Trailrunner7 writes "A revamped early random number generator in iOS 7 is weaker than its vulnerable predecessor and generates predictable outcomes. A researcher today at CanSecWest said an attacker could brute force the Early Random PRNG used by Apple in its mobile operating system to bypass a number of kernel exploit mitigations native to iOS. 'The Early Random PRNG in iOS 7 is surprisingly weak,' said Tarjei Mandt senior security researcher at Azimuth Security. 'The one in iOS 6 is better because this one is deterministic and trivial to brute force.' The Early Random PRNG is important to securing the mitigations used by the iOS kernel. 'All the mitigations deployed by the iOS kernel essentially depend on the robustness of the Early Random PRNG,' Mandt said. 'It must provide sufficient entropy and non-predictable output.'"
Please create an account to participate in the Slashdot moderation system
hcs_$reboot writes "Masatoshi Son, SoftBank CEO, remembers the early days when he tried to cut a deal with Steve Jobs in order to be the first to offer the not-even-named-iPhone-yet- 'new phone' from Apple, back in 2005. At the time, Son didn't even own a mobile carrier. He then purchased Vodafone, and was indeed the first to sell the iPhone in 2008 (then Au-Kddi in 2011, and DoCoMo in 2013). Today, 75% of smartphones sold in Japan are iPhones."
An anonymous reader writes "Apple and Samsung couldn't agree on a patent cross-license even though their CEOs met recently. What could be the reason (or one of the reasons) is that Apple is asking for obscenely high patent royalties. At the March 31 trial an Apple-hired expert will present to a California jury (already the third jury trial in this dispute) a damages claim of $40 per device (phone or tablet) for just a handful of software patents. The patents are related to, but don't cover all aspects and elements of, functionalities like slide-to-unlock, autocorrect, data synchronization, unified search and the famous tap-on-phone-number-to-dial feature. Google says there are 250,000 patentable inventions in a smartphone. On average, Apple wants $8 per patent per device. That would add a patent licensing bill of $2 million to each gadget. So Apple and Samsung will be back to court again later this month."
elphie007 writes "An investigation by The Australian Financial Review has discovered how from 2002 to 2013, Apple has shifted approximately $AU8.9 billion of revenue generated in Australia to Ireland, via Singapore. The article states that last year alone, Apple Australia paid only $AU88.5 million in tax, or 0.044% of estimated potential tax liabilities. What's more, the Australian Tax Office has agreed that this arrangement is acceptable under Australian law."
mrspoonsi writes "A man whose mother bequeathed her iPad to her family in her will says Apple's security rules are too restrictive. Since her death, they have been unable to unlock the device, despite providing Apple with copies of her will, death certificate and solicitor's letter. After her death, they discovered they did not know her Apple ID and password, but were asked to provide written consent for the device to be unlocked. Mr Grant said: 'We obviously couldn't get written permission because mum had died. So my brother has been back and forth with Apple, they're asking for some kind of proof that he can have the iPad. We've provided the death certificate, will and solicitor's letter but it wasn't enough. They've now asked for a court order to prove that mum was the owner of the iPad and the iTunes account.'"
An anonymous reader writes "Apple announced today a system called CarPlay, which integrates your iPhone with your car, with Siri voice control. CarPlay will be offered in Ferrari, Mercedes-Benz and Volvo vehicles this year, and others 'down the road.' From the press release: 'CarPlay makes driving directions more intuitive by working with Maps to anticipate destinations based on recent trips via contacts, emails or texts, and provides routing instructions, traffic conditions and ETA. You can also simply ask Siri and receive spoken turn-by-turn directions, along with Maps, which will appear on your car’s built-in display.'
mikejuk writes "The OpenNI website, home to the widely used framework for 3D sensing, will be shut down in April. When, in November 2013, Apple bought PrimeSense for $350 million, people speculated how this would affect the Capri mobile technology but no mention was made of what would happen to OpenNI, the open source SDK most often used as an alternative to Microsoft's closed SDK for the Kinect. After Apple acquired PrimeSense, its website quickly shut, but the Developers link still points to Open NI. The status of OpenNI is a not-for-profit whose framework allows developers to create middleware and applications for a range of devices, including the Asus Xtion Pro. It claims to be a widely used community with over 100,000 active 3D developers."
An anonymous reader tips news that Apple's efforts to bring iOS to cars will be shown at the Geneva Motor Show next week. 'Drivers will be able to use Apple Maps as in-car navigation, as well as listen to music and watch films. Calls can be made through the system, which will tie into the Siri voice recognition platform so that messages can be read to the driver who can respond by dictating a reply.' Apple's partners in the automotive industry will be Volvo, Ferrari, and Mercedes Benz to start. Apple first said they were working on this system at last year's WWDC.
