Archive for February 8, 2019

The Reason Why You Need To Update To iOS 12.1.4 And Install The macOS Mojave Update RIGHT NOW Goes Beyond The FaceTime Bug

Posted in Commentary with tags on February 8, 2019 by itnerd

Apple yesterday released iOS 12.1.4 to fix that rather horrific FaceTime bug. I should also note that Apple also released a macOS Mojave update to do the same thing. And you should install them right now because the FaceTime bug is the least of your problems.

First of all Apple because it was caught with its pants down metaphorically speaking did a security audit to find out if there were any other issues that they should fix. After all, with the the existence of the FaceTime bug being out there, it was likely that people who look for security issues both good guys and bad guys would be looking for anything else that they could exploit. And based on the release notes of the iOS update and the macOS update, they found something. Specifically this:

Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos 

Description: The issue was addressed with improved validation on the FaceTime server. 

CVE-2019-7288: Apple

What is the issue? Who knows. A search for the CVE that is mentioned brings up nothing that says what the issue was. But it was clearly serious enough that they had to fix it and limit the ability to capture Live Photos to updated iDevices and Macs.

The other bugs are far more serious. They were brought to the Apple’s attention by  “an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero”:

  • CVE-2019-7286 affects the Foundation framework and is a memory corruption issue that could be exploited by an app to gain elevated privileges
  • CVE-2019-7287 affects the IOKit framework and is a memory corruption flaw that could be exploited by an app to execute arbitrary code with kernel privileges.

Given the fact that some big names in Google’s Threat Analysis Group and Project Zero are involved, these two security issues are serious. And that view is backed up by this tweet:

So who is Ben Hawkes and why should you care? Ben Hawkes is the team leader at Google’s Project Zero security team, He’s in a position to know how serious this is. Thus if he’s saying that exploits were already in the wild, you should take that seriously.

Thus, my advice is that you should update your iDevices and your Macs ASAP as there are clearly some serious holes that have been exploited that Apple has fixed in these updates. And while you’re at it, you should update the Shortcuts app as well as there were a couple of security issues fixed in that app as well. After all, you can’t be too secure.

Advertisements

Review: 2019 Mazda CX-5 Signature – Part 5

Posted in Products with tags on February 8, 2019 by itnerd

So I’ve come to the end of my week long review of the Mazda CX-5 Signature. The closest competitors to the CX-5 Signature are the Ford Escape Titanium and Kia Sportage SX Turbo as they are close on horsepower, but they have less torque. But I really think that there are three reasons why the CX-5 in the Signature trim level beats all of them:

  • The CX-5 has a superior interior. As in one that doesn’t exist in any mainstream competitor, as well as one that will rival competitors in the luxury space.
  • The torque of the engine is better in the CX-5 Signature than in any of those vehicles.
  • It has the best implementation of Apple CarPlay and Android Auto that I have ever seen.

My final fuel economy was 10.7 L/100KM’s which I got in a mix of city roads and highways, not to mention a lot of rush hour traffic. I am pretty sure that I could have gotten better if I wasn’t utilizing the power of this engine as the CX-5 Signature was so fun to drive. But I will take this fuel economy as that is a great for a vehicle of this size.

Now the CX-5 Signature goes for $40,950 before freight and taxes. But you can get a CX-5 for $27,650. Quite frankly, Mazda has a winner on its hands here. The CX-5 is at the top of the compact crossover space as it frankly is better than any other compact crossover out there. My advice is test drive the rest, then test drive the CX-5. I am confident that you’ll find that CX-5 is head and shoulders above the rest.

Apple Drops The Hammer On Apps That Record Your Screen Without Your Knowledge Or Consent

Posted in Commentary with tags on February 8, 2019 by itnerd

Yesterday, I told you about popular iPhone apps using an API that recorded your screen without your knowledge and your consent. At the time I said this:

But now that this is out there, you can expect a lot of people to start asking questions. And that will likely include Apple as I am going to go out on a limb and say that they’re going to look at what Glassbox does and come up with counter measures to it. 

Apple took less than 24 hours to do just that According to TechCrunch:

In an email, an Apple spokesperson said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.

And:

TechCrunch began hearing on Thursday that app developers had already been notified that their apps had fallen afoul of Apple’s rules. One app developer was told by Apple to remove code that recorded app activities, citing the company’s app store guidelines.

“Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” Apple said in the email.

Apple gave the developer less than a day to remove the code and resubmit their app or the app would be removed from the app store, the email said.

Clearly Apple is aware of whom is using this tech. Thus I am going to go out on a limb and suggest that if you check your iPhone for app updates over the next week or so, you should get a rough idea of who might have been recording your screen without your consent or knowledge. You can then make a decision as to if that app should be on your phone or not.