Apple’s iOS 8.2 eliminated the FREAK security flaw in Safari, but FireEye researchers found a handful of popular iOS apps are still vulnerable to attack even when running on iOS 8.2. Hundreds of others still connect to vulnerable HTTPS servers, leaving them open to attack when running on iOS versions lower than iOS 8.2. Shopping, medical and finance apps were all mentioned as possible targets in FireEye’s plea for app developers to remedy the lingering issues.
A new device allows users to access a locked device running iOS 8.1 through a brute-force attack, even with the “Erase data after 10 attempts” setting on, according to security company MDSec. The IP Box — available in England for £200 (about $293) — bypasses Apple’s security measures by cutting the iPhone’s power after each failed attempt at guessing the PIN, shutting down the phone before the attempt can be logged in flash memory. This method allows the device to break a four-digit PIN in approximately 111 hours. The vulnerability could be the issue noted in CVE-2014-4451 and addressed in Apple’s iOS 8.1.1 update, but MDSec recommends users create a “sufficiently complex” password rather than a simple PIN to protect their data regardless. [via Daring Fireball]
Microsoft plans to bring Cortana, its Windows phone personal assistant technology, to both Apple and Android devices, Reuters reports. The company is reported to be developing an advanced version of its Siri competitor based on an artificial intelligence project it has dubbed “Einstein.” Microsoft’s new CEO, Satya Nadella, has been more aggressively opening up the company’s software to non-Windows platforms, eschewing Microsoft’s traditional approach of forcing customers into using its Windows operating system. Cortana debuted on Windows phones last year, and will be coming to the desktop with Windows 10 later this year. According to people familiar with the project, Microsoft also plans to release a standalone iOS app version of the technology. New technology in Cortana to be rolled out this fall is expected to incorporate more advanced features, such as the ability to read and understand e-mail and more accurately anticipate user needs, rather than simply responding to requests as Siri does.
Apple has released its third beta of iOS 8.3 to registered developers, following the public release earlier this week of iOS 8.2 to support the upcoming Apple Watch. This latest beta features a build number of 12F5047f and details few changes in the release notes from the prior beta, with minor issues related to CarPlay, WatchKit, and LTE Voice. As expected, this beta also adds the Apple Watch app and related settings that were introduced earlier this week in iOS 8.2. This update is also accompanied by a new beta of the Apple TV Software, although it is unclear what has changed in that particular version as Apple TV betas are generally not accompanied by release notes.
Despite reports that Apple would release a public beta of iOS 8.3 around this time, there has been no indication from Apple of a public beta program starting as of yet — as with previous iOS betas, iOS 8.3 beta 3 remains available to registered developers only.
Update: The iOS Public Beta program is now available at Apple’s Beta Software Program site. Some of the information in the FAQ appears to have been updated to include instructions for backing up and installing on iOS devices, but the ability to actually register for, download, and install the beta version does not yet seem to be available for all users.
Researchers with ties to the CIA have been working for years to crack the security on iPhones and iPads, The Intercept reports. The researchers presented their latest achievements at the “Jamboree,” a secret annual gathering where attendees swap strategies for breaking into commercial and household electronics. Hackers discussed attempts to crack the security keys used to encrypt data on Apple devices, as well as efforts to modify the OS X updater and Apple’s proprietary software development tool, Xcode, to insert malicious code onto Apple devices. If successful, these breaches would allow hackers to intercept messages, steal passwords and even possibly “force all iOS applications to send embedded data to a listening post.”
Documents from 2010 to 2012 given to The Intercept by Edward Snowden note that researchers were “particularly intent” on extracting encryption keys for Apple products, but “do not address how successful the targeting of Apple’s encryption mechanisms have been, nor do they provide any detail about the specific use of such exploits by U.S. intelligence.” Neither the CIA nor Apple commented on the story, but Apple CEO Tim Cook has long touted privacy as a core value and has previously criticized the actions of U.S. intelligence agencies and law enforcement on such matters.
