Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack
Following last week’s disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.
When downloading Xcode from the Mac App Store, or Apple’s website so long as Gatekeeper is enabled, OS X automatically checks the app’s code signature and validates it against Apple’s code. If you must obtain Xcode elsewhere, follow these steps:
To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl –assess –verbose /Applications/Xcode.appwhere /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Storeand for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Appleor
/Applications/Xcode.app: accepted
source=Apple SystemAny result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.
Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.
The new Apple TV is surprisingly easy to tear open
It’s practically a cliché to say that Apple’s products are difficult to repair yourself, but that isn’t universally true. The crew at iFixit has managed to tear down the new Apple TV before it even ships, and the biggest surprise is simply that it’s easy to pry apart. This is a very modular set-top box, and it’d be relatively trivial to replace components like the motherboard or power supply. Even the remote, despite being sealed by adhesive, isn’t that hard to dissect. iFixit’s only major gripe is that the most crucial parts are integrated on the main board, which could lead to a costly fix if you’re just trying to replace a damaged port.
That’s not the only mystery laid bare. While it isn’t a secret that the Apple TV is using an A8 chip like you find in the iPhone 6, it shares a few other parts in common with other Apple gear. The remote uses the same touchscreen controller you find in the iPhone 5c and iPad Air, and the box itself is using a memory controller that’s largely similar to what you see in the 12-inch MacBook. The upcoming Apple TV is something of a patchwork product, then, but you might not mind if it’s dramatically more powerful than its predecessor.
Source: iFixit
Office 2016 for Mac Now Available as One-Time $150 Purchase
Microsoft has announced that Office 2016 for Mac is now available for a one-time $149.99 purchase without an Office 365 subscription. Office Home & Student 2016 includes Word, Excel, PowerPoint and OneNote for home use on one Mac. Office 2016 for Mac requires Mac OS X 10.10 or later.
The standalone version of Office 2016 for Mac features offline storage and 15GB of OneDrive cloud storage, but lacks Outlook, Publisher, Access, tablet and phone support, 60 minutes of Skype calling, instant updates and technical support included with the Office 365 version.
Office Home & Business 2016 for Mac is also available for $229.99 and includes Word, Excel, PowerPoint, OneNote and Outlook on one Mac. Comparatively, subscription-based Office 365 Personal and Office 365 Home cost $69.99 per year and $99.99 per year respectively.
Office Home & Business 2016 for Windows is also now available through Office 365 for between $69.99 and $99.99 per year, or as a one-time $229.99 purchase. Office Professional 2016 for Windows is also available with Publisher and Access for $399.99. Windows 7 or later is required.
ASUS and Vivo are the fastest growing smartphone brands, says Counterpoint
2015 has already been an eventful year for the smartphone industry. Major bands, such as Samsung, HTC and Sony, have struggled to rebuild their profitability, while India has quickly become one of the most competitive markets in the world. There’s a lot to mull over, but fortunately Counterpoint Research has published its data for Q2 2015 which neatly summarised how the smartphone market is looking this year so far.
Globally, smartphone shipments shipments are up again and there has been a big growth in LTE adoption. Half of all handsets shipped this year are LTE capable, with China seeing a fourfold increase and India witnessing 12 fold growth in LTE shipments this year.
In terms of market share, Samsung remains the top player, despite a year of struggling profits. The Korean giant holds 21 percent of the global smartphone market, followed by Apple on 14 percent. Huawei has been one of the big winners in the past twelve months and company now sits comfortably in third place with 9 percent of the market. Xiaomi and ZTE make up the fourth and fifth spots with a five percent share each.
Although brands like Huawei and Xiaomi are grabbing lots of headlines for pinching market share, ASUS is actually the fastest growing smartphone brand, having seen its shipment increase by 500 percent compared with one year ago. The Zenfone 2 has been particularly popular in a number of markets. Vivo has seen similar gains, with shipments growing fourfold over last year, although neither of these companies make it into the top 5.
Regional markets look quite a bit different than the global picture, although Samsung remains the dominant brand in most of the markets. Europe and Latin America remain firmly in Samsung’s camp, while in the US, Apple is the largest manufacturer with a third of the share, followed by Samsung, LG and ZTE. Speaking of Apple, the company now apparently generates more revenue that all other smartphone manufacturers combined, as long as you exclude Samsung.
