Apple's M1 chips have an "unpatchable" hardware vulnerability that could allow attackers to break through its last line of security defenses, MIT researchers have discovered. TechCrunch reports: The vulnerability lies in a hardware-level security mechanism utilized in Apple M1 chips called pointer authentication codes, or PAC. This feature makes it much harder for an attacker to inject malicious code into a device's memory and provides a level of defense against buffer overflow exploits, a type of attack that forces memory to spill out to other locations on the chip. Researchers from MIT's Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows that pointer authentication can be defeated without leaving a trace, and as it utilizes a hardware mechanism, no software patch can fix it.

The attack, appropriately called "Pacman," works by "guessing" a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn't been maliciously altered. This is done using speculative execution -- a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation -- to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct. What's more, since there are only so many possible values for the PAC, the researchers found that it's possible to try them all to find the right one.

Apple announced on Friday that it's once again updated its rules about how Dutch dating apps can use third-party payment systems, after the company had "productive conversations with the Netherlands Authority for Consumers and Markets (ACM)." From a report: The updated rules give developers more flexibility about which payment systems they use, change the language users see when they go to pay, and remove other restrictions that the previous rules put in place. While the rules aren't wide-reaching (again, they only apply to Dutch dating apps), they do show what Apple's willing to do to comply with government regulation -- which it could be facing a lot more of as the EU and US gear up to fight tech monopolies, and potentially even force the company to ditch the iPhone's Lightning port.

In December the ACM announced a ruling that Apple had to let dating apps use payment services besides the one built into iOS, after the regulator received a complaint from Match Group, the company behind dating services like Tinder, Match.com, and OkCupid. Since then, Apple has proposed a variety of solutions for complying with the order, which the regulator has said aren't good enough. In May, the ACM said that Apple's most recent rules, the ones prior to the Friday update, were improvements over its past ideas, but that they still didn't comply with Dutch and European laws. There's been increasing pressure for Apple to comply: even while the company works on changes, it's been racking up tens of millions of Euros in fines.

The UK's Competition and Markets Authority (CMA) has concluded that Google and Apple "hold all the cards" when it comes to mobile phones a year after taking a closer look at their "duopoly." It's now consulting on the launch of a market investigation into the tech giants' market power in mobile browsers, as well as into Apple's cloud gaming restrictions. From a report: In addition, the CMA has launched a separate investigation into Google's Play Store rules -- the one that requires certain app developers to use the tech giant's payment system for in-app purchases, in particular. The CMA has concluded after its year-long study that the tech giants do indeed exhibit an "effective duopoly" on mobile ecosystems. A total of 97 percent of all mobile web browsing in the UK is powered by Apple's and Google's browser engines. iPhones and Android devices typically come with Safari and Chrome pre-installed, which means their browsers have the advantage from the start. Further, Apple requires developers to make sure their iOS and iPadOS apps are using its WebKit engine to browse the web. That limits the incentives Apple may have to invest in Safari, the CMA said.

Apple plans to expand the lineup of laptops using its new, speedier in-house chips next year, aiming to grab a bigger share of the market, Bloomberg News reported Thursday, citing people with knowledge of the matter said. From the report: The company is working on a larger MacBook Air with a 15-inch screen for release as early as next spring, said the people, who asked not to be identified because the plans aren't public. This would mark the first model of that size in the MacBook Air's 14-year history. Apple is also developing what would be its smallest new laptop in years. The new models underscore Apple's strategy to use homegrown processors to make gains in a market led by Lenovo and HP. The company began splitting from longtime partner Intel in 2020 and announced its latest chip, the M2, at a developers conference earlier this week. Better performance and new designs have helped spur a resurgence for the Mac lineup, which accounts for about 10% of Apple's sales.

An anonymous reader quotes a report from TechCrunch: A new security feature in Apple's upcoming macOS 13 Ventura will automatically block new USB-C devices from communicating with the operating system until the accessory can be approved by the user. Apple dropped details of the new security feature in its release notes, which appears to be aimed at protecting newer Apple laptops that run its bespoke M1 or M2 chips from potentially malicious accessories.

According to Apple's description, the feature will be enabled by default and will require the user to approve a USB-C accessory before it can talk to the operating system -- essentially an on-screen pop-up asking the user for permission. Apple says this doesn't apply to power adapters, standalone displays, and connections to an approved hub -- and devices can still charge even if you don't approve the accessory. Apple says that accessories that are already connected will automatically work when updating to the new macOS software.

