Wednesday Morning News

screen-shot-2014-11-11-at-12-19-47-pmA new security vulnerability has been discovered on Apple’s iOS platform, this time to do with certificate security regarding apps. The issue is because Apple doesn’t enforce certificates for apps with the same bundle identifier, it means non-legitimate apps installed via a provisioning profile can “take over” legitimate apps installed from the App Store. Ars Technica’s explanation of the threat says the same process can’t be used to overtake Apple’s own apps, such as Mobile Safari or Mail. Unlike WireLurker, which involved users jailbreaking their devices and circumventing Apple’s built-in security, this vulnerability works alongside Apple’s existing security measures on iOS.

I get that China is a very important market for Apple right now, but if Apple Pay is released in China due to a possible partnership between Apple and Alibaba before it’s released here, I’ll still be disappointed. That said, seeing as we’ve heard nothing from the big banks (usually an indication they’re hard at work on something) I’m guessing we’ll get Apple Pay sooner, rather than later.

A judge in the US has allowed a class-action lawsuit to be filed against Apple for missing text messages, and the news couldn’t come at a worse time given Apple’s iMessage de-registration tool released over the weekend. US District Judge Lucy Koh strikes again!

Apple has hired the developers from an app which was shut down due to a lack of funding. The developers of Pin Drop were hired by Apple, and MacRumors says it’s to do with Apple’s new R&D location in Cambridge, England.

There’s a long-standing bug with automatic brightness on iOS where if you turn off auto brightness, you can essentially double your battery life. Whether that’s to do with the brightness sensor being activated all the time or iOS being too over-zealous when it comes to display brightness is a good question, but a new patent from Apple hopes to improve on the current system by letting users define their own brightness levels for various environments. For example, you could have one brightness setting for indoor usage, and another for the great outdoors.

The latest aerial shot of Apple’s Campus 2 development project has been shown off by the City of Cupertino and Apple, and you can quite clearly see Apple have the circular structure down, with good progress being made on the foundations of what is now known as Apple’s spaceship campus.

Over at MacStories, Federico Vitticci is getting more work done on his iPad. But while he’s found Mail’s lack of extension support to be particularly vexing when productivity is at stake, he doesn’t believe Apple omitted the feature for some kind of security or enterprise concern, no, simply a lack of time.

TUAW checks out the SurfacePad from Twelve South, a super-thin flip-style case for the iPhone 6 and 6 Plus that also lets you carry two cards. For most of us that’d be some form of ID and a credit card, but with Apple Pay coming soon, you could ostensibly change the second card to be something else.

IMore has the ultimate guide to using Continuity for iPhone, iPad, and Mac, linking to a bunch of other Continuity-related guides from the site about getting it working and other cool tips and tricks.

Doom is coming to Apple, and it’s not a question of if, but when. So writes the Macalope, over at Macworld.

Notable Replies

  1. I love how all the news sites make massive deals out of these iOS security flaws, as if they’re going to strike you AT ANY TIME, when the reality is that you’d have to actively seek the flaw out and give it permission to run. That one a few weeks back was heralded as the biggest breach ever, but it was entirely dependent on the user going to a dodgy Chinese website, downloading pirated software, installing it, then allowing it access to an iOS device attached to their computer.

    Now we have this one, which relies on you installing an app that hasn’t come from the App Store, which apparently involves a popup saying ‘this is from an untrusted source, do you want to continue’.

    It’s kind of your fault if you blindly install anything you’re offered then wake up 2 days later in an icebath with your iPhone’s bluetooth module missing.

  2. Yeah, these attacks via social engineering is becoming a pretty serious issue. You can make computer systems as secure as you want, but at the end of the day, there’s a human sitting behind the computer keyboard with the power to screw everything up — and the worst thing is, the only real protection is a little common sense and constant vigilance.

    Which, let’s be honest, can be in short supply at the best of times.

Continue the discussion