Hugh Pickens DOT Com writes "Nick Statt reports at Cnet that at Apple's annual shareholder meeting Friday, Apple CEO Tim Cook shot down the suggestion from a conservative, Washington, DC-based think tank that Apple give up on environmental initiatives that don't contribute to the company's bottom line. The National Center for Public Policy Research (NCPPR), hasn't taken kindly to Apple's increasing reliance on green energy and said so in a statement issued to Apple ahead of the meeting. 'We object to increased government control over company products and operations, and likewise mandatory environmental standards,' said NCPPR General Counsel Justin Danhof demanding that the pledge be voted on at the meeting. 'This is something [Apple] should be actively fighting, not preparing surrender.' Cook responded that there are many things Apple does because they are right and just, and that a return on investment (ROI) was not the primary consideration on such issues. 'When we work on making our devices accessible by the blind. I don't consider the bloody ROI,' said Cook. 'We do a lot of things for reasons besides profit motive, We want to leave the world better than we found it.' Danhof's proposal was voted down and to any who found the company's environmental dedication either ideologically or economically distasteful, Cook advised 'if you want me to do things only for ROI reasons, you should get out of this stock.'"
itwbennett writes "Who doesn't love free text messages? People who try to transition from an iPhone to any other phone, that's who. Apple's Messages app actively moves conversations away from paid text messages to free Messages. Very convenient until you want to leave your iPhone and switch back to plain old text messages because suddenly you'll be unable to receive text messages from your iPhone-toting friends. There's an obscure workaround, and Samsung, which has a vested interest in the matter, has a lengthy guide to removing your iPhone as a registered receiver of Messages . But the experience is just annoying enough that it might be the kind of thing that would keep someone from making a switch — and that's when it starts to feel like deliberate lock-in, and not so much like something Apple overlooked."
Freshly Exhumed writes "As Apple issued an update for Mavericks, Mountain Lion, and Lion yesterday, Snow Leopard users have not seen a security update since September, 2013. This would not be noteworthy if Apple, like a host of other major software vendors, would clearly spell out its OS support policies and warn users of such changes, but they have not. Thus, the approximately 20% of Mac users still running Snow Leopard now find themselves in a very vulnerable state without the latest security updates."
Hugh Pickens DOT Com writes "According to NBC, Apple has confirmed that it urged Arizona Gov. Jan Brewer to veto a bill that would allow business owners with strongly held religious beliefs to deny service to gays and lesbians. Last November Tim Cook announced that Apple was building a sapphire glass plant in Mesa, AZ, that would bring 2,000 new jobs to the state. 'Apple is indisputably one of the world's most innovative companies and I'm thrilled to welcome them to Arizona,' said Gov. Brewer at the time. 'Apple will have an incredibly positive economic impact for Arizona and its decision to locate here speaks volumes about the friendly, pro-business climate we have been creating these past four years.' According to Philip Elmer-DeWitt, it sounds like Tim Cook may be having second thoughts about how 'friendly' and 'pro-business' the climate in Arizona really is."
exomondo writes "Following hot on the heels of the iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system. It is a security bug that can be used as a vector for malware to capture touch screen, volume rocker, home button and (on supported devices) TouchID sensor presses, information that could be sent to a remote server to re-create the user's actions. The vulnerability exists in even the most recent versions of iOS and the authors claim that they delivered a proof-of-concept monitoring app through the App Store."
Trailrunner7 writes "The certificate-validation vulnerability that Apple patched in iOS yesterday also affects Mac OS X up to 10.9.1, the current version. Several security researchers analyzed the patch and looked at the code in question in OS X and found that the same error exists there as in iOS. Researcher Adam Langley did an analysis of the vulnerable code in OS X and said that the issue lies in the way that the code handles a pair of failures in a row. The bug affects the signature verification process in such a way that a server could send a valid certificate chain to the client and not have to sign the handshake at all, Langley found. Some users are reporting that Apple is rolling out a patch for his vulnerability in OS X, but it has not shown up for all users as yet. Langley has published a test site that will show OS X users whether their machines are vulnerable."