During today’s “Spring Forward” event, Apple CEO Tim Cook announced that iOS 8.2 is being released today. The new update includes an Apple Watch app that will provide access to the App Store for the new wearable device, as well as the ability to configure settings, transfer apps to the Apple Watch, and even watch information and preview videos on the Apple Watch before buying one. iOS 8.2 is expected to be available for download through the normal software update mechanisms later today.
Update: iOS 8.2 includes a patch to remedy the FREAK security flaw.
Apple’s release plans for a 12.9-inch iPad have been pushed back to later this year, according to multiple reports. Production of the device will start “around September” due to display panel delays, Bloomberg reports. Initially, Apple was set to start manufacturing the larger device this quarter.
A report from The Wall Street Journal also notes production will start in this year’s second half. However, this report makes no mention of display panel issues, instead noting that Apple is considering “new designs and features for the enterprise market.” Apple could reportedly add USB 3.0 ports, keyboard and mouse ports to the larger iPad.
Criminals who stole iPhones and iPads are phishing for iCloud information from the very people they robbed in a new scam, according to Symantec’s security blog. Some users with lost or stolen devices have reportedly received messages informing them that their device has been found — these users are then sent links to fraudulent websites that often incorporate the word “icloud” into the URL and are made to look like the real iCloud login page. Once the thieves have the user’s iCloud credentials, they’re able to turn off Lost Mode and use or sell the device. Symantec warns users with lost devices to be wary when receiving unsolicited messages and to carefully examine URLs before entering any information. [via MacWorld]
Apple has released a second beta of iOS 8.3 to registered developers, continuing its parallel iOS 8.3 beta cycle which started earlier this month alongside the iOS 8.2 betas. This latest beta features a build number of 12F5037c and details few changes in the release notes from the prior beta. According to a report last week, Apple plans to begin releasing public betas with iOS 8.3 sometime in March; this second developer beta is likely the last for this version prior to the beginning of the public beta cycle.
Apple plans to begin releasing new versions of iOS as public betas, according to a new report by 9to5Mac. Intended to help eliminate bugs from upcoming iOS versions before general release, the model will follow the one used by Apple for OS X Yosemite last summer — a public beta cycle that will begin following the early developer betas, running in tandem with the developer program up until general availability of the new operating system. The report notes that Apple intends to begin the new program with the release of the upcoming iOS 8.3 update as a public beta in March, aligned with the third developer beta release of that version; iOS 9 will also allegedly follow a similar schedule to last year’s OS X Yosemite releases, with an announcement at WWDC and the beginning of the developer beta program, followed by a public beta in mid-summer, and the normal final release in the fall. The iOS public beta program is expected to be limited to 100,000 users “in order to maintain a higher level of exclusivity.”
Apple has extended its two-step verification feature to include authentication of FaceTime and iMessage logins, The Guardian reports. First introduced in early 2013, Apple’s two-step verification requires users to enter a verification code that appears on a trusted iPhone, iPad, or iPod touch when signing in with their Apple ID and password, providing an extra layer of protection against compromised or hacked passwords. The security feature has been enabled for direct iCloud account features since its introduction, although other services continued to only require a standard password for access.
Apple has announced that developers can now submit applications up to 4GB in size to the App Store, an increase from the prior 2GB limit. This will allow developers of media-rich apps and games to include more content directly within their app, as opposed to using over-the-air downloads — a process that some developers previously relied on in order to provide content beyond that which could be included in the App Store download itself. The announcement notes that the cellular network delivery size limit of 100MB remains unchanged, however, meaning that larger apps will need to either be downloaded over Wi-Fi or synced via iTunes.
iPhone thefts have been dropping dramatically in at least three major cities since Apple introduced its Activation Lock feature in 2013, Reuters reports. Specifically, the number of stolen iPhones in San Francisco has reportedly dropped by 40 percent, while the number of iPhone thefts in New York has dropped by 25 percent, and smartphone theft in general has dropped by half in London. The drop is believed to be a direct result of the anti-theft features that Apple added to iOS 7 in September 2013, which effectively “locked” an iOS device to its owner, preventing a stolen device from being used without entering the original user’s Apple ID and password. Supplementing the “Find My iPhone” feature introduced by Apple some time ago, the new Activation Lock feature essentially turns a stolen iPhone into a useless brick, reducing the motivation for theft. With smartphone theft now accounting for half of all crimes in cities like San Francisco, several U.S. states are considering laws mandating the use of similar “kill switches” in smartphones — California passed a smartphone “kill switch” law last year that has yet to go into effect. While Samsung and Google have added a similar feature, only Apple currently has it setup to be enabled by default.
In addition to the iOS 8.3 beta released earlier today, a new report from 9to5Mac indicates that Apple has also begun development on iOS 8.4 in parallel. Codenamed “Copper,” iOS 8.4 is expected to be released sometime after the Apple Watch debuts, and sources indicate that support for Apple’s upcoming streaming music service may also be incorporated into this release.
In an unusual move, Apple has released a new beta of iOS 8.3 to registered developers, alongside the fifth beta of iOS 8.2 seeded last week. This latest beta features a build number of 12F5027d, and includes extremely sparse release notes noting some minor issues with CarPlay and WatchKit. The parallel release of this newer iOS beta suggests that iOS 8.2 has likely reached a freeze point and will be released soon, while Apple wants to allow developers to get an early start on working with the new iOS 8.3 development environment as soon as possible. Notably, this latest version is also accompanied by an Xcode 6.3 beta that incorporates version 1.2 of the new Swift development language, noting “a number of noteworthy changes to the language” as well as a migrator for moving existing code to Swift 1.2 and “enhancements that ease interoperability between Swift and Objective-C code.”
Apple’s next major iOS update will be primarily focused on delivering stability, optimization, and performance improvements, according to a new report from 9to5Mac. While most major iOS updates have released at least a few landmark features, the rapid development pace has reportedly taken a toll on the operating system’s overall performance as engineering teams have been more focused on delivering new features than polishing existing ones. With iOS 9, Apple is apparently going to focus primarily on delivering under-the-hood improvements; fixing bugs and improving stability and performance, while also striving to keep the size of the OS manageable to accommodate users with lower-capacity devices.
The report speculates that it’s possible Apple may even limit iOS 9 support to newer 64-bit devices, essentially discontinuing support for the iPhone 5c, iPod touch, and first-generation iPad mini. This approach would be similar to the one Apple took with OS X Snow Leopard a few years ago, but it’s expected that Apple may still debut some new iOS features, such as Transit and Indoor mapping modes for its Maps app. However, features like these would be more dependent on back-end services than forming key new iOS components.
According to Apple’s developer website, approximately 72 percent of devices are now running iOS 8 as of February 2, 2015. While this number is up dramatically from estimates made in late September, it’s still lower than the 80 percent adoption rate of iOS 7 reported around this time last year. These latest statistics report that the majority of the remaining devices are still running iOS 7, and approximately 3 percent of iOS devices operate on some prior version. As not all devices are upgradeable to the latest iOS versions, this also includes users who may be unable to upgrade without purchasing a newer device. It’s also worth noting that these numbers are intended for developers and only include devices that actively connect to the App Store, suggesting that they may not be generalizable to the entire iOS user base.
Apple has released the fifth beta of iOS 8.2 to registered developers, featuring a build number of 12D5480a. As with other recent betas, this latest one appears to be primarily focused on continuing to refine the development environment for preparing apps for the upcoming debut of the Apple Watch. This latest beta is also accompanied by a beta version of updated software for the third-generation Apple TV.
Apple has officially released iOS 8.1.3 to the public, another relatively minor maintenance release that notes bug fixes, increased stability and performance improvements. The update also addresses problems some users have had signing into Messages and FaceTime, issues with Spotlight sometimes not displaying app results, and multitasking gesture fix for iPad users. The amount of free storage space required to perform an update has also been reduced, and new configuration options have been added for education standardized testing. iOS 8.1.3 is available as an over-the-air update or by updating via iTunes on a Mac or PC.
Apple has released the fourth beta of iOS 8.2 to registered developers. The latest release appears to add direct support for pairing an Apple Watch via Bluetooth, with a note in the standard Bluetooth settings directing users to use the “Apple Watch app” to do so. The note appears to link to the App Store, suggesting that an Apple Watch app could be available as a separate download that users will need to install, rather than being bundled with the future iOS 8.2 update.