×
Apple

Jon Stewart Claims Apple Wouldn't Let Him Interview FTC Chair On His Podcast (axios.com) 85

Sara Fischer reports via Axios: Jon Stewart on Monday told Federal Trade Commission (FTC) Chair Lina Khan that Apple wouldn't let him interview her for a podcast. "I wanted to have you on a podcast and Apple asked us not to do it," "The Daily Show" host said to Khan, in reference to his former podcast that was an extension of his Apple TV+ comedy show "The Problem With Jon Stewart." "They literally said 'please don't talk to her,' having nothing to do with what you do for a living. I think they just... I didn't think they cared for you is what happened," he added during his conversation with Khan. "They wouldn't let us do even that dumb thing we just did in the first act on AI. Like, what is that sensitivity? Why are they so afraid to even have these conversations out in the public sphere?"

Stewart returned to "The Daily Show" in February after leaving in 2015 as its executive producer and host on Monday evenings through the 2024 election cycle. Stewart's Apple TV+ show ended late last year after Stewart and Apple executives parted ways over creative differences, including the comedian's desire to cover topics such as China and AI, the New York Times reported.

AI

Apple AI Researchers Boast Useful On-Device Model That 'Substantially Outperforms' GPT-4 (9to5mac.com) 40

Zac Hall reports via 9to5Mac: In a newly published research paper (PDF), Apple's AI gurus describe a system in which Siri can do much more than try to recognize what's in an image. The best part? It thinks one of its models for doing this benchmarks better than ChatGPT 4.0. In the paper (ReALM: Reference Resolution As Language Modeling), Apple describes something that could give a large language model-enhanced voice assistant a usefulness boost. ReALM takes into account both what's on your screen and what tasks are active. [...] If it works well, that sounds like a recipe for a smarter and more useful Siri.

Apple also sounds confident in its ability to complete such a task with impressive speed. Benchmarking is compared against OpenAI's ChatGPT 3.5 and ChatGPT 4.0: "As another baseline, we run the GPT-3.5 (Brown et al., 2020; Ouyang et al., 2022) and GPT-4 (Achiam et al., 2023) variants of ChatGPT, as available on January 24, 2024, with in-context learning. As in our setup, we aim to get both variants to predict a list of entities from a set that is available. In the case of GPT-3.5, which only accepts text, our input consists of the prompt alone; however, in the case of GPT-4, which also has the ability to contextualize on images, we provide the system with a screenshot for the task of on-screen reference resolution, which we find helps substantially improve performance."

So how does Apple's model do? "We demonstrate large improvements over an existing system with similar functionality across different types of references, with our smallest model obtaining absolute gains of over 5% for on-screen references. We also benchmark against GPT-3.5 and GPT-4, with our smallest model achieving performance comparable to that of GPT-4, and our larger models substantially outperforming it." Substantially outperforming it, you say? The paper concludes in part as follows: "We show that ReaLM outperforms previous ap- proaches, and performs roughly as well as the state- of-the-art LLM today, GPT-4, despite consisting of far fewer parameters, even for onscreen references despite being purely in the textual domain. It also outperforms GPT-4 for domain-specific user utterances, thus making ReaLM an ideal choice for a practical reference resolution system that can exist on-device without compromising on performance."

The Courts

Apple Sues Former Employee For Leaking Journal App, Vision Pro Details (macrumors.com) 47

Apple has sued its former employee Andrew Aude for leaking information about more than a half-dozen Apple products and policies, including its then-unannounced Journal app and Vision Pro headset, product development policies, strategies for regulatory compliance, employee headcounts, and more. MacRumors reports: Aude joined Apple as an iOS software engineer in 2016, shortly after graduating college. He worked on optimizing battery performance, making him "privy to information regarding dozens of Apple's most sensitive projects," according to the complaint. In April 2023, for example, Apple alleges that Aude leaked a list of finalized features for the iPhone's Journal app to a journalist at The Wall Street Journal on a phone call. That same month, The Wall Street Journal's Aaron Tilley published a report titled "Apple Plans iPhone Journaling App in Expansion of Health Initiatives."

