device being exploited was a real device, the final payload would be served to exploit CVE-2021-1879. This exploit would turn off Same-Origin-Policy protections in order to collect authentication cookies from several popular websites, including Google, Microsoft, LinkedIn, Facebook, and Yahoo and send them via WebSocket to an attacker-controlled IP. The victim would need to have a session open on these websites from Safari for cookies to be successfully exfiltrated. There was no sandbox escape or implant delivered via this exploit. The exploit targeted iOS versions 12.4 through 13.7. This type of attack, described by Amy Burnett in Forget the Sandbox Escape: Abusing Browsers from Code Execution, is mitigated in browsers with Site Isolation enabled, such as Chrome or Firefox. It’s raining zero-days The iOS attacks are part of a recent explosion in the use of zero-days. In the first half of this year, Google’s Project Zero vulnerability research group has recorded 33 zero-day exploits used in attacks—11 more than the total number from 2020. The growth has several causes, including better detection by defenders and better software defenses that require multiple exploits to break through. The other big driver is the increased supply of zero-days from private companies selling exploits. “0-day capabilities used to be only the tools of select nation-states who had the technical expertise to find 0-day vulnerabilities, develop them into exploits, and then strategically operationalize their use,” the Google researchers wrote. “In the mid-to-late 2010s, more private companies have joined the marketplace selling these 0-day capabilities. No longer do groups need to have the technical expertise; now they just need resources.” The iOS vulnerability was one of four in-the-wild zero-days Google detailed on Wednesday. The other three were: CVE-2021-21166 and CVE-2021-30551 in Chrome CVE-2021-33742 in Internet Explorer The four exploits were used in three different campaigns. Based on their analysis, the researchers assess that three of the exploits were developed by the same commercial surveillance company, which sold them to two different government-backed actors. The researchers didn’t identify the surveillance company, the governments, or the specific three zero-days they were referring to. Representatives from Apple didn’t immediately respond to a request for comment. iOS zero-day let SolarWinds hackers compromise fully updated iPhones
  21. Apple’s latest iOS and macOS betas undo some of Safari’s controversial new design A more consistent design Apple has released its third developer betas for the upcoming iOS 15 and macOS Monterey, and they bring some much-needed fixes to Safari — namely, undoing some of the more controversial changes introduced in the earlier betas. For macOS, that means a normal tab bar that goes back to the previous design, while iOS is getting a more consistent design when it comes to the URL bar. iOS 15 is still sticking with its new tab view and the moved URL bar on the bottom of the display, but the latest beta docked it there permanently, instead of bouncing it to the top of the screen when you selected it. Apple’s also added a new refresh option to the pop-over menu when you tap and hold the URL bar. Together, the changes help make the new design a lot more cohesive to use. The change to macOS is simpler: Apple seems to have just brought back part of its Big Sur design for Safari’s URL bar and tabs, ditching the combined tab/URL bar setup that it debuted in the earlier betas. In the latest beta, there’s once again a URL bar that lives at the top of each Safari menu, with a row of tabs beneath it. Each of those tabs still takes up a decently large piece of real estate — the overall Monterey design is the same in that regard — but it’s definitely an improvement over the original betas. That said, if you preferred the new design, that’s still an option too, according to 9to5Mac. Unchanged, at least for now, is the iPadOS version of Safari. Given that Apple isn’t expected to fully release its latest OS updates until the fall, though, there’s still plenty of time for additional changes to Safari across all of Apple’s platforms. Apple’s latest iOS and macOS betas undo some of Safari’s controversial new design
  22. All the New Privacy and Security Features Coming to iOS and macOS Improvements designed to keep your email private, crack down on data stealing apps, and help you find lost devices are on their way. As it does every year, Apple has used its Worldwide Developers Conference (WWDC) to show off some of the changes coming to its software this year—and, unsurprisingly given Apple's track record, privacy and security are top of the agenda once more. The iOS 15 update for your iPhone and macOS 12 Monterey update for your Mac will arrive later in the year, along with improvements designed to keep your data and your devices safe from harm. A lot of these upgraded privacy and security features are due to be applied across both operating systems together. One of the apps getting a lot of attention this time around is Mail, Apple's default email client on mobile and desktop. A new feature called Mail Privacy Protection takes aim at the tracking pixels embedded in a lot of emails—when you open your messages, these pixels are loaded, and can filter back information such as your location and your choice of software platform back to the sender. Marketers, newsletter writers, and plenty of people in between use these tracking pixels to see how many people open their messages, but Mail Privacy Protection stops this data gathering. It won't be turned on by default, but it will be highlighted as an option when you upgrade to iOS 15 and macOS 12 Monterey. Also, because tracking pixels are just images, this protection applies to all remote-loading images in email. They're not “blocked” exactly, but routed through a relay that strips out that data gathering but intended to preserve your end experience. Similarly, Apple is enabling you to keep a closer eye on the apps you've installed with these software updates too. Through a feature called App Privacy Report, you'll be able to see how many times an app has accessed your location, photos, camera, microphone, and contacts during the last week. App Privacy Report tells you more about what your apps are up to. Photograph: Apple If you're wondering whether an app really needs the permissions that it's asking for, this Privacy Report should be able to tell you. The report will also list the domains the app is in contact with, and how often, giving users a better idea of just how much data grabbing and transmitting it's doing. As for Apple's digital assistant, Siri, more of the speech recognition work and command processing is going to be done on your specific device. This reduces the amount of data sent back to Apple and stored in the cloud, and meaning it's less likely that somebody else could be listening in, even if all you mostly do is check the weather, set alarms, and add items to your to-do list. Another new feature with a new name is iCloud+. If you pay for iCloud storage, then you're going to get iCloud+ along with it. The key tool here is iCloud Private Relay, Apple's take on a somewhat simpler VPN: It encrypts and routes your web traffic through a series of different locations, much like a VPN, keeping your location private and your data protected from eavesdroppers. There are two key stages in this rerouting, one of which is managed by Apple that encrypts your URL and deletes identifying data like your IP address, and a second one that is managed by what Apple calls a "trusted content provider." Those providers, yet to be identified publicly, will be a series of companies that will be responsible for assigning you a temporary IP address that's similar to your region and changes periodically, and then decrypting your URL so it can send you on to your destination site or service. The idea is that no one, not even Apple, can piece together the whole chain and figure out what you're accessing on the internet. Another part of iCloud+ is Hide My Email, which takes an idea from the Sign In With Apple service. It enables you to generate an unlimited number of unique, random email addresses for the purposes of signing up to new apps and services: Messages sent to these addresses will still come through to your main email addresses, but you can trash them any time you like to cut off communications. The feature will be built right into Mail, iCloud, and Safari. Gmail users can do this by adding qualifiers to their addresses (for example, setting up "[email protected]" for all your newsletter subscriptions, and filtering them to a folder for future reading, or to the trash when you have too many.) Hide My Email keeps your main email address well protected. Photograph: Apple The final part of iCloud+ is HomeKit Secure Video, which offers encrypted, secure storage for footage from your home security cameras. It also ensures any smart recognition processing is done locally, rather than being sent to the cloud. HomeKit Secure Video is actually already available, but more users will get access to it with iCloud+. Meanwhile, Apple Wallet is expanding its reach, and in "participating states" will be able to store your driver's license or state ID, in an encrypted and secure form. Apple says that it's working with the US Transportation Security Administration to get these digital IDs supported at airports by the time that iOS 15 rolls out. The future Apple Wallet will also have the capacity to support a broader range of digital keys too, from home keys to office keys to car keys. Of course, these are going to need to be supported by your door lock manufacturer, employer, or car maker before you can use them. There will also be a new set of functions in the Find My app when iOS 15 lands later this year. The app will be able to detect iPhones even if they're turned off or have been factory reset—they will continue to transmit a very low-power Bluetooth signal, a bit like an AirTag does, so you have more of a chance of recovering your Apple device if it goes lost or gets stolen. A host of smaller privacy and security updates are going to roll out with these updates as well, including a more secure form of copy and paste (to limit what apps can see on your clipboard), and an indicator in macOS 12 Monterey to tell you which apps are using your microphone or camera (as already happens in iOS.) All the New Privacy and Security Features Coming to iOS and macOS (may require free registration)
  23. Microsoft’s latest iOS Office Insider Preview build brings new features Microsoft has released a new update for Office for iOS Insiders. This version 2.50(21060200) adds a couple of new features for Word, Excel, PowerPoint. With the latest version installed, you’ll be able to use animated to 3D models in Office to create highly immersive documents. The new Office update will also let iOS users play GIFs in documents, worksheets, or presentations. You can read the full official changelog below. Changelog Word, Excel, PowerPoint Bring documents to life with 3D animations Animated 3D models can help you get creative, elevate your storytelling, and create highly immersive documents. Previously, 3D animations were static on iOS; now they’ve been brought to life with buttery-smooth animation playback. To try them out, open a file with an animated 3D model on your iPhone or iPad. Use the onscreen controls to play and pause the model and rotate it in 3D with animation. Play GIFs You asked for it! Up until now, even when your documents, worksheets, or presentations contained animated GIFs, they would only appear as static images. Now you can use the onscreen controls to play and pause your animated GIFs, enlivening any document or presentation. If you are an Insider, you can download the latest Office app updates on your iOS device and try out these new improvements. Microsoft’s latest iOS Office Insider Preview build brings new features
  24. Microsoft is improving the Large Gallery view in Microsoft Teams for iOS and Android Microsoft has announced that it will be improving the “Large Gallery” layout for meetings on Teams mobile. The view will become mobile-optimised, letting you easily swipe through all the participants in a meeting. The view now supports up to 10 participants per page on both phones and tablets. The improvement is coming to both iOS and Android, but only iOS devices with iOS 13 and above and Android devices with Android 9 or with 4GB of RAM and above will benefit, with handsets with the older version of the OS seeing the earlier experience. The update will be rolling out on the Teams iOS and Android app starting in mid-June and the rollout is expected to be completed in late July. Microsoft is improving the Large Gallery view in Microsoft Teams for iOS and Android
  25. Apple expanding ‘Air Quality’ Weather app feature to more countries with iOS 14.7 One of the new features introduced with iOS 14 last year was the ability to see Air Quality in the Weather app, but this is restricted to only a few regions. However, with the first beta of iOS 14.7, the company is finally expanding this feature to more countries. As reported by multiple users on Reddit and Twitter, iOS 14.7 beta 1 brings the Air Quality feature in the iPhone Weather app to more regions. This includes cities in the Netherlands, France, Italy, and Spain. Other comments also mention that the feature is working in Canada as well. In the United States, the measurement of air quality is based on an Air Quality Index (AQI) that ranges from 0 to 500, where lower numbers represent better air quality and higher numbers are considered unhealthy. This information is displayed in a colored bar within the Weather app on the iPhone, and is also shown on Apple Maps. iOS 14.7 isn’t exactly a major update, but it does bring a great new feature for HomePod users, who can now set and stop timers using the Home app on the iPhone, iPad, and Mac. It’s unclear, however, when this update will become available to the public. Something that’s new in iOS 14.7 for Canada Air quality index in weather apps pic.twitter.com/D4FG8oM7oz — John Ee (@heyJohnEe) May 19, 2021 Source: Apple expanding ‘Air Quality’ Weather app feature to more countries with iOS 14.7
×
×
  • Create New...