Meta, in a blog post: To comply with evolving European regulations, we are introducing a new subscription option in the EU, EEA and Switzerland. In November, we will be offering people who use Facebook or Instagram and reside in these regions the choice to continue using these personalised services for free with ads, or subscribe to stop seeing ads. While people are subscribed, their information will not be used for ads.

People in these countries will be able to subscribe for a fee to use our products without ads. Depending on where you purchase it will cost $10.5/month on the web or $13.75/month on iOS and Android. Regardless of where you purchase, the subscription will apply to all linked Facebook and Instagram accounts in a user's Accounts Center. As is the case for many online subscriptions, the iOS and Android pricing take into account the fees that Apple and Google charge through respective purchasing policies.

Dan Goodin reports via Ars Technica: Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised. Despite promises that this never-changing address would be hidden and replaced with a private one that was unique to each SSID, Apple devices have continued to display the real one, which in turn got broadcast to every other connected device on the network. [...]

In 2020, Apple released iOS 14 with a feature that, by default, hid Wi-Fi MACs when devices connected to a network. Instead, the device displayed what Apple called a "private Wi-Fi address" that was different for each SSID. Over time, Apple has enhanced the feature, for instance, by allowing users to assign a new private Wi-Fi address for a given SSID. On Wednesday, Apple released iOS 17.1. Among the various fixes was a patch for a vulnerability, tracked as CVE-2023-42846, which prevented the privacy feature from working. Tommy Mysk, one of the two security researchers Apple credited with discovering and reporting the vulnerability (Talal Haj Bakry was the other), told Ars that he tested all recent iOS releases and found the flaw dates back to version 14, released in September 2020. "From the get-go, this feature was useless because of this bug," he said. "We couldn't stop the devices from sending these discovery requests, even with a VPN. Even in the Lockdown Mode."

When an iPhone or any other device joins a network, it triggers a multicast message that is sent to all other devices on the network. By necessity, this message must include a MAC. Beginning with iOS 14, this value was, by default, different for each SSID. To the casual observer, the feature appeared to work as advertised. The "source" listed in the request was the private Wi-Fi address. Digging in a little further, however, it became clear that the real, permanent MAC was still broadcast to all other connected devices, just in a different field of the request. Mysk published a short video showing a Mac using the Wireshark packet sniffer to monitor traffic on the local network the Mac is connected to. When an iPhone running iOS prior to version 17.1 joins, it shares its real Wi-Fi MAC on port 5353/UDP.

Researchers have devised an attack that forces Apple's Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. From a report: iLeakage, as the academic researchers have named the attack, is practical and requires minimal resources to carry out. It does, however, require extensive reverse-engineering of Apple hardware and significant expertise in exploiting a class of vulnerability known as a side channel, which leaks secrets based on clues left in electromagnetic emanations, data caches, or other manifestations of a targeted system. The side channel in this case is speculative execution, a performance enhancement feature found in modern CPUs that has formed the basis of a wide corpus of attacks in recent years. The nearly endless stream of exploit variants has left chip makers -- primarily Intel and, to a lesser extent, AMD -- scrambling to devise mitigations.

The researchers implement iLeakage as a website. When visited by a vulnerable macOS or iOS device, the website uses JavaScript to surreptitiously open a separate website of the attacker's choice and recover site content rendered in a pop-up window. The researchers have successfully leveraged iLeakage to recover YouTube viewing history, the content of a Gmail inbox -- when a target is logged in -- and a password as it's being autofilled by a credential manager. Once visited, the iLeakage site requires about five minutes to profile the target machine and, on average, roughly another 30 seconds to extract a 512-bit secret, such as a 64-character string.

Google is adding some new features to the Google Play Games Beta on PC, its service that lets you play Android games on a PC, including support for 4K screen resolution on "supported monitors" and for popular console gaming controllers. From a report: Google detailed the updates in a blog post from Arjun Dayal, Google Play Games' director of product. With the new support for 4K, you can now pick your screen resolutions while in game. "Simply press Shift + Tab in any game to select from a menu of supported resolutions," according to Dayal. The game controllers that are now supported include the Xbox Series X / S controller, the Xbox One controller, Sony's DualSense controller for PS5, and its DualShock controller for PS4. Google isn't the only company that's making it easier to use your other controllers on its platform; Apple added iOS support for the DualSense and Xbox Series X controllers with iOS 14.5, while Valve rolled out DualSense support in Steam in 2020.

An anonymous reader shares a report: Apple was caught flat-footed when ChatGPT and other AI tools took the technology industry by storm. But the company is now preparing its response and plans to develop features for its full range of devices. One of the most intense and widespread endeavors at Apple right now is its effort to respond to the AI frenzy sweeping the technology industry. The company has some catching up to do. Apple largely sat on the sidelines when OpenAI's ChatGPT took off like a rocket last year. It watched as Google and Microsoft rolled out generative AI versions of their search engines, which spit out convincingly human-like responses to users' queries. Microsoft also updated its Windows apps with smarter assistants, and Amazon unveiled an AI-enhanced overhaul of Alexa. All the while, the only noteworthy AI release from Apple was an improved auto-correct system in iOS 17.

Apple's senior vice presidents in charge of AI and software engineering, John Giannandrea and Craig Federighi, are spearheading the effort. On Cook's team, they're referred to as the "executive sponsors" of the generative AI push. Eddy Cue, the head of services, is also involved, I'm told. The trio are now on course to spend about $1 billion per year on the undertaking. Giannandrea is overseeing development of the underlying technology for a new AI system, and his team is revamping Siri in a way that will deeply implement it. This smarter version of Siri could be ready as soon as next year, but there are still concerns about the technology and it may take longer for Apple's AI features to spread across its product line. Federighi's software engineering group, meanwhile, is adding AI to the next version of iOS. There's an edict to fill it with features running on the company's large language model, or LLM, which uses a flood of data to hone AI capabilities. The new features should improve how both Siri and the Messages app can field questions and auto-complete sentences, mirroring recent changes to competing services.

Apple is taking a different approach to social with its Vision Pro headset: making apps social right out of the box. This, according to Road to VR's Ben Lang, is what Meta should have done all along. Instead, it's pioneered a social experience on the Quest platform that involves "jumping through a fragmented landscape of different apps and different ways to actually get into the same space with your friends." From the report: Apple is taking a fundamentally different approach with Vision Pro by making social the expectation rather than the rule, and providing a common set of tools and guidelines for developers to build from in order to make social feel cohesive across the platform. Apple's vision isn't about creating a server full of a virtual strangers and user-generated experiences, but to make it easy to share the stuff you already like to do with the people you already know. This obviously leans into the company's rich ecosystem of existing apps -- and the social technologies the company has already battle-tested on its platforms.

SharePlay is the feature that's already present on iOS and MacOS devices that lets people watch, listen, and experience apps together through FaceTime. And on Vision Pro, Apple intends to use its SharePlay tech to make many of its own first-party apps -- like Apple TV, Apple Music, and Photos -- social right out of the box, and it expects developers to do so too. In the company's developer documentation, the company says it expects "most visionOS apps to support SharePlay." [...]

Perhaps most importantly, Apple is leaning on every user's existing personal friend graph (ie: the people you already text, call, or email), rather than trying to create a bespoke friends list that lives only inside Vision Pro. Rather than launching an app and then figuring out how to get your friends into it, with SharePlay Apple is focused on getting together with your friends first, then letting the group seamlessly move from one app to the next as you decide what you want to do.

Even apps that don't explicitly have multi-user experience built-in can be 'social' by default, by allowing one user to screen-share the app with others. Only the host will be able to interact with the content, but everyone else will be able to see and talk about it in real-time. It's the emphasis on 'social by default', 'things you already do', and 'people you already know' that will make social on Vision Pro feel completely different than what Meta is building on Quest with Horizon Worlds and its ecosystem of fragmented social apps.