Using the encrypted messaging app Signal, Aude is said to have sent "over 1,400" messages to the same journalist, who Aude referred to as "Homeboy." He is also accused of sending "over 10,000 text messages" to another journalist at the website The Information, and he allegedly traveled "across the continent" to meet with her. Other leaks relate to the Vision Pro and other hardware: "As another example, an October 2020 screenshot on Mr. Aude's Apple-issued work iPhone shows that he disclosed Apple's development of products within the spatial computing space to a non-Apple employee. Mr. Aude made this disclosure even though Apple's development efforts were confidential and not known to the public. Over the following months, Mr. Aude disclosed additional Apple confidential information -- including information concerning unannounced products, and hardware information."

Apple believes that Aude's actions were "extensive and purposeful," with Aude allegedly admitting that he leaked information so he could "kill" products and features with which he took issue. The company alleges that his wrongful disclosures resulted in at least five news articles discussing the company's confidential and proprietary information. Apple says these public revelations impeded its ability to "surprise and delight" with its latest products. Apple said it learned of Aude's wrongful disclosures in late 2023, and the company fired him for his alleged misconduct in December of that year. [...] Apple is seeking both compensatory and punitive damages in an amount to be determined at trial, and it is also seeking other legal remedies.
The full complaint can be read here (PDF).
IT

How Apple Plans To Update New iPhones Without Opening Them (arstechnica.com) 97

An anonymous reader writes: What if you could update the device while it's still in the box? That's the latest plan cooked up by Apple, which is close to rolling out a system that will let Apple Stores wirelessly update new iPhones while they're still in their boxes. The new system is called "Presto." French site iGeneration has the first picture of what this setup looks like. It starts with a clearly Apple-designed silver rack that holds iPhones and has a few lights on the front. The site (through translation) calls the device a "toaster," and yes, it looks like a toaster oven or food heating rack.

Bloomberg's Mark Gurman has been writing about whispers of this project for months, saying in one article that the device can "wirelessly turn on the iPhone, update its software and then power it back down -- all without the phone's packaging ever being opened." In another article, he wrote that the device uses "MagSafe and other wireless technologies." The iGeneration report also mentions that the device uses NFC, and there are "templates" that help with positioning the various-sized iPhone boxes so the NFC and wireless charging will work. With that wireless charging, downloading, and installing, all while being isolated in a cardboard box, Apple's "toaster" probably gets pretty hot.

IOS

Recent 'MFA Bombing' Attacks Targeting Apple Users (krebsonsecurity.com) 15

An anonymous reader quotes a report from KrebsOnSecurity: Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. [...]

What sanely designed authentication system would send dozens of requests for a password change in the span of a few moments, when the first requests haven't even been acted on by the user? Could this be the result of a bug in Apple's systems? Kishan Bagaria is a hobbyist security researcher and engineer who founded the website texts.com (now owned by Automattic), and he's convinced Apple has a problem on its end. In August 2019, Bagaria reported to Apple a bug that allowed an exploit he dubbed "AirDoS" because it could be used to let an attacker infinitely spam all nearby iOS devices with a system-level prompt to share a file via AirDrop -- a file-sharing capability built into Apple products.

Apple fixed that bug nearly four months later in December 2019, thanking Bagaria in the associated security bulletin. Bagaria said Apple's fix was to add stricter rate limiting on AirDrop requests, and he suspects that someone has figured out a way to bypass Apple's rate limit on how many of these password reset requests can be sent in a given timeframe. "I think this could be a legit Apple rate limit bug that should be reported," Bagaria said.

Software

Apple Announces WWDC 2024 Event For June 10 (macrumors.com) 24

Apple today announced that its 35th annual Worldwide Developers Conference (WWDC) is set to take place June 10 through 14, 2024. It'll be an online event open to all developers at no cost. MacRumors reports: Apple will hold a WWDC 2024 keynote event on Monday, June 10 to show off iOS 18, iPadOS 18, tvOS 18, macOS 15, watchOS 11, and visionOS 2. The keynote event will be available on the Apple Developer app, the Apple website, and YouTube, with Apple also planning to share videos and information all week long.

Though WWDC 2024 is an online event, Apple is once again planning a special event for select developers and students, which is set to take place on June 10 at the Apple Park campus in Cupertino, California. Attendees will be able to watch the keynote and State of the Union presentations at Apple Park, as well as meet Apple employees and attend the Apple Design Awards. Apple will provide developers with additional information about WWDC 2024 through email, the Apple Developer app, and the Apple Developer website.

