Hey, remember that Apple iOS fix last month?

It looks like the Bad Guys are attacking older devices as well:

Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what the company calls "extremely sophisticated" attacks.

The latest security update, pushed on Monday, fixes an out-of-bounds write issue tracked as CVE-2025-43300 in the ImageIO framework, which Apple uses to allow applications to read and write image file formats. It's available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, and the iThings maker on August 20 patched the same CVE in its newer devices.

Well done to Apple for this.  iPhone 8 was released a long time ago, but they're still supporting it with security fixes.  Bravo. 

Tagged with my Apple Sucks tag because this time they absolutely do not. 

 

Apple facial recognition goes haywire, teen gets wrongly accused of shoplifting

Apple is being sued for $1B:

Ousmane Bah, 18, filed suit against Cook & Co this week after he was falsely identified as a shoplifter by, it is claimed, a facial recognition system Apple is apparently using in its stores. 

Bah was wrongly accused by the cops of nicking gear from Apple's posh shops across the US East Coast, even in cities he claims never to have visited, due to Apple's technology incorrectly fingering him as the culprit, we're told. 

The teen's legal complaint [PDF] states that last year the college student received a letter out of the blue summoning him to a Boston court on an allegation of theft. He was accused of stealing multiple Apple Pencils – a $99 tool used for the iPad Pro – from an Apple Store in the Massachusetts city, adding up to over $1,200 in swag. 

At the time of the alleged crime, on May 31, 2018, Bah was attending his senior prom in Manhattan, and had never even been to Boston before.

Worse, the photo included in his arrest warrant doesn't look like him.  Facial recognition has been plagued with errors, particularly with non-caucasians.  I don't know exactly why this is, but it has been a persistent complaint for several years.  Apple is said to use facial recognition in its stores to detect shoplifting.  When Bah had been (incorrectly) identified as a shoplifter in one store, the store personnel took his driver's permit and used his name and address information to update their database.  His permit did not have a photo on it, and so now someone else's picture is associated with him.

And now Bah has an arrest record and Apple is defending itself against an enormous lawsuit.  Hey, at least their software didn't kill anyone.

This is why I won't get into a self-driving car.  The code was written by snotty programmers who think they know way more than they actually do about how the world works.

Yes, fanbois - Apple is screwing you

Yes, it's true that Apple's software slows down older iPhones.  They claim that it's to protect against over-draining older batteries.  They say that this is only in the last year or two that they've done this.  It seems that this is not true:

Apple hasn't explained why it didn't disclose the practice until now, after GeekBench released charts based on its data that showed how older iPhones were not performing as quickly as they had when they launched.

And people are looking more closely, and finding that this goes back to at least the iPhone 3G:

It seems that every time Apple releases a new iPhone model, Google searches for "iPhone slow" spike.  Hmmmm.

A class-action lawsuit has just been filed on this:

The complaint recounted how the various plaintiffs, frustrated by iPhone slowdowns, bought the latest models, unaware they could have just paid Apple US$79 for a $4.45 replacement battery to resuscitate their hobbled handset.

So fanbois, you know that you're getting fleeced.

iPhone iOS 11 - how to turn WiFi and Bluetooth positively, absolutely, and most sincerely off

iPhone users, here's something that Apple is trying to slip by you in iOS 11: turning off Wifi and Bluetooth off doesn't really turn them off:

Apple in iOS 11 decided that when you tap the Wi-Fi or Bluetooth buttons in Control Center, the system now will disconnect you from any devices or networks you are currently on but no longer truly switches Wi-Fi or Bluetooth off. 

This means that even though you thought you switched them off, they remain active for things like AirDrop, AirPlay, Continuity, Hotspot, Location services and devices such as the Apple Watch and Pencil. 

An Apple tech support note says this is so you can continue to use those “important features.”

"Important".  Oooooh kaaaay.  Pay no attention to that man behind the curtain selling location-based advertising.

But fear not, there is a way to turn them most sincerely off, even though the iPhone GUI won't tell you how.  The article goes into this in detail, but it boils down to three options:

1. Ask Siri to turn Wifi off.  This one sounds creepy to me, but you know how nasty and suspicious I am about Siri and Alexa.

2. Set the phone in Airplane mode.  Of course, then it won't work as, you know, a phone.  Nice design decision for your phone, Apple.

3. Go to Settings and turn off WiFi and Bluetooth manually.  This is a real pain, especially something that is supposed to have an "insanely great" user experience.  I guess your convenience must be sacrificed to the Apple bottom line.

Phooey.

Some questions have no answer

One thing we do know is that you couldn't replace the battery, because Steve didn't want you to.

iPhone 5's fingerprint recognition hacked

Well that didn't take very long:

haos Computer Club has claimed that they have managed to break Apple’s TouchID using everyday material and method available on the web.


