Apple Updates All of Its Operating Systems To Fix App-crashing Bug ( 70

It took a few days, but Apple already has a fix out for a bug that caused crashes on each of its platforms. From a report: The company pushed new versions of iOS, macOS and watchOS to fix the issue, which was caused when someone pasted in or received a single Indian-language character in select communications apps -- most notably in iMessages, Safari and the app store. Using a specific character in the Telugu language native to India was enough to crash a variety of chat apps, including iMessage, WhatsApp, Twitter, Facebook Messenger, Gmail and Outlook, though Telegram and Skype were seemingly immune.

Tickbox Must Remove Pirate Streaming Add-ons From Sold Devices ( 70

TickBox TV, the company behind a Kodi-powered streaming device, must release a new software updater that will remove copyright-infringing addons from previously shipped devices. A California federal court issued an updated injunction in the lawsuit that was filed by several major Hollywood studios, Amazon, and Netflix, which will stay in place while both parties fight out their legal battle. TorrentFreak reports: Last year, the Alliance for Creativity and Entertainment (ACE), an anti-piracy partnership between Hollywood studios, Netflix, Amazon, and more than two dozen other companies, filed a lawsuit against the Georgia-based company Tickbox TV, which sells Kodi-powered set-top boxes that stream a variety of popular media. ACE sees these devices as nothing more than pirate tools so the coalition asked the court for an injunction to prevent Tickbox from facilitating copyright infringement, demanding that it removes all pirate add-ons from previously sold devices. Last month, a California federal court issued an initial injunction, ordering Tickbox to keep pirate addons out of its box and halt all piracy-inducing advertisements going forward. In addition, the court directed both parties to come up with a proper solution for devices that were already sold.

The new injunction prevents Tickbox from linking to any "build," "theme," "app," or "addon" that can be indirectly used to transmit copyright-infringing material. Web browsers such as Internet Explorer, Google Chrome, Safari, and Firefox are specifically excluded. In addition, Tickbox must also release a new software updater that will remove any infringing software from previously sold devices. All tiles that link to copyright-infringing software from the box's home screen also have to be stripped. Going forward, only tiles to the Google Play Store or to Kodi within the Google Play Store are allowed. In addition, the agreement also allows ACE to report newly discovered infringing apps or addons to Tickbox, which the company will then have to remove within 24-hours, weekends excluded.


DuckDuckGo App and Extension Upgrades Offer Privacy 'Beyond the Search Box' ( 48

An anonymous reader quotes the Verge: DuckDuckGo is launching updated versions of its browser extension and mobile app, with the promise of keeping internet users safe from snooping "beyond the search box." The company's flagship product, its privacy-focused search engine, will remain the same, but the revamped extension and app will offer new tools to help users keep their web-browsing as safe and private as possible. These include grade ratings for websites, factoring in their use of encryption and ad tracking networks, and offering summaries of their terms of service (with summaries provided by third-party Terms of Service Didn't Read). The app and extension are available for Firefox, Safari, Chrome, iOS, and Android.

The ability to block ad tracking networks is probably the most important feature here. These networks are used by companies like Google and Facebook to follow users around the web, stitching together their browsing history to create a more accurate profile for targeted advertising.

DuckDuckGo calls it "a major step to simplify online privacy," adding that without it, "It's hard to use the Internet without it feeling a bit creepy -- like there's a nosey neighbor watching everything you do from across the street."

'Text Bomb' Is Latest Apple Bug ( 60

An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.

Apple Updates macOS and iOS To Address Spectre Vulnerability ( 67

Days after Apple disclosed how it would be dealing with the Meltdown bug that affects modern computers, it's pushed out fixes for the Spectre exploit as well. From a report: iOS 11.2.2 includes "Security improvements to Safari and WebKit to mitigate the effects of Spectre," the company writes on its support page, while the macOS High Sierra 10.13.2 Supplemental Update does the same for your Mac laptop or desktop. Installing this update on your Mac will also update Safari to version 11.0.2.

Windows 10 Visits To US Government Sites Surpass Windows 7 For the First Time ( 111

In what may be a signal of changing attitudes for Windows 10, visits to U.S. government sites via Windows 10 have surpassed Windows 7 for the first time. On MSFT reports: This United States government website reports that of the 2.54 billion visits to U.S. Government websites over the past 90 days, 20.9% came from Windows 10, and 20.7% from Windows 7. Interestingly, Windows 8.1 came in at 2.7%, Windows 8 .05%, and other OS 0.8%. The numbers are a bit niche and could be just from a holiday bump based on the sites 90-day average, but they still do give a solid number comparison for the state of various OS and browser stats. When it comes to browser share, Edge was not popularly used to visit U.S. Government websites. Chrome was on top with 44.4%, Followed up Safari with 27.6%, Internet Explorer at 12.3%, and then Firefox at 5.9% and Edge at 3.9%. Though all these government percentages may be bleak for Microsoft, the latest AdDuplex December report also shows strong adoption for Windows 10 Fall Creators Update, so things can only go up from Microsoft from here on out.

Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari ( 30

Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present. With today's update, the patch for the bug -- now known as "IAmRoot" (CVE-2017-13872) -- has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.
The Internet

All Major Browsers Now Support WebAssembly ( 243

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Google Paid $7.2 Billion Last Year To Partners, Including Apple, To Prominently Showcase Its Search Engine and Apps on Smartphones ( 57

A reader shares a Bloomberg report: There's a $19 billion black box inside Google. That's the yearly amount Google pays to companies that help generate its advertising sales, from the websites lined with Google-served ads to Apple and others that plant Google's search box or apps in prominent spots. Investors are obsessed with this money, called traffic acquisition costs, and they're particularly worried about the growing slice of those payments going to Apple and Google's Android allies. That chunk of fees now amounts to 11 percent of revenue for Google's internet properties. The figure was 7 percent in 2012. These Google traffic fees are the result of contractual arrangements parent company Alphabet makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple's Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones. In the last year, Google has paid these partners $7.2 billion, more than three times the comparable cost in 2012.
The Almighty Buck

Browsers Will Store Credit Card Details Similar To How They Save Passwords ( 182

An anonymous reader quotes a report from Bleeping Computer: A new W3C standard is slowly creeping into current browser implementations, a standard that will simplify the way people make payments online. Called the Payment Request API, this new standard relies on users entering and storing payment card details inside browsers, just like they currently do with passwords. The API is also a godsend for the security and e-commerce industry since it spares store owners from having to store payment card data on their servers. This means less regulation and no more fears that an online store might expose card data when getting hacked. By moving the storage of payment card details in the browser, the responsibility of keeping these details safe is moved to the browser and the user. Browsers that support the Payment Request API include Google Chrome, who first added support for it in Chrome for Android 53 in August 2016, and added desktop support last month with the release of Chrome 61. Microsoft Edge also supports the Payment Request API since September 2016, but the feature requires that users register a Microsoft Wallet account before using it. Firefox and Safari are still working on supporting the API, and so are browser implementations from Facebook and Samsung, both eager to provide a simpler payment mechanism than the one in use today.

Apple Replaces Bing With Google as Search Engine For Siri and Spotlight ( 54

Apple is ditching Bing and will now use Google to power the default search engine for Siri, Search within iOS (iOS search bar), and Spotlight on Mac. From a report: TechCrunch reported Monday that Apple users will now see search results powered by Google, instead of Bing, when using those tools. For example, when an iPhone user asks Siri a question that needs a search engine result, the voice assistant will now pull from Google, not Bing. Apple will still use Bing for image search queries using Siri or Spotlight on Mac, TechCrunch reported. Apple said the move was done for consistency; its Safari browser uses Google as the default search engine. In a statement, the company told TechCrunch that "we have strong relationships with Google and Microsoft and remain committed to delivering the best user experience possible." Google is reportedly paying Apple $3 billion this year to remain as the default search engine on iPhones and iPads.

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs ( 105

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

Google Chrome Most Resilient Against Attacks, Researchers Find ( 98

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.

Every Major Advertising Group Is Blasting Apple for Blocking Cookies in the Safari Browser ( 442

The biggest advertising organizations say Apple will "sabotage" the current economic model of the internet with plans to integrate cookie-blocking technology into the new version of Safari. Marty Swant, reporting for AdWeek: Six trade groups -- the Interactive Advertising Bureau, American Advertising Federation, the Association of National Advertisers, the 4A's and two others -- say they're "deeply concerned" with Apple's plans to release a version of the internet browser that overrides and replaces user cookie preferences with a set of Apple-controlled standards. The feature, which is called "Intelligent Tracking Prevention," limits how advertisers and websites can track users across the internet by putting in place a 24-hour limit on ad retargeting. In an open letter expected to be published this afternoon, the groups describe the new standards as "opaque and arbitrary," warning that the changes could affect the "infrastructure of the modern internet," which largely relies on consistent standards across websites. The groups say the feature also hurts user experience by making advertising more "generic and less timely and useful."

Apple Is Releasing macOS High Sierra On September 25 ( 95

After updating its website for the iPhone launch event, Apple has confirmed that macOS High Sierra will be released on September 25th. TechCrunch provides a brief rundown of the major changes, most of which are under the hood: The Photos app is still receiving some new features to keep it up to date with the iOS version. There are more editing tools, you can reorganize the toolbar and you can filter your photos by type. If you're a Safari user, my favorite change is that there is a new feature in the settings that lets you automatically block autoplaying videos around the web. Many websites have abused autoplaying video, it's time to stop it. And then, there's a new file system that should make your Mac snappier if you're using an SSD. Mail is compressing messages, Metal 2 should take better advantage of your GPU, Spotlight knows about your flight status, etc. The free update to macOS High Sierra will be available in the Mac App Store.

