35 Companies Including Apple Hacked in Supply Chain Attack

Security researcher Alex Birsan was able to breach over 35 companies’ internal systems, including Apple, Microsoft, PayPal, Spotify, Netflix, and others. He did this through bug bounty programs and pre-approved penetration testing arrangements (aka, he’s one of the good guys). He earned over US$100,000 in bounties.

The attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company’s internal applications.

Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Apple Apologizes For Mistakenly Removing Student’s Indigenous Language App from App Store

Student, Brendan Eshom, a member of the Gitga’at community of the Ts’msyen First Nation, launched an app that shared his community’s culture and promoted a word each day in its language – Sm’algyax. However, it was removed and the young developer tried to contact Apple to found out. He got no answers, but the company has confirmed to Global News that it was taken down in error, has been reinstated, and apologized.

He says he reached out to Apple multiple times for an explanation, but couldn’t get answers. “It was definitely more discouraging to not even hear why they took it down in the first place,” he said. Eshom contacted Consumer Matters for help. Consumer Matters contacted Apple asking why the app had been removed and why Eshom’s status on Apple had been terminated. In an email, Apple stated: “Maintaining the integrity of the App Store is a responsibility we take seriously to ensure the safety of our customers, and give every developer a platform to share their brightest ideas with the world. Unfortunately, this developer’s app, which is a great example of how technology can be used to bridge cultural understanding, was mistakenly removed from the App Store

Hackers Tried to Poison Florida Town’s Water Supply

Most security news I’ve shared involves purely digital hacking. This story from Reuters is a case of using hacking to affect the physical world, like an attempt to poison a town’s water supply.

The hackers then increased the amount of sodium hydroxide, also known as lye, being distributed into the water supply. The chemical is typically used in small amounts to control the acidity of water, but at higher levels is dangerous to consume.

Oldsmar Mayor Eric Seidel said in a press conference on Monday that the affected water treatment facility also had other controls in place that would have prevented a dangerous amount of lye from entering the water supply unnoticed.

Spotify Finally Testing Live Lyrics Feature in U.S.

Spotify is finally rolling out its Live Lyrics feature to some users in the U.S, Engadget reported. Equivalent features are widely available on rivals Apple Music and Deezer.

It’s worth noting that Spotify’s “new” approach to lyrics — which is once again powered by Musixmatch — isn’t really all that new. The company has been testing the feature in markets around the world for years, and officially launched it in 26 markets — including Brazil, Mexico, Vietnam, Hong Kong, Thailand, India and more — around the middle of 2020. More recently, live lyrics were also made available to users in South Korea when the service launched there earlier this month. At the risk of sounding a little obvious, though, not every test market ultimately gets access to the feature at wide scale. Spotify, for instance, ran a similar test in Canada before discontinuing it around June 2020; to our knowledge, the feature has never reappeared. This move puts Spotify on more even footing with competing services like Apple Music and Deezer, and should help the company from losing competitors to more feature-rich rivals.

Browser Favicons Can be Used to Track You Online

Software designer Jonas Strehle discovered that browser favicons can be used to give you a unique ID that can be used to track you across the web. It works even if you use privacy tools like a VPN, incognito browsing, deleting cookies/browser cache, and others.

To be clear, this is a proof-of-concept and not something that Strehle has found out in the wild. Strehle’s supercookie program (which uses a Cookie Monster favicon) is a proof of the concept described by the university researchers.

Developer Raises Warning About App Store Scams

Developer Kosta Eleftheriou thinks there are major scams threatening to ruin the integrity of the App Store. He told The Verge that they are spreading in part because Apple is not enforcing its own rules strictly enough.

“It’s surprising more people don’t know about this. The extent to which this has been going on and is currently going on is absolutely mind-blowing,” Eleftheriou tells The Verge of the magnitude of fraud he says is occurring daily on the App Store. “In particular now with the App Store, which is my main concern, the problem has grown to such an extent that having the rating and review system is making it worse. It gives consumers a false sense of security and a false idea that the app is great as you’re entering it through a glowing App Store page with raving reviews.” His vocal complaints, which have attracted the attention and support of countless other app developers in the iOS community, underscore the increasing tension between Apple and the software makers upon whom it depends.