Explaining their method on their website, the CCC hackers have claimed that all they did was photograph a fingerprint from a glass surface, ramped up the resolution of the photographed fingerprint, inverted and printed the fingerprint using thick toner settings, smeared pink latex milk or white woodglue onto the pattern, lifted the latex sheet, moistened it a little and then placed it on the iPhone 5S’ fingerprint sensor to unlock the phone.

Apple says this won't happen, but there's a video demonstration.



The Chaos Computer Club sums the issue up:

CCC spokesperson, Frank Rieger, said “It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token.”

Word.

Bleg: iPhone mapping apps that don't suck

I almost missed my meeting this morning because the iPhone sent me to Alabama from Houston.  Can't do this anymore.

Does anyone have a recommendation for a GPS mapping app for the iPhone?  It has to do directions and ideally read them audibly so you don't have to get a ticket for texting while driving when it was actually trying to see the blue dot on the dumb screen.  Which is sending you to Chicago via Juarez.

Tagged under "Apple Sucks" because it does.

Why I like Firefox

It got pwned last week at the Pwn2Own contest, and there's already a fix out for the problem:

That was quick!

Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!

Firefox goes to version 19.0.2, fixing what Mozilla describes as a Use-after-free in HTML Editor:

→ Mac and Linux users of Firefox may be wondering where 19.0.1 went, as they won't have seen such a version. It was a Windows-only update to deal with some Windows-specific graphics card troubles. There were no security fixes in it.

Chrome also has fixes for the less serious but equally brand new issues identified last week.  Both Microsoft (Internet Explorer) and Apple (Safari) need to get the lead out.

New business opportunities for Apple?

Interesting idea about what Apple's core competence is, and what they might do next:

What’s the next act for Apple? Let me start by listing off a partial list of somewhat expensive products that are painful to use, contain at least some electronics, and that would be relatively easy to improve:

• big-screen televisions and Blu-Ray players (whenever I want to use one the device decides that it is time for it to download and upgrade its software)
• cable television (flipping up and down through a list of 1000 channels?!?! How is it that an interface developed for a TV with a rotary knob to select among 10 possible channels was ported to the 1000-channel case?)
• compact digital cameras (a million buttons and menu items, almost none of them relevant to a photographer’s objectives in making a picture)
• Windows 8
• Android tablets other than Amazon’s (I have the Google Nexus 7 and it simply cannot hold a charge so it is essentially limited to being plugged in full time; ridiculously poor power management compared to the iPad)
• automobiles (start with the fact that the speedometer is front an center rather than a moving map; why would I care about my speed if I’m in heavy traffic (which I always am, since I drive in the U.S.) and/or if I am traveling at a legal speed (which the car knows from its navigation system database))
• houses (even a toilet knows when you’re standing in front of it; how come all of the stuff in a recently built house isn’t smart enough to detect the “nobody is home” case and turn down the heat?)

Apple’s superior profitability seems to stem from the spectacular stupidity of other companies and sometimes industries.

What Apple was good at was forcing the existing channel (e.g. AT&T with the iPhone) to make the changes needed to enable their insanely great game changing technology (said tongue in cheek but only partially tongue in cheek; they really forced some changes at AT&T).  Some of the ideas here would require a similar change in the channel - i.e. cable TV delivery would have to be different or the idea above just wouldn't work.

Interesting thought, though.

Google Maps now available on iPhone

Not only will it save you from dieing in the desert, it will give you spoken turn by turn driving directions.  This brings the iPhone up to at least 2009 technology.

It's a free app available from the iStore or whatever it's called.

iPhone mapping app considered dangerous

This is not my opinion, this is the advice of the Australian Police:

Australian police have cautioned drivers not to rely on Apple's new map programme after several drivers had to be rescued from the trails of Australia's second-largest national park, which is in the state of Victoria.

They had been looking for the town of Mildura but were sent to a National Park 70km (45 miles) away.

The BBC interviewed the police spokesman and asked him if he'd seen the map.  The police spokesman laughed.  But wait, it gets better:

Just when Apple thought it couldn't get any worse for its beleaguered Maps app, which has been leading motorists deep into the desert when they try to find the town of Mildura, The Register can reveal another SNAFU that could send travellers to an even less hospitable destination.

...

But even the city's enormous size doesn't explain why iOS 6 maps places the town in the spot depicted below, which appears to be miles from anything of note. Google Maps, for what it is worth, places the nearest road to the spot Apple picks for the town as being 141 kms from downtown Mount Isa.

That's fail that is potentially deadly, at least to anyone stupid enough to trust Apple's GPS directions.  But wait, it gets better:

A man who became dissatisfied with AT&T throttling data speeds on his iPhone has won a case against the carrier in small claims court.