Hugh Pickens DOT Com writes "Steven Musil writes at Cnet that the US Postal Service hopes Steve Jobs can do for it what he once did for Apple as the late Apple co-founder will be featured on a commemorative US postage stamp along with Johnny Carson, Ingrid Bergman, Elvis Presley, and James Brown. The former Apple CEO's stamp is still in the design stages and will be released at some point in 2015. Jobs, who passed away in 2011 after a battle with pancreatic cancer, has also been posthumously honored for his visionary achievements with a special Grammy Merit Award and a Disney Legends Award. Jobs was also inducted into the Bay Area Business Hall of Fame, has had a building at Pixar named after him, and was featured in an exhibit at the US Patent Office Museum. "The profitable first class mail business has been decimated by email over the past decade, thanks in no small part to the contributions of Steve Jobs and Apple," writes Derek Kessler. "It's no small feat to be so impactful that the USPS feels compelled to honor you despite the fact that the work that you've done is dismantling the core of their business.""
wiredmikey writes "Users of iOS devices will find themselves with a new software update to install, thanks to a certificate validation flaw in the mobile popular OS. While Apple provides very little information when disclosing security issues, the company said that an attacker with a 'privileged network position could capture or modify data in sessions protected by SSL/TLS.' 'While this flaw itself does not allow an attacker to compromise a vulnerable device, it is still a very serious threat to the privacy of users as it can be exploited through Man-in-the-Middle attack,' VUPEN's Chaouki Bekrar told SecurityWeek. For example, when connecting to an untrusted WiFi network, attackers could spy on user connections to websites and services that are supposed to be using encrypted communications, Bekrar said. Users should update their iOS devices to iOS 7.0.6 as soon as possible." Adds reader Trailrunner7: "The wording of the description is interesting, as it suggests that the proper certificate-validation checks were in place at some point in iOS but were later removed somehow. The effect of an exploit against this vulnerability would be for an attacker with a man-in-the-middle position on the victim's network would be able to read supposedly secure communications. It's not clear when the vulnerability was introduced, but the CVE entry for the bug was reserved on Jan. 8."
Nerval's Lobster writes "Tesla CEO Elon Musk admitted in a Bloomberg interview that he had engaged in 'conversations' with Apple, but refused to disclose the content of those talks. Rumors have circulated for several days that Apple executives met with Musk last spring about a possible acquisition. An anonymous source with knowledge of those discussions told SFGate.com that discussions included Adrian Perica, who heads up Apple's M&A division, and possibly Apple CEO Tim Cook. 'Both [Tesla and Apple] have built brands based on advanced engineering and stylish user-friendly design,' the newspaper noted. 'And each company has become a symbol of Silicon Valley innovation—even among people who don't own their products.' But in the interview, Musk framed an acquisition as 'very unlikely,' mostly because it would distract Tesla from its goal of building an affordable electric car. 'I don't see any scenario,' he added, in which Tesla could juggle the issues associated with a takeover while producing vehicles that met his perfectionist standards. He did suggest, however, that Apple's iOS and Google Android could find their respective ways into Tesla's in-vehicle software. Tesla executives once considered integrating an early version of Android into the company's first electric cars, but the software ultimately wasn't ready to serve as an automotive application. Nonetheless, Musk could see iOS or Android within the context of a 'projected mode or emulator' that would allow someone to use applications while driving, although 'that's peripheral to the goal of Tesla.'"
An anonymous reader writes "The Apple rumor mill is alive and well. This time around the tech giant is rumored to be looking into exploring medical sensor technology related to predicting heart attacks, and might even buy Tesla. 'Taken together, Apple's potential forays into automobiles and medical devices, two industries worlds away from consumer electronics, underscore the company's deep desire to move away from iPhones and iPads and take big risks. "Apple must increasingly rely on new products to reignite growth beyond the vision" of late founder Steve Jobs, said Bill Kreher, an analyst with Edward Jones Investments in St. Louis. "They need the next big thing."'"
An anonymous reader writes "As the rumors surrounding Apple's mythical iWatch continue to swell, Apple has continued to hire folks with deep biomedical and sensor technology expertise. A previously unreported addition to Apple's growing cadre of medical device experts is Marcelo Malini Lamego, who began working at Apple this January. Before joining Apple this past January, Lamego spent 8 years as the CTO of Cercacor, a medical devices company with a focus on developing noninvasive monitoring technologies."
zacharye writes "Last year ahead of Apple's iPhone 5s and iPhone 5c launch, lines began forming outside Apple stores weeks in advance. At the time, we thought it was pretty crazy that anyone would line up that far in advance to buy a cell phone — but now we know what crazy really looks like. A Japanese man named 'Yoppy' says he has already lined up to buy Apple's unannounced iPhone 6, which isn't expected to launch for another seven months."