Lorenzo Franceschi-Bicchierai, writing for Motherboard:
This is the first time that anyone has uncovered such an attack in the wild. Until this month, no one had seen an attempted spyware infection leveraging three unknown bugs, or zero-days, in the iPhone. The tools and technology needed for such an attack, which is essentially a remote jailbreak of the iPhone, can be worth as much as one million dollars. After the researchers alerted Apple, the company worked quickly to fix them in an update released on Thursday.
The question is, who was behind the attack and what did they use to pull it off?
It appears that the company that provided the spyware and the zero-day exploits to the hackers targeting Mansoor is a little-known Israeli surveillance vendor called NSO Group, which Lookout’s vice president of research Mike Murray labeled as “basically a cyber arms dealer.”
A great story from Motherboard that is equal parts fascinating and absolutely terrifying. The malware from NSO is able to effectively steal all the information on your phone, intercept every message and add backdoors to every method of communication on your phone. Evidence suggests that NSO has likely been able to hack iPhones since the iPhone 5.
The security researchers who first became aware of the security bugs notified Apple about 10 days ago, and Apple today released iOS 9.3.5 which fixes the bugs. Suffice to say, you should immediately install the update onto your iOS devices.
Apple today announced details for its 10th annual Apple Music Festival which will once again be held at the Roundhouse in London. Headlining the festival this year will include performances from Alicia Keys, Bastille, Britney Spears, Michael Bublé, Calvin Harris, OneRepublic, Robbie Williams, The 1975 and Elton John.
“Over the past decade, the Festival has brought the biggest and best artists from all over the world to London and into the homes of millions of music fans,” said Oliver Schusser, Apple’s vice president of International Content. “This year’s Apple Music Festival builds on that incredible legacy and we couldn’t be more excited to have another amazing lineup to celebrate our 10th birthday.”
Like last year, the Apple Music Festival will run for 10 nights from September 18 to September 30. Additionally, every performance will be made available, "live and on-demand" to Apple Music members, as well exclusive playlists, artist news, and backstage interviews throughout September.
For more details, including how UK-based fans can win tickets to attend, visit the Apple Music Festival website.
In beta for a while now, Twitter activated night mode in its official client today. From the ‘Me’ tab, tap the gear icon to ‘Turn on night mode.’ If you don’t see the night mode option, you may need to force quit Twitter first.
Turning night mode on.
Twitter has done a very nice job with night mode. The background is a dark blue-grey, icons and secondary text are a lighter, complimentary grey, links and certain other buttons are bright ‘Twitter blue,’ and plain text is white. The overall effect looks great. With so many apps I use everyday adding night modes and dark themes, an iOS system-level night mode feels like the natural next step.
Andrew Webster, writing for The Verge:
With the Go series, Square Enix Montreal has carved out its own niche, creating something unique in the game development space. Studios often fall into one of two camps: on the one side you have the massive, 1,000-person teams that create blockbuster games, and on the other there are the tiny indie studios that build creatively ambitious games with few resources. Square Enix Montreal straddles the line between those two extremes. It has the resources of a big company, but the size and some of the creative freedom of an indie. It’s a studio that can make weird new games but attach them to hugely popular franchises.
It is great to see that Square Enix Montreal has found success in its series of Go games built on the larger franchises of Hitman, Tomb Raider and now Deus Ex. The first two Go mobile games, Hitman Go and Lara Croft Go, are genuinely great and feature a lot of creativity – so it is great to see they have continued to invest in this (critically-acclaimed) series with yesterday's launch of Deus Ex Go. This is particularly the case when so many other large mobile game publishers are instead focusing on churning out what are largely uninspired free games with in-app purchases.
To that end, Webster notes in his story that Square Enix Montreal has made some indie hires that suggests it fully intends to stay the course on its current approach to mobile games:
Outside of Deus Ex Go, Square Enix Montreal isn’t saying what it’s working on right now. But the studio has made a few recent hires that hint at desire to keep the indie-like feeling it has carefully cultivated. Those pick-ups include Teddy Dief, an artist and designer best known for his work on the crowdfunded hit Hyper Light Drifter, and Renaud Bédard, the sole programmer on seminal puzzle-platformer Fez, who most recently worked at Below developer Capy Games in Toronto. Both were tempted to join by the idea of combining the creative freedom of an indie studio with the structure and resources of a big publisher.
Ivan Krstić, Apple's Head of Security Engineering and Architecture, gave a presentation at the Black Hat conference a few weeks ago, and it is now available to view in full on YouTube.
With over a billion active devices and in-depth security protections spanning every layer from silicon to software, Apple works to advance the state of the art in mobile security with every release of iOS. We will discuss three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10.
HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
It was at this presentation that Apple announced that it would launch a bug bounty program for those who discover vulnerabilities in its key products. Also discussed by Krstić during his presentation is how the Secure Enclave Processor enabled Apple to adopt a new approach to data protection, as well as a new security feature in iOS 10 that makes iOS Safari JIT "a more difficult target".
