Researchers at Skycure have exposed an SSL certificate security flaw allowing them to create a ‘No iOS Zone’ where most apps on iPhones and iPads running iOS 8 will crash while connecting to the Internet, even crashing the devices themselves in some cases. While the exploit is normally triggered by users manually joining these rogue Wi-Fi networks, hackers can also take advantage of the WiFiGate vulnerability to create fake Wi-Fi networks with names that iOS devices on some carriers will automatically join — for example any iPhone on AT&T will join any nearby Wi-Fi network with the name “attwifi” without requiring any user interaction. Once the device is connected, either automatically or manually by the user, apps attempting to make a secure connection with a server will crash. Heavy use of the device while it is exposed to the fake Wi-Fi location can even cause the device’s OS to crash. In some instances that crash led to a repeatable boot cycle, rendering the device useless while within range of the fake Wi-Fi hotspot. Users can avoid the problem by disconnecting from the offending Wi-Fi network and generally avoiding connecting to suspicious free Wi-Fi networks, although in the case of carrier-defined Wi-Fi networks, the user may be required to move out of range of the Wi-Fi network entirely, as many of these carrier settings cannot be overridden. Skycure has reported the problem to Apple and speculates that iOS 8.3 may have fixed some of the underlying issues. [via 9to5Mac]
Google has announced that the YouTube app will cease to function starting in May for iOS devices running an OS older than iOS 7 — this likely refers to the older Apple-developed YouTube app that was discontinued in iOS 6. The change also impacts second-generation and older Apple TV units, which won’t be able to access YouTube starting in May unless Apple chooses to provide a software update for the older model. Users of the YouTube app on these older devices are already seeing a video notifying them of the change, but the app is still functional for now. In early May, users will only see the notification video, and will be unable to access any video content through the app. Google’s support page has directed users of older iOS versions to visit YouTube’s mobile site to view videos. Notably, Google’s official YouTube app for iOS remains listed as compatible with “iOS 6.0 or later”, so it’s unclear why iOS 6 users may be unable to access YouTube unless Google simply plans to drop iOS 6 support in the native iOS app.
Leaked cases revealed by Sonny Dickson may provide some details on the design of the alleged larger “iPad Pro” currently under development at Apple. Examining cases that claim to be for the new device, the report speculates that the new device will resemble the current iPads, but include stereo speakers located on both the bottom and the top of the device. The case design also suggests that components such as iSight camera and Touch ID button remain in their expected positions. The case design would also seem to confirm earlier rumors that the new tablet may be equipped with multiple ports, although it remains unclear whether both of these will be Lightning ports, USB-C ports, or a combination of both. Possible measurements for the iPad Pro can also be discerned from the cases; assuming that these cases accurately reflect Apple’s specifications for the new device, they show that the iPad Pro may be slightly thicker than the iPad Air, at 7mm.
The Los Angeles Unified School District is looking to recover millions of dollars from Apple following the failure of an iPad-based curriculum program, the Los Angeles Times reports. Developed by Pearson, an educational consulting firm working as a sub-contractor to Apple, the $1.3-billion program was intended to provide iPads to every student, teacher, and school administrator. The devices began rolling out in the fall of 2013, however, the plan got off to a rocky start with declining political support, rising costs, and the resignation of the Superintendent who had spearheaded the initiative. Claims were later made that Apple and Pearson may have had an unfair advantage in the bidding process, leading to an FBI criminal investigation that remains in progress. The district suspended its contract with Apple last August.
Earlier this week, the Board of Education for the district held a closed-door meeting with its attorneys, authorizing them to look into possible litigation against both Apple and Pearson. According to district general counsel David Holmquist, new Superintendent Ramon Cortines “made the decision that he wanted to put them on notice, Pearson in particular, that he’s dissatisfied with their product.” Holmquist sent a letter to Apple on Monday making it clear that the district will no longer accept or pay for new deliveries of the curriculum and related equipment, or any services related to the project.
Update: The federal Securities and Exchange Commission has opened an informal inquiry into the project regarding the legal use of bond funds, the Los Angeles Times reports.
Samsung has created a team of about 200 employees working exclusively on displays for Apple, Bloomberg reports. The team provides screens for iPads and MacBooks, aids in product development, and only shares information about Apple’s business within the group, according to people with direct knowledge of the move. Even after years of legal fights between the two companies, Apple is Samsung’s biggest external customer, with Samsung set to produce Apple’s A9 processor for the next iPhone. LG, a rival for Apple’s display panel business, also has a dedicated team focused on Apple.
Less than a week after the public release of iOS 8.3, Apple has already begun the developer beta cycle of the next iOS update, with the release of the first iOS 8.4 beta to registered developers. As expected, iOS 8.4 appears to focus primarily on a redesigned Music experience to pave the way for Apple’s upcoming streaming music service, with a number of significant changes to the built-in Music app, paralleling some iTunes features such as Now Playing, Mini Player, and support for adding to and managing the Up Next queue.
