apple – Page 2 – Tech Today w/ Ken May

macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password

A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. From a report: MacRumors is able to reproduce the issue on macOS High Sierra version 10.13.2, the latest public release of the operating system, on an administrator-level account by following these steps: 1. Click on System Preferences. 2. Click on App Store. 3. Click on the padlock icon to lock it if necessary. 4. Click on the padlock icon again. 5. Enter your username and any password. 6. Click Unlock. As mentioned in the radar, System Preferences does not accept an incorrect password with a non-administrator account. We also weren’t able to unlock any other System Preferences menus with an incorrect password. We’re unable to reproduce the issue on the third or fourth betas of macOS High Sierra 10.13.3, suggesting Apple has fixed the security vulnerability in the upcoming release. However, the update currently remains in testing. Read more of this story at Slashdot.

More:
macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password

Waze’s crowd-sourced traffic info comes to Ford Sync 3 cars

In 2016, Ford wisely decided to offer Apple’s CarPlay and Android Auto on all its Sync 3 infotainment system-equipped 2017 vehicles, and owners are seeing more benefits from that at CES 2018. Ford announced that it now supports Waze ‘s traffic and navigation app directly from your iPhone. After you plug it into any of the vehicle’s USB ports, the app will appear on the Sync 3 touchscreen, letting you control it from there or use voice commands. Waze, owned by Google, gathers traffic information from you and shares it, telling others if there’s a traffic jam along your route, for instance. You can be even more helpful by directly relaying unknown accidents, construction and other issues. Waze’s navigation system can then help you pick the quickest route, tell you about HOV lanes, relay your arrival time to friends and family and even find the cheapest gasoline nearby. As long as you keep your Waze iOS app updated, you’ll have the latest version on a Sync 3 car, which is one of the benefits of Ford’s wide-open system. It also unveiled Alexa support at CES 2018, giving you voice-controlled music, news and 25, 000 other skills. It’s odd that the automaker didn’t mention Waze Android support, since Google owns both Android and Waze, but we’ve reached out for more info. Click here to catch up on the latest news from CES 2018.

Link:
Waze’s crowd-sourced traffic info comes to Ford Sync 3 cars

Apple updates macOS and iOS to address Spectre vulnerability

Just a few days after Apple disclosed how it would be dealing with the Meltdown bug that affects modern computers, it’s pushed out fixes for the Spectre exploit as well. iOS 11.2.2 includes “Security improvements to Safari and WebKit to mitigate the effects of Spectre, ” the company writes on its support page, while the macOS High Sierra 10.13.2 Supplemental Update does the same for your Mac laptop or desktop. Installing this update on your Mac will also update Safari to version 11.0.2. The Spectre and Meltdown CPU vulnerabilities are a wake up call for the tech industry, affecting most of the processors made over the past twenty years. While companies like Microsoft , Apple and Google have been quick to issue fixes, it will still take a while to get everyone with a personal device up to speed. Hopefully the next generation of chips that power our own devices and those we use for the cloud will find a way to bust this exploit for good. Via: Rene Ritchie Source: Apple iOS , Apple macOS

Every iPhone X Is Not Created Equal

According to a PC Magazine report that uses data from Cellular Insights, the Qualcomm-powered iPhone X has better LTE performance than the Intel-powered model. From the report: There are three iPhone X models sold globally. Using lab equipment, Cellular Insights tested two of them: the Qualcomm-powered A1865, sold by Sprint, Verizon, and U.S. Cellular and in Australia, China, and India; and the Intel-powered A1901, sold by most other global carriers including AT&T and T-Mobile. (The third model, A1902, is only sold in Japan.) Here in the U.S., we anticipate that the SIM-free model sold directly by Apple will be the A1865, as that’s the model that supports all four U.S. carriers. For this test, Cellular Insights looked at performance on LTE Band 4, which is used by every major U.S. carrier except Sprint, as well as in Canada and parts of Latin America. Cellular Insights attenuated an LTE signal from a strong -85dBm until the modems showed no performance. While both modems started out with 195Mbps of download throughput on a 20MHz carrier, the Qualcomm difference appeared quickly, as the Intel modem dropped to 169Mbps at -87dBm. The Qualcomm modem took an additional -6dBm of attenuation to get to that speed. Most consumers will feel the difference in very weak signal conditions, where every dBm of signal matters, so we zoomed in on that in the chart below. At very weak signal strength, below -120dBm, the Qualcomm modem got speeds on average 67 percent faster than the Intel modem. The Intel modem finally died at -129dBm and the Qualcomm modem died at -130dBm, so we didn’t find a lot of difference in when the modems finally gave out. Read more of this story at Slashdot.

See original article:
Every iPhone X Is Not Created Equal

The iPhone 8 goes up against a Samsung Galaxy S8 Plus

Before you start throwing down cash for new phones like a Grinch post heart-expansion, watch our video to directly compare more factors than just name brand and price on two of the most popular phones. The iPhone 8 and Galaxy S8 Plus are both less than $1000 (no thanks, iPhone X) but still expensive, beginning at $805 and $737, respectively. Either would make a great gift to yourself or someone else, but it all depends on what you’re going for. The iPhone 8 looks a little ho-hum in terms of standard old design, but acts zippier because of the new A11 bionic chip, which Apple claims makes it 25% faster. Alternatively, maybe you love Samsung or are just now open to one because of Apple’s no headphone jack policy. The S8 and S8 Plus have a slick design that our own phone reviewers absolutely love and its display (a dazzling 2220 x 1080) compared to Apple’s (a meh 1334 x 750) really put it at the top of the visual appearance heap. And then there’s the camera test. While on paper the smartphone’s cameras seem very similar, (Apple with a 7 megapixel front-facing camera, 12 megapixel back; Galaxy S8 Plus with 8 megapixel front-facing camera, 12 megapixel back), in practice, the selfies from the Galaxy S8 Plus seem far superior. After testing set-up, call quality, video downloading time, playback, visual appearance and cameras on each of the phones, we picked the Samsung Galaxy S8 Plus as the winner of this particular head-to-head challenge. Let us know in the comments what we should test next!

More:
The iPhone 8 goes up against a Samsung Galaxy S8 Plus

Apple’s High Sierra security patch affected Mac file sharing

Apple’s latest update for macOS High Sierra hasn’t gone well. As revealed earlier this week, the update included a bug that made it pretty easy for anyone to gain admin rights to your Mac — an obvious privacy concern. Apple rolled out a patch for the issue, but it seems that’s not without its problems either, as some users are now unable to authenticate or connect to file shares on their Macs. Fortunately, there’s a simple fix. As Apple Insider reports: 1. Open the Terminal app, in the Utilities folder of the Applications folder. 2. Type sudo /usr/libexec/configureLocalKDC and hit Return. 3. Enter your administrator password and press Return. 4. Quit the Terminal app. Done. The number of people affected by the new security update’s flaw is unknown. Apple jumped on the case relatively quickly when the initial problems became clear, but whether or not they’ll release yet another update for this latest issue is unknown. Source: Apple Insider

Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer

The sensitive personal information of 246, 000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. From the report: Also discovered on the server was a copy of 159, 000 case files from the inspector general’s investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. The information included names, Social Security numbers and dates of birth, the report said. The inspector general’s acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details. Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach. Read more of this story at Slashdot.

Read this article:
Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer

macOS High Sierra bug allows full admin access without a password

If you’re using Apple’s latest macOS High Sierra, you’ll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there’s a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter “root” into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff. Root access allows someone to access your machine as a “superuser” with read and write privileges to many ore system files, including those in other macOS accounts. Luckily, the fix is fairly easy. As developer Colourmeamused tweeted, you need to set a root password: Everyone with a Mac needs to set a root password NOW. As a user with admin access, type the following command from the Terminal. sudo passwd -u root Enter your password then a new password for the root user. Anyone got a better fix? @SwiftOnSecurity @rotophonic @pwnallthethings — colourmeamused (@colourmeamused_) November 28, 2017 Engadget has confirmed that this will secure your macOS High Sierra machine, and keep people from gaining root access as above. We’ve reached out to Apple and will update this post when we hear back. Via: The Register Source: Lemi Orhan Ergin (Twitter) , Colourmeamused (Twitter)

More:
macOS High Sierra bug allows full admin access without a password

iOS jailbreak repositories close as user interest wanes

A few years ago jailbreaking your iPhone was all the rage. The cat-and-mouse game of hackers versus Apple was great fun and some of the open source products available to jailbreakers – namely the Cydia alternative app store – added amazing features and customizability to the iPhone. Some devs even launched only on jailbroken phones, thumbing their noses at Apple’s walled… Read More

Follow this link:
iOS jailbreak repositories close as user interest wanes

Intel Planning To End Legacy BIOS Support By 2020, Report Says

Michael Larabel, writing for Phoronix: Intel is planning to end “legacy BIOS” support in their new platforms by 2020 in requiring UEFI Class 3 or higher. Making rounds this weekend is a slide deck from the recent UEFI Plugfest. Brian Richardson of Intel talked about the “last mile” barriers to removing legacy BIOS support from systems. By 2020, they will be supporting no less than UEFI Class 3, which means only UEFI support and no more legacy BIOS or CSM compatibility support mode. But that’s not going to force on UEFI Secure Boot unconditionally: Secure Boot enabled is considered UEFI Class 3+. Intel hasn’t removed legacy BIOS / CSM support yet due to many customers’ software packages still relying upon legacy BIOS, among other reasons. Removing the legacy BIOS support will mitigate some security risks, needs less validation by vendors, allows for supporting more modern technologies, etc. Read more of this story at Slashdot.

View the original here:
Intel Planning To End Legacy BIOS Support By 2020, Report Says