An anonymous reader quotes a report from SecurityWeek: Tens of thousands of Android devices have been shipped to end-users with backdoored firmware, according to a warning from cybersecurity vendor Human Security. As part of the global cybercriminal operation called BadBox (PDF), Human Security found a threat actor relied on supply chain compromise to infect the firmware of more than 70,000 Android smartphones, CTV boxes, and tablet devices with the Triada malware. The infected devices come from at least one Chinese manufacturer but, before they are delivered to resellers, physical retail stores, and e-commerce warehouses, a backdoor was injected into their firmware. "Products known to contain the backdoor have been found on public school networks throughout the United States," Human says.

Discovered in 2016, Triada is a modular trojan residing in a device's RAM, relying on the Zygote process to hook all applications on Android, actively using root privileges to substitute system files. Over time, the malware went through various iterations and was found pre-installed on low-cost Android devices on at least two occasions. As part of the BadBox operation that Human Security discovered, the infected low-cost Android devices allow threat actors to carry out various ad-fraud schemes, including one named PeachPit, which at its peak relied on 121,000 Android and 159,000 iOS devices infected with malware, and on 39 Android, iOS, and CTV-centric apps designed to connect to a fake supply-side platform (SSP).

One of the modules delivered to the infected devices from the command-and-control (C&C) server allows the creation of WebViews that are fully hidden from the user, but which "are used to request, render, and click on ads, spoofing the ad requests to look like they're coming from certain apps, referred by certain websites, and rendered" on specific devices. BadBox, Human Security notes, also includes a residential proxy module that allows the threat actors to sell access to the victim's network. Furthermore, they can create WhatsApp messaging accounts and Gmail accounts they can then use for other malicious activities. "Finally, because of the backdoor's connection to C2 servers on BadBox-infected smartphones, tablets, and CTV boxes, new apps or code can be remotely installed by the threat actors without the device owner's permission. The threat actors behind BadBox could develop entirely new schemes and deploy them on BadBox-infected devices without any interaction from the devices' owners," Human notes.

Apple rolled out a software update Wednesday to address an overheating issue that plagued some early buyers of the iPhone 15 Pro line. From a report: The update, called iOS 17.0.3, is available as an over-the-air fix in the software update section of the iPhone settings app. The release notes say the update "provides important bug fixes, security updates, and addresses an issue that may cause iPhone to run warmer than expected." The update was also released for older iPhones as well as iPads. Some early iPhone 15 Pro owners reported that their iPhone could get hotter than normal. Apple on Saturday blamed bad code in apps including Uber, Instagram and the Asphalt 9 racing game, in addition to a bug in the device's software. The company said the new device set-up could overwork the processor and lead to overheating.

Android 14 is out today, along with a new Pixel phone. The OS is shipping to supported Pixel devices now, which means the Pixel 4a (5G) and every variant of the Pixel 5, 6, and 7, plus the Fold and Tablet. From a report: The big feature this year is a somewhat customizable home screen. You can pick from several different lock screen clock styles and customize the two bottom app shortcuts. This feels like a response to iOS 16's lock screen widgets (a feature Android used to have back in the 4.2 days) but not nearly as customizable. It's honestly hard to highlight a second Android 14 feature because this is one of the smallest Android releases ever. The first feature Google mentions in its blog post is a new wallpaper picker. On the Pixel 8, Android now has a built-in text-to-image AI wallpaper maker, presumably a feature that lets the Android team adhere to Google's "mandatory AI" company mandate. There's also a new monochrome theme if you're tired of all those "Material You" colors.

