Apple Security Updates Fixed iMessage Flaw Used by Pegasus Spyware

The security updates that Apple released today have fixed the zero-click iMessage exploit that NSO Group used for its Pegasus spyware.

What this really highlights is that popular chat programs like iMessage are currently the royal road for nation state groups, and mercenary hackers to target phones. Ubiquitous chat and messaging apps are a serious attack surface. And it’s time for them to get a lot more secure.

Here are Steps to Take to Protect Your Privacy on Apple Devices

Macinstruct published a brief guide on protecting your privacy on Apple devices as a response to Apple’s CSAM detection plans.

We’re now encouraging readers to protect their privacy by disabling certain Apple features. In situations where privacy is a hard requirement, it may be necessary to consider using non-Apple hardware and software. This article provides an overview of our recommendations and your options.

It’s a decent guide except for the recommendation to disable iMessage in favor of SMS. iMessage is end-to-end encrypted, SMS is not. My advice for iMessage privacy is to prevent Messages from storing content in iCloud. When that happens, Apple has the capability to decrypt texts. On an iPhone or iPad, go to Settings > Profile Name > iCloud, and turn off the toggle for Messages. Then go to Settings > Messages > Keep Messages. Change it to auto-delete old messages after 30 days. Or, use a private messenger such as Signal.

How Apple Improved iMessage Security in iOS 14

Project Zero, Google’s security team, reverse-engineered iMessage to see how Apple improved it in its latest OS 14 releases. Specially, how it has gained new protections against zero-day attacks using BlastDoor, resliding of the shared cache, and exponential throttling.

One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.

Mark Zuckerberg says Apple is Anti-Competitive in Facebook Earnings Call

Mark Zuckerberg has once again criticized Apple for its privacy, saying that the company is anti-competitive because of iMessage (among other things).

We increasingly see Apple as one of our biggest competitors,” Zuckerberg said, noting that Apple’s iMessage software is preinstalled on iPhones — enabling it to become the most widely used messaging service in the United States, as opposed to Facebook’s WhatsApp — and that Apple’s growing investment in services also enables it to compete with Facebook and other apps that use its iOS software platform.

This New App Brings iMessage to Android and Windows

Beeper is a new chat app that combines 15 different messaging platforms into one interface. One of those messaging apps includes iMessage and there’s “some trickery” involved, as Eric Migicovsky says. You can install the Beeper Mac app to act as a bridge for iMessage. If you don’t have a Mac, Beeper will send you a jailbroken iPhone with the Beeper app installed to act as a bridge. “Just in case you thought Beeper was joking, in a followup tweet, Migicovsky said that he currently has 50 old iPhone 4S’s at his desk, ready to be upcycled for use with Beeper.”

Apple Could Let You Edit iMessages in the Future

A patent filed in December reveals a method to let Apple customers edit iMessages as a method of correction. The edit history would also be available so everyone can see what the sender originally wrote.

The patent filing has an example to demonstrate Apple’s system for editing previously-sent texts. Two people are discussing a trip, and one of them accidentally writes and sends “Can I get a ridiculous up with you?”

They then press and hold on that text to bring up a windows with “Edit” as an option. They make the change so the text reads “Can I get a ride up with you?”

This is a great feature and I hope Apple adds it to iOS. Memojis and Animojis are fun, but Messages needs features like this that are actually useful to people.

iMessage and Safari Make iPhones Less Secure

Andy Greenberg writes about security problems in iMessage and Safari, saying that these products make iPhone less secure.

“If you want to compromise an iPhone, these are the best ways to do it,” says independent security researcher Linus Henze of the two apps…He and other iOS researchers argue that when it comes to the security of both iMessage and WebKit—the browser engine that serves as the foundation not just of Safari but all iOS browsers—iOS suffers from Apple’s preference for its own code above that of other companies.

Apple is in a tough position. If a company isn’t great at security, they could get a third-party to audit its software. But that would create a huge target.

Gen Z: "If you don't have an iPhone it's kind of frowned upon."

The iPhone is the most popular device with Gen Z, the generation coming after millennials. Specifically, teens these days use iPhones so that no one is left out of iMessage group chats. Business Insider also found that iPhone ownership has created a “culture of multitasking” which I agree with, but I don’t think it’s limited to iPhones.

Some experts blame the rise of smartphones — and especially the iPhone — for fueling a pervasive culture of multitasking. Teens who spoke with Business Insider said they recognized that multitasking was not efficient. “It doesn’t really work out that well,” Jimenez said, acknowledging that she does it anyway. Experts say that trying to process two or more things at once may not even really be possible.

Backup Your Syncs – Mac Geek Gab Podcast 763

Ever get a beachball in Messages on your Mac? Want to re-arrange your CarPlay icons? Need an easy way to find files on your Mac, but the Finder’s not cutting it? These are just a few of the ways John and Dave start Mac Geek Gab this week, and then it’s time to dive into the harder questions! Press play and enjoy learning at least five new things!

Apple Support 3.1 Adds iMessage Integration

Apple Support version 3.1, updated today, adds iMessage integration into the app for customers in the United States.

Apple says that this feature is limited to the United States and is available for select topics only. Today’s update also introduces an improved experience for scheduling reservations at the Genius Bar and Authorized Service Providers, and it includes other unspecified bug fixes and performance improvements.