Apple and Google Fix Browser Bug. Microsoft Does Not. ( 78

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively. According to Cisco Talos researcher Nicolai Grodum, the vulnerability can be classified as a bypass of the Content Security Policy (CSP), a mechanism that allows website developers to configure HTTP headers and instruct the browsers of people visiting their site what resources (JavaScript, CSS) they can load and from where. The Content Security Policy (CSP) is one of the tools that browsers use to enforce Same-Origin Policy (SOP) inside browsers. Grodum says that he found a way to bypass CSP -- technical details available here -- that will allow an attacker to load malicious JavaScript code on a remote site and carry out intrusive operations such as collecting information from users' cookies, or logging keystrokes inside the page's forms, and others.

Safari Should Display Favicons in Its Tabs ( 189

Favicon -- or its lack thereof, to be precise -- has remained one of the longest running issues Safari users have complained about. For those of you who don't use Safari, just have a look at this mess I had earlier today when I was using Safari on a MacBook. There's no way I can just have a look at the tabs and make any sense of them. John Gruber, writing for DaringFireball: The gist of it is two-fold: (1) there are some people who strongly prefer to see favicons in tabs even when they don't have a ton of tabs open, simply because they prefer identifying tabs graphically rather than by the text of the page title; and (2) for people who do have a ton of tabs open, favicons are the only way to identify tabs. With many tabs open, there's really nothing subjective about it: Chrome's tabs are more usable because they show favicons. [...] Once Safari gets to a dozen or so tabs in a window, the left-most tabs are literally unidentifiable because they don't even show a single character of the tab title. They're just blank. I, as a decade-plus-long dedicated Safari user, am jealous of the usability and visual clarity of Chrome with a dozen or more tabs open. And I can see why dedicated Chrome users would consider Safari's tab design a non-starter to switching. I don't know what the argument is against showing favicons in Safari's tabs, but I can only presume that it's because some contingent within Apple thinks it would spoil the monochromatic aesthetic of Safari's toolbar area. [...] And it's highly debatable whether Safari's existing no-favicon tabs actually do look better. The feedback I've heard from Chrome users who won't even try Safari because it doesn't show favicons isn't just from developers -- it's from designers too. To me, the argument that Safari's tab bar should remain text-only is like arguing that MacOS should change its Command-Tab switcher and Dock from showing icons to showing only the names of applications. The Mac has been famous ever since 1984 for placing more visual significance on icons than on names. The Mac attracts visual thinkers and its design encourages visual thinking. So I think Safari's text-only tab bar isn't just wrong in general, it's particularly wrong on the Mac.

ESET Spreading FUD About Torrent Files, Clients ( 60

An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the company's so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and scare the bejesus out of computer users (Google cache). Like all such attempts at FUD, his treatise ended with a claim that ESET was the one true source whereby users could obtain "knowledge" to protect themselves. "If you want to stay informed and protect yourself by building up your knowledge, read the latest pieces by ESET researchers on WeLiveSecurity," he wrote. Kubovic used the case of Transmission -- a BitTorrent client that was breached in March and August 2016 with malware implanted and aimed at macOS users -- to push his barrow. But to use this one instance to dissuade people from downloading BitTorrent clients en masse is nothing short of scaremongering. There are dozens, if not more, BitTorrent clients which enjoy much wider usage, with uTorrent being one good example. Kubovic then used the old furphy which is resorted to by those who lobby on behalf of the copyright industry -- torrents are mostly illegal files and downloading them is Not The Right Thing To Do. But then he failed to mention that hundreds of thousands of perfectly legitimate files are also offered as torrents -- for instance, this writer regularly downloads images of various GNU/Linux distributions using a BitTorrent client because it is the more community-friendly thing to do, rather than using a direct HTTP link and hogging all the bandwidth available.

'Apple's Refusal To Support Progressive Web Apps is a Detriment To Future of the Web' ( 302

From a blog post: Progressive Web Applications (PWAs) are one of the most exciting and innovative things happening in web development right now. PWAs enable you to use JavaScript to create a "Service Worker", which gives you all sorts of great features that you'd normally associate with native apps, like push notifications, offline support, and app loading screens -- but on the web! Awesome. Except for is one major problem -- While Google has embraced the technology and added support for it in Chrome for Android, Apple has abstained from adding support to mobile Safari. All they've done is say that it is "Under Consideration." Seemingly no discussion about it whatsoever.

Adobe Announces that in 2020, Flash Player Will Reach Its 'End-of-Life' in Light of Newer Technologies ( 154

Adobe said on Tuesday it will stop distributing and updating Flash Player at the end of 2020 and is encouraging web developers to migrate any existing Flash content to open standards. Apple is working with Adobe, industry partners, and developers to complete this transition. From a blog post: Apple users have been experiencing the web without Flash for some time. iPhone, iPad, and iPod touch never supported Flash. For the Mac, the transition from Flash began in 2010 when Flash was no longer pre-installed. Today, if users install Flash, it remains off by default. Safari requires explicit approval on each website before running the Flash plugin.

Slashdot Top Deals