Silent Mac update nukes dangerous webserver installed by Zoom

Silent Mac update nukes dangerous webserver installed by Zoom

Enlarge (credit: Kena Betancur/Getty Images)

Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac.

The webserver accepts connections from any device connected to the same local network, a security researcher disclosed on Monday. The server continues to run even when a Mac user uninstalls Zoom. The researcher showed how the webserver can be abused by people on the same network to force Macs to reinstall the conferencing app. Zoom issued an emergency patch on Tuesday in response to blistering criticism from security researchers and end users.

Apple on Wednesday issued an update of its own, a company representative speaking on background told Ars. The update ensures the webserver is removed—even if users have uninstalled Zoom or haven’t installed Tuesday’s update. Apple delivered the silent update automatically, meaning there was no notification or action

Read the rest Continue Reading
Catalyst deep dive: The future of Mac software according to Apple and devs

Catalyst deep dive: The future of Mac software according to Apple and devs

Enlarge / Twitter returns to the Mac via Apple’s Project Catalyst. (credit: Apple)

SAN JOSE, Calif.—When Apple revealed macOS Catalina at WWDC this month, one related announcement drew considerable interest from Mac users and developers alike: a new way to turn iPad apps into fully native Mac apps.

Dubbed Project Catalyst, it promised to increase the number of quality native apps on the Mac platform by leveraging developers’ existing work in the arguably more robust iOS (and now, iPadOS) app ecosystem. But it does raise questions: what does this mean for Mac users’ future experiences? Will this change the type of software made for Macs? Is Apple’s ecosystem a mobile-first one?

Then there are developer concerns: is Catalyst just a stepping stone to SwiftUI? What challenges can devs expect when adapting their iPad apps for the Mac?

Read 93 remaining paragraphs | Comments

Source link Read the rest

Continue Reading
In-the-wild Mac malware kept busy in June—here’s a rundown

In-the-wild Mac malware kept busy in June—here’s a rundown

June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS.

The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that’s available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe’s Flash media player, but it’s in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.

“The team at Intego has observed OSX/CrescentCore in the wild being distributed via numerous sites,” Intego’s Joshua Long wrote of two separate versions of the malware his company has found. “Mac users should beware that they may encounter it, even via seemingly innocuous sources such as Google search results.”

Read 7 remaining Read the rest

Continue Reading
If you haven’t patched Vim or NeoVim text editors, you really, really should

If you haven’t patched Vim or NeoVim text editors, you really, really should

Enlarge (credit: unknown)

A recently patched vulnerability in text editors preinstalled in a variety of Linux distributions allows hackers to take control of computers when users open a malicious text file. The latest version of Apple’s macOS is continuing to use a vulnerable version, although attacks only work when users have changed a default setting that enables a feature called modelines.

Vim and its forked derivative, NeoVim, contained a flaw that resided in modelines. This feature lets users specify window dimensions and other custom options near the start or end of a text file. While modelines restricts the commands available and runs them inside a sandbox that’s cordoned off from the operating system, researcher Armin Razmjou noticed the source! command (including the bang on the end) bypassed that protection.

“It reads and executes commands from a given file as if typed manually, running them after the sandbox has been

Read the rest Continue Reading
The clever cryptography behind Apple’s “Find My” feature

The clever cryptography behind Apple’s “Find My” feature

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. (credit: Samuel Axon)

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company’s Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security experts immediately wondered whether Find My would also offer a new opportunity to track unwitting users, Apple says it built the feature on a unique encryption system carefully designed to prevent exactly that sort of tracking—even by Apple itself.

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they’re offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it’s sleeping in a thief’s bag. And it turns out

Read the rest Continue Reading
Our first-look photos of Apple’s new Mac Pro and the Pro Display XDR

Our first-look photos of Apple’s new Mac Pro and the Pro Display XDR

Enlarge / Okay, from this angle, it really does look like an ultra-shiny cheese grater. (credit: Samuel Axon)

SAN JOSE, Calif.—Today, Apple introduced two very expensive pieces of pro-targeted hardware: the Mac Pro, and the Pro Display XDR. While we were not offered an opportunity to get any hands-on time with them, we did see behind-closed-doors live demonstrations and get an opportunity to photograph them both.

Apple is positioning these as direct competitors to the sort of video editing bay hardware that costs tens of thousands of dollars, not as mass-market consumer products. Judged on that scale, these seem like great bargains, albeit only for a few people in specialized fields.

The big surprise is the modular Mac Pro, so let’s start there.

Read 14 remaining paragraphs | Comments

Source link Read the rest

Continue Reading
Apple will soon kill off iTunes and, with it, an entire era of music history

Apple will soon kill off iTunes and, with it, an entire era of music history

Enlarge / The new Apple Podcasts app for Mac. (credit: Ron Amadeo)

SAN JOSE, Calif.—As part of a slate of upcoming software updates, Apple will close the door on one of its most iconic pieces of software: iTunes. The company will split the application up into multiple, more-focused apps on the Mac: Apple Music for music, Apple TV for TV and movies, and Apple Podcasts for podcasts.

iTunes—a program for managing your media library, listening to songs, and buying new content—played a key part in the digital revolution of the 2000s after it first launched in 2001. Its impact started with music. iTunes was partly credited with slowing the severe bleeding to piracy the recording industry faced amid the popularity of the MP3 boom on peer-to-peer file-sharing applications like Napster. And the program was also the home base for the iPod, one of the first of many products

Read the rest Continue Reading
Apple shares its vision for macOS 10.15 Catalina: Cross-platform apps are key

Apple shares its vision for macOS 10.15 Catalina: Cross-platform apps are key

SAN JOSE, Calif.—The next major operating system update for Apple’s Mac computers will bring new apps, a handful of quality life improvements, and, most importantly, a far-reaching initiative to (at least partially) unify the app-development process across devices running iOS and macOS. This new initiative is at the heart of Apple’s future macOS strategy and is a cornerstone of the newly announced macOS 10.15 Catalina update.

Here’s what we learned at the company’s Worldwide Developers Conference today.

Apple hopes the initiative will rejuvenate a slow-moving Mac app store and native software ecosystem. The initiative will do so by making it easier for developers for the iPhone and iPad App Store—one of the most robust software platforms in the world—to release their iOS applications on the Mac with minimal additional development time. Currently, developers have

Read the rest Continue Reading
The WWDC Liveblog: All the OS details from Apple’s annual keynote

The WWDC Liveblog: All the OS details from Apple’s annual keynote

Enlarge / Neon emoji and animoji images accompanied the invites to press. (credit: Apple)

Liveblog starts in:

View Liveblog

At 10am PDT (1pm EDT, 5pm GMT) on Monday, June 3, 2018, Apple will host its “special event”—or as we’ve long called it, the keynote—to kick off the 2019 Worldwide Developers Conference. In front of an audience of press and developers, the company is expected to share details about its upcoming major annual operating system updates for iPhones, iPads, Macs, Apple Watches, and other products.

Ars will once again be on the scene at WWDC in San Jose, and on Monday we’ll be sharing live updates throughout keynote in our liveblog—just come back here a few minutes before the event starts to follow along.

The main focus is expected to be iOS 13, the new version of Apple’s software for iPhones. Previous leaks and reports have suggested a number of

Read the rest Continue Reading
What to expect from Apple’s WWDC 2019 keynote next week

What to expect from Apple’s WWDC 2019 keynote next week

Enlarge / Neon emoji and animoji images accompanied the invites to press. (credit: Apple)

Apple’s Worldwide Developers Conference (WWDC) starts this Monday, June 3, with a stage presentation by Apple executives at 10am Pacific Time. WWDC is usually one of the two biggest Apple events of the year (the other is the now-recurring iPhone/Apple Watch event in the fall), and it generally focuses on software.

It has become tradition for Apple to introduce new versions of its operating systems to developers at WWDC. Those systems include iOS for iPhone, iPad, and iPod; macOS for Mac; watchOS for Apple Watch; and tvOS for Apple TV and Apple TV 4K. In fact, these are some of the primary purposes of the event. So you can expect to see detailed presentations during Apple’s keynote on each of those, plus deeper dives for developers in the various sessions at the convention center, which

Read the rest Continue Reading