Security

macOS Exploit Published on the Last Day of 2017 (bleepingcomputer.com) 62

An anonymous reader shares a report: On the last day of 2017, a security researcher going online by the pseudonym of Siguza published details about a macOS vulnerability affecting all Mac operating system versions released since 2002, and possibly earlier. Siguza did not notify Apple in advance, so at the time of writing, there is no fix for this flaw. Despite the doom and gloom, the vulnerability is only a local privilege escalation (LPE) flaw that can only be exploited with local access to a computer or after an attacker has already got a foothold on a machine. The vulnerability grants root access to an attacker. The issue affects the IOHIDFamily macOS kernel driver, a component that handles various types of user interactions. Siguza said he read about various flaws in this component and took a look at it to find new ways to compromise iOS, Apple's mobile operating system, where IOHIDFamily is also deployed. The expert says he found the LPE flaw in the IOHIDFamily code specific to macOS versions only. In a tweet, Siguza said, "My primary goal was to get the write-up out for people to read. I wouldn't sell to blackhats because I don't wanna help their cause. I would've submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.
The Courts

Italian Clothing Company Defeats Apple, Wins the Right To Use Steve Jobs' Name (macrumors.com) 172

An Italian clothing company that uses the name "Steve Jobs" as its brand will be able to continue using the moniker after winning a multi-year legal battle, reports Italian site la Repubblica Napoli. Mac Rumors reports: Brothers Vincenzo and Giacomo Barbato named their clothing brand "Steve Jobs" in 2012 after learning that Apple had not trademarked his name. "We did our market research and we noticed that Apple, one of the best known companies in the world, never thought about registering its founder's brand, so we decided to do it," the two told la Repubblica Napoli. The Barbatos designed a logo that resembles Apple's own, choosing the letter "J" with a bite taken out of the side. Apple, of course, sued the two brothers for using Jobs' name and a logo that mimics the Apple logo. In 2014, the European Union's Intellectual Property Office ruled in favor of the Barbatos and rejected Apple's trademark opposition. While the outcome of the legal battle was decided in 2014, Vincenzo and Giacomo Barbato have been unable to discuss the case until now, as their claim on the brand was not settled until 2017. The two told la Repubblica Napoli that Apple went after the logo, something that may have been a mistake. The Intellectual Property Office decided that the "J" logo that appears bitten was not infringing on Apple's own designs as a letter is not edible and thus the cutout in the letter cannot be perceived as a bite. The report goes on to note that the company plans to produce electronic devices under the Steve Jobs brand.
Businesses

Amazon Music Ending Cloud MP3 Storage, Streaming Option (billboard.com) 107

Amazon is planning to retire its Music storage subscription service, the plan that enabled Amazon customers to upload their own music to the company's servers. From a report: Amazon Music Storage subscription plans, which let users upload music from their Mac or PC and stream them alongside the in-app on-demand and radio options, will be accepted until Jan. 15, 2018. Then, the service will run until January 2019, when it will be removed entirely. As of Monday this week, free plans -- which allow for 250 songs to be stored in the cloud -- are no longer able to upload new music to their MP3 locker.
Desktops (Apple)

Apple Plans Combined iPhone, iPad and Mac Apps To Create One User Experience (bloomberg.com) 247

An anonymous reader shares a Bloomberg report: Apple's iPhone and iPad introduced a novel way of interacting with computers: via easy-to-use applications, accessible in the highly curated App Store. The same approach hasn't worked nearly as well on Apple's desktops and laptops. The Mac App Store is a ghost town of limited selection and rarely updated programs. Now Apple plans to change that by giving people a way to use a single set of apps that work equally well across its family of devices: iPhones, iPads and Macs. Starting as early as next year, software developers will be able to design a single application that works with a touchscreen or mouse and trackpad depending on whether it's running on the iPhone and iPad operating system or on Mac hardware, according to people familiar with the matter. Developers currently must design two different apps -- one for iOS, the operating system of Apple's mobile devices, and one for macOS, the system that runs Macs. With a single app for all machines, Mac, iPad and iPhone users will get new features and updates at the same time.
Security

Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com) 87

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."
Networking

Ask Slashdot: What's the Best Way to Retrain Old IT Workers? 343

A medium-sized company just hired a new IT manager who wants advice from the Slashdot community about their two remaining IT "gofers": These people have literally been here their entire "careers" and are now near retirement. Quite honestly, they do not have any experience other than reinstalling Windows, binding something to the domain and the occasional driver installation -- and are more than willing to admit this. Given many people are now using Macs and most servers/workstations are running Linux, they have literally lost complete control over the company, with most of these machines sitting around completely unmanaged.

Firing these people is nearly impossible. (They have a lot of goodwill within other departments, and they have quite literally worked there for more than 60 years combined.) So I've been tasked with attempting to retrain these people in the next six months. Given they still have to do work (imaging computers and fixing basic issues), what are the best ways of retraining them into basic network, Windows, Mac, Linux, and "cloud" first-level help desk support?