Google's newest flagship phone is finally official. The Pixel 8 and Pixel 8 Pro were both unveiled today, with the headline changes being a whopping seven years of updates, flat screens across the board, new CPUs, and a $100 price increase. The Pixel 8 Pro is officially $999, while the Pixel 8 is $699. ArsTechnica: As for specs, the Pro display is a 6.7-inch, 120 Hz, 2992x1344 OLED. Google is branding this display "Super Actua" because it's one of the brightest phone displays on the market at 1600 nits for HDR content and 2400 nits in sunlight mode. That beats the sunlight modes on the S23 Ultra (1750 nits) and iPhone 15 Pro Max (2000 nits) but not the Xiaomi 13T Pro (2600 nits). The storage situation here isn't great. The Pixel 8 Pro has 12GB of RAM and storage tiers of 128GB, 256GB, 512GB, and 1TB. Most other phones in this price range start at 256GB, and the 8 Pro uses slower UFS 3.1 storage instead of the speedy UFS 4.0 a lot of phones ship with now. The 8 Pro battery is 5050 mAh, and there's 30 W wired charging. Wireless charging will hit 23 W on the Pixel charging stand, while Qi chargers will only hit 12 W (it would be great if Qi2 would get its act together). Both phones have IP68 dust and water resistance. On the software update support lifecycle: This year, there is finally something tangible to point to -- 7 years of OS updates. Unlike with previous models, there are no games being played here, as Google says there are "7 years of OS, security, and Feature Drop updates." That's more major OS updates than even iPhone owners are getting, with the iPhone X getting iOS versions 11-16.

An anonymous reader shared this report from CNBC: Apple said on Saturday that it will issue a software update that would address customer complaints about the latest iPhone 15 models, released just over a week ago, running hot.

Apple said that the new iPhone models were running hot because of a combination of bugs in iOS 17, bugs in apps, and a temporary set-up period... After Apple released the new iPhone 15 models earlier this month, user complaints on Apple's forums, Reddit, and social media suggest that all four models can get hotter than expected during use. CNBC's review of the new iPhone Pros also noted the iPhone 15 Pro Max got hot. "I just got the iPhone 15 Pro today and it's so hot i can't even hold it for very long!" wrote one commenter on Apple's forums.

Apple's new high-end models, the $999 iPhone 15 Pro and $1,199 iPhone 15 Pro Max have a redesigned titanium enclosure with an aluminum frame to make them easier to repair. The problem with the new models overheating was not related to the titanium chassis design, Apple said. Instead, Apple points to bugs with specific apps and a bug in iOS that can be fixed with software updates.

A company that acquires and sells zero-day exploits -- flaws in software that are unknown to the affected developer -- is now offering to pay researchers $20 million for hacking tools that would allow its customers to hack iPhones and Android devices. From a report: On Wednesday, Operation Zero announced on its Telegram accounts and on its official account on X, formerly Twitter, that it was increasing payments for zero-days in those platforms tenfold, from $200,000 to $20 million. "By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform," the company wrote.

Operation Zero, which is based in Russia and launched in 2021, also added that "as always, the end user is a non-NATO country." On its official website, the company says that "our clients are Russian private and government organizations only." When asked why they only sell to non-NATO countries, Operation Zero CEO Sergey Zelenyuk declined to say. "No reasons other than obvious ones," he said. Zelenyuk also said that the bounties Operation Zero offer right now may be temporary, and a reflection of a particular time in the market, and the difficulty of hacking iOS and Android.

The Philips Hue ecosystem of home automation devices is "collapsing into stupidity," writes Rachel Kroll, veteran sysadmin and former production engineer at Facebook. "Unfortunately, the idiot C-suite phenomenon has happened here too, and they have been slowly walking down the road to full-on enshittification." From her blog post: I figured something was up a few years ago when their iOS app would block entry until you pushed an upgrade to the hub box. That kind of behavior would never fly with any product team that gives a damn about their users -- want to control something, so you start up the app? Forget it, we are making you placate us first! How is that user-focused, you ask? It isn't.

Their latest round of stupidity pops up a new EULA and forces you to take it or, again, you can't access your stuff. But that's just more unenforceable garbage, so who cares, right? Well, it's getting worse.

