Link

'Shrootless' macOS Bug Could Bypass System Integrity Protection

Andrew Orr ·

Microsoft reported a macOS vulnerability it calls Shrootless. It could let an attacker bypass SIP and perform arbitrary operations on the device. It has been patched by Apple with the most recent Mac updates this week.

We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process. After bypassing SIP’s restrictions, the attacker could then install a malicious kernel driver (rootkit), overwrite system files, or install persistent, undetectable malware, among others.

Link

Twitter 'Super Follows' is Now Available for All iPhone Users

Andrew Orr ·

Super Follows is a new Twitter feature that lets creators make money through subscriptions. It has now rolled out to all iPhone users.

The feature launched in September after first being announced in February. Super Follows are another tool for creators to earn money through the social media platform. Eligible accounts are able to set the price for Super Follow subscriptions, with the option of charging $2.99, $4.99 or $9.99 per month. Creators can choose to mark some tweets for subscribers only while continuing to reach their unpaid follower base in regular tweets.

Link

Blockchains Aren't as Private as You Think, But They Could Be

Andrew Orr ·

Cybersecurity expert Mashael Al Sabah was recently featured on MIT’s Business Lab podcast. She talks about privacy issues with blockchain technology and how they can be fixed. You can listen to the podcast with the link below (direct link on Apple Podcasts), and.or read the podcast transcript.

A lot of people think that they are completely anonymous when they use Bitcoin, and this gives them a false sense of security. In our research, what we did is that we crawled social media, like there’s popular forum for Bitcoin users called Bitcointalk.org, and we crawled Twitter as well for Bitcoin addresses that users attributed to themselves. In some forums, people share their Bitcoin addressees along with their profile information. So, now you have the public profile information, which includes usernames, emails, age, gender, city.

Link

A Closer Look at Apple's $20 Polishing Cloth

Jeff Butts ·

The folks over at iFixIt have done their traditional teardown of the new MacBook Pro. They also took the time to tear apart the $20 polishing cloth Cupertino has begun selling. The cleaning cloth feels like the inner lining of an iPad Smart Cover, they say. That accessory features a thin layer of microfiber on the inside. Both apparently have a synthetic leather feel to them along with a bit of fuzziness

The new Apple Polishing Cloth earns a 0 out of 10 on our repairability scale, for distracting us from a very important MacBook Pro teardown and not going back together after we cut it into pieces with scissors.

Link

Native Dropbox Support For M1 Macs Doesn't Seem to be Happening

Charlotte Henry ·

[Update November 1, 2021: Dropbox CEO Drew Houston has said that his company is working on a native M1 build. It plans to release it in the first half of 2022. Original post below]

It looks likes users with M1 Macs shouldn’t expect native support from Dropbox any time soon. MacRumors reported on a long-running support thread discussing the issue of Apple Silicon.

An official Dropbox support thread, shared by Mitchell Hashimoto on Twitter, reveals a fiasco around native support for Apple silicon Macs. Dropbox is seemingly insisting that a significant number of community members will have to vote for native Apple silicon support for it to be implemented. There are also multiple repetitious requests with different phrasing, fragmenting users’ votes for support. In July, responses from Dropbox staff on the thread explained that “this idea is going to need a bit more support before we share your suggestion with our team,” and flagged Apple silicon support as in need of more votes. A month ago, Dropbox staff again replied to the thread requesting native Apple silicon support, saying that Dropbox will continue to be compatible with all devices that run supported versions of macOS using Apple’s Rosetta translation layer. Additional complaints in the thread claim that Dropbox with Rosetta hemorrhages MacBook battery life and uses a disproportionate amount of memory.

Link

Kandji Announces 'Passport' for Secure Mac Authentication

Andrew Orr ·

Kandji has announced the release of Passport, an authentication product that creates a seamless, one-password sign-in experience for users.

Kandji Passport validates the credentials a user provides during Mac login against an organization’s cloud-based identity provider (IdP), so users need to remember just one password for both their Mac computers and the organization’s single sign-on (SSO) provider. Passport provides a native Mac login experience while streamlining device configuration, management, and security tasks for IT admins.