The Associated Press reports that iPhone owner Matt Spaccarelli, who filed a complaint against AT&T after it began slowing down his data speeds, was awarded $850 earlier today.
Spaccarelli made the claim that AT&T purposely slowed down data speeds, despite the fact that he was subscribed to an "unlimited data" plan. This slowdown came after he had used 1.5GB to 2GB of data inside of one billing cycle, he told the court.

Yeah, that one is kind of old but just goes to show what a sucking chest wound of FAIL the iPhone has become.  I'm at the point of ditching mine and going to something that as a bit less suck in it.

Tech rumble: Windows 8 vs. iOS vs. Android

This actually sums up the battle pretty well:

It's absolutely true, as my former colleague Tom Dale argues, that Apple remains weak in web services and Google continues to stumble in user experience. The problem, as he articulates, is that "Google is getting better at design faster than Apple is getting better at web services," but both are making progress. If Microsoft steps back to focus solely on Windows 8, rather than seamlessly weaving into it web services and winning hardware design, then Microsoft stands to be the jack of all trades, and master of none. That's not a winning strategy in mobile. Not yet, anyway.
Hastings continues:

The challenge for [Microsoft] is: okay, what’s the profit stream, if the marketshare is different than it has been in the past? The big profit streams are from very high-share products — Office and Windows. So to the degree that the eventual revenue is not the same split as in the past, then there’s a threat to the profit stream.

Exactly... and guess what? Microsoft's primary revenue streams absolutely will be different from those it enjoyed in the past. As I've argued recently, Microsoft's Office suite is no longer the primary means of creating valuable business data/content. That's revenue stream number one in jeopardy. It's also the case that in mobile, the big market going forward, no one buys operating systems. Apple makes it part of the iPhone/iPad experience for free, and Android, of course, is open source. That's Microsoft's second big revenue stream eviscerated.

Android has come a long way in the past 12 months.  I ditched an older Android 2.2 because it was clunky; #1 Son is in love with his Galaxy III.  Apple has fumbled very badly with their epic fail mapping app - this is one of the most valuable apps for a smart phone, and Apple's simply doesn't inspire confidence.

And I had a bit of an out of body experience in the last few days.  I was driving around with #1 Son who was playing MP3s.  Suddenly the music cut out and a voice said In one quarter mile, turn right.  Woah - directions that talk to us? 

Of course, this is ten year old technology.  You just don't get it on your iPhone.  Android FTW.

As to Microsoft, it doesn't appear that any of their corporate customers are remotely interested in Windows 8.  That's the Windows and Office profit streams that are divorced from the core technology stream.  Maybe they'll pull it off.  Maybe.

This is actually turning into a very interesting horse race.

Invasive iOS 6 ad tracking

Apple has turned on a pretty significant tracking capability in iOS 6, one that the ad industry loves and one that you might not.  Fortunately, you can turn location tracking off.

If you like the idea of getting bombarded with spam from the local hipster coffee shop as you walk by, this feature may be the cat's meow.  Me, not so much.

iOS vs. Android security comparison

I've been pretty harsh the last week or so to Apple, and so I thought I'd step back and look at the broader picture.  Which has better security, iOS or Android?  There are a few different aspects of security that I'll go through, in rough order of importance.

Security Patching

Apple is straight forward: they release a security update, and your phone or iTunes downloads it.  It's straight from the factory to you, which is the Right Way to do things.  Apple seems to release iOS security fixes every 3 months or so which is a little slow for my taste, but is probably OK for now.

Android has a much more convoluted patch release process.  Google creates the patch, but rather than sending it to you, they give it to the handset manufacturer (Samsung, HTC, Motorola, etc).  The manufacturer packages it up (maybe with some other stuff) and releases it to the carrier (AT&T, Verizon, etc).  Some day, it may even show up in your phone.  This is clearly Broken.

It's even worse, because there's a fair amount of churn in the Android device market, with vendors entering and exiting all the time.  There are quite a few "orphan" Android phones that are non-upgradeable, with exploitable security flaws.

Advantage: Apple (by a lot).

Malware

Apple uses a "Walled Garden" app distribution model, meaning that app developers have to submit their app to Apple for testing and vetting.  Apple runs code scanners on apps to try to determine if the app is dangerous or malicious, and while there's only so much that code scanners will tell you, they're making an effort.  A number of developers complain about the "fascist" model of the iTunes app store, but the result is that there's not very much iOS malware.

Android uses a very different "Open Garden" approach.  Anyone can create an app, and get it up in the Android Marketplace.  Little (or maybe no) vetting is done, and so the Android Marketplace is filled with malware apps.  While it's very hard to get reliable counts, the minimum is several thousand malware apps available for download.  Android Security ProTip: the Android "Legend of Zelda" app is malware.