How Tim Cook Transformed Apple

Almost whatever way you cut it, financially Apple has reached new heights under the leadership of Tim Cook. Bloomberg Businessweek week on how he transformed the company.

In many ways, Cook is now applying the lessons Apple learned building its China manufacturing network to other parts of the business. Its operational prowess has enabled it to churn out more product permutations and accessories. And just as Apple uses its awesome buying power to extract concessions from suppliers, it’s now using its control over an equally impressive digital supply chain, which includes the company’s own subscription services, as well as third-party apps, to generate greater revenue from customers and software developers. In an October report on the tech industry, the House antitrust subcommittee said this influence of its App Store amounted to “monopoly power” and recommended that regulators step in.

Adobe Adds Document Collaboration to Photoshop, Illustrator, Fresco

Adobe announced on Tuesday new document collaborations for Photoshop, Illustrator, and Fresco.

The Invite to Edit feature in Photoshop, Illustrator, and Fresco allows asynchronous editing on all surfaces across the desktop, iPad, and iPhone (Fresco). Now collaborators can edit a shared cloud document, one at a time. Just save your. PSD or. AI files as cloud documents and send invitations for others to edit them. You can also edit files that have been shared with you. In addition, you can access your shared cloud documents on assets.adobe.com and the Creative Cloud Desktop app.

Apple Supplier Dialog Semiconductor Taken Over by Renesas Electronics in US$6 Billion Deal

Apple supplier Dialog Semiconductor is being taken over by Japanese Firm Renesas Electronics, AppleInsider reported. The deal involving the UK chip-maker is worth US$6 billion.

This includes its business in power management, charging and power conversion, Wi-Fi, and Bluetooth LE, as well as its expertise in mixed-signal integrated circuits. It is said by the companies that Dialog’s attributes will complement and expand Renesas’ existing portfolio of products. “Dialog has a strong culture of innovation along with excellent customer relationships and serves fast growing areas including IoT, industrial, and automotive,” said Renesas president and CEO Hidetoshi Shibata in a statement. “By bringing Dialog’s talented team and expertise into Renesas, together, we will accelerate innovation for customers and create sustainable value for our shareholders.” The offer value is based on Renesas paying 67.50 euro ($81.17) per share, representing a 20.3% premium over Dialog’s closing price on February 5.

Which of the Most Popular Apps Have Native Support For Apple Silicon?

Apple silicon has been available to consumers for two months now. AppleInsider has a good rundown of the state-of-play, and how many apps have native support for the M1 chip.

So to take a snapshot of how the transition from Intel to ARM is going, AppleInsider drew up a list of 100 major Mac apps. Our list does include ones that are niche but very important in their field — such as the screenwriting app Final Draft… It also includes a range of more technical utilities, plus the kind of general purpose apps that a large number of Mac users have. For each app, we contacted developers, we checked out support groups, and we listed apps as either having native M1 support or not. When an app had native support in beta, we counted that as it at least means the support is coming. Where it was not possible to prove that there was even official beta M1 support, we took that as a no. As of February 5, 2021, the list of 100 apps showed 53 that had native M1 support to at least some degree. And therefore 47 that did not.

Android Could Mimic iOS 14 App Tracking Transparency

A report from Mark Gurman suggests that Google could add the App Tracking Transparency privacy feature to Android. But it wouldn’t be as private since Google is ultimately an advertising company.

A Google solution is likely to be less strict and won’t require a prompt to opt in to data tracking like Apple’s, the people said […] To keep advertisers happy while improving privacy, the discussions around Google’s Android solution indicate that it could be similar to its planned Chrome web browser changes.

In other words, why even bother?

Sarayu Blue Joining the Apple TV+ Show 'The Shrink Next Door' Opposite Paul Rudd

Sarayu Blue is joining the Apple TV+ show The Shrink Next Door, reported Deadline. The I Feel Bad actor will be alongside Paul Rudd in the show, which is based on the hit podcast by Wondery and Bloomberg Media.

The series hails from director Michael Showalter (The Big Sick, The Lovebirds), writer Georgia Pritchett (Succession, Veep), Civic Center Media and MRC Television. Inspired by true events, The Shrink Next Door details the bizarre relationship between psychiatrist to the stars Dr. Isaac “Ike” Herschkopf (Rudd) and his longtime patient Martin “Marty” Markowitz (Ferrell). Blue will play Miriam, a patient of Ike’s.

