Month: June 2016

 

Apple leaves iOS 10 beta kernel unencrypted in potential bug discovery effort

In a bold move — or an egregious error — Apple has left the kernel of its recently released iOS 10 beta exposed, laying bare potentially exploitable security flaws ahead of a wide public release this fall.

Discovered by security researchers and reported by the MIT Technology Review, the decision to distribute an unencrypted kernel would be a vast departure from previous iOS releases, which kept the so-called “heart” of the OS closely guarded. Among the many benefits of obscuring access to the kernel is protection from reverse engineering, a key security breaches.

Like many modern computer operating systems, the kernel in iOS is vital to system management, having a hand in almost every facet of runtime operations, from startup to high-level app execution. Importantly, the iOS kernel grants third-party apps access to, and limits use of, hardware assets. By delivering an unencrypted version, Apple is opening its prized OS to the scrutiny of security researchers and hackers alike.

Whether Apple deliberately left the kernel exposed is unclear, though experts find it hard to believe the move was made in error. More plausible, some say, is that Apple intentionally shipped an unencrypted beta version as part of a daring debugging strategy. More eyes on iOS code could result in higher rates of bug and vulnerability discoveries, which might — hopefully — be reported to Apple and fixed.

The method is a risky one, however, as researcher Mathew Solnik discovered the release to include a security measure that protects Apple’s kernel from modification. Access to such information could potentially pose a danger to millions of iOS devices if it fell into the wrong hands.

Noted iOS security expert Jonathan Zdziarski said a decision to open the kernel makes sense coming out of Apple’s recent data privacy battle with the U.S. government. In that case, the FBI pressed for access to an iPhone 5c linked to last year’s San Bernardino terror attack, a request that would force Apple to create a workaround to its own security safeguards. Apple resisted an issued court order to unlock the iPhone, subsequently staging a legal defensive that sparked intense debate over the boundaries between government reach and personal data privacy.

The action was rendered moot after the FBI was able to bypass the handset’s lock protection using a zero-day exploit purchased from an undisclosed third party. According to Zdziarski, an open iOS kernel might be an attempt at deflating the iOS exploit market, an entity in large part driven by demand from law enforcement agencies.

This year’s ‘iPhone 7’ will lack major design changes as Apple awaits improved technology

Though Apple has historically introduced a major redesign of its iPhone every two years, this year’s upgrade will look largely the same, with the largest change being the elimination of the 3.5-millimeter headphone jack, a new report claims.

Tuesday’s report from The Wall Street Journal largely echoes earlier claims, but does add one new tidbit: Apple has apparently been held back by limitations in currently available technology.

Citing anonymous sources, the report said that Apple was unable to introduce a major design change this year because “new technology in the pipeline will take time to implement.”

That aligns with recent reports, suggesting Apple has a major resign in the works for 2017, featuring a curved all-glass chassis that will be a major departure from the current form factor. It has also been claimed that Apple plans to somehow integrate the Touch ID fingerprint sensor, FaceTime camera and call speaker into the display itself for next year’s model.

This year’s iPhone, however, is widely expected to look largely the same as the current iPhone 6s series and its predecessor, the iPhone 6. Sources told the Journal that the elimination of the 3.5-millimeter headphone jack will allow the handset to be a millimeter thinner than the current model, and will also improve water resistance.

Apple’s so-called “iPhone 7” is expected to be introduced this September, and leaked parts and details show a device with a nearly identical form factor to the iPhone 6s. Without a complete redesign, it’s possible that Apple won’t give the handset the “iPhone 7” moniker.

Keeping the same design for three years would be a major change for Apple, which has stuck to a “tick-tock” strategy with the iPhone for years, redesigning its handset every two years and then refining it with an “s” upgrade.

Rumors and leaks have so far indicated that only the larger “Plus” variant of this year’s model will get a new dual-lens camera, along with some other unique upgrades like 3 gigabytes of RAM and a Smart Connector. The regular “iPhone 7” may see comparatively modest improvements, though its camera may finally be enhanced with optical image stabilization, previously a Plus-only feature.

By ditching the headphone jack, Apple will likely push users to rely on either Bluetooth headphones, or headsets that connect through the Lightning connector. It’s expected that Apple will also separately offer some form of adapter for connecting legacy headphones with 3.5-millimeter connectors.

Rumor: New MacBook Pros will be announced by Apple this month, begin shipping in August

Apple is set to revamp its notebook lineup in the coming months, and could pre-announce a drastic change to its MacBook Pro hardware as soon as this month, a new rumor claims.

Citing details from a “reliable Chinese supplier,” Macotakara reported on Wednesday that Apple is set to announce a new MacBook Pro lineup in June. Aligning with earlier leaks, the report claimed that the redesigned notebook will feature USB-C and Thunderbolt 3 ports, ditching legacy USB-A connectors, as well as Thunderbolt 2 and MagSafe 2 charging.

Confusingly, Wednesday’s report also claimed that Apple is planning to announce a “new MacBook Air” this month as well, but said it was “unclear” whether the products would be unveiled at next week’s Worldwide Developers Conference. It was said Apple plans to cancel production of the 11-inch model and focus on 13- and 15-inch versions to launch in August.

However, Apple’s current MacBook Air lineup was given a minor update already this year, with 8 gigabytes of RAM now the standard on the 13-inch model. It’s widely expected that the current MacBook Air lineup and design is on the way out, and is only being kept around to allow Apple to achieve low price points with its notebooks.

Given that Wednesday’s report talks of a 15-inch MacBook Air — a size that has never been available for that model — it’s possible that the “new MacBook Air” it purports is in the works could, in fact, just be Apple’s next-generation MacBook Pro. It’s expected that the MacBook Pro lineup will gain a thinner-than-ever design, which would make it more Air-like than before, and could be the cause of confusion regarding branding within Apple’s supply chain.

In addition to a svelte chassis and USB-C inputs, the new MacBook Pro is also rumored to gain secure Touch ID login, and a dynamic OLED display touch bar that will replace the row of function keys above the traditional keyboard. But well-connected analyst Ming-Chi Kuo doesn’t expect that the new MacBook Pros will hit the market until the fourth quarter of 2016, which would contradict Wednesday’s claims of a possible June announcement and August launch.Pre-announcing hardware is not an unprecedented move for Apple, as the company offered a sneak peek of its redesigned Mac Pro at WWDC in 2013. The cylindrical desktop didn’t actually arrive in the hands of consumers until just before the end of that year.

However, reports have suggested this year’s WWDC will be a software-focused event, with new hardware not expected to be unveiled at next Monday’s keynote presentation. Of course, that could be an effort by Apple to control expectations, especially if a redesigned MacBook Pro isn’t going to hit store shelves until August or later.

All should be revealed at Apple’s June 13 WWDC 2016 keynote, which is set to kick off at 10 a.m. Pacific, 1 p.m. Eastern. AppleInsider will be there in San Francisco live with full, exclusive coverage.