Archive for Apple

A Nasty Bug Is Discovered In macOS High Sierra Related To APFS Disk Images

Posted in Commentary with tags on February 16, 2018 by itnerd

The quality issues with Apple software keep popping up. Last night I became aware of a new one that while it would be a bit of an edge case, is still pretty serious. Mike Bombich of Bombich Software who make the popular Carbon Copy Cloner backup software discovered a pretty bad bug when it comes to disk images formatted for Apple’s shiny new APFS file system. Before I get to the bug, let me explain what disk images are.

In short, disk images are basically files that behave like hard disks. You can store thousands of files in them and mount and unmount them like hard disks. In other words, it’s a pretty cool way to back up stuff as it’s a pretty easy concept to understand for most users. Disk images on the Mac platform have been around forever and even Apple uses them with its Time Machine backup application. Thus, you might have used a disk image and not even been aware of it.

Now here’s the bug as described by Bombich:

Earlier this week I noticed that an APFS-formatted sparsebundle disk image volume showed ample free space, despite that the underlying disk was completely full. Curious, I copied a video file to the disk image volume to see what would happen. The whole file copied without error! I opened the file, verified that the video played back start to finish, checksummed the file – as far as I could tell, the file was intact and whole on the disk image. When I unmounted and remounted the disk image, however, the video was corrupted. If you’ve ever lost data, you know the kick-in-the-gut feeling that would have ensued. Thankfully, I was just running some tests and the file that disappeared was just test data. Taking a closer look, I discovered two bugs in macOS’s “diskimages-helper” service that lead to this result.

Well, that’s a #fail and a pretty bad one. He then tested on disk images formatted for HFS+ which is Apple’s previous file system and didn’t get this result. Thus he believes that this was an oversight rather than a regression (a regression is something that started out working fine and then broke at some point). More on that in a moment. But because this was a serious enough bug, he took the step of putting out an update to Carbon Copy Cloner that stops users from using APFS formatted disk images as well as filing a bug report with Apple. He also recommends that nobody on planet Earth use APFS formatted disk images until this issue is addressed.

This is clearly a QA fail as I would expect that a test case would have been built around testing an APFS formatted disk image to see if it had the same functionality of an HFS+ disk image. Clearly that didn’t happen here and it underlines the issues that Apple clearly has with the quality of their software. Now earlier this week I tweeted out a story from Bloomberg about a how Apple will address these systemic issues:

Hopefully that yields results as the current state of affairs is not that good.

Advertisements

New Bug Affecting iOS, macOS, & watchOS Crashes iPhones With A Single Character

Posted in Commentary with tags on February 16, 2018 by itnerd

Apple’s software quality continues to be a bit of a gong show. Case in point is a new bug affecting the currently available versions of watchOS, tvOS, iOS and macOS has been discovered that will crash your iPhone and not allow you to access a range of messaging and e-mail apps, including Apple’s Messages, WhatsApp, and Gmail, among others. According to a report from The Verge the bug happens when a particular Indian language (Telugu) character is received, or even just pasted into a text area.

Here’s the bug in action:

The good news is that according to The Verge a fix is coming to address the bug in the form of some sort of minor update. That implies that it could be pushed out at any time. The other option is for Apple to push out the versions of those operating systems that are currently under beta. I say that because all existing beta versions of iOS, macOS, tvOS and watchOS are unaffected by this bug. But based on what I am reading, it is likely that Apple will push out a quick fix.

Regardless of what Apple does to fix this, the fact that this bug even exists underscores the issues that Apple has with its software quality, and that fixing that problem is clearly a huge challenge for them.

Apple Boot Code Leaked By “Low Level” Employee

Posted in Commentary with tags on February 11, 2018 by itnerd

You might recall that part of the boot code for iOS was leaked recently on GitHub. Well, according to a new report from Motherboard, the person was encouraged to use their inside access to help friends out. In addition to the iBoot source code, the employee is said to have taken additional code, which has yet to be released:

A low-level Apple employee with friends in the jailbreaking community took code from Apple while working at the company’s Cupertino headquarters in 2016, according to two people who originally received the code from the employee. Motherboard has corroborated these accounts with text messages and screenshots from the time of the original leak and has also spoken to a third source familiar with the story.

Motherboard has granted these sources anonymity given the likelihood of Apple going after them for obtaining and distributing proprietary, copyrighted software. The original Apple employee did not respond to our request for comment and said through his friend that he did not currently want to talk about it because he signed a non-disclosure agreement with Apple.

According to these sources, the person who stole the code didn’t have an axe to grind with Apple. Instead, while working at Apple, friends of the employee encouraged the worker to leak internal Apple code. Those friends were in the jailbreaking community and wanted the source code for their security research.

The person took the iBoot source code—and additional code that has yet to be widely leaked—and shared it with a small group of five people.

“He pulled everything, all sorts of Apple internal tools and whatnot,” a friend of the intern told me. Motherboard saw screenshots of additional source code and file names that were not included in the GitHub leak and were dated from around the time of this first leak.

