Monday Morning News
Apple released iOS 12.1.4 last week, fixing an issue with Group FaceTime which allowed the calling party to surreptitiously listen in on their callee’s audio. The security content of iOS 12.1.4 tells us about all four CVEs included with the update, crediting both the teenager that first reported the issue to Apple, as well as Texas-based software engineer who also reported the issue to Apple. Apple also says they will be compensating 14-year old Grant Thompson for discovering the issue under Apple’s public bug bounty program, as well as contributing to his education.
Apple SVP of Retail Angela Ahrendts is planning to retire in April, and Apple has announced Deirdre O’Brien as her successor. As SVP of Retail and People, O’Brien’s expanded role will see her oversee both the HR and retail strategies of Apple, which may turn out to be a challenging task due to the nature of the ever-changing retail environment. As for Ahrendts, 9to5Mac’s attempt of making some sense out of her departure and the future of Apple retail has speculation on some of the changes that may need to be made by Apple in their attempt to push customers to shop in-store rather than online.
A security researcher has demonstrated a macOS exploit to access Keychain passwords. Linuz Henze’s KeySteal application can access Keychain passwords in both the Login and System keychains, but Henze has not released any details about the exploit to Apple or otherwise as a form of protest; he’s frustrated Apple doesn’t offer a macOS bug bounty program like they do for iOS.
TechCrunch reports that many popular iPhone apps secretly record your screen without asking, but what they really mean is that some apps include "session replay" capabilities that can include screenshots of various aspects of the app in question, which could expose sensitive user information like credit card and address details. Apple is now telling developers to disclose or remove screen recording code, as reported by TechCrunch in a follow-up piece.
Apple has paid 500 million Euros to France to cover a decade of back taxes, following pressure on Apple to pay back taxes to EU countries after exploiting legal loopholes to mitigate its taxes. While Apple’s financial situation following tax-related audits has not been made public, the French tax authority claims that we’ll see those records soon enough.
Anandtech’s review of the iPhone XR says that the LCD display technology used in this year’s slightly-cheaper iPhone lends itself to overall battery life. Even though the XR has a slightly smaller battery than the iPhone XS Max, it gets something like 25% more battery life due to LCD tech and the display’s lower resolution compared to its OLED counterparts.
John Gruber of Daring Fireball says you shouldn’t worry about physically covering your Mac’s webcam, despite a piece from the Wall Street Journal saying that someone was able to remotely access the webcams of both Windows and Mac laptops using off-the-shelf software. The LED indicator does a pretty good job of protecting you in those instances, and your own protections against malicious software should do the rest.
Yonks is a new app that counts time periods for both past and future events. If you’ve ever wanted to know how old you are (in any common time measure), how long since you’ve started a daily habit, or just want to count down to a particular date, then this is the app for you.
Carrot Weather gained support for BOM data recently, via the WillyWeather API. Also included in the update is even more customisation options for Apple Watch complications, making it even better than before, and probably the option I’d recommend when PocketWeather stops working sometime later this year.
Apple’s latest ads feature artists memojis. The memoji-likenesses of Ariana Grande, Khalid, and Florida Georgia Line all promote Apple Music, although I’m a little freaked out by the whole floating-heads thing.