Apple and Facebook Are on a Collision Course

We’ve reported a lot on The Mac Observer about the growing tensions between Apple and Facebook. Bloomberg News has a good writeup of how things turned sour between the two tech giants, and why this may be just the beginning.

In March 2018, Facebook Inc. was in the midst of a scandal involving political consulting firm Cambridge Analytica and was facing serious questions about its stewardship of its users’ personal data. A commentator on MSNBC asked Apple Inc. Chief Executive Officer Tim Cook what he would do if he were in Facebook CEO Mark Zuckerberg’s shoes. “I wouldn’t be in this situation,” Cook said…. The feud has escalated rapidly over Apple’s forthcoming update to the software that powers its iPhones, which includes a requirement that developers get explicit permission to collect certain data and track users’ activity across apps and websites. Such a move could undermine the efficacy of Facebook’s targeted advertisements. In December, Facebook took out full-page ads in a trio of U.S. newspapers saying it was “standing up to Apple for small businesses everywhere” by opposing the changes, which it describes as an abuse of market power.

Affinity Apps Updated With RAW Engine, Contour Tool, More

Serif has updated its line of Affinity apps to version 1.9. on Thursday. New features include a contour tool, a RAW engine, GPU acceleration, and plenty of other goodies.

A key feature which sets Affinity Photo apart from the competition is its non-destructive workflow, and that has been taken to another level again with the ability to add liquify adjustments as live, maskable layers. On top of that there are substantial improvements to its RAW engine, new linked layer functionality, path text, as well as a whole new mode to control the stacking of astrography images for stunning results.

Additionally, all Affinity apps are currently available with 50% discount as an initiative to support the creative community during COVID-19, from affinity.serif.com.

iPhone 13 Likely to Have Upgraded Ultra Wide Camera

The verification process for Chinese supplier Sunny Optical’s iPad 5P lens has reportedly gone smoothly, significantly increasing the probability of the ‌iPhone 13‌ shipping with its 7P Wide Angle lens. This would improve the Ultra Wide camera’s low light capabilities. That’s according to the latest TFI Securities note from analyst Ming-Chi Kuo, seen by MacRumors. (The information does though conflict with a report from Barclays analysts.)

Kuo expects Sunny to begin mass shipments of its ‌iPad‌ 5P lens in the middle of the first quarter of 2021, supplying Apple with around 15% of those parts due to limited initial production capacity. It is not specified in the report which ‌iPad‌ model the 5P lens is destined for, but shipment proportion for both 5P and 7P lenses is expected to further increase to between 15-20% and 25-30% in 2022. According to Kuo, Sunny Optical’s greater competition will also put pressure on Largan, which is currently fueling a price war due to its significant technological advantages over other iPhone lens suppliers.

UVCcleans UVC Mask Box: $32.99

We have a deal on the UVCcleans, a device that uses 185nm UVC light to clean your face masks. It deactivates the DNA of bacteria, viruses, and other pathogens, destroying their ability to multiply and cause diseases. It’s $32.99 through our deal.

Canada Approves Apple Card and Apple Cash Trademarks

Canadian users may be able to user Apple Card and Apple Cash in the not too distant future. The trademarks for both have now been approved in the country, iPhone in Canada reported.

Apple applied for the trademark ‘Apple Card’ and ‘Apple Cash’ back in July 2019, and recent action history shows both were approved on January 25, 2021… Apple Inc. is listed as the applicant, with the filings completed by agent Baker & McKenzie LLP… It’s unclear if Apple will ever launch Apple Cash and Apple Card in Canada, but it’s always a positive sign to see trademarks for new features approved.

Forthcoming Apple TV+ Movie 'CODA' Wins Big at Sundance

Over the weekend, the movie CODA was purchased to stream on Apple TV+. On Tuesday night, it won the grand jury prize, the directing prize, the audience award and a special jury prize in the U.S. Dramatic Competition category at the Sundance Film Festival. Variety reported that this is the first time a movie has won all three top prizes in that category, underlining why Apple Studio was prepared to splash so much cash on it.