It seems they are planning on dropping an update which will force you to log in. Yep, no longer will your stuff Just Work across the local network. Now it will have yet another garbage "cloud" "integration" involved, and they certainly will find a way to make things suck even worse for you. If you have just the lights and smart outlets, Kroll recommends deleting the units from the Hue Hub and adding them to an IKEA Dirigera hub. "It'll run them just fine, and will also export them to HomeKit so that much will keep working as well." That said, it's not a perfect solution. You will lose motion sensor data, the light level, the temperature of that room, and the ability to set custom behaviors with those buttons.

"Also, there's no guarantee that IKEA won't hop on the train to sketchville and start screwing over their users as well," adds Kroll.

What has your experience been with the Philips Hue ecosystem? Do you have any alternatives you recommend?

An anonymous reader shares a report: A few lucky WhatsApp beta testers got a surprising treat this week: the company appears to be testing a version of its iOS app that is also optimized for the iPad. As first spotted by WABetaInfo, version 23.19.1.71 of WhatsApp's TestFlight app includes the new iPad app as well. From what we can see in screenshots, the iPad app works exactly like you'd expect. You connect to it by scanning a QR code the same way you'd link your account to any other device. You'll see a list of your conversations on the left and your current chat on the right. It's pretty much the iOS app, but instead of seeing one pane at a time, you see both. It almost makes you wonder what took so long, especially when WhatsApp head Will Cathcart said all the way back in January of 2022 that "we'd love to do it."

Apple on Monday rolled out iOS 17, iPadOS 17, tvOS 17, HomePod 17 and watchOS 10, the latest operating system versions for all its devices minus the Mac lineup. iOS 17: iOS 17 expands on last year's Lock Screen updates with the addition of interactive widgets and StandBy, a new feature that turns the iPhone into a mini home hub when it is charging. You can now see voicemail transcriptions in real time, and leave video messages in FaceTime. FaceTime also now works on the Apple TV with tvOS 17. With NameDrop, exchanging contacts is as simple as touching two phones together, and Messages has been overhauled with new safety features and updates to the way that stickers work. Autocorrect is better than ever, Spotlight search has been improved, private browsing in Safari is more secure with Face ID lock, and there's now a mood tracking feature in the Health app. Passwords can be shared in iCloud Keychain and AirTags can be shared among family members too, plus there are new features for the AirPods Pro. Apple has also added updates to Siri, Mail, Reminders, Notes, Home, and more. tvOS 17: In tvOS 17, Apple has added a FaceTime app for FaceTime calls on a larger screen. The feature works through an iPhone or iPad running iOS 17/iPadOS 17, with the iOS device serving as the camera and the TV serving as the display. With a Split View option, you can place your FaceTime call on one side of the TV and a TV show or game on the other side for SharePlay experiences. [...] Other new features include Dolby Vision 8.1 support, an enhance dialogue option to make it easier to hear what's being said over music and effects, and support for third-party VPN apps.

An anonymous reader quotes a report from TechCrunch: Apple released security updates on Thursday that patch two zero-day exploits -- meaning hacking techniques that were unknown at the time Apple found out about them -- used against a member of a civil society organization in Washington, D.C., according to the researchers who found the vulnerabilities. Citizen Lab, an internet watchdog group that investigates government malware, published a short blog post explaining that last week they found a zero-click vulnerability -- meaning that the hackers' target doesn't have to tap or click anything, such as an attachment -- used to target victims with malware.

The researchers said the vulnerability was used as part of an exploit chain designed to deliver NSO Group's malware, known as Pegasus. "The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim," Citizen Lab wrote. Once they found the vulnerability, the researchers reported it to Apple, which released a patch on Thursday, thanking Citizen Lab for reporting them. Based on what Citizen Lab wrote in the blog post, and the fact that Apple also patched another vulnerability and attributed its finding to the company itself, it appears Apple may have found the second vulnerability while investigating the first. Citizen Lab researcher John Scott-Railton says Apple's Lockdown Mode would have blocked the exploits found in this case. Lockdown Mode is an opt-in feature introduced in iOS 16 that gives users the option to temporarily switch off or limit features for security purposes. According to Apple, it "should be used only if you believe you may be targeted by a highly sophisticated cyberattack, such as by a private company developing state-sponsored mercenary spyware."