The Courts

Consumers Sue Apple, Taking Page From Justice Department Lawsuit (reuters.com) 116

Apple has been hit with a flurry of new consumer lawsuits accusing the iPhone maker of monopolizing the smartphone market, piggybacking on a sweeping antitrust case lodged by the U.S. Justice Department and 15 states last week. From a report: At least three proposed class actions have been filed since Friday in California and New Jersey federal courts by iPhone owners who claim Apple inflated the cost of its products through anticompetitive conduct. The lawsuits, seeking to represent millions of consumers, mirror the Justice Department's claims that Apple violated U.S. antitrust law by suppressing technology for messaging apps, digital wallets and other items that would have increased competition in the market for smartphones.
Android

DOJ Antitrust Lawsuit Says Apple Is Causing Android Users 'Social Stigma' (404media.co) 237

FrankOVD shares a report: Here's a paragraph from the DOJ's antitrust lawsuit against Apple in full: "In addition to degrading the quality of third-party messaging apps, Apple affirmatively undermines the quality of rival smartphones. For example, if an iPhone user messages a non-iPhone user in Apple Messages -- the default messaging app on an iPhone -- then the text appears to the iPhone user as a green bubble and incorporates limited functionality: the conversation is not encrypted, videos are pixelated and grainy, and users cannot edit messages or see typing indicators.

"This signals to users that rival smartphones are lower quality because the experience of messaging friends and family who do not own iPhones is worse -- even though Apple, not the rival smartphone, is the cause of that degraded user experience. Many non-iPhone users also experience social stigma, exclusion, and blame for 'breaking' chats where other participants own iPhones. This effect is particularly powerful for certain demographics, like teenagers -- where the iPhone's share is 85 percent, according to one survey. This social pressure reinforces switching costs and drives users to continue buying iPhones -- solidifying Apple's smartphone dominance not because Apple has made its smartphone better, but because it has made communicating with other smartphones worse."

EU

EU Launches Probes Into Apple, Meta, Google Under New Digital Competition Law (europa.eu) 20

The European Union has launched investigations into Apple, Meta and Google under its sweeping new digital-competition law, adding to the regulatory scrutiny large U.S. tech companies are facing worldwide. From a report: The suite of probes [Editor's note: the link may be paywalled; official press release here] announced Monday are the first under the EU's Digital Markets Act law, which took effect earlier this month. They come less than a week after the Justice Department sued Apple over allegations it makes it difficult for competitors to integrate with the iPhone, ultimately raising prices for customers. Apple and Google will now face EU scrutiny of how they are complying with rules that say they must allow app developers to inform customers about alternative offers outside those companies' main app stores. The European Commission, the EU's executive arm, said it is concerned about constraints the tech companies place on developers' ability to freely communicate with users and promote their offers.

The bloc will also examine changes that Google made to how its search results appear in Europe. The new digital competition law says companies cannot give their own services preference over similar services that are offered by rivals. Another probe will look at how Apple complies with rules that say users should be able to easily remove software applications and change default settings on their iPhones, as well as how the company shows choice screens that offer alternative search engine and browser options.

Desktops (Apple)

Apple Criticized For Changing the macOS version of cURL (daniel.haxx.se) 75

"On December 28 2023, bugreport 12604 was filed in the curl issue tracker," writes cURL lead developer Daniel Stenberg: The title stated of the problem in this case was quite clear: flag -cacert behavior isn't consistent between macOS and Linux , and it was filed by Yuedong Wu.

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error. This particular behavior and functionality in curl has been established since many years (this option was added to curl in December 2000) and of course is provided to allow users to know that it communicates with a known and trusted server. A pretty fundamental part of what TLS does really.

When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.

"We don't consider this something that needs to be addressed in our platforms," Apple Product Security responded. Stenberg's blog post responds, "I disagree."

Long-time Slashdot reader lee1 shares their reaction: I started to sour on MacOS about 20 years ago when I discovered that they had, without notice, substituted their own, nonstandard version of the Readline library for the one that the rest of the Unix-like world was using. This broke gnuplot and a lot of other free software...

Apple is still breaking things, this time with serious security and privacy implications.

Security

New 'GoFetch' Apple CPU Attack Exposes Crypto Keys (securityweek.com) 40

"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers.
The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.
Apple

DOJ Blames Apple For Failure of Amazon Fire Phone, Windows Phone and HTC 247

DOJ, in the court filing (PDF): Many prominent, well-financed companies have tried and failed to successfully enter the relevant markets because of these entry barriers. Past failures include Amazon (which released its Fire mobile phone in 2014 but could not profitably sustain its business and exited the following year); Microsoft (which discontinued its mobile business in 2017); HTC (which exited the market by selling its smartphone business to Google in September 2017); and LG (which exited the smartphone market in 2021). Today, only Samsung and Google remain as meaningful competitors in the U.S. performance smartphone market. Barriers are so high that Google is a distant third to Apple and Samsung despite the fact that Google controls development of the Android operating system.
Apple

DOJ Lawsuit Against Apple is Headline Grabber But Poses Limited Near-Term Impact (techcrunch.com) 60

An anonymous reader shares a report: The U.S. Department of Justice filed a lawsuit against Apple Thursday, accusing the company led by CEO Tim Cook of engaging in anti-competitive business practices. The allegations include claims that Apple prevents competitors from accessing certain iPhone features and that the company's actions impact the "flow of speech" through its streaming service, Apple TV+.

However, even if the DOJ proves any of the allegations, it is highly unlikely that Apple will face material changes for years, as history shows that such lawsuits often take a significant amount of time to reach the trial, let alone a resolution. The DOJ's ongoing case against Google, filed in 2020, only went to trial in 2023, with no remedies or financial implications expected for up to two more years.

This is not the first time Apple has faced legal action from the DOJ. In 2012, the agency sued Apple for conspiring with publishers to increase ebook prices, a lawsuit that was not settled until 2016. "Precedents suggest that resolution of the complaint will take three to five years, including appeals," Bernstein analysts wrote in a note.

China

Apple Held Talks With China's Baidu Over AI for Its Devices (wsj.com) 5

Apple has held preliminary talks with Baidu about using the Chinese company's generative AI technology in its devices in China, the latest example of the iPhone maker's efforts to widen its AI capabilities. From a report: The U.S. tech giant has been exploring using external partners to help accelerate its AI ambitions. It has held discussions with companies including Google and OpenAI about using their technology to power its mobile features. In China, Apple has been looking for a local generative AI model provider, mainly because China requires such models to be vetted by its cyberspace regulator before being launched to the public, people familiar with the matter said.
Apple

Apple Launches All-In-One 'Manuals, Specs, and Downloads' Website (macrumors.com) 13

Apple has launched a new "Documentation" page to its website that provides links to user guides, repair manuals, tech specs, software downloads, and more for a variety of its products. MacRumors reports: Some of this information was previously found across separate pages on Apple's website, and it has now been combined in one place for convenient access. The page includes categories for the Mac, iPhone, iPad, iPod, Vision Pro, Apple Watch, Apple TV, AirPods, HomePod, displays like the Studio Display and Pro Display XDR, accessories like the Apple Pencil and Magic Keyboard, and software. There is also a search tool on the page that provides links to support documents and other relevant information based on the keywords entered.
The Courts

Epic, Spotify, Others Back DOJ Lawsuit Against Apple (appfairness.org) 68

The Coalition for App Fairness, an industry body that represents Epic, Spotify, Match Group and Proton among others, issued the following statement following the U.S. announcing it had sued Apple: "With today's announcement, the Department of Justice is taking a strong stand against Apple's stranglehold over the mobile app ecosystem, which stifles competition and hurts American consumers and developers alike. The DOJ complaint details Apple's long history of illegal conduct -- abusing their App Store guidelines and developer agreements to increase prices, extract exorbitant fees, degrade user experiences, and choke off competition. The DOJ joins regulators around the world, who have recognized the many harms of Apple's abusive behavior and are working to address it. As this case unfolds in the coming years more must be done now to end the anticompetitive practices of all mobile app gatekeepers. It remains imperative that Congress pass bipartisan legislation, like the Open App Markets Act, to create a free and open mobile app marketplace." Further reading: Apple Loses $115 Billion in Market Value as Regulators Close In.
Desktops (Apple)

Unpatchable Vulnerability in Apple Chip Leaks Secret Encryption Keys (arstechnica.com) 85