The Music app redesign is apparently being overseen by Trent Reznor, the creative head at Beats Music, who has reportedly been working on a secret project at Apple since at least last fall. This first iOS 8.4 beta, featuring a build number of 12H4074d, is also accompanied by an Xcode 6.4 beta to support the new APIs and development environment, and notes about a dozen limitations with the new Music app at present.
It is expected that most of these are just issues related to the new Music app not being entirely finished in this first beta, and the app experience should improve through the remainder of the beta cycle.
Apple has publicly released iOS 8.3, noting more than 50 new fixes and improvements across areas such as Wi-Fi and Bluetooth, Messages, CarPlay, Family Sharing, Accessibility, Enterprise features, orientation and rotation features, and more. The update also boasts improved performance for launching apps, responsiveness of apps, Messages, Wi-Fi, Control Center, Safari tabs, third-party keyboards, and other features. Notably, with iOS 8.3, Apple has also removed the “beta” label from its iCloud Photo Library feature which debuted last fall, optimizing it to work with the new Photos app now available in OS X Yosemite 10.3.3. Other notable fixes and improvements include a new Emoji keyboard featuring over 300 new characters, the ability to filter out Messages not sent by people in your contacts list, a way to report junk iMessages directly from the Messages app, italic and underline formatting options on the iPhone 6 Plus landscape keyboard, and the ability to remove shipping and billing addresses used with Apple Pay. iOS 8.3 can be downloaded by going to the iOS Settings app and choosing General, Software Update, or by connecting your iOS device to iTunes and using the Check for Update option found on the iTunes device summary screen.
New photos and a video alleging to show the rear shell of the next-generation iPad mini have appeared on French blog nowhereelse.fr. The accompanying description notes that the shell includes two rows of ten holes for the speakers on either side of the Lightning port, differing from the number of holes on the current-generation iPad mini. Notably, the report also indicates that the lock switch has disappeared and the new shell appears more similar to the design of the iPad Air 2.
New images found on Weibo and posted by HDBlog.it may reveal some additional details about the rumored larger “iPad Pro” expected to be coming later this year. The images claim to show the edges and parts of the rear cover of the new iPad, ostensibly revealing a second Lightning port on the left side, a rear camera with the volume adjustment buttons, and the headphone jack and speaker grid. While the veracity of these images is completely unclear, the idea of a second Lightning port is not entirely unprecedented — early rumors for the original iPad suggested that the device would have an extra Dock Connector on the side for docking in either portrait or landscape mode, and an early iPad prototype with a second Dock Connector also later appeared on eBay, suggesting that Apple at one point considered the idea even for the original iPad. Apple has eschewed docks with more recent iPad models, however, it’s entirely possible that Apple may re-introduce a standalone dock or similar solution for the larger-screened iPad Pro.
Apple has released its fourth beta of iOS 8.3 to registered developers; it’s the second beta in the new iOS Public Beta program. This latest beta features a build number of 12F61 and details few changes in the release notes from the prior beta, with minor issues related to CarPlay, WatchKit, Spotlight and UIKit.
As with the third beta released earlier this month, this latest update is once again accompanied by a new beta build of the Apple TV Software, although it is unclear at this point what has changed in that particular version as Apple TV betas are generally not accompanied by release notes.
Apple’s iOS 8.2 eliminated the FREAK security flaw in Safari, but FireEye researchers found a handful of popular iOS apps are still vulnerable to attack even when running on iOS 8.2. Hundreds of others still connect to vulnerable HTTPS servers, leaving them open to attack when running on iOS versions lower than iOS 8.2. Shopping, medical and finance apps were all mentioned as possible targets in FireEye’s plea for app developers to remedy the lingering issues.
A new device allows users to access a locked device running iOS 8.1 through a brute-force attack, even with the “Erase data after 10 attempts” setting on, according to security company MDSec. The IP Box — available in England for £200 (about $293) — bypasses Apple’s security measures by cutting the iPhone’s power after each failed attempt at guessing the PIN, shutting down the phone before the attempt can be logged in flash memory. This method allows the device to break a four-digit PIN in approximately 111 hours. The vulnerability could be the issue noted in CVE-2014-4451 and addressed in Apple’s iOS 8.1.1 update, but MDSec recommends users create a “sufficiently complex” password rather than a simple PIN to protect their data regardless. [via Daring Fireball]
Microsoft plans to bring Cortana, its Windows phone personal assistant technology, to both Apple and Android devices, Reuters reports. The company is reported to be developing an advanced version of its Siri competitor based on an artificial intelligence project it has dubbed “Einstein.” Microsoft’s new CEO, Satya Nadella, has been more aggressively opening up the company’s software to non-Windows platforms, eschewing Microsoft’s traditional approach of forcing customers into using its Windows operating system. Cortana debuted on Windows phones last year, and will be coming to the desktop with Windows 10 later this year. According to people familiar with the project, Microsoft also plans to release a standalone iOS app version of the technology. New technology in Cortana to be rolled out this fall is expected to incorporate more advanced features, such as the ability to read and understand e-mail and more accurately anticipate user needs, rather than simply responding to requests as Siri does.