An anonymous reader quotes a report from Ars Technica: One of the few things that Intel Macs can do that Apple Silicon Macs can't is run operating systems written for Intel or AMD processors inside of virtual machines. Most notably, this has meant that there is currently no legal way to run Windows on an Apple Silicon Mac. Apple Silicon Macs can, however, run operating systems written for Arm processors inside of virtual machines, including other versions of macOS and Arm-compatible versions of Linux. And those Linux VMs are getting a new feature in macOS Ventura: the ability to run apps written for x86 processors using Rosetta, the same binary translation technology that allows Apple Silicon Macs to run apps written for Intel Macs.

Apple's documentation will walk you through the requirements for using Rosetta within a Linux guest operating system -- it requires creating a shared directory that both macOS and Linux can access and running some terminal commands in Linux to get it set up. But once you do those steps, you'll be able to enjoy the wider app compatibility that comes with being able to run x86 code as well as Arm code. Some developers, including Hector Martin of the Asahi Linux project and Twitter user @never_released, have already found that these steps can also enable Rosetta on non-Apple ARM CPUs as long as they're modern enough to support at least version 8.2 of the Arm instruction set. As Martin points out, this isn't strictly legal because of macOS's licensing restrictions, and there are some relatively minor Apple-specific hardware features needed to unlock Rosetta's full capabilities.

Apple announced some major new features for Mail that finally bring the email app closer to parity with Gmail and other popular email clients. From a report: Perhaps the most useful will be an undo send feature, which will let you call back an email within 10 seconds of hitting the send button. A "remind me" feature will let you set a time for an email to come back to the top of your inbox. A new scheduled send feature that allows you to specify exactly when an email should go out. And Mail will even tell you when it thinks you've forgotten to include an attachment.

The European Commission, the executive arm of the European Union, is going to force smartphone manufacturers like Apple and other electronics makers to equip their devices with a standard USB-C charging port. From a report: EU lawmakers on Tuesday agreed to a single mobile charging port for mobile phones, tablets and cameras. It means equipment makers will have to comply with the new terms by 2024. "We have a deal on the #CommonCharger!" EU commissioner Thierry Breton said via Twitter. The legislation is designed to cut waste and make life easier for consumers who would theoretically be able to use one charger for multiple devices. It could have a huge impact on Apple, as the company still uses its own Lightning connector to charge iPhones. The company has recently equipped iPads and MacBooks with USB-C ports. Apple did not immediately respond to a CNBC request for comment. However, a spokesperson for the company said last September that the firm stands for "innovation and deeply cares about the customer experience."

An anonymous reader quotes a report from CNET: The next generation of CarPlay will be compatible with a variety of aspect ratios -- from portrait to landscape -- and can even adapt to multidisplay dashboards, including vehicles with digital instrument clusters or with ultrawide pillar-to-pillar displays. CarPlay will be more integrated with all the host vehicle's systems. Beyond its current navigation and media consumption functionalities, Apple CarPlay will handle traditional instrumentation like speedometer, tachometer, temperature gauges and fuel or EV battery level displays. Users will be able to adjust their climate controls, activate seat heaters, monitor air quality and even tie into Apple's smart home technologies directly from the CarPlay interface.

As with the next generation of iOS on the phone, Apple is also giving CarPlay users the ability to customize how CarPlay looks with selectable themes, backgrounds and widgets. From loud pink analog-style gauges to slick numerical displays and bar graphs, CarPlay will be able to match a wide range of vehicle interior designs and personal aesthetic tastes. Perhaps most interestingly, Apple says that this new full-fat approach to CarPlay as a complete vehicle interface will continue to be powered entirely by the connected iPhone, giving Apple an unprecedented amount of control over the vehicle's operation as well as access to data generated by each host vehicle. According to Apple, the first vehicles to support the new CarPlay update should be announced in late 2023. It lists Acura, Audi, Ford, Honda, Jaguar-Land Rover, Lincoln, Mercedes-Benz, Nissan, Porsche, Volvo and Polestar as partners that are "excited to bring this new vision of CarPlay to customers."

At this year's WWDC, Apple announced a surprising new system coming to its Metal 3 gaming API that may sound familiar to PC gamers: MetalFX Upscaling. Ars Technica reports: The system will leverage Apple's custom silicon to reconstruct video game graphics using lower-resolution source images so that games can run more efficiently at lower resolutions while looking higher-res. This "temporal reconstruction" system sounds similar to existing offerings from AMD (FidelityFX Super Resolution 2.0) and Nvidia (Deep Learning Super-Sampling), along with an upcoming "XeSS" system from Intel. Based on how the system is described, it will more closely resemble AMD's system, since Apple has yet to announce a way for MetalFX Upscaling to leverage its custom-made "Neural Engine" system.

By announcing this functionality for some of the world's most popular processors, Apple is arguably letting more game developers build their games and engines with image reconstruction -- even if MetalFX Upscaling isn't open source, unlike AMD's FSR 2.0 system. Still, these image reconstruction systems typically have temporal anti-aliasing (TAA) in common. So long as game devs keep that kind of anti-aliasing in mind with their games and engines, they'll be more likely to take advantage and thus run more efficiently on a wide range of consoles, computers, and smartphones. The report notes that Metal 3 also includes "a new 'resource-loading' API designed to streamline asset-loading processes in video games." The same Metal 3 API benefits will also come to iPadOS 16 later this year.

Apple brought its iPad tablet a bit closer to the Mac computers in spirit on Monday at WWDC 2022, announcing new features for its iPadOS 16 software that add better multitasking features. From a report: The new changes to the iPad represent another key shift to the device, aiming to advance the "pro" capabilities of Apple's tablets. While Apple's added to the power and capabilities of its iPads, the software has been criticized by many reviewers, including us at CNET, for not offering enough functionality. [...] Apple also has a collaborative workspace app called Freeform, coming later this year, that will work like a giant whiteboard. Invited collaborators could can start adding stuff at the same time.

iPadOS 16 is also aiming to make better use of more advanced iPads that feature Apple's M1 chip. Metal 3 promises better graphics, but Apple's also aiming to add more desktop-like features in apps: Some will have customizable toolbars, and the Files app looks like it's finally getting a little more versatile for file management. M1 iPads are getting display scaling to create an effectively larger-feeling display, allowing more app screen space (but with smaller text and images). There's also free-form window resizing, along with external display support. Both features have been overdue on iPadOS. Stage Manager, a MacOS feature that's coming later this year, is also on iPadOS. The result looks to be windows that can overlap and be different sizes, just like a Mac.

Apple demonstrated "passkeys" at WWDC 2022, a new biometric sign-in standard that could finally kill off the password for good. TechCrunch reports: Passkeys are based on the Web Authentication API (WebAuthn), a standard that uses public-key cryptography instead of passwords for authenticating users to websites and applications, and are stored on-device rather than on a web server. The digital password replacement uses Touch ID or Face ID for biometric verification, which means that rather than having to input a long string of characters, an app or website you're logging into will push a request to your phone for authentication.

During its WWDC demo of the password-free technology, Apple showed how passkeys are backed up within the iCloud Keychain and can be synced across Mac, iPhone, iPad and Apple TV with end-to-end encryption. Users will also be able to sign in to websites and apps on non-Apple devices using an iPhone or iPad to scan a QR code and Touch ID or Face ID to authenticate. "Because it's just a single tap to sign in, it's simultaneously easier, faster and more secure than almost all common forms of authentication today," said Garrett Davidson, an Apple engineer on the Authentication Experience team.

At its WWDC event today, Apple previewed several new features coming with iOS 16, which will debut this fall after spending the summer in beta testing. An anonymous reader quotes a report from The Verge: The lock screen is at the center of Apple's iOS 16 updates, starting with the ability to customize fonts and colors used. It will be possible to add widgets and configure multiple lock screens that you can switch between by swiping across the screen. Different focus modes can also be assigned to different lock screens. Apple-supplied wallpapers get a refresh too, with animated and Pride-themed choices. Notifications appear on the lock screen differently, too. Instead of piling up across the screen, they "roll in" at the bottom of the screen. There's also a "live activities" feature to display notifications associated with an event like an Uber ride or sporting event in a single tile. There's a major update coming to messages, too: iOS 16 adds the ability to edit typos out of sent messages, recall messages that you didn't mean to send, and the ability to mark a message thread as unread so you can come back to it later. SharePlay is also coming to messages.

Apple's powerful Live Text feature will be coming to video. Additionally, there will be more actions available when you use Live Text in photos or videos. Wallet gets some expanded features too, with a way to share saved IDs securely by supplying only necessary information. It'll be easier to share saved keys, too. Apple Pay gets a new "Pay Later" feature, adding the option to split a bill into four equal payments without interest or fees. Apple Maps will get multi-stop routing in iOS 16, and six more cities will be added to the "detailed city experience" introduced in iOS 15. Apple is also adding shared iCloud photo libraries, in an effort to make it easier to share certain photos across family and friends' accounts. Up to six users can access a shared library. Photos will include sharing suggestions, and image edits and keywords will be synced for all users. There's also a new feature called Safety Check, which is aimed to protect people in abusive situations. It allows you to easily revoke access to certain information, like location, that you may have shared with someone else previously. In order to download iOS 16, you'll need an iPhone 8 or later, meaning Apple is "more or less ending support for the iPhone 6S, iPhone 7, and original iPhone SE," reports The Verge.

As expected, Apple has used the stage at its WWDC 2022 keynote to reveal the features and changes coming to macOS in the next major software update for the platform, macOS 13 Ventura. From a report: Ventura's headlining feature is a new multitasking interface called Stage Manager. It's being billed as a way to fight window clutter on a busy desktop -- enter Stage Manager mode, and one of your windows floats to the center of the screen, pushing your other windows into a compressed navigation column on the left of the screen. Click a different app window on the left, and it will fly to the center of the screen, knocking the app you were using before into the navigation column. Spotlight also gets some handy quality-of-life updates, adding the ability to Quick Look search results directly from the Spotlight window, and the ability to run Shortcuts from within Spotlight.

Safari picks up the ability to share groups of tabs with other users, letting all users add and remove tabs. The browser is also adding a FIDO-compliant security technology called PassKeys, which aim to replace passwords with cryptographically generated keys that sync between devices using iCloud Keychain. Sites that support PassKeys can be opened using TouchID or FaceID. Apple's cross-device Continuity features were also updated. FaceTime calls can be handed off seamlessly between different Macs and iDevices, while Continuity Camera allows you to use an iPhone as a webcam (your iPhone's LED can even be used as a makeshift ring light). Continuity Camera supports Center Stage and Portrait Mode effects, too, though presumably they will require newer iPhones with hardware that supports those features.

Apple's WWDC isn't an event that traditionally packs in several hardware announcements, but nevertheless, a new MacBook Air took the stage during the keynote. From a report: The new 2022 model has been designed around the more powerful M2 processor, and its design comes closer to that of the 14-inch MacBook Pro, with a more squared-off look than the traditional wedge shape. It features MagSafe charging, two Thunderbolt ports, and a headphone jack. It's 11mm thick and comes in at 2.7 pounds. It will be available in silver, space grey, and new "starlight" gold and "midnight" blue colors. This MacBook Air will be available in July starting at $1,199. The M1-based Air will continue to be available for $999.

The 2022 MacBook Air features a larger 13.6-inch display with smaller bezels surrounding it. Apple says it has 500 nits of peak brightness. It features a silent, fan-less design, which is impressive given the performance gains that Apple is claiming to squeeze from the M2. Apple says that it's 40-percent faster than the previous model, but that performance boost likely varies depending on the app.

Apple today announced a major update to Apple Pay, called Apple Pay Later, which will allow users to split the cost of an Apple Pay purchase into four equal payments without interest or late fees. From a report: The new financial product -- which was rumored ahead of its debut at Apple's 2022 Worldwide Developers Conference -- marks Apple's move into the enormous and growing buy now, pay later industry. Apple Pay Later is available everywhere Apple Pay is available, both in apps and on the web -- it requires no additional integration from the developer or merchant side. Upcoming payments are made, and can be tracked or managed, through Apple Wallet on iOS.

Last summer Chinese market analyst Ming-Chi Kuo reported the iPhone 13 would include satellite communication capability, remembers long-time tech pundit Robert Cringley, who adds that the prediction was denied by Apple. "This, in itself, was weird because Apple generally doesn't react to rumors. But beyond the mere reaction, the way Apple responded to Ming's prediction was especially odd." An unattributed leak from Cupertino said that the iPhone 13 definitely would not include satellite communication capability. And even if some iPhone could communicate with satellites, the leak continued, it wouldn't be offering satellite voice service (which Ming had mentioned), limiting iPhones to satellite text or iMessage.... This was making less and less sense, but it clearly meant there was something happening.

Then came the iPhone 13 launch and Ming was wrong for a change — no satellite communications. So the Cupertino rumor mill went about its business, Ming's satellite rumor apparently forgotten.

But not by me....
And this leads Cringley to another prediction of his own: I am convinced an announcement will be coming soon. Apple will shortly enter the satellite business by acquiring GlobalStar and its 24 satellites. They will use those 24, plus 24 more satellites that Apple has already commissioned, to offer satellite service for iMessage and Apple's Find My network just like they implied in their denial last year.

These apps are proxies for Apple entering — and then dominating — the Internet of Things (IoT) business. After all, iPhones will give them 1.6 billion points of presence for AirTag detection even on sailboats in the middle of the ocean — or on the South Pole.

IoT is already a big business that is going to get even bigger even faster because of Apple. Adding that satellite connection to iMessage and Find My offers the possibility of ubiquity for IoT, though only on Apple's network. Ubiquity (being able to track anything in near real time anywhere on the planet) signals the maturity of IoT, turning it quickly into a $1 TRILLION business — in this case Apple's $1 TRILLION business....

While Apple's stated goals will be only iMessage and Find My, followed by IoT, in the longer run Cupertino plans to dis-intermediate the mobile carriers — becoming themselves a satellite-based global phone and data company. That will require shifting over additional Globalstar bandwidth plus launching another 300-600 satellites, so it is several years away but IS coming. Apple will compete not just with every other mobile carrier including Cupertino's own customers, they will also compete with satellite Internet providers like Starlink, OneWeb, and Amazon's Kuiper. Apple can compete with Starlink with so many fewer satellites because GlobalStar has vastly more licensed spectrum than does SpaceX, which has to reuse the same spectrum over and over again with thousands of satellites.

EU countries and EU lawmakers are set to agree on a common charging port for mobile phones, tablets and headphones on June 7 when they meet to discuss a proposal that has been fiercely criticised by Apple, Reuters reported Friday, citing people familiar with the matter said. From the report: The proposal for a single mobile charging port was first broached by the European Commission more than a decade ago after iPhone and Android users complained about having to use different chargers for their phones. The former is charged from a Lightning cable while Android-based devices are powered using USB-C connectors. The trilogue next Tuesday will be the second and likely the final one between EU countries and EU lawmakers on the topic, an indication of a strong push to get a deal done, the people said.

Older iPads with the Apple A7- and A8-based chips may soon be able to run Linux. "Developer Konrad Dybcio and a Linux enthusiast going by "quaack723" have collaborated to get Linux kernel version 5.18 booting on an old iPad Air 2, a major feat for a device that was designed to never run any operating system other than Apple's," reports Ars Technica. From the report: The project appears to use an Alpine Linux-based distribution called "postmarketOS," a relatively small but actively developed distribution made primarily for Android devices. Dybcio used a "checkm8" hashtag in his initial tweet about the project, strongly implying that they used the "Checkm8" bootrom exploit published back in 2019 to access the hardware. For now, the developers only have Linux running on some older iPad hardware using A7 and A8-based chips -- this includes the iPad Air, iPad Air 2, and a few generations of iPad mini. But subsequent tweets imply that it will be possible to get Linux up and running on any device with an A7 or A8 in it, including the iPhone 5S and the original HomePod.

Development work on this latest Linux-on-iDevices effort is still in its early days. The photos that the developers shared both show a basic boot process that fails because it can't mount a filesystem, and Dybcio notes that basic things like USB and Bluetooth support aren't working. Getting networking, audio, and graphics acceleration all working properly will also be a tall order. But being able to boot Linux at all could draw the attention of other developers who want to help the project.

Compared to modern hardware with an Apple M1 chip, A7 and A8-powered devices wouldn't be great as general-purpose Linux machines. While impressive at the time, their CPUs and GPUs are considerably slower than modern Apple devices, and they all shipped with either 1GB or 2GB of RAM. But their performance still stacks up well next to the slow processors in devices like the Raspberry Pi 4, and most (though not all) A7 and A8 hardware has stopped getting new iOS and iPadOS updates from Apple at this point; Linux support could give some of these devices a second life as retro game consoles, simple home servers, or other things that low-power Arm hardware is good for. Further reading: Linux For M1 Macs? First Alpha Release Announced for Asahi Linux

An anonymous reader quotes a report from 9to5Mac: Apple Museum of Poland is now open, boasting to be the "biggest and most complete" collection in the world. With over 1,600 exhibits, the museum is the result of years of dedication from Polish collector and architect Jacek Lupina and spans the company's 46-year history. The Apple Museum, located in a former metalworking factory in Warsaw, features a replica of the Apple 1 at its entrance. Released in 1976, the Apple 1 was the first personal computer that Steve Jobs and Steve Wozniak sold. Additionally, the motherboard of the museum's Apple 1 replica includes a signature from Steve Wozniak himself.

Lupina's goal is to showcase how far the company has come and how much things have changed in over four decades. [...] While there's a lot to show, the Apple Museum isn't holding all exhibits at once as it is rotating subjects periodically. The collection exhibits Apple, Macintosh, and NeXT computers as well as iPhones, iPods, and iPads. Also, on the walls, there are vintage advertisements like the well-known "Think Different" campaign from 1997.