Bypassing macOS Security With Synthetic Clicks

Security researcher Patrick Wardle found he can bypass macOS security by using synthetic clicks built with AppleScript.

Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.

Mr. Wardle refers to this as a «second stage» attack, because the hacker or malware needs access to your Mac to exploit this bug.

News+: The App Store Enables Spying, Tracking, and Analytics

In the latest issue of Fast Company magazine, Mark Wilson writes about the business of spying, advertising, and analytics that the App Store enables.

[Apple] designed a dead-simple interface that, to this day, allows users to sign away contacts, location data, and camera and microphone access with a single tap as they install an app. Apple also created efficient APIs—the software connecting its hardware to outside apps—to provide third-party developers access to sensitive user information. Meanwhile, iPhone apps are not required to encrypt their transmissions. “Apple was well known for usability before it was known for privacy,” says Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

Eye Tracking is the Holy Grail of Advertising

Avi Bar-Zeev, who works on AR/VR/MR, says that eye tracking is the holy grail of advertising (And he’s all for it). While I don’t disagree with that point, I do wonder how prevalent it will become. For example, when Face ID first came out, there was a fear that it could be exploited for eye tracking ads. But that isn’t possible because Apple locks down its technology. I expect the same for Apple Glasses.

Bundled into VR headsets or AR glasses, eye-tracking will, in the near-future, enable companies to collect your intimate and unconscious responses to real-world cues and those they design. Those insights can be used entirely for your benefit. But they will also be seen as priceless inputs for ad-driven businesses, which will learn, model, predict and manipulate your behavior far beyond anything we’ve seen to date.

iTunes May Be Retired at WWDC 2019

Could it finally be the end of the road for iTunes? That is one of the rumors circulating in the run-up to WWDC 2019. Bloomberg News reported that iTunes retirement could be announced next week.

The changes will showcase Apple’s new generation of devices and software: Apple Watches that are more independent from iPhones, iPads with software that reduces the need for a laptop, apps that run on any Apple device, and growth areas such as augmented reality and personal health-care management, according to people familiar with the plans. While the developer conference is software-focused, the company often sprinkles new hardware announcements in at the event. This year, Apple won’t show off a new Apple Watch or iPhone hardware until the fall, but has considered previewing the new Mac Pro at the conference.

To Change Facebook, Change Mark Zuckerberg

Facebook is under-fire at the moment. CEO Mark Zuckerberg was asked about his position as the shareholder meeting yesterday. At Fast Company, Mark Sullivan argues that the only way to change the company is to change the man at the top.

Natasha Lamb, the managing partner of Arjuna Capital—is one of a growing number of investors calling for serious changes at the top, either by separating the roles of board chair and chief executive (Zuck has both) or losing him as CEO completely. They’re right to do it. If you want to change Facebook, you have to change Mark Zuckerberg. The reason is simple: Zuckerberg is Facebook and Facebook is Zuckerberg. The company, in word and in action, is the product of his vision, talent, ambition, moral compass, and worldview.

David Cameron: Former UK Prime Minister Joins U.S. AI Firm

Former UK Prime Minister David Cameron has a new job. Mr. Cameron is to chair the advisory board of Afiniti, a Washington-based AI firm, the Guardian reported. He follows his former deputy into the tech sector. Sir Nick Clegg, who served as Deputy Prime Minister between 2010 and 2015, joined Facebook in October 2018.

The position represents one of Cameron’s most prominent appointments since he stood down as prime minister in 2016. He has previously taken a number of roles at not-for-profit organisations and has a memoir, For the Record, due out later this year. Cameron said he was “delighted” to take the job working on “transforming the future of customer service and interpersonal communications”. The advisory board features an array of high-profile figures including John Browne, former chief executive of BP and François Fillon, the former prime minister of France. Afiniti was set up by the US-Pakistani entrepreneur Zia Chishti and specializes in the use of AI in call centers.

AirPort Base Stations Get 7.9.1 Firmware Update

Although Apple discontinued its line of AirPort base stations (routers), it recently released a firmware update, version 7.9.1. It fixes several security issues, one of which seems especially bad.

Impact: A base station factory reset may not delete all user information

Description: The issue was addressed with improved data deletion.

CVE-2019-8575: joshua stein