Asia remains by far the most diverse market in the world, with four major manufacturers all capturing between 10 and 15 percent of the market each. As we have seen before, growing demand in the Indian and Chinese markets is drawing in a large number of manufacturers all looking to secure themselves a share.
Compared with last year, Samsung has certainly taken a hit in a few of its previously dominant regions, which has been reflected in the company’s poor financial performance. Apple has overtaken Samsung in the US and a range of companies have managed to close the gap in Asia and also slightly in the Middle East too. However, smaller brands are having a mixed time globally. While Huawei, ASUS and Vivo are doing well, Lenovo/Motorola, LG and Sony are struggling to break out into larger market shares.
You can check out the full infographic at the source link below.
iPhone 6s Reviews: ‘Performance Beast’ with a ‘Truly Great’ Camera Gives Enough Reasons to Upgrade
With the launch of the iPhone 6s and iPhone 6s Plus just three days away on September 25, the first round of reviews for the new smartphones have begun showing up online. Most sites have been able to experience the iPhone 6s and 6s Plus for about a week, and have largely come away with positive impressions of the devices that bring in some notable improvements to the line, in spite of its “S” generation designation.
The Verge was one of the most positive on their review unit of the iPhone 6s, noting that if it’s Apple’s job to create a reason for customers to upgrade to a new iPhone each year, they’ve “done it again” with the new iPhone. Although they note the premium pricing and odd storage tiers, the site believes that 3D Touch will become as necessary as pinching and zooming, and adds to an experience that overall feels like “the best version ever of the best smartphone on the market.”
This is one of those potentially huge user behaviors — like swiping, or pinching and zooming — that seem odd or minor at first, but which Apple historically is able to make deeply important and useful. And it’s not just a software tweak. It involved serious re-engineering of the display. It’s the kind of thing that’s Apple’s specialty: the company manages to do new things better, apply them broadly, and make them seem natural, because it has control over both the software and hardware platforms on which its products rest. No other big player does.
The iPhone 6S is the best smartphone out there, period.
Mashable got its hands on an iPhone 6s Plus and noted that its specs and new 7000 series aluminum have crafted a “performance beast” of a smartphone. They also were fans of the improved 12 megapixel camera, saying the 6s Plus easily “wins the battle in full-light images” when compared to last year’s iPhone 6 Plus and the Galaxy S6 Edge+. In the end, the site noted that the biggest feature additions include 4K video and 3D Touch, and that just may not be enough of a justification for some users.
Is it a must-have upgrade? No, unless you must have gorgeous 4K video and can’t live without the innovative 3D Touch. By sheer volume, iOS 9 probably adds more feature enhancements than the iPhone 6S Plus, and you can get it for free.
This doesn’t diminish Apple’s accomplishment. Take me, for instance: Now that I’ve had a taste of 4K and Peek and Pop, I don’t know if I can go back.
TechCrunch fell in line with most other opinions as well, calling the camera “truly great” and noting the snappiness of the A9 processor in attempting to zoom in on 4K video footage or generally navigating the device. Another fan of 3D Touch, the site also noted that the comparison of the feature to right-clicking on a desktop computer is perhaps shortsighted, stating that right-clicking is for introducing more actions and complexities and 3D Touch is essentially the opposite. TechCrunch also noted the lightning-fast upgrade that Touch ID has received.
Apple says its new Touch ID sensor is twice the speed of the one in the iPhone 6/6 Plus. I’m sure someone will try to measure it, but I think this one metric is enough: the new fingerprint sensor is so fast that you can no longer tap the home button to wake your screen, because it will unlock instantly.
I pull my iPhone out of my pocket with my finger on the home button to tap it and check my notifications. That behavior is out the window now, because by the time it’s out of my pocket, it’s unlocked. It’s incredibly quick. So quick that I think some people will have issues adjusting. Eventually I had to switch to tapping the power button to wake it so I wouldn’t miss my notifications.
Soon everyone will be able to experience the iPhone 6s and iPhone 6s Plus for themselves, as we get closer and closer to the September 25 launch date. Recently, in fact, one lucky woman got her iPhone 6s order in ahead of time and began posting benchmark scores and photos of the device online. Those customers with tracking numbers already distributed for their order can also begin to see exactly which flight is carrying their brand-new iPhone thanks to FlightAware.
Other Reviews: The Verge‘s Nilay Patel, The Wall Street Journal, Pocket-lint, Bloomberg, and The Telegraph.
The $1 million iOS bug bounty is bad for security research
The public perception of the black-hat hacker is of a lone person sitting in a dark room creating malware and unleashing it on the world and reaping the profits of their exploit. The reality is a bit more complicated and far more financially lucrative. Nothing shines a light on this more than the Zerodium publicity stunt of offering $1 million for iOS 9 zero-day exploits. Founder Chaouki Bekrar has a history of selling exploits to the highest bidder instead of disclosing the issue to the maker of the compromised product. It flies in the face of responsible disclosure of exploits by security researchers and means that anyone with enough cash will have the ammunition to ruin the digital life of anyone with an iPhone.
Unlike corporate bug-bounty programs that pay researchers to share exploits found in products so that a company can squash those problems, Zerodium doesn’t want these exploits closed. At least not until it can resell the exploit for a profit. Lance Cottrell, chief scientist of security firm Ntrepid told Engadget that these exploits are “almost certainly going to be used against people’s best interests.”
That’s if the bounty is ever collected. This seems more like good PR than an actual call to arms. On the black market certain zero-days can fetch up to six figures. Throwing down a million dollars certainly caught the attention of a lot hackers and media. Adding Apple just makes it all the more enticing. “Any story that can use Apple’s brand can attract more attention,” said Cottrell.
Bekrar seems sure that the bounty will be paid. In fact, his company is offering to pay for up to three exploits. He told Engadget, “there are many experienced researchers working on iOS exploits or stockpiling iOS zero-days for various reasons, and we believe that many of these talents will be attracted by the bounty and will definitely succeed.”
Scum. RT @Zerodium: Breaking News: We offer one million US dollars ($1,000,000) for iOS9 exploits/jailbreak: https://t.co/Th5XxNbJjB
— comex (@comex) September 21, 2015
Collected or not, in the security researcher world, this type of bounty is frowned upon. “It does not promote the general security of internet or the population. It does a lot of harm,” according to Cottrell. Most researchers will notify a company and work with them or at least give them time to patch the issue before going public with their findings. Even when a vulnerability is disclosed before talking to the company, at least its out in the public. The parties involved and the public have a chance to see what’s happening and fix the situation or at least call for action.
Bekrar doesn’t see any issues with how his company deals with exploits, “if morality is giving to a multi-billion dollar company such as Apple or Google advanced security research for free or for a ridiculous bug bounty, many researchers do not agree to follow such a morality.”
Zerodium instead shares the exploit’s it purchases with its client base. While it won’t share that list or how much it charges for its wares, there’s a good possibility that some of the company’s inventory will end up in the hands of a government entity like the United States.
Andrew Crocker, EFF staff attorney told Engadget that the exploit will presumably be snatched up by a government to be used as an offensive tool. The US routinely buys and collects these vulnerabilities and deploys or discloses them as they see fit. Crocker has been working for more government transparency on how that system works. He recently acquired the the United States’ VEP (Vulnerabilities Equities Process) policy via a FOIA request. The heavily redacted document at high level describes the government handles vulnerabilities including those purchased from private companies.
Meanwhile companies like Zerodium will buy and sell exploits that can be potentially used against us. Well not all of us. When you spend over a million dollars for a backdoor into a system you’re going to be stingy with it. A wide-scale attack will make bring a lot of attention to the vulnerability and which would alert the vendor to fix the problem. Instead the customer, whether it be corporate or government will target certain individuals: criminals, heads of state, dissidents, business rivals. It’ll get the information it needs without raising too many alarms.
Like the process of finding zero-days, the way they will be used will be methodical and highly targeted. If everything goes as planned they won’t find out. No one will find out. It’ll be research conducted in a secrecy for profit that benefits only a few entities and leaves the rest of us vulnerable.
Apple did not reply to Engadget’s queries concerning this article. We will update the article when it does.
Source: Zerodium
Lucky Customer Receives Rose Gold iPhone 6s Nearly Five Days Early
A visual designer named Adrienne from San Diego, California is among the first customers to receive the brand new iPhone 6s, nearly a whole five days before the latest smartphone launches in the U.S. and eleven other countries.
Adrienne shared photos of the new iPhone 6s on her Twitter account on Monday afternoon, noting that her pre-order from AT&T arrived much earlier than expected. The all-new iPhone 6s and iPhone 6s Plus officially launch September 25.
Apple each year requests that couriers like UPS and FedEx hold new iPhone deliveries until the same day the smartphones become available in stores, but a few lucky customers often receive their devices ahead of time due to logistical error.
Adrienne also shared unconfirmed Geekbench 3 screenshots that show the iPhone 6s has a single-core score of 2292 and a multi-core score of 4293. The iPhone 6s is also benchmarked against several other iPhone and iPad models.
@CryptiXCR @stbarbeque @geekbench @Kevin_Gregory pic.twitter.com/VZNmogyRCC
— Adrienne (@MoonshineDesign) September 22, 2015
http://platform.twitter.com/widgets.jsiPhone pre-orders in the U.S. can be tracked with FlightAware and UPS.
FlightAware Once Again Offers Tool to Track iPhone Pre-Order Shipment Flights
Apple began shipping iPhone 6s and 6s Plus pre-orders on Saturday and now FlightAware, a site that offers live flight tracking, has once again begun offering a tool that allows users to track the flights carrying their iPhones after they receive their tracking number. FlightAware also offered the tool last year.
FlightAware says that users who have their UPS tracking number can use their tool to match their “departure scan” with one of the departure times listed in their tool to determine which flight their iPhone is on. The tool will be updated as FlightAware learns more about Apple’s shipping strategy for the new phones.
Currently, many flights are on their way to Louisville, Kentucky’s Worldport, which is UPS’ worldwide air hub. Additional flights are on the way to Ontario, California.
Those who have not received their UPS tracking numbers can track their packages by reference on UPS’ website. To do so, users have to fill out the “track by reference” form and input the phone number listed on their Apple account, the zip code its shipping to and country. This tactic may only work with pre-orders made through Apple.
The first iPhone 6s and 6s Plus shipments are expected to arrive Friday, September 25. However, sometimes lucky customers receive their phones early due to shipping errors. Apple has ended launch-day pre-orders and in-store reservations for the two new phones and will not offer walk-in sales for them at Apple Stores in Delaware, Hawaii, Alaska, New Hampshire, Oregon, China, Hong Kong and Japan.
MacRumors readers may also want to join in on the dedicated pre-order threads on the forums, where users are sharing tracking information and socializing while waiting for their new iPhones.
Apple Gives Roundhouse Music Venue ‘Environmental Makeover’
As the Apple Music Festival continues at London’s Roundhouse performing arts and concert venue, Apple environmental head Lisa P. Jackson announced that the company has given the historical venue an “environmental makeover“.
We’re making major upgrades to the lighting, plumbing, and HVAC systems; installing recycling and composting bins; arranging to turn used fryer oil into biofuel; buying renewable energy credits to cover the Roundhouse’s September electricity use; and offering reusable water bottles instead of plastic ones.
Apple says they expect the changes to reduce Roundhouse’s annual emissions by 60 tons, save 60,000 gallons of water a year and divert more than 1,600 kilograms of waste from landfills. Apple has continually noted that one of its goals is to “leave the world better than they found it”, which Jackson echoes in her tweet highlighting the renovation. The company has also continually highlighted its own environmental responsibility with annual reports.
The Apple Music Festival continues until September 28, with performances from The Weeknd, One Direction, Pharrell and Florence + The Machine still to come.
WatchOS 2 hands-on: What Apple Watch should have had from the start
Ignoring the mixed reviews, common sense and the usually wise advice that you should avoid first-gen products at all costs, I bought an Apple Watch last June. Honestly, I’m still surprised by that. I backed the original Pebble crowdfunding campaign, and I’ve tested a few Android Wear devices, but as a whole smartwatches have always left me wanting. If I was going to wear anything on my wrist, I typically preferred a dedicated fitness tracker. But after hearing about what Apple had planned for watchOS 2 (the software that powers the Watch), I felt compelled to snap up a 42mm Apple Watch Sport. Now, a little more than five months after the Watch’s launch, that long-awaited update is here. And while it doesn’t fix all of the Apple Watch’s flaws, it’s a significant improvement for the crazies like me who bought one already. Slideshow-322291
Upgrading to watchOS 2 took over an hour, including a surprisingly lengthy download. (Pro-tip: Make sure you’ve got your charging puck ready, as the upgrade won’t start without it.) There weren’t any major changes once my Watch finally rebooted, though I noticed that the animated jellyfish watch face stayed on the screen much longer than before. It’s a minor thing, but it makes it easier to show off what the Apple Watch is capable of to friends. Similarly, you can now have your Watch keep its display on for 70 seconds, not just 15.
The biggest addition to watchOS 2 is something that would sound familiar to early iPhone users: native apps. Previously, third-party Apple Watch apps relied on your iPhone to do just about everything, making for interminably long delays. You’d probably spend more time staring at the circular loading screen than whatever you were looking for from an app — not exactly what you’d want for a new flagship Apple device. With watchOS 2, developers can now have their apps run directly on the Watch, which should speed things up considerably. Those apps also have access to more of the device’s features, including the Digital Crown, “taptic” feedback and health tracking.
As of today, there seem to be only a handful of Watch apps built specifically for WatchOS 2, though I’d expect that to change over the next few weeks. Citymapper was one of the first native Watch apps to appear on my phone, and it certainly feels zippier than before. The app loads in about a second, and it lets you easily plan a trip from your current location to your home or other saved address (which you have to add from the iPhone app). You can also view nearby bus and subway stops, and, surprisingly, even locations for NYC’s Citibike stops. The big takeaway: It actually feels like an iOS app now, rather than a mere shell of an app.
There are also a slew of other updates throughout watchOS 2 that makes it a better overall experience. Apple’s Siri virtual assistant is a bit smarter now — it can even direct you to specific locations within apps. For example, you ask Siri to “start a running session” and it’ll open up Apple’s fitness app with a choice of available running workouts. Siri can also pull up “Glances,” the informational screens that appear alongside the clock app, on its own, instead of pushing you to search for things on your iPhone. Apple says Siri’s responsiveness has also been improved, but in my short testing the “Hey Siri” command hasn’t really improved. It still takes me a few tries sometimes before Siri actually starts listening for commands.
Of course, there are also a handful of new watch faces, including time-lapses of cities like New York, Hong Kong, and Paris, photos and albums. It can also take advantage of the new “live photo” feature on the iPhone 6S and 6S Plus, which displays short video segments from before and after you shoot a photo. You can also add more “complications” (the watch industry term for features, which seems wildly out of place when referring to smartwatches) to the watch face from third-party apps. There isn’t much room to work with, but at least you have the freedom to make tiny bits of news stories or flight details one of the first things you see on your Apple Watch.
A new feature called “Time Travel” also lets you wind the Digital Crown back or forth to see calendar events or even the upcoming weather. Previously, you could wind the Crown to interact with some watch faces, but it didn’t display any useful information. There’s also a night stand mode that reorients the watch face sideways so you can charge your watch on its side.
For the most part, watchOS 2 is more about what it enables, rather than any immediate features. But just like when Apple kicked off the App Store on iOS, it portends some fundamental shifts in the way the Apple Watch works. The big problem? Apple doesn’t have much of an excuse for not delivering most of watchOS 2’s features when the Apple Watch launched. It’s not as if Apple is unaware of the benefits of a strong app ecosystem.
In our original review, we called the Apple Watch a “status symbol for iOS devotees.” That’s still the case today, but watchOS 2 shows that Apple is learning from its mistakes. And who knows, maybe next year I’ll actually be able to recommend the Apple Watch without hesitation.
Jon Fingas contributed to this report.
AIVAnet 