Apple has released its third beta of iOS 8.3 to registered developers, following the public release earlier this week of iOS 8.2 to support the upcoming Apple Watch. This latest beta features a build number of 12F5047f and details few changes in the release notes from the prior beta, with minor issues related to CarPlay, WatchKit, and LTE Voice. As expected, this beta also adds the Apple Watch app and related settings that were introduced earlier this week in iOS 8.2. This update is also accompanied by a new beta of the Apple TV Software, although it is unclear what has changed in that particular version as Apple TV betas are generally not accompanied by release notes.
Despite reports that Apple would release a public beta of iOS 8.3 around this time, there has been no indication from Apple of a public beta program starting as of yet — as with previous iOS betas, iOS 8.3 beta 3 remains available to registered developers only.
Update: The iOS Public Beta program is now available at Apple’s Beta Software Program site. Some of the information in the FAQ appears to have been updated to include instructions for backing up and installing on iOS devices, but the ability to actually register for, download, and install the beta version does not yet seem to be available for all users.
Researchers with ties to the CIA have been working for years to crack the security on iPhones and iPads, The Intercept reports. The researchers presented their latest achievements at the “Jamboree,” a secret annual gathering where attendees swap strategies for breaking into commercial and household electronics. Hackers discussed attempts to crack the security keys used to encrypt data on Apple devices, as well as efforts to modify the OS X updater and Apple’s proprietary software development tool, Xcode, to insert malicious code onto Apple devices. If successful, these breaches would allow hackers to intercept messages, steal passwords and even possibly “force all iOS applications to send embedded data to a listening post.”
Documents from 2010 to 2012 given to The Intercept by Edward Snowden note that researchers were “particularly intent” on extracting encryption keys for Apple products, but “do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence.” Neither the CIA nor Apple commented on the story, but Apple CEO Tim Cook has long touted privacy as a core value and has previously criticized the actions of U.S. intelligence agencies and law enforcement on such matters.
During today’s “Spring Forward” event, Apple CEO Tim Cook announced that iOS 8.2 is being released today. The new update includes an Apple Watch app that will provide access to the App Store for the new wearable device, as well as the ability to configure settings, transfer apps to the Apple Watch, and even watch information and preview videos on the Apple Watch before buying one. iOS 8.2 is expected to be available for download through the normal software update mechanisms later today.
Update: iOS 8.2 includes a patch to remedy the FREAK security flaw.
Apple’s release plans for a 12.9-inch iPad have been pushed back to later this year, according to multiple reports. Production of the device will start “around September” due to display panel delays, Bloomberg reports. Initially, Apple was set to start manufacturing the larger device this quarter.
A report from The Wall Street Journal also notes production will start in this year’s second half. However, this report makes no mention of display panel issues, instead noting that Apple is considering “new designs and features for the enterprise market.” Apple could reportedly add USB 3.0 ports, keyboard and mouse ports to the larger iPad.
Criminals who stole iPhones and iPads are phishing for iCloud information from the very people they robbed in a new scam, according to Symantec’s security blog. Some users with lost or stolen devices have reportedly received messages informing them that their device has been found — these users are then sent links to fraudulent websites that often incorporate the word “icloud” into the URL and are made to look like the real iCloud login page. Once the thieves have the user’s iCloud credentials, they’re able to turn off Lost Mode and use or sell the device. Symantec warns users with lost devices to be wary when receiving unsolicited messages and to carefully examine URLs before entering any information. [via MacWorld]
Apple has released a second beta of iOS 8.3 to registered developers, continuing its parallel iOS 8.3 beta cycle which started earlier this month alongside the iOS 8.2 betas. This latest beta features a build number of 12F5037c and details few changes in the release notes from the prior beta. According to a report last week, Apple plans to begin releasing public betas with iOS 8.3 sometime in March; this second developer beta is likely the last for this version prior to the beginning of the public beta cycle.
Apple plans to begin releasing new versions of iOS as public betas, according to a new report by 9to5Mac. Intended to help eliminate bugs from upcoming iOS versions before general release, the model will follow the one used by Apple for OS X Yosemite last summer — a public beta cycle that will begin following the early developer betas, running in tandem with the developer program up until general availability of the new operating system. The report notes that Apple intends to begin the new program with the release of the upcoming iOS 8.3 update as a public beta in March, aligned with the third developer beta release of that version; iOS 9 will also allegedly follow a similar schedule to last year’s OS X Yosemite releases, with an announcement at WWDC and the beginning of the developer beta program, followed by a public beta in mid-summer, and the normal final release in the fall. The iOS public beta program is expected to be limited to 100,000 users “in order to maintain a higher level of exclusivity.”