Monster_user had some suggestions -- for example, "Don't overtrain. Select and target areas where they will be able to provide a strong impact." Any other good advice?

Leave your best answers in the comments. What's the best way to retrain old IT workers?
Chrome

Google Wants Progressive Web Apps To Replace Chrome Apps (androidpolice.com) 154

An anonymous reader quotes a report from Android Police: The Chrome Web Store originally launched in 2010, and serves a hub for installing apps, extensions, and themes packaged for Chrome. Over a year ago, Google announced that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. Today, the company sent out an email to developers with additional information, as well as news about future Progressive Web App support. The existing schedule is mostly still in place -- Chrome apps on the Web Store will no longer be discoverable for Mac, Windows, and Linux users. In fact, if you visit the store right now on anything but a Chromebook, the Apps page is gone. Google originally planned to remove app support on all platforms (except Chrome OS) entirely by Q1 2018, but Google has decided to transition to Progressive Web Apps:

"The Chrome team is now working to enable Progressive Web Apps (PWAs) to be installed on the desktop. Once this functionality ships (roughly targeting mid-2018), users will be able to install web apps to the desktop and launch them via icons and shortcuts; similar to the way that Chrome Apps can be installed today. In order to enable a more seamless transition from Chrome Apps to the web, Chrome will not fully remove support for Chrome Apps on Windows, Mac or Linux until after Desktop PWA installability becomes available in 2018. Timelines are still rough, but this will be a number of months later than the originally planned deprecation timeline of 'early 2018.' We also recognize that Desktop PWAs will not replace all Chrome App capabilities. We have been investigating ways to simplify the transition for developers that depend on exclusive Chrome App APIs, and will continue to focus on this -- in particular the Sockets, HID and Serial APIs."

Desktops (Apple)

Apple Snafu Means Updating To macOS 10.13.1 Could Reactivate Root Access Bug (betanews.com) 74

Mark Wilson writes: A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the 'root' account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly. But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.
Desktops (Apple)

High Sierra Root Login Bug Was Mentioned on Apple's Support Forums Two Weeks Ago (daringfireball.net) 85

John Gruber, reporting for DaringFireball: It's natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer. One explanation is that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try. More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday -- but that the people who had heretofore discovered it kept it to themselves. This exploit was in fact posted to Apple's own support forums on November 13. It's a bizarre thread. The thread started back on June 8 when a user ran into a problem after installing the WWDC developer beta of High Sierra.
Desktops (Apple)

Apple To Review Software Practices After Patching Serious Mac Bug (reuters.com) 192

Apple said on Wednesday it would review its software development process after scrambling to patch a serious bug it learned of on Tuesday in its macOS operating system for desktop and laptop computers. From a report: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," Apple said in a statement. "Our customers deserve better. We are auditing our development processes to help prevent this from happening again."
Bug

MacOS High Sierra Bug Allows Login As Root With No Password (theregister.co.uk) 237

An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."
OS X

New Windows Search Interface Borrows Heavily From MacOS (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: Press clover-space on a Mac (aka apple-space or command-space to Apple users) and you get a search box slap bang in the middle of the screen; type things into it and it'll show you all the things it can find that match. On Windows, you can do the same kind of thing -- hit the Windows key and then start typing -- but the results are shown in the bottom left of your screen, in the Start menu or Cortana pane. The latest insider build of Windows, build 17040 from last week, has a secret new search interface that looks a lot more Mac-like. Discovered by Italian blog Aggiornamenti Lumia, set a particular registry key and the search box appears in the middle of the screen. The registry key calls it "ImmersiveSearch" -- hit the dedicated key, and it shows a simple Fluent-designed search box and results. This solution looks and feels a lot like Spotlight on macOS.
iMac

iMac Pro Will Have An A10 Fusion Coprocessor For 'Hey, Siri' Support and More Secure Booting, Says Report (theverge.com) 164

According to Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo, the upcoming iMac Pro will feature an A10 Fusion coprocessor to enable two interesting new features. "The first is the ability for the iMac Pro to feature always-on 'Hey, Siri' voice command support, similar to what's currently available on more recent iPhone devices," reports The Verge. "[T]he bigger implication of the A10 Fusion is for a less user-facing function, with Apple likely to use the coprocessor to enable SecureBoot on the iMac Pro." From the report: In more practical terms, it means that Apple will be using the A10 Fusion chip to handle the initial boot process and confirm that software checks out, before passing things off to the regular x86 Intel processor in your Mac. It's not something that will likely change how you use your computer too much, like the addition of "Hey, Siri" support will, but it's a move toward Apple experimenting with an increased level of control over its software going forward.
Chrome

Slashdot Asks: Have You Switched To Firefox 57? 589

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
Mozilla

Firefox Quantum Arrives With Faster Browser Engine, Major Visual Overhaul (venturebeat.com) 323

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.
Iphone

Some iPhone X Displays Plagued By Mysterious 'Green Line of Death' (thenextweb.com) 76

