Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...

A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.

The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn't very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).

Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS' graphics processing library, eventually leading to a crash of the mobile OS altogether.

Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.

This link will crash your iOS device, while this link will show the source code behind the vulnerability. Haddouche also tweeted a video of the vulnerability crashing his phone:

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Mikrofon kann nach Update auf iOS 11.3 kaputt sein

Das Update auf iOS 11.3 macht bei einigen Besitzern eines iPhone 7 oder iPhone 7 Plus Probleme. Das Mikrofon am Smartphone funktioniert dann nicht mehr einwandfrei. In einem solchen Fall kann eine Reparatur notwendig sein.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Apple released updates on Monday that will protect owners of iPhones, iPads, iMacs, MacBooks, iMac Pros, Apple Watches, and (phew!) Apple TVs from having toerags crash their devices.

The bizarre bug was in how Apple products handled a Unicode symbol representing a letter from the south Indian language of Telugu.

When, for instance, vulnerable versions of iOS displayed the character they would get their knickers in a twist, causing the app to crash.

Fortunately updating Apple operating systems is a pretty painless process.

For instance, on an iMac you just need to open App Store, and select Updates to see what updates are waiting to be installed.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Telugu+Character

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=iOS

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Longstoryshort, Holmes was able to copy this API token, paste it into his own web requests, and get read-and-write access to much of Homebrew’s GitHub content.

As he explains in his post, he could have hacked pretty much any Homebrew package, thereby infecting any and every Mac user who installed or updated that package – or, of course, any other package that depended on it.

And, as Holmes wryly pointed out, the most downloaded package in the last 30 days at Homebrew is itself all about cybersecurity: openssl, with more than half-a-million installs last month.

That’s a lot of Brew users – and by implication a lot of developers who themselves build software for distribution to other people – whom he could have put on the spot.

What to do?
If you’re a Brew user, there’s no need for alarm and no immediate action you need to take.

Holmes disclosed this responsibly to the Homebrew crew, who fixed the issue right away – within a few hours, in fact – and published a short, frank and informative disclosure notice.

As in the case of Gentoo’s recent supply-chain breach, the disclosure notice is worth reading whether the incident directly affects you or not.

Howebrew included some security precautions that the team is planning to add, and why.

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Nobody+is+perfect

Ob iPhone, Mac oder der neue HomePod: Bei sämtlichen Apple-Geräten gibt es Probleme. Und zahlt dafür dann einen Haufen Geld. So kann das nicht weitergehen!

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

For a number of iPhone owners iOS 11.2.2 is throttling performance by as much as 50%. I exclusively picked up on this trend in my iOS 11.2.2 Upgrade Guide yesterday as users were not just subjectively reporting their iPhones and iPads felt slower, but being able to demonstrate it with before and after benchmark scores (1, 2, 3, 4, 5, etc).

I was subsequently contacted by tech developer Melvin Mughal who, having read my Guide, decided to document a detailed breakdown of how his iPhone 6 performed before and after updating to iOS 11.2.2. For him the impact was dramatic.

Across over 30 single-core and multi-core benchmarks, Mughal found single-core and multi-core performance of his iPhone 6 fell by an average of 41% and 39% after updating to iOS 11.2.2. The results are broken down on his blog. It is worth pointing out Mughal upgrade to iOS 11.2.2 from iOS 11.1.2 not iOS 11.2.1, but that shouldn't be relevant as the throttling Apple introduced in iOS 11.2 was specifically for the iPhone 7 only. 

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security