According to two people who were in that original group, they hadn’t planned on the code ever leaving that circle of friends; a third friend who didn’t want the code but saw it on a friend’s computer also confirmed this account.

Eventually, however, the code was shared more widely and the original group of people lost control of its dissemination.

You can bet that if Apple hasn’t already figured out the source of the leak, they will now. And those people are in a whole world of hurt as Apple will hunt them down and make them pay.

Good luck to them.

Key iOS Source Code Leaked To GitHub

Posted in Commentary with tags on February 8, 2018 by itnerd

This could be bad if you’re an iPhone or iPad user. As per this Motherboard story, we may have the biggest leak in history:

An anonymous person posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It’s the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000.

Here’s why this is a big deal. It’s a safe bet that every hacker on planet Earth is taking the time peruse this code to find exploits that they can use today. That means that in the coming weeks and months it is entirely possible that we may see a wave of attacks on the iOS platform. Or it is entirely possible that this is much ado about nothing. Who can say for sure at this point? But the mere fact that this code is out in the wild is cause for concern. And I for one will be waiting to see how Apple responds to this as saying nothing isn’t an option that they have.

UPDATED: Apple has put out a statement that implies that there is nothing to see here. Their spin on this is that this is a non-issue because their security doesn’t rely on just the source code. I guess we’ll find out soon enough.

New Mac Malware That Mines Cryptocurrencies Appears Via MacUpdate

Posted in Commentary with tags on February 5, 2018 by itnerd

MalwareBytes has put up a blog post detailing a new piece of malware that uses your computer to mine cryptocurrencies. The kicker, it’s being distributed through MacUpdate which is a site that has been known to distribute malware before:

 The malware was spread via hack of the MacUpdate site, which was distributing maliciously-modified copies of the Firefox, OnyX, and Deeper applications. According to a statement posted in the comments for each of the affected apps on the MacUpdate website, this happened sometime on February 1.

Now I abandoned MacUpdate years ago because this sort of thing kept happening to them. But they’re still around and not everyone is in the know. Thus this continues to be an issue. MalwareBytes has recommendations on how not to get pwned:

There are multiple takeaways from this. First and foremost, never download software from any kind of “download aggregation” site (a site that acts like an unofficial Mac App Store to let you browse for software). Such sites have a long history of issues. In the case of MacUpdate, back in 2015 they were modifying other people’s software, wrapping it in their own adware-laden installer. This is no longer happening, but in 2016, MacUpdate was similarly used to distribute the OSX.Eleanor malware.

Instead, always download software directly from the developer’s site or from the Mac App Store. These are not guarantees, and can still get you infected with malware, adware, or scam software. But your odds are better. Be sure to check around to make sure the software is legitimate before downloading, but do not give full credence to ratings or reviews on third-party sites or the Mac App Store, as those can be faked.

Second, if you have downloaded a new application and it seems not to be functioning as expected—such as not opening at all when you double-click it—be suspicious. Consider scanning your computer with security software. Malwarebytes for Mac will detect this malware as OSX.CreativeUpdater.

Finally, be aware that the old adage that “Macs don’t get viruses,” which has never been true, is proven to be increasingly false. This is the third piece of Mac malware so far this year, following OSX.MaMi and OSX.CrossRAT. That doesn’t even consider the wide variety of adware and junk software out there. Do not let yourself believe that Macs don’t get infected, as that will make you more vulnerable.

This is good advice that everyone, Mac user or not, should follow.

Apple Launches Repair Program For iPhone 7’s That Suffer From “No Service” Problems

Posted in Commentary with tags on February 5, 2018 by itnerd

The hits keep coming on the quality front for Apple with the announcement from the company of a repair program for a “small percentage” of iPhone 7’s that suffer from “no service” problems. In other words, the phone is unable to receive cellular service even though there is cellular service available.

As an aside, this is the same company who said that there was a “small percentage” of iPhone 6S models that had issues with the battery, and here we are with “batterygate” in full swing. But I digress.

This repair program applies to phones made between September 2016 and February 2018 and sold in China, Hong Kong, Japan, Macao, and the U.S. This document tells you how to determine whether your phone is on the list and should be repaired. If you’re already paid for a repair, the company will reimburse you.

All of these quality issues are clearly symptomatic of a larger problem at Apple. One that I hope the company is willing to invest time and effort to remedy as it really looks bad for the folks at Apple Park at the moment.

#Fail: Some iPhone X Owners Complain That Their Super Expensive Phones Can’t Receive Calls

Posted in Commentary with tags on February 5, 2018 by itnerd

Well this is embarrassing. Reports are starting to surface on Apple’s Support Forums that some owners of the iPhone X are unable to answer phone calls because the display doesn’t wake up while the phone is ringing. That means they can’t access the ‘accept’ and ‘decline’ buttons.

#Fail

The Financial Times has confirmed these reports and after reaching out to Apple, who seem to have more bugs in their products than a low rent apartment in New York, said they’re looking into it. But this is the latest in screw ups by the company who said for years that “it just works.” Clearly that’s no longer the case.