Search:

Link

35 Companies Including Apple Hacked in Supply Chain Attack

Andrew Orr ·

Security researcher Alex Birsan was able to breach over 35 companies’ internal systems, including Apple, Microsoft, PayPal, Spotify, Netflix, and others. He did this through bug bounty programs and pre-approved penetration testing arrangements (aka, he’s one of the good guys). He earned over US$100,000 in bounties.

The attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company’s internal applications.

Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.

Link

Apple Apologizes For Mistakenly Removing Student’s Indigenous Language App from App Store

Charlotte Henry ·

Student, Brendan Eshom, a member of the Gitga’at community of the Ts’msyen First Nation, launched an app that shared his community’s culture and promoted a word each day in its language – Sm’algyax. However, it was removed and the young developer tried to contact Apple to found out. He got no answers, but the company has confirmed to Global News that it was taken down in error, has been reinstated, and apologized.

He says he reached out to Apple multiple times for an explanation, but couldn’t get answers. “It was definitely more discouraging to not even hear why they took it down in the first place,” he said. Eshom contacted Consumer Matters for help. Consumer Matters contacted Apple asking why the app had been removed and why Eshom’s status on Apple had been terminated. In an email, Apple stated: “Maintaining the integrity of the App Store is a responsibility we take seriously to ensure the safety of our customers, and give every developer a platform to share their brightest ideas with the world. Unfortunately, this developer’s app, which is a great example of how technology can be used to bridge cultural understanding, was mistakenly removed from the App Store

Link

Hackers Tried to Poison Florida Town’s Water Supply

Andrew Orr ·

Most security news I’ve shared involves purely digital hacking. This story from Reuters is a case of using hacking to affect the physical world, like an attempt to poison a town’s water supply.

The hackers then increased the amount of sodium hydroxide, also known as lye, being distributed into the water supply. The chemical is typically used in small amounts to control the acidity of water, but at higher levels is dangerous to consume.

Oldsmar Mayor Eric Seidel said in a press conference on Monday that the affected water treatment facility also had other controls in place that would have prevented a dangerous amount of lye from entering the water supply unnoticed.

Link

Spotify Finally Testing Live Lyrics Feature in U.S.

Charlotte Henry ·

Spotify is finally rolling out its Live Lyrics feature to some users in the U.S, Engadget reported. Equivalent features are widely available on rivals Apple Music and Deezer.

It’s worth noting that Spotify’s “new” approach to lyrics — which is once again powered by Musixmatch — isn’t really all that new. The company has been testing the feature in markets around the world for years, and officially launched it in 26 markets — including Brazil, Mexico, Vietnam, Hong Kong, Thailand, India and more — around the middle of 2020. More recently, live lyrics were also made available to users in South Korea when the service launched there earlier this month. At the risk of sounding a little obvious, though, not every test market ultimately gets access to the feature at wide scale. Spotify, for instance, ran a similar test in Canada before discontinuing it around June 2020; to our knowledge, the feature has never reappeared. This move puts Spotify on more even footing with competing services like Apple Music and Deezer, and should help the company from losing competitors to more feature-rich rivals.

Link

Browser Favicons Can be Used to Track You Online

Andrew Orr ·

Software designer Jonas Strehle discovered that browser favicons can be used to give you a unique ID that can be used to track you across the web. It works even if you use privacy tools like a VPN, incognito browsing, deleting cookies/browser cache, and others.

To be clear, this is a proof-of-concept and not something that Strehle has found out in the wild. Strehle’s supercookie program (which uses a Cookie Monster favicon) is a proof of the concept described by the university researchers.

Link

Developer Raises Warning About App Store Scams

Charlotte Henry ·

Developer Kosta Eleftheriou thinks there are major scams threatening to ruin the integrity of the App Store. He told The Verge that they are spreading in part because Apple is not enforcing its own rules strictly enough.

“It’s surprising more people don’t know about this. The extent to which this has been going on and is currently going on is absolutely mind-blowing,” Eleftheriou tells The Verge of the magnitude of fraud he says is occurring daily on the App Store. “In particular now with the App Store, which is my main concern, the problem has grown to such an extent that having the rating and review system is making it worse. It gives consumers a false sense of security and a false idea that the app is great as you’re entering it through a glowing App Store page with raving reviews.” His vocal complaints, which have attracted the attention and support of countless other app developers in the iOS community, underscore the increasing tension between Apple and the software makers upon whom it depends.

Link

How Tim Cook Transformed Apple

Charlotte Henry ·

Almost whatever way you cut it, financially Apple has reached new heights under the leadership of Tim Cook. Bloomberg Businessweek week on how he transformed the company.

In many ways, Cook is now applying the lessons Apple learned building its China manufacturing network to other parts of the business. Its operational prowess has enabled it to churn out more product permutations and accessories. And just as Apple uses its awesome buying power to extract concessions from suppliers, it’s now using its control over an equally impressive digital supply chain, which includes the company’s own subscription services, as well as third-party apps, to generate greater revenue from customers and software developers. In an October report on the tech industry, the House antitrust subcommittee said this influence of its App Store amounted to “monopoly power” and recommended that regulators step in.

Link

Adobe Adds Document Collaboration to Photoshop, Illustrator, Fresco

Andrew Orr ·

Adobe announced on Tuesday new document collaborations for Photoshop, Illustrator, and Fresco.

The Invite to Edit feature in Photoshop, Illustrator, and Fresco allows asynchronous editing on all surfaces across the desktop, iPad, and iPhone (Fresco). Now collaborators can edit a shared cloud document, one at a time. Just save your. PSD or. AI files as cloud documents and send invitations for others to edit them. You can also edit files that have been shared with you. In addition, you can access your shared cloud documents on assets.adobe.com and the Creative Cloud Desktop app.

Media+

Awards Season for Apple TV+ - Media+

Charlotte Henry ·

It’s awards season and, thanks mostly to ‘Ted Lasso’, Apple TV+ is heavily involved. Host Charlotte Henry and The Mac Observer’s Editor-in-Chief Bryan Chaffin get dressed up and walk down the red carpet to take a closer look.

Link

Apple Supplier Dialog Semiconductor Taken Over by Renesas Electronics in US$6 Billion Deal

Charlotte Henry ·

Apple supplier Dialog Semiconductor is being taken over by Japanese Firm Renesas Electronics, AppleInsider reported. The deal involving the UK chip-maker is worth US$6 billion.

This includes its business in power management, charging and power conversion, Wi-Fi, and Bluetooth LE, as well as its expertise in mixed-signal integrated circuits. It is said by the companies that Dialog’s attributes will complement and expand Renesas’ existing portfolio of products. “Dialog has a strong culture of innovation along with excellent customer relationships and serves fast growing areas including IoT, industrial, and automotive,” said Renesas president and CEO Hidetoshi Shibata in a statement. “By bringing Dialog’s talented team and expertise into Renesas, together, we will accelerate innovation for customers and create sustainable value for our shareholders.” The offer value is based on Renesas paying 67.50 euro ($81.17) per share, representing a 20.3% premium over Dialog’s closing price on February 5.