iOS 15.2 has been released today, bringing a new feature called Communication Safety in Messages that is able to detect and automatically blur nude images that are sent or received by children. It's one of several Child Safety features Apple announced over the summer. As MacRumors notes, it's "not the same as the controversial anti-CSAM feature that Apple plans to implement in the future after revisions." From the report: Communication Safety is a Family Sharing feature that can be enabled by parents, and it is opt-in rather than activated by default. When turned on, the Messages app is able to detect nudity in images that are sent or received by children. If a child receives or attempts to send a photo with nudity, the image will be blurred and the child will be warned about the content, told it's okay not to view the photo, and offered resources to contact someone they trust for help. When Communication Safety was first announced, Apple said that parents of children under the age of 13 had the option to receive a notification if the child viewed a nude image in Messages, but after receiving feedback, Apple has removed this feature. Apple now says that no notifications are sent to parents. Apple removed the notification option because it was suggested that parental notification could pose a risk for a child in a situation where there is parental violence or abuse. For all children, including those under the age of 13, Apple will instead offer guidance on getting help from a trusted adult in a situation where nude photos are involved. Checking for nudity in photos is done on-device, with Messages analyzing image attachments. The feature does not impact the end-to-end encryption of messages, and no indication of the detection of nudity leaves the device. Apple has no access to the Messages.

Read more of this story at Slashdot.

With the recent release of iOS 15, Apple appears to have made some changes to Siri functionality that have removed features relied on by low vision and blind iPhone users. MacRumors reports: Several Siri commands that provide details on phone calls, voicemails, and sending emails no longer appear to be working. The following commands used to be functional, but have recently been removed: Do I have any voicemails?, Play my voicemail messages, Check my call history, Check my recent calls, Who called me?, Send an email, and Send an email to [person]. Over the last two weeks, we've received several emails from iPhone users who are missing this key Siri functionality, or their relatives who are attempting to help them navigate the changes. The Siri feature removals have also been documented on the AppleVis forums for blind and low vision users of Apple products. Asking Siri to provide details on recent phone calls or voicemails results in the following response: "I can't help with that, but you can ask me to open the Phone app." Asking about email garners a similar response about Siri being unable to help. It's worth noting that it's still possible to ask Siri to play the most recent voicemail message that's available, or a voicemail from a specific person, but Siri will not read out a list of all the available voicemails. The Siri commands seem to have disappeared when iOS 15 was released, but iOS 14 users are also not able to use them anymore so it's not an issue tied to iOS 15.

Read more of this story at Slashdot.

A serious bug in the iOS 15 Messages app can cause some saved photos to be deleted, according to multiple complaints reported by MacRumors readers and Twitter users. From the report: If you save a photo from a Messages thread and then go on to delete that thread, the next time an iCloud Backup is performed, the photo will disappear. Even though the image is saved to your personal iCloud Photo Library, it appears to still be linked to the Messages app in "iOS 15," and saving it does not persist through the deletion of the thread and an "iCloud" backup. This is a concern because most users keep the "iCloud" Backup feature enabled and it's something that happens automatically. If you're someone who regularly deletes message threads, if there's a photo that you want to keep, you won't be able to keep it with "iCloud" Backup turned on. To replicate this bug, the following steps must be taken: 1. Save a photo from a Messages conversation to your Camera Roll. 2. Check to see that the photo has been saved. 3. Delete the Messages conversation the photo came from. The photo will still be in your "iCloud Photo Library" at this point. 4. Perform an "iCloud" Backup, and the photo disappears.

Read more of this story at Slashdot.

A security researcher has published details about three iOS zero-day vulnerabilities, claiming that Apple has failed to patch the issues, which they first reported to the company earlier this year. From a report: Going by the pseudonym of Illusion of Chaos, the researcher has published their findings on Russian blogging platform Habr and has released proof-of-concept code for each vulnerability on GitHub. This includes: 1. A vulnerability in the Gamed daemon that can grant access to user data such as AppleID emails, names, auth token, and grant file system access. 2. A vulnerability in the nehelper daemon that can be used from within an app to learn what other apps are installed on a device. 3. An additional vulnerability in the nehelper daemon can also be used from within an app to gain access to a device's WiFi information.

Read more of this story at Slashdot.

The iOS 15.1 beta that was introduced today allows iPhone users to upload their COVID-19 vaccination status to the Health app and then generate a vaccination card in Apple Wallet. MacRumors reports: The Apple Wallet vaccination card can be shown to businesses, venues, restaurants, and more that are requiring vaccines for entry. As outlined in an announcement to developers, verifiable health records are based on the SMART Health Cards specification. California is using SMART Health Cards, so users in California can add their vaccination records to the Wallet app after installing iOS 15.1. Other states and health organizations that use the SMART Health Cards will be able to use a button to let users know that they can download and store their vaccination information in the Health app and in the Wallet app. California, Louisiana, New York, Virginia, Hawaii, and some Maryland counties support Smart Health Cards, as do Walmart, Sam's Club, and CVS Health. So those in the specific supported states should be able to look up their information in state databases, but those who were vaccinated through companies like Walmart and CVS will also be able to add their information to the Health and Wallet apps because it's the same system.

Read more of this story at Slashdot.

Apple today released iOS 15 and iPadOS 15, the newest operating system updates designed for the iPhone, iPad, and iPod touch. From a report: As with all of Apple's software updates, iOS and iPadOS 15 can be downloaded at no cost. iOS 15 is available on the iPhone 6s and later while iPadOS 15 is available on the iPad Air 2 and later. The new software can be downloaded on eligible devices over-the-air by going to Settings - General - Software Update. It may take a few minutes for the updates to propagate to all users due to high demand. A new Focus mode cuts down on distractions by limiting what's accessible and who can contact you, and notifications can now be grouped up in daily summaries. There's an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized. Maps has been overhauled with even more detail, a 3D view in major cities, a globe view, improved transit, a close-up driving view when navigating complicated routes, and AR walking directions. Across the operating system, there's a new Live Text feature that detects text in any image and lets you copy, paste, and translate it, plus there's a system-wide translation feature. In Photos, plants, pets, landmarks, and more can be identified, and there's a system-wide translation feature that goes well with Live Text. iCloud+ with iCloud Private Relay protects your IP address and obscures your location to prevent websites from tracking you, and a Hide My Email feature lets you create temporary email addresses. You can even use your personal domain with iCloud in iOS 15. Further reading: 19 Things You Can Do in iOS 15 That You Couldn't Do Before.

Read more of this story at Slashdot.

Apple has delayed plans to roll out its child sexual abuse (CSAM) detection technology that it chaotically announced last month, citing feedback from customers and policy groups. From a report: That feedback, if you recall, has been largely negative. The Electronic Frontier Foundation said this week it had amassed more than 25,000 signatures from consumers. On top of that, close to 100 policy and rights groups, including the American Civil Liberties Union, also called on Apple to abandon plans to roll out the technology. In a statement on Friday morning, Apple told TechCrunch: "Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features."

Read more of this story at Slashdot.

Sebastien Marineau-Mes, a software VP at Apple, talks about the company's upcoming controversial photo scanning features in an internal memo to employees: Today marks the official public unveiling of Expanded Protections for Children, and I wanted to take a moment to thank each and every one of you for all of your hard work over the last few years. We would not have reached this milestone without your tireless dedication and resiliency. Keeping children safe is such an important mission. In true Apple fashion, pursuing this goal has required deep cross-functional commitment, spanning Engineering, GA, HI, Legal, Product Marketing and PR. What we announced today is the product of this incredible collaboration, one that delivers tools to protect children, but also maintain Apple's deep commitment to user privacy. We've seen many positive responses today. We know some people have misunderstandings, and more than a few are worried about the implications, but we will continue to explain and detail the features so people understand what we've built. And while a lot of hard work lays ahead to deliver the features in the next few months. [...]

Read more of this story at Slashdot.

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. Ars Technica reports: In a post Google published on Wednesday, researchers Maddie Stone and Clement Lecigne said a "likely Russian government-backed actor" exploited the then-unknown vulnerability by sending messages to government officials over LinkedIn. Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones. The attacks coincided with a campaign by the same hackers who delivered malware to Windows users, the researchers said. The campaign closely tracks to one Microsoft disclosed in May. In that instance, Microsoft said that Nobelium -- the name the company uses to identify the hackers behind the SolarWinds supply chain attack -- first managed to compromise an account belonging to USAID, a US government agency that administers civilian foreign aid and development assistance. With control of the agency's account for online marketing company Constant Contact, the hackers could send emails that appeared to use addresses known to belong to the US agency. In an email, Shane Huntley, the head of Google's Threat Analysis Group, confirmed the connection between the attacks involving USAID and the iOS zero-day, which resided in the WebKit browser engine.

Read more of this story at Slashdot.

An anonymous reader shares a report: If you're an iPhone user, the weather is always a particularly nice 70 degrees. Or 68 degrees. Any temperature but 69 degrees, actually, because it turns out that the built-in weather app on some versions of iOS -- including the current version, iOS 14.6 -- will refuse to display the internet's favorite number, even if the actual temperature in a given location is, in fact, 69 degrees. It's not clear if this is a bug or an intentional attempt from Apple to cut down on 69-related humor. The rounding is only visible in the weather app itself: clicking through to Apple's source data from Weather.com will show the proper temperature, as does Apple's home screen widgets.

Read more of this story at Slashdot.

During the Epic v. Apple trial, an email chain surfaced that reveals Apple seemingly admitted "it manually boosted the ranking of its own Files app ahead of the competition for 11 entire months," reports The Verge. This comes after two monstrous reports by The Wall Street Journal and The New York Times showed Apple's App Store clearly and consistently ranking its own apps ahead of competitors. Apple claimed it had done nothing wrong. The Verge reports: "We are removing the manual boost and the search results should be more relevant now," wrote Apple app search lead Debankur Naskar, after the company was confronted by Epic Games CEO Tim Sweeney over Apple's Files app showing up first when searching for Dropbox. "Dropbox wasn't even visible on the first page [of search results]," Sweeney wrote. As you'll see, Naskar suggested that Files had been intentionally boosted for that exact search result during the "last WWDC." That would have been WWDC 2017, nearly a year earlier, when the Files apps first debuted. The email chain actually reflects fairly well on Apple overall. Apple's Matt Fischer (VP of the App Store) clearly objects to the idea at first. "[W]ho green lit putting the Files app above Dropbox in organic search results? I didn't know we did that, and I don't think we should," he says. But he does end the conversation with "In the future, I want any similar requests to come to me for review/approval," suggesting that he's not entirely ruling out manual overrides. But Apple tells The Verge that what we think we're seeing in these emails isn't quite accurate. While Apple didn't challenge the idea that Files was unfairly ranked over Dropbox, the company says the reality was a simple mistake: the Files app had a Dropbox integration, so Apple put "Dropbox" into the app's metadata, and it was automatically ranked higher for "Dropbox" searches as a result. I'm slightly skeptical of that explanation -- partially because it doesn't line up with what Naskar suggests in the email, partially because Apple also told me it immediately fixed the error (despite it apparently continuing to exist for 11 months, hardly immediate), and partially because the company repeatedly ignored my questions about whether this has ever happened with other apps before. The most Apple would tell me is that it didn't manually boost Files over competitors, and that "we do not advantage our apps over those of any developer or competitor" as a general rule.

Read more of this story at Slashdot.

Apple's text selection magnifying glass has reappeared in the iOS 15 beta, and Apple's own site confirms its return by listing it as a feature. The Verge reports: Bringing the feature back is a reversal from when Apple made the decision to dump it in iOS 13, which is a bit of a rare occurrence... The new version of the text magnifier seems to be a bit smaller than the old one (in case you've forgotten what it used to look like, you can see a great demonstration here), but it's at least better than the nothing that appears in iOS 13 and 14. It will, at the very least, solve the biggest problem with the current selection system: that your thumb is covering the text you're trying to select, which makes it a little difficult to see what's being selected until you pick your thumb up from the screen. Then, if you're like me, you'll probably sigh seeing that the wrong thing is selected, then struggle with the text selection handles to try to highlight what you were actually going for (squinting at the small screen the whole time).

Read more of this story at Slashdot.