Apple made two announcements about its environmental initiatives in China today. First, it announced that Lens Technology, which produces glass for Apple, has committed to using 100% renewable energy for all of its Apple operations by the end of 2018. Lens, which is the first Apple supplier to commit to using fully-renewable energy sources, has entered into agreements with local wind energy suppliers to fulfill its commitment.
Lisa Jackson, Apple’s vice president of Environment, Policy and Social Initiatives, said:
We want to show the world that you can manufacture responsibly and we’re working alongside our suppliers to help them lower their environmental impact in China. We congratulate Lens for their bold step, and hope by sharing the lessons we’ve learned in our transition to renewable energy, our suppliers will continue to access clean power projects, moving China closer to its green manufacturing goals.
Second, Apple announced that all of its fourteen final assembly sites in China comply with UL’s Zero Waste to Landfill standard, which “certifies all of their manufacturing waste is reused, recycled, composted, or, when necessary, converted into energy.” Foxconn met the Zero Waste to Landfill standard earlier this year at two of its assembly sites. Twelve other sites were added more recently.
At Google I/O in May, two related mobile products were announced – Duo, a FaceTime-like video calling app, and Allo, an instant messaging client. Earlier today, Google began rolling out Duo worldwide to iOS and Android users. Duo is available in the US App Store now and, according to Google's blog, will appear in other countries over the next few days. I've only just begun to try Google Duo, but it seems to fulfill the promises made onstage at Google I/O, though with a few launch-day hiccups.
Duo is limited to one-to-one calling and is tied to your phone number. As a result, unlike FaceTime, you won't be able to use Duo on anything but your phone. However, because Duo is on iOS and Android, you will be able to make calls to people on both platforms.
Setting up Google Duo.
Duo is extremely easy to set up and start using - all you have to do is verify your phone number and grant the app access to your contacts and camera. The app starts with a live view from the front facing camera. There’s a button to start a call and another that shows your most recently called contact. Settings are available from the familiar three dots in the top right-hand corner of the screen. Google says that video quality will adjust automatically based on the quality of your network connection.
The most unique feature of Duo is ‘Knock Knock,’ which displays your video stream to the recipient of your call as it rings on their end. In my brief tests, Knock Knock worked as advertised, but if you don’t like it, the feature can be turned off in settings.
I have only used Duo a couple of times. It worked as advertised on strong WiFi, but my subsequent attempts to make calls have failed, probably because the rest of the world is simultaneously trying Duo too. Given Google's infrastructure, I expect connection issues should settle down over time.
Google Duo is available on the App Store as a free download.
You can watch Google’s promotional video after the break.
MacStadium is the premier Mac hosting company that provides dedicated Mac hardware and private cloud. They have thousands of Macs in multiple data centers where your hardware is secure, always available, and supported by a full team of Mac experts.
In addition to an established Atlanta location, MacStadium has recently opened data centers in Dublin, Ireland and Las Vegas, NV. You might be familiar with Mac hosting in Las Vegas thanks to Macminicolo, which has been operating in that location for over a decade. MacStadium and Macminicolo merged earlier this year, joining forces as a single Mac hosting company with excellent uptime and technical support.
MacStories has been hosted on Macminicolo's hardware for years now, and I can personally vouch for this service. It's one of the best decisions I ever made for this website.
The best part is – MacStadium continues to find ways to improve their offerings, like their recently patented Mac Pro chassis sleds. Or if you don't want to rent Mac hardware but send your own, you can do that too. There are plenty of use cases for Mac hardware as a remote server – whether it's for personal backups, automation, continuos integration, or services like Plex.
The folks at MacStadium are running a new promo you can sign up for until August 28. You can trial a Mac mini in their data center for a full month at no cost. On the signup page for rental Mac minis you just choose the location, the hardware, and signup for the trial using coupon code “SPREADTHEWORD” and you’ll be all set.
You can go check out MacStadium's latest promo here.
Our thanks to MacStadium for sponsoring MacStories this week.
Tom Warren, writing for The Verge:
Microsoft was quick to optimize its Office suite of apps for the iPad Pro and Apple's Pencil stylus, but the company held off on any inking support in Office for iPhone. Starting today, Microsoft is updating Word, Excel, and PowerPoint for iPhone to include a new drawing tab option. Just like the Windows and iPad variants, Office on iPhone will now let you use your finger to write, draw, and highlight documents.
Another great update for Word, Excel and PowerPoint on iOS.
Because space is limited on an iPhone screen, these drawing features are a little hidden. So in order to access these drawing features on the iPhone you'll need to tap the icon on the top navigational bar that looks like an A with a pencil cutting through it. That will trigger a pop-up on the bottom half of the screen. From there, on the top-left of the pop-up should be a drop-down menu, tap that and choose "Draw".