Researchers at digital watchdog group Citizen Lab say they found spyware they linked to Israeli firm NSO that exploited a newly discovered flaw in Apple devices. From a report: While inspecting the Apple device of an employee of a Washington-based civil society group last week, Citizen Lab said it found the flaw had been used to infect the device with NSO's Pegasus spyware, it said in a statement.

Bill Marczak, senior researcher at Citizen Lab, said the attacker likely made a mistake during the installation which is how Citizen Lab found the spyware. Citizen Lab said Apple confirmed to them that using the high security feature "Lockdown Mode" available on Apple devices blocks this particular attack. The flaw allowed compromise of iPhones running the latest version of iOS (16.6) without any interaction from the victim, the digital watchdog said. The new update fixes this vulnerability.

The App Store for Apple's Vision Pro headset will include all compatible iPhone and iPad apps "by default." The Verge reports: In an update on Tuesday, Apple said it will release the new App Store with the developer beta of visionOS this fall. Both iPad and iPhone apps will appear alongside visionOS apps in the new App Store. As Apple has said previously, it will automatically import iOS and iPadOS apps to its new mixed reality operating system "with no additional work required." Developers can still optimize their apps if needed.

"By default, your iPad and/or iPhone apps will be published automatically on the App Store on Apple Vision Pro," Apple notes. "Most frameworks available in iPadOS and iOS are also included in visionOS, which means nearly all iPad and iPhone apps can run on visionOS, unmodified." Developers also have the option of building an app for Vision Pro using Apple's visionOS software development kit.

An advertising watchdog has recommended that YouTube TV, Google's growing pay-TV streaming service, drops an ad claim that the service is "$600 less than cable." The recommendation from the National Advertising Division (NAD) stems from a complaint lodged by Charter Communications. From a report: NAD, which used an expedited process for single-issue advertising cases in making this decision, found that YouTube TV's pricing claim, which identifies "comparable standalone cable" as the basis of comparison, doesn't hold up. NAD noted that the price calculation underlying the challenged claim includes the cost of two set-top boxes per household for "standalone cable" services," but argued that such a comparison isn't a good fit because operators such as Charter offer pay-TV streaming options that may not require a set-top box. In Charter's case, its Spectrum TV app, billed as a platform that can "stream outside the cable box," is compatible with iOS and Android mobile devices along with several retail streaming devices and/or integrated connected TVs from companies such as Apple, Roku, Google and Samsung. "In the context of the 'cable' comparison, NAD found the claim reasonably conveys the cost of YouTube TV is compared to all cable services," the organization explained.

According to Windows Central, Microsoft might be bringing AI capabilities to a handful of Windows 11 apps, including Photos, Snipping Tool, and Paint. "Some of this functionality will require dedicated hardware, such as an NPU (neural processing unit) or VPU (vision processing unit,) while others may not," notes the report. From the report: For the Photos app, Microsoft is working on an AI functionality that would allow the app to identify objects or people in photos and enable the ability to cut out and paste those elements elsewhere. This is a functionality that iOS and Android have had for some time, so it's no surprise to hear that Microsoft is also working to bring it to Windows.

Regarding the Snipping Tool, my sources say the company wants to incorporate OCR (optical character recognition) technology to enable Windows to identify text in screenshots for faster clipboard copying. Microsoft is also working on bringing OCR to the Camera app, allowing users to select text in a photo taken on the device.

Lastly, my sources say Microsoft has also been experimenting with bringing generative AI to the Windows 11 Paint app. Users could ask Paint to create a canvas based on criteria set out by the user, similar to how Bing Image Creator currently works. Sources say the Paint AI integration will be based on that same Bing technology.