An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. MacRumors reports: According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device to iOS 14.5. The data is based on a sampling of 2.5 million daily mobile active users. When looking at users worldwide who allow app tracking, the figure rises to 12% of users in a 5.3 million user sample size. With the release of iOS 14.5, apps must now ask for and receive user permission before they can access a device's random advertising identifier, which is used to track user activity across apps and websites. Users can either enable or disable the ability for apps to ask to track them. Apple disables the setting by default. Since the update almost two weeks ago, Flurry's figures show a stable rate of app-tracking opt-outs, with the worldwide figure hovering between 11-13%, and 2-5% in the U.S. The challenge for the personalized ads market will be significant if the first two weeks end up reflecting a long-term trend.

Read more of this story at Slashdot.

On iOS, Apple wants all the browsers to run WebKit. Even Google Chrome is forced to use WebKit on iOS devices. Alex Russel, Google's engineer, in a blog post outlines his case: Apple's iOS browser (Safari) and engine (WebKit) are uniquely under-powered. Consistent delays in the delivery of important features ensure the web can never be a credible alternative to its proprietary tools and App Store. Alex has cited an example of this by mentioning Stadia and other cloud gaming services. Apple did not allow those services to be available on the App Store and pushed them to use the web instead, which requires Apple to allow gamepad APIs so controllers can be used with these new web apps. That is a function that other browsers have offered for a long time except on iOS. He writes: Suppose Apple had implemented WebRTC and the Gamepad API in a timely way. Who can say if the game streaming revolution now taking place might have happened sooner? It's possible that Amazon Luna, NVIDIA GeForce NOW, Google Stadia, and Microsoft xCloud could have been built years earlier. It's also possible that APIs delivered on every other platform, but not yet available on any iOS browser (because Apple), may hold the key to unlocking whole categories of experiences on the web. Blog WCCFTech adds: Alex has also talked about how iOS browsers are underpowered in several other places compared to the competition. For starters, iOS browsers lack push notifications, standardized Progressive Web App (PWA) install buttons, background sync, and numerous other tools that make it easier for developers to make fully functional web apps. Access to hardware such as Bluetooth, USB, and NFC are also not easily available. Last but not least, the royalty-free AV1 standard is also not available.

Read more of this story at Slashdot.

Apple on Monday released iOS 14.5, which bring a range of new features to iPhone, including the ability to unlock iPhone with Apple Watch while wearing a face mask, more diverse Siri voices, new privacy controls, skin tone options to better represent couples in emoji, and much more. iOS 14.5 builds on the reimagined iPhone experience introduced in iOS 14, and is available today as a free software update. Regarding the new privacy controls, Apple has described it as: App Tracking Transparency requires apps to get the user's permission before tracking their data across apps or websites owned by other companies for advertising, or sharing their data with data brokers. Apps can prompt users for permission, and in Settings, users will be able to see which apps have requested permission to track so they can make changes to their choice at any time.

Read more of this story at Slashdot.

iOS 14 has brought several new privacy features, and there are more to come with App Tracking Transparency -- which will let users opt out of being tracked by apps. From a report: As the launch of this new option approaches, Apple has begun to reject apps using third-party SDKs that collect user data without consent. Developers can implement some SDKs that help them track users by a method called "device fingerprinting," which uses multiple attributes such as the device model, IP address, and other data to identify a person across the internet. Apps often use this data for deep analysis about their audience or to sell advertisements. While tracking the user is not exactly illegal, Apple wants to put an end to apps that do this without explicit consent. As noted by analyst Eric Seufert, the company is now rejecting any apps using the Adjust SDK, which is one of those SDKs that provides device fingerprinting. There would be no problem for these developers if the Adjust SDK complied with Apple's new privacy guidelines, but this doesn't seem to be the case. Seufert detailed to 9to5Mac that the Adjust SDK not only doesn't have an option for users to opt out of being tracked, but has also been suggesting alternatives for developers to continue tracking users once Apple enables App Tracking Transparency. Snap has explored how it can circumvent new privacy rules for iPhones, Financial Times reported Friday.

Read more of this story at Slashdot.