Some iPhone X owners are reporting a random green line appearing on their displays. According to The Next Web, "the defect has already started to take on the endearing 'Green Line of Death' moniker." From the report: Several users across Apple forums and social media have reported the error -- I've counted over a dozen accounts, and MacRumors mentions it's read "at least 25" such reports. Oddly, the issue doesn't appear to affect users immediately, only showing up after some time with regular usage. In some cases it alternates with a purple line, for variety. It generally appears towards the right or left sides of the display, and sometimes it simply disappears altogether. Weird. Either way, it appears to be a hardware defect affecting a small number of users, and Apple appears to be replacing affected units. Mac Rumors first reported the issue.
Desktops (Apple)

Ask Slashdot: What Should A Mac User Know Before Buying a Windows Laptop? 449

New submitter Brentyl writes: Hello Slashdotters, longtime Mac user here faced with a challenge: Our 14-year-old wants a Windows laptop. He will use it for school and life, but the primary reason he wants Windows instead of a MacBook is gaming. I don't need a recommendation on which laptop to buy, but I do need a Windows survival kit. What does a fairly savvy fellow, who is a complete Windows neophyte, need to know? Is the antivirus/firewall in Windows 10 Home sufficient? Are there must-have utilities or programs I need to get? When connecting to my home network, I need to make sure I ____? And so on... Thanks in advance for your insights.
Iphone

Israeli Company Sues Apple Over Dual-Lens Cameras In iPhone 7 Plus, iPhone 8 Plus (macrumors.com) 56

Corephotonics, an Israeli maker of dual-lens camera technologies for smartphones, has filed a lawsuit against Apple this week alleging that the iPhone 7 Plus and iPhone 8 Plus infringe upon four of its patents. Mac Rumors reports: The patents, filed with the U.S. Patent and Trademark Office between November 2013 and June 2016, relate to dual-lens camera technologies appropriate for smartphones, including optical zoom and a mini telephoto lens assembly: U.S. Patent No. 9,402,032; U.S. Patent No. 9,568,712; U.S. Patent No. 9,185,291; U.S. Patent No. 9,538,152. Corephotonics alleges that the two iPhone models copy its patented telephoto lens design, optical zoom method, and a method for intelligently fusing images from the wide-angle and telephoto lenses to improve image quality. iPhone X isn't listed as an infringing product, despite having a dual-lens camera, perhaps because the device launched just four days ago.
Displays

iPhone X Has the 'Most Innovative and High Performance' Smartphone Display Ever Tested (macrumors.com) 233

The display in the iPhone X is produced by Samsung and improved by Apple, says screen technology analysis firm DisplayMate. The company has released a display shoot-out for the iPhone X, praising Apple's technology in areas like the higher resolution OLED screen, automatic color management, viewing angle performance, and more. Mac Rumors reports: According to DisplayMate, the iPhone X has the "most innovative and high performance" smartphone display it has ever tested. DisplayMate also congratulated Samsung Display for "developing and manufacturing the outstanding OLED display hardware in the iPhone X." iPhone X matched or set new smartphone display records in the following categories: highest absolute color accuracy, highest full screen brightness for OLED smartphones, highest full screen contrast rating in ambient light, and highest contrast ratio. It also had the lowest screen reflectance and smallest brightness variation with a viewing angle. The iPhone X's 5.8-inch OLED display includes a taller height to width aspect ratio of 19.5:9, 22 percent larger than the 16:9 aspect ratio on previous iPhone models (and most other smartphones). Because of this DisplayMate noted that the iPhone X also has a new 2.5K higher resolution with 2436x1125 pixels and 458 pixels per inch. The iPhone X's display resolution provides "significantly higher image sharpness" than can be analyzed by a person with normal 20/20 vision at a 12-inch viewing distance. DisplayMate said this means that it's now "absolutely pointless" to increase the display resolution and pixels per inch of the iPhone any further, since there would be "no visual benefit" for users.
Bug

An iOS 11.1 Glitch Is Replacing Vowels (mashable.com) 123

An anonymous reader quotes Mashable: We became privy to a new iPhone keyboard glitch after a few Mashable staffers recently started having issues with their iPhone keyboards, specifically with vowels. The issue started when iOS 11's predictive text feature began to display an odd character in the place of the letter "I," offering up "A[?] instead and autocorrecting within the message field...The bug was also covered by MacRumors, but it appears that my colleagues have even more issues than just the letter "I." One reported that they were also seeing the glitch with the letters "U" and "O" as well, making the problem strictly restricted to vowels. They also said the letters showed up oddly in iMessage on Mac devices, and shared some more screenshots of what the glitch looks like when they went through with sending a message. The glitch wasn't just limited to iMessage, however. My colleagues shared screenshots of their increasingly futile attempts to type out messages on Facebook Messenger...and Twitter.
Apple seems to be acknowledging that the iOS 11.1 glitch may affect iPhones, iPads, and iPod Touches. "Here's what you can do to work around the issue until it's fixed by a future software update," Apple posted on a support page, advising readers to "Try setting up Text Replacement for the letter 'i'."

Slashdot Top Deals