“I hope that this opens the door to people getting that audiences want to see these kinds of stories,” director Siân Heder said while accepting the audience award. “And I hope that this means that more stories that center deaf characters and characters with disabilities get put front and center because clearly people want to respond to that.” “CODA” already broke records at Sundance when Apple Studios picked it up for $25 million after a fierce bidding war following the film’s debut on the festival’s opening night

Porsche’s VP of Chassis Development Heading to Apple Car ‘Project Titan’

Porsche’s VP of Chassis Development, Dr. Manfred Harrer, looks to be heading to Apple in a sign of intent for the Apple Car and ‘Project Titan’. 9to5Mac picked up on the rumors, first published by Insider Deutschland.

If there was any doubt Apple fully intends to turn its Project Titan ambitions into a viable vehicle in the future, hiring a senior official responsible for car body development from a respected brand should stoke those concerns. Dr. Harrer has more than a decade of experience at Porsche, most recently adding the Cayenne series to his plate at the company, and his chassis development leadership dates back to 2016. Insider Deutschland says Porsche, Apple, and Dr. Harrer declined to comment on the report. Hyundai, on the other hand, has been making headlines over what its willing to say about Apple and the car rumors. Earlier this month, Hyundai stated on the record that it was in early discussions with Apple about producing its car. For the uninitiated, this is a solid way to guarantee that you are no longer in talks with Apple to produce its car. Nevertheless, additional reporting added that the two companies could reach a deal by March with a goal of vehicle production by 2024.

Washington State Suffers Data Breach due to Contractor ‘Accellion’

Washington’s state government reported a data breach on Monday that could affect over 1.6 million people. The breach is connected to Accellion, a contractor involved with the state auditor’s office.

During the week of January 25, 2021, Accellion confirmed that an unauthorized person gained access to SAO files by exploiting a vulnerability in Accellion’s file transfer service. Some of the SAO data files contained personal information of Washington state residents who filed unemployment insurance claims in 2020 […] may also include the personal information of other Washington residents who have not yet been identified but whose information was in state agency or local government files under review by the SAO.

Judges Used "Contradictory Reasoning" in Apple Tax Case, Says EU

The EU believes that judges used “contradictory reasoning” when granting Apple’s victory in a landmark tax case. The bloc’s determination to overturn the ruling was revealed in documents that emerged Monday, reported Bloomberg News.

The EU said that the lower court improperly conflated Apple’s lack of employees at two Irish units and the company’s level of responsibility for intellectual property on iPhone and iPad sales across Europe. Judges failed to properly weigh the EU’s analysis of the Irish branches and showed “contradictory reasoning” in a separate part of their findings. The EU court “categorically annulled the commission’s case in July and the facts have not changed since then,” Apple said in a statement. “After a thorough review of the facts and the commission’s claims,” the judges were “clear in their determination that Apple has always abided by the law in Ireland, as we do everywhere we operate.” At the heart of the legal arguments are simple questions on where value is created and where it should be taxed.

iCloud Keychain for Chrome on Windows Now Available

Apple has officially released its iCloud Keychain password feature for Google Chrome on Windows, AppleInsider reported.  The new extension means that when using the new Chrome browser users will be able to sync their passwords across devices running Apple and Windows operating systems.

“[The new] iCloud Passwords is a Chrome extension for Windows users that allows you to use the same strong Safari passwords you create on your iPhone, iPad, or Mac when visiting websites in Chrome on your Windows PC,” says Apple in the extension’s listing on the Chrome Web Store. As well as requiring the Google Chrome browser, iCloud Passwords needs iCloud 12.0 for Windows. That in turn requires Windows 10 version 18362.145 or higher, and can be downloaded from Microsoft. Once installed, iCloud Passwords will let you fill in the passwords created in Safari on Mac, iPhone, or iPad, when visiting a site in Chrome for Windows.

New Facebook Message Warns You of iOS 14 Ad Opt-In

In response to an iOS 14 feature that makes developers ask user consent to use their data, Facebook wants to remind people just how beleaguered it really is.

In the post, Facebook says that if users accept the prompts for Facebook and Instagram, the ads you see on those apps won’t change. “If you decline, you will still see ads, but they will be less relevant to you.” The tech giant notes that Apple has said that providing education about its new privacy changes is allowed.

To me, the most offensive part about this isn’t Facebook pretending to care about “businesses other than itself that rely on ads to reach products customers.” It’s how it says “This won’t give us access to new types of information.”