A newly discovered vulnerability baked into Apple's M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. From a report: The flaw -- a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols -- can't be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

The threat resides in the chips' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it's actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel's 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years. Security experts have long known that classical prefetchers open a side channel that malicious processes can probe to obtain secret key material from cryptographic operations. This vulnerability is the result of the prefetchers making predictions based on previous access patterns, which can create changes in state that attackers can exploit to leak information. In response, cryptographic engineers have devised constant-time programming, an approach that ensures that all operations take the same amount of time to complete, regardless of their operands. It does this by keeping code free of secret-dependent memory accesses or structures.

United States

US Sues Apple, Alleges Tech Giant Exploits Illegal Monopoly (wsj.com) 125

The Justice Department sued Apple on Thursday, alleging the tech giant blocked software developers and mobile gaming companies from offering better options on the iPhone, resulting in higher prices for consumers. WSJ: The government's antitrust complaint, filed in a New Jersey federal court, alleges Apple used its control of the iPhone to prevent competitors from offering innovative services such as digital wallets and limited the functionality of hardware products that compete with Apple's own devices. The suit also claims that Apple makes it difficult for users to switch to devices that don't use Apple's operating system, such as Android smartphones.

"Consumers should not have to pay higher prices because companies violate the antitrust laws," Attorney General Merrick Garland said in a statement. Apple said it plans to vigorously defend against the lawsuit. "This lawsuit threatens who we are and the principles that set Apple products apart in fiercely competitive markets," an Apple spokesman said in a statement. "If successful, it would hinder our ability to create the kind of technology people expect from Apple -- where hardware, software, and services intersect." The case against Apple is the last shoe to drop on the big four tech giants by U.S. antitrust officials.

Bug

macOS Sonoma 14.4 Bug 'Destroys Saved Versions In iCloud Drive' (macrumors.com) 32

The macOS Sonoma 14.4 update introduces a bug affecting iCloud Drive's versioning system, where users with "Optimize Mac Storage" enabled can lose all previous versions of a file removed from local storage. MacRumors reports: Versions are normally created automatically when users save files using apps that work with the version system in macOS. According to The Eclectic Light Company's Howard Oakley, users running macOS 14.4 that have "Optimize Mac Storage" enabled should be aware that they are at risk of losing all previously saved versions of a file if they opt to remove it from iCloud Drive local storage: "In previous versions of macOS, when a file is evicted from local storage in iCloud Drive [using the Remove Download option in the right-click contextual menu], all its saved versions have been preserved. Download that file again from iCloud Drive, and versions saved on that Mac (but not other Macs or devices) have remained fully accessible. Do that in 14.4, and all previous versions are now removed, and lost forever."

Oakley said his own tests confirmed that this behavior does not happen in macOS Sonoma 14.3 or macOS Ventura, so it is exclusive to macOS 14.4. For users who have already updated, he suggests either not saving files to iCloud Drive at all, or turning off Optimize Mac Storage. To perform the latter in System Settings, click your Apple ID, select iCloud, and then toggle off the switch next to "Optimize Mac Storage." You may need to perform this action twice -- reports suggest it can turn back on by itself. For a more exhaustive account of the problem, see Oakley's subsequent post.

EU

EU's Vestager Warns About Apple, Meta Fees, Disparaging Rival Products (reuters.com) 28

EU antitrust chief Margrethe Vestager on Tuesday warned Apple and Meta on their new fees for their services, saying that this may hinder users from enjoying the benefits of the Digital Markets Act which aims to give them more choices. From a report: Apple announced a slew of changes in January in a bid to comply with the landmark EU tech legislation which requires it to open up its closed eco-system to rivals.

A new fee structure includes a core technology fee of 50 euro cents per user account per year that major app developers will have to pay even if they do not use any of Apple's payment services, which has triggered criticism from rivals such as Fortnite creator Epic Games. Vestager said the new fees have attracted her attention. "There are things that we take a keen interest in, for instance, if the new Apple fee structure will de facto not make it in any way attractive to use the benefits of the DMA. That kind of thing is what we will be investigating," she told Reuters in an interview.
Further reading: Apple Working on Solution for App Store Fee That Could Bankrupt Viral Apps.

Slashdot Top Deals