In 2019 Purism launched a suite of privacy-protecting, no-tracking apps and services named Librem One. And it included an encrypted, no-logging, virtual private network tunnel named Librem Tunnel. Unfortunately, "Recently we've been forced to remove Librem Tunnel from iOS due to their unfair policies," explains a post this week on Purism's blog: Apple's policy is that applications that make in-app purchases or offer subscriptions using Apple's payment platform pay Apple 30% of their revenue. The justification behind that fee is that companies are benefiting from all of the work Apple has put into its payments platform and so the fee helps them maintain that payments infrastructure while saving app developers from having to implement their own payment or subscription infrastructure... Recently our VPN endpoints have changed, which required us to update the Librem Tunnel application. Unfortunately our attempts to push an update were blocked, because Apple saw that the application was a VPN, which flagged it to check whether it was a subscription service (which VPNs frequently are). Even though Librem Tunnel is just part of the overall Librem One offering, because it's part of a subscription service, Apple is requiring us to add the ability to sign up and pay for Librem One subscriptions within the Librem Tunnel app before they will allow updated versions into the App Store. Why are they making that requirement even though we already have our own independent payment infrastructure? Because once that app allows in-app purchases, Apple can then automatically take their 30% cut. We do not accept these kinds of monopolistic practices, nor do we want to fund them through our own customers. Since Apple does not allow alternatives to the App Store on their platform, we have no choice but to remove Librem Tunnel from iOS, until such time Apple changes their policies either on their own, or through government intervention. For their existing users on iOS, "Because Librem Tunnel uses the standard, open, OpenVPN protocol, we have been working with customers to apply their OpenVPN configuration to a different iOS OpenVPN client."

Read more of this story at Slashdot.

Security researchers have uncovered a new type of macOS malware that has been used in the wild to attack iOS software developers through trojanized Xcode projects. From a report: Named XcodeSpy, the malware consists of a malicious Run Script that was added to a legitimate Xcode project named TabBarInteraction. Security firm SentinelOne, which analyzed the malware in a report published today and shared with The Record, said the malicious script ran every time the Xcode project was built, installing a LaunchAgent for reboot persistence and then downloading a second payload, a macOS backdoor named EggShell. "The backdoor has functionality for recording the victim's microphone, camera and keyboard, as well as the ability to upload and download files," said Phil Stokes, macOS malware researcher at SentinelOne. While the XcodeSpy server infrastructure that controlled the LaunchAgent was down, Stokes said they were able to discover several instances of the EggShell backdoor uploaded on the VirusTotal web-based malware scanner. Stokes said SentinelOne first learned of this malware following a tip from an anonymous researcher, who found an instance of the EggShell backdoor on the network of a US-based company. "The victim reported that they are repeatedly targeted by North Korean APT actors and the infection came to light as part of their regular threat hunting activities," Stokes said, but the researcher told The Record they were not able to definitively link the malware to a nation-state operation beyond a reasonable doubt.

Read more of this story at Slashdot.

It turns out that Apple's iOS 14.5 update won't actually let you change your default music service that you use with Siri. Engadget reports: Beta users had originally noticed that it appeared as if early versions of the update might allow you to change the default service that launches when you ask Siri to play a song. This meant that rather than specifying a third-party music app with each request, Siri would remember your preference and launch with the service you had originally specified. While all that still seems to be the case, TechCrunch reports that Apple has apparently "clarified" that it "doesn't consider this feature the equivalent to 'setting a default.'" That's because the feature relies on "Siri intelligence," which can track your music-listening habits over time and predict which app you're more likely to want at that moment. For users, that may certainly feel as if you've changed your default music player, but there's still no way to do that on iOS.

Read more of this story at Slashdot.

Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version, 14.5, meaning it is currently slated to be added to the final release. Several security researchers who specialize in finding vulnerabilities in and crafting exploits for iOS believe this new mitigation will make it much harder for hackers to take control of an iPhone with a technique known as a zero-click (or 0-click) exploit, which allows a hacker to take over an iPhone with no interaction from the target. Apple also told Motherboard it believes the changes will impact 0-click attacks. "It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder," a source who develops exploits for government customers told Motherboard, referring to "sandboxes" which isolate applications from each other in an attempt to stop code from one program interacting with the wider operating system. Motherboard granted multiple exploit developers anonymity to speak more candidly about sensitive industry issues. Like the name suggests, zero-click attacks allow hackers to break into a target without needing the victim to interact with anything, such as a malicious phishing link. This means that the attack is generally harder for the targeted user to detect. These are generally very sophisticated attacks. These attacks may now become much rarer, according to several security researchers who look for vulnerabilities in iOS.

Read more of this story at Slashdot.