Apple makes use of a ton of open source software. Well, they’re only human. The trouble is, open source is full of bugs just like everything else. Just look at the number of WebKit vulnerabilities that are always crawling out of the woodwork.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 16.6, macOS Ventura 13.5, and Other Updates Patch Actively Exploited Vulnerabilities
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple makes use of a ton of open source software. Well, they’re only human. The trouble is, open source is full of bugs just like everything else. Just look at the number of WebKit vulnerabilities that are always crawling out of the woodwork.
Absolutely true brother. Tired of these weekly updates. Red notification of an update seems to be a daily thing now. But hey, it gives MR another article to print yea?
Ironic that Apple patch these vulnerabilities, kick off against new EU and UK rules on end to end encryption, yet persist in seeking to install client side scanning, which is the worst of the worst as far as snooping is concerned as it makes end to end encryption irrelevant as many experts have made clear
www.internetsociety.org
www.justsecurity.org
www.theregister.com
www.infosecurity-magazine.com
www.eff.org
www.theguardian.com
judicature.duke.edu
www.privateinternetaccess.com
www.schneier.com
www.bankinfosecurity.com
www.eff.org
www.oodaloop.com
Fact Sheet: Client-Side Scanning - Internet Society
Client-side scanning (CSS) broadly refers to systems that scan message contents for matches or similarities to a database of objectionable content before the message is sent to the intended recipient.
www.internetsociety.org
Client-Side Scanning: A New Front In the War on User Control of Technology
How much control should users have over the devices they own?
www.justsecurity.org
Client-side content scanning is a disaster for democracy
Hopefully we're still listening to experts
EU's Client-Side Scanning Plans Could be Unlawful
Lawyers for the bloc issue warning
Why Adding Client-Side Scanning Breaks End-To-End Encryption
Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “lawful access” to encrypted communications, using arguments that have barely changed since the 1990’s. But we’ve also seen suggestions from a different set of actors for more...
Apple’s plan to scan images will allow governments into smartphones | John Naughton
Client-side scanning, as the technology is called, should really be treated like wiretapping and regulated accordingly
You Are Being Scanned
Client-side scanning's potential for use in concert with law enforcement and without notice, consent, or accountability, raises a bevy of privacy concerns.
judicature.duke.edu
Top Security Experts Warn: Client-side Scanning "Tears at the Heart of Privacy of Individual Citizens"
A couple of months ago, this blog wrote about Apple's Expanded Protections for Children, which turned out to mean client-side scanning (CSS). That is, security experts
www.privateinternetaccess.com
Security Risks of Client-Side Scanning - Schneier on Security
Even before Apple made its announcement, law enforcement shifted their battle for backdoors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic...
www.schneier.com
Apple Criticizes UK Government's Client-Side Scanning Push
Technology giant Apple has joined the chorus of voices calling on the British government to rethink its proposed Online Safety Bill legislation intended to increase
Apple's Plan to "Think Different" About Encryption Opens a Backdoor to Your Private Life
Apple has announced impending changes to its operating systems that include new “protections for children” features in iCloud and iMessage. If you’ve spent any time following the Crypto Wars, you know what this means: Apple is planning to build a backdoor into its data storage system and its...
Renowned Encryption Experts Sound the Alarm on Client-Side Scanning (CSS)
Public safety and law enforcement officials continue to explore a viable technological solution to their need to lawfully gain access to information on smartphones. The solution currently under consideration, Client-Side Scanning or CSS, grows out of an August 2021 proposal from Apple, Inc. A...
www.oodaloop.com
Last edited:
I think its a case that that Apple actually has started to give a toss about security and not waiting forever to patch things. That along with there is more threats out there being discovered, more complex software using components not developed inhouse and that Apples users starting to realise that Apple can also have security flaws.
I still struggle with some users at work, especially Apple users that think that Apple is the most secure device in the world that doesn't need security patches.
I'm glad Apple has started to take security issues seriously, and they releasing security fixes more often is a good sign.
Would be great if they did jump on the "patch tuesday" idea, would make it easier for IT-departments to plan things.
If its related to battery drain check the post in another thread regarding the fitness app.
If its uninstalled, reinstall it.
It can prob be a thousand other things but the above helped me getting better batterytime and a less hot phone that could happen without me doing anything.
Fitness app. HAHAHAHAHH HAHAHA HA HAHAHAH. HA.
My friend. I don’t use such a thing.
Everyone immediately installs the patch? Ha! As someone who manages a large number of Macs for my organization, i wish that was the case. In the ~2 weeks that the latest RSR was released, barely 60% took the update and there was no good way for us to force the update. Even regular Software Updates require us to use Open Source software to prompt nudge the users to upgrade. Even then, by the time the deadline has elapsed, I still have 5-7% of computers that still need to be patched.
Apple claims they have a much better update experience in macOS 14. We'll see.
I think in present day the stakes are higher with more parties trying to penetrate IOS.
Look at windows, after 40 years Microsoft “should” produce bug free, vulnerability free code and yet….
Where? Where is this happening? I keep asking, over and over, for ONE example. Show me a single instance, from the last 5 years, heck the last 10 years, where some regular person had their old, unpatched iPhone exploited somehow. (Doesn’t count if a government was doing it)
Well, that could be the reason why you have an issue.
If you have uninstalled the fitness app that could be the cause for the heat and drain. Another user looked into it.
I just updated my AppleTV, iPad and two phones on the same network (in Sweden 100/100) and it felt fast enough. Might be down to where you are located.
I feel the pain, I'm managing Android, iOS/iPadOS and Macs via Intune and its painfull to watch how many that ignore updates. Some refuse with arguments such as "I remember iOS 7, its killed my iPhone 4, never again, im keeping the OS that came with the device"
Intune are getting better tho, will have a look after the holidays how we can enforce things in combination with conditional access to block people with older versions not being able to reach services.
Well, would you rather Apple not patch vulnerabilities? You could also switch over to the other platform and see if the grass is greener there.
What do I think? Keep ‘em coming Apple!
The heating and battery drain only started happening after one of the incremental 16.5 updates. It’s been fine since 16.6 update. No more overheating or battery drain.
That was strangely defensive, and wildly assumptive.
I don't care either way. I'm just saying: it feels like a lot of updates lately.
With macOS 13.5 Touch ID on my Mac Studio has stopped working via Bluetooth, and sometimes the keyboard stops working completely.
It only works reliably any more while the keyboard is plugged into USB/Lightning.
Looks like shoddy testing! 🤬
Edit: At least it looks like it's fixed again after:
• going to Bluetooth settings and let it forget the keyboard
• switching it off
• plugging it into USB/Lightning
• switching it back on
This seems to have re-paired the keyboard with the Mac so it now works via bluetooth again, including Touch ID.
Still, something like that had never happened before!
It only works reliably any more while the keyboard is plugged into USB/Lightning.
Looks like shoddy testing! 🤬
Edit: At least it looks like it's fixed again after:
• going to Bluetooth settings and let it forget the keyboard
• switching it off
• plugging it into USB/Lightning
• switching it back on
This seems to have re-paired the keyboard with the Mac so it now works via bluetooth again, including Touch ID.
Still, something like that had never happened before!
Last edited: