The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday October 14, 2020

White-hat hackers had the run of Apple's corporate network for months.

For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers.

Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.

Apple promptly fixed the vulnerabilities after Curry reported them over a three-month span, often within hours of his initial advisory. The company has so far processed about half of the vulnerabilities and committed to paying $288,500 for them. Once Apple processes the remainder, Curry said, the total payout might surpass a half million dollars.

Curry said in an online chat a few hours after posting a 9,200-word writeup about their findings, "If the issues were used by an attacker, Apple would’ve faced massive information disclosure and integrity loss." He explains, "attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend."

Among the most serious risks were those posed by a wormable cross-site scripting vulnerability in a code parser that’s used by the iCloud servers. Because iCloud provides service to Apple Mail, the flaw could be exploited by sending someone with an iCloud.com or Mac.com address an email that included malicious characters.

The target need only open the email to be hacked. Once that happened, a script hidden inside the malicious email allowed the hacker to carry out any actions the user could when accessing iCloud in the browser.

In a statement, Apple says, "As soon as the researchers alerted us to the issues they detail in their report, we immediately fixed the vulnerabilities and took steps to prevent future issues of this kind. Based on our logs, the researchers were the first to discover the vulnerabilities so we feel confident no user data was misused."

Source: arstechnica.com

Sent to us by: Roy W. Nash

An optional update to Windows 10 breaks its ability to upgrade in future.

Microsoft is warning that customers who install the optional KB4577062 update for Windows 10 versions 1903 and 1909 will encounter issues upgrading to newer Windows 10 versions on some devices.

As Microsoft says, after installing the optional update, users will receive compatibility warnings when trying to update the OS to newer versions if HTTP Internet access for LOCAL SYSTEM accounts is blocked using a firewall.

While Microsoft doesn't mention that the compatibility issues also affect newer Windows 10 releases, users have also seen this warning when trying to upgrade to Windows 10, version 2004.

Microsoft says that it is currently working to address this issue with a fix to be available in an upcoming Windows 10 release.

Until then, the company advises customers, "If your device has access to HTTP blocked for LOCAL SYSTEM accounts, to mitigate this issue you can enable HTTP access for the Windows 10 Setup Dynamic Update (DU) using the LOCAL SYSTEM account. After you have allowed access, you can restart the installation of the update and you should not see the warning."

KB4577062 was released last month, with the main highlight being that it enables an Internet Explorer 11 notification to inform users about Adobe Flash's end of support this coming December.

Source: www.bleepingcomputer.com

Sent to us by: Robbie Ferguson

Misleading pin puzzle ads have been banned in the UK.

The UK advertising authority has put a stop to those pin puzzle ads, arguing that the frequent advertising misrepresents the gameplay of each title.

The Advertising Standards Authority regularly weighs in what does and doesn’t fly for game advertisements in the UK, meaning it's important for game developers to keep up with the authority’s decisions in order to ensure their own ads don’t end up on the chopping block.

The Playrix ads in the ASA’s crosshairs this time around might be familiar to anyone that regularly dabbles in mobile free-to-play games or scrolls through social media: each depicts a puzzle that requires players to slide a variety of pins in a certain order to save a cartoonish character from certain doom.

Only, as the ad regulator points out, the gameplay seemingly featured in those advertisements is nothing close to what’s actually found in the bulk of the match-3 games they’re advertising.

The complaint itself sprung out of two particular Facebook advertisements, one for Homescapes and one for Gardenscapes, that followed that pin-pulling format and aimed to lure would-be players with phrases like “only 5 percent can solve this!” and “Think you can do better?”, among others.

In response to ASA’s investigation, Playrix argued that the puzzles shared thematic similarities with the gameplay and narrative players could expect in the actual games.

The ASA, however, isn't having it, making it clear that those who click the ad and install the app are expecting gameplay that reflects what is shown in the ad.

The authority has decreed that Playrix's ads are misleading despite Playrix’s inclusion of a disclaimer that “Not all images represent actual gameplay.” The offending advertisements can no longer run in the UK, and Playrix has been told to ensure their future ads actually represent the gameplay of the titles they’re linked to.

Hopefully we'll see these annoying false ads stopped in other regions as well.

Source: www.gamasutra.com

Sent to us by: Robbie Ferguson

Apple's new iPhone lineup has been announced.

Apple unveiled four new phones Tuesday which are equipped for faster technology with 5G wireless networks.

The pandemic temporarily paralyzed Apple's overseas factories and key suppliers, leading to a delay of the latest iPhones from their usual late September rollout. The company also closed many of its U.S. stores for months because of the pandemic, depriving Apple of a prime showcase for its products.

Now, the new lineup has been unveiled. The iPhone 12, 12 Mini, 12 Pro and 12 Pro Max range in price from about $979 Canadian to upwards of $1,550.

The tech giant said the new phones will also be more durable.

In a move that may annoy some consumers, Apple will no longer include charging adapters with new phones. The company says that will mean smaller, lighter boxes that are more environmentally friendly to ship. Apple, however, separately sells two models of power adapter, which are likely a required purchase since the included cable is not compatible with the traditional USB-A style wall wart.

Apple has one of the most loyal and affluent customer bases in the world, which has many analysts betting the next wave of phones will sell well. The iPhone remains the foundation of Apple's business.

Apple boasted about the 5G capabilities and brought in Verizon CEO Hans Vestberg to champion the carrier's network. 5G is supposed to mean much faster speeds, making it quicker to download movies or games, for instance.

But finding those speeds can be a challenge. While telecom operators have been rolling out 5G networks, significant boosts in speed are still uncommon in much of the world, including the U.S.

The iPhone models unveiled Tuesday will launch at different times. The iPhone 12 and 12 Pro will be available starting Oct. 23; the Mini and the Pro Max will follow on Nov. 13.

Source: www.cbc.ca

Sent to us by: Bekah Ferguson

The BBC Micro Bit mini-computer is getting a big upgrade, making it powerful enough for AI applications.

The BBC Micro Bit mini-computer, used by millions of schoolchildren around the world, is receiving its first major update since 2016.

Formerly a BBC-led project, it is now led by a foundation that aims to make coding accessible for children.

The new model includes a speaker and microphone, as well as a capacitive touch sensor.

The device will be released in November, with prices starting at £11.50, a bit more than $14 US.

Gareth Stockdale, chief executive of the Micro Bit Educational Foundation, said, "The purpose of the Micro Bit is to help children unlock their creative potential and learn how to shape the world around them." He believes that learning coding and computational thinking can enhance skills that will help them in their careers in the 21st century.

Since its launch, the Micro Bit has been designed for education, with an estimated 25 million children learning computer skills on the device in over 60 countries.

The previous model launched in the UK in 2016, with the BBC giving away a free Micro Bit to every grade seven student.

It is now used in most secondary schools, as well as primary schools, universities and libraries.

The foundation has also donated 5,000 devices to families in the UK, to help with home schooling during the COVID-19 pandemic.

The Micro Bit is a palm-sized circuit board with an array of 25 lights that can be programmed to show letters, numbers and other shapes, and a Bluetooth chip for wireless connectivity.

As the hardware is now powerful enough to run machine-learning systems, the foundation has plans to expand into this area in future.

Source: www.bbc.com

Sent to us by: Roy W. Nash