Advantage: Apple (by a lot)

App Sandbox

A sandbox is a restrictive execution environment that only allows a program to take particular actions.  Both iOS and Android have roughly comparable capabilities here.  Apple's is, as you'd expect, easier to understand.  Android's is - again, as you'd expect - more granular and flexible.  I don't see very much difference.

Note that if you jailbreak your device, you blow away the sandbox entirely - everything runs as root (with elevated privilege, meaning the programs can do anything without restriction.  From a security point of view, this is very bad juju.  It applies equally to iOS and Android.

Advantage: none.  It's a tie.

I'll do some more thinking, and put up another post if there's more, but overall, Apple seems to have a pretty big advantage in security.

iOS 6 upgrade:Words to the wise

Someone who is in a position to know emails to say that there are some things about iOS 6 that aren't widely publicized, but which can bite people in the tail end.

1. Macintosh users need to upgrade to Snow Leopard (OS X 10.6.8) before they try to sync their shiny new iPhone 5 - it very well may not sync or activate.  I'm told that the Apple Store can help get you the latest version of OS X, but my experience with #1 Son's Macbook was that we had to order a CD for $20.  This seems important:

I cannot emphasize the following point strongly enough: They cannot upgrade directly to OS X 10.8 Mountain Lion from Tiger or Leopard. They will need to get the Snow Leopard cd from the Apple Online Store; they do not have to upgrade to Mountain Lion if they don't want to, but if they do they can do it from the App Store, which comes with Snow Leopard.

2. Existing iPhone users (3GS, 4, 4S) who want to upgrade to iOS 6 (a dodgy proposition, if you ask me), back up your data.  Use iTunes or iCloud, but get everything on your phone backed up.  All of it - your apps, your photos, music, contacts, everything.  This is a good idea in general, but there seem to be a number of upgrades that have bricked the phone and the only thing to do then is wipe/restore.

3. What is not widely discussed is that sometimes the phone goes into recovery mode while the upgrade is in progress.  If you see the phone display both the iTunes logo and a USB cable.  If you see that, your upgrade failed and you have to do a restore.  At this point, you'll be mad that the upgrade is a pain in the tail end and you probably have to go to the Apple Store, but you'll be happy you backed your data up.

Apple has a couple of articles about backup up your device.  Go to the Apple web site and search for HT4946 and HT1766.

As I said, this is from someone who I think is in a position to know.

How bad is the new iOS 6 mapping app?

 
Man, that's bad.  Apple mockery seems to be an emergent Internet meme.

Via #1 Son, who has a Galaxy.

How bad is the new iPhone mapping app?

Hitler can't find the ice cream store with it.



Google has gotten under Apple's skin, for them to replace a perfectly functional mapping app (one of the key uses of a smart phone for may people) with something is lousy:

Doesn't really inspire confidence, does it?  It shouldn't:

Things aren't really off to a good start for Apple's replacement to Google Maps. Apple pushed their iOS 6 update to iPhone and iPads on Sept. 19, 2012 and it came standard with a new maps app. While the entire world is buzzing about Apple's iPhone 5 release, people are also scratching their heads when it comes to Apple Maps ... These shots of the Brooklyn Bridge would make any commuter worried to drive over it! Check out more Apple Maps fails, like incorrectly labeled cities, bridges that look like they're collapsed and other major geographical falsities ...

Incorrect information reported all over the place from the mapping app?  The only thing left to wonder is whether, when you enter the search address of "1600 Amphitheatre Parkway  Mountain View, CA" the new Apple maps app displays the result "There be dragons".

Epic, brand damaging fail.

iTunes rant

I put up with no iTunes on Linux, because a lot of stuff doesn't run on Linux.  You play as an oddball, this is what you can expect.

But why in the name of all that is sacred does iTunes not sync my videos from my iPhone to my Windows box?  Plain vanilla OS, plain vanilla iTunes, plain vanilla phone.  No videos synced.

Read it and weep, fanbois

Read it and weep.

Macintosh Zombies

Unfortunately, I'm not talking about fanboys, but about a massive Mac botnet:

Two months ago, a new variant of the Flashback Trojan started exploiting a security hole in Java to silently infect Mac OS X machines. Apple has since patched Java, but this was only yesterday. As of today, more than 600,000 Macs are currently infected with the Flashback Trojan, which steals your user names and passwords to popular websites by monitoring your network traffic.

I've been saying for a long while that this sort of thing was inevitable, and have been saying that Apple is pathetic in how slowly they patch security holes in Java - Microsoft patched this weeks and weeks ago.

If you run Mac OS X, you can find details on uninfesting your machine here.  And remember that this is no longer operative: