In an update on Friday, Apple announced that game emulators can come to the App Store globally and offer downloadable games. "Apple says those games must comply with 'all applicable laws,' though -- an indication it will ban apps that provide pirated titles," adds The Verge. From the report: The move should allow the retro console emulators already on Android -- at least those that are left -- to bring their apps to the iPhone. Game emulators have long been banned from iOS, leaving iPhone owners in search of workarounds via jailbreaking or other workarounds. They're also one of the key reasons, so far, that iPhone owners in the European Union might check out third-party app stores now that they're allowed in the region. Apple's change today could head that off.

Alongside the new rules on emulators, Apple also updated its rules around super apps, such as WeChat. It now says that mini-games and mini-apps within these apps must use HTML5, clarifying that they can't be native apps and games.

Apple is laying off more than 700 employees across the company, including its Micro-LED displays division and the recently shut down Apple Car project. 9to5Mac reports: As seen by 9to5Mac in the latest WARN report provided by the California Employment Development Department, the layoffs affect projects that have been in the news recently. For instance, Apple is laying off 58 employees from one of its offices in Santa Clara. This particular office belonged to LuxVue Technology, a company specializing in Micro-LED displays that Apple acquired in 2014. In recent months, we've heard rumors about Apple canceling its plans to design and produce its own Micro-LED displays for the Apple Watch. Bloomberg recently reported that Apple gave up on the project because the screens "were difficult to produce in sufficient quantities."

There are also more than 120 layoff notices filed by Apple in San Diego, which aligns with a January report about the company having recently closed a Siri data operations office located there. The office was responsible for evaluating Siri's responses to users and for helping the company improve the platform's accuracy. At the time, Apple offered to relocate all affected employees to offices in Austin, Texas, if they agreed. Unsurprisingly, the shutdown of the Apple Car project (internally known as Titan) also resulted in layoffs. Some of the offices listed by the records were used by Apple to develop and test its electric car. The company had been actively working on building a vehicle since 2014, but the challenges surrounding it made Apple give up on the project earlier this year. The report notes that some of the engineers working on the Apple Car have been offered positions elsewhere at Apple. "However, not everyone has the chance to be reassigned since there were more than 2,000 people working on this specific project."

The latest rumor is that Apple is exploring the development of personal home robots.

Matthew Connatser reports via The Register: A study has concluded that Apple's privacy practices aren't particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options. The research was conducted by Amel Bourdoucen and Janne Lindqvist of Aalto University in Finland. The pair noted that while many studies had examined privacy issues with third-party apps for Apple devices, very little literature investigates the issue in first-party apps -- like Safari and Siri. The aims of the study [PDF] were to investigate how much data Apple's own apps collect and where it's sent, and to see if users could figure out how to navigate the landscape of Apple's privacy settings.

The lengths to which Apple goes to secure its ecosystem -- as described in its Platform Security Guide [PDF] -- has earned it kudos from the information security world. Cupertino uses its hard-earned reputation as a selling point and as a bludgeon against Google. Bourdoucen and Janne Lindqvist don't dispute Apple's technical prowess, but argue that it is undermined by confusing user interfaces. "Our work shows that users may disable default apps, only to discover later that the settings do not match their initial preference," the paper states. "Our results demonstrate users are not correctly able to configure the desired privacy settings of default apps. In addition, we discovered that some default app configurations can even reduce trust in family relationships."

The researchers criticize data collection by Apple apps like Safari and Siri, where that data is sent, how users can (and can't) disable that data tracking, and how Apple presents privacy options to users. The paper illustrates these issues in a discussion of Apple's Siri voice assistant. While users can ostensibly choose not to enable Siri in the initial setup on macOS-powered devices, it still collects data from other apps to provide suggestions. To fully disable Siri, Apple users must find privacy-related options across five different submenus in the Settings app. Apple's own documentation for how its privacy settings work isn't good either. It doesn't mention every privacy option, explain what is done with user data, or highlight whether settings are enabled or disabled. Also, it's written in legalese, which almost guarantees no normal user will ever read it. "We discovered that the features are not clearly documented," the paper concludes. "Specifically, we discovered that steps required to disable features of default apps are largely undocumented and the data handling practices are not completely disclosed."

As reported by Bloomberg (paywalled), Apple is exploring the development of personal home robots following the shut down of its electric vehicle project. CNBC reports: Engineers at Apple have been looking into a robot that can follow users around their homes and a tabletop device that uses robotics to adjust a display screen, Bloomberg reported, citing people familiar with the research team. [...] Apple's hardware engineering division and its artificial intelligence and machine learning group are overseeing the work on personal robotics, Bloomberg reported. The home robot project is still in the early research and development phase, according to the report.

Sara Fischer reports via Axios: Jon Stewart on Monday told Federal Trade Commission (FTC) Chair Lina Khan that Apple wouldn't let him interview her for a podcast. "I wanted to have you on a podcast and Apple asked us not to do it," "The Daily Show" host said to Khan, in reference to his former podcast that was an extension of his Apple TV+ comedy show "The Problem With Jon Stewart." "They literally said 'please don't talk to her,' having nothing to do with what you do for a living. I think they just... I didn't think they cared for you is what happened," he added during his conversation with Khan. "They wouldn't let us do even that dumb thing we just did in the first act on AI. Like, what is that sensitivity? Why are they so afraid to even have these conversations out in the public sphere?"

Stewart returned to "The Daily Show" in February after leaving in 2015 as its executive producer and host on Monday evenings through the 2024 election cycle. Stewart's Apple TV+ show ended late last year after Stewart and Apple executives parted ways over creative differences, including the comedian's desire to cover topics such as China and AI, the New York Times reported.

Zac Hall reports via 9to5Mac: In a newly published research paper (PDF), Apple's AI gurus describe a system in which Siri can do much more than try to recognize what's in an image. The best part? It thinks one of its models for doing this benchmarks better than ChatGPT 4.0. In the paper (ReALM: Reference Resolution As Language Modeling), Apple describes something that could give a large language model-enhanced voice assistant a usefulness boost. ReALM takes into account both what's on your screen and what tasks are active. [...] If it works well, that sounds like a recipe for a smarter and more useful Siri.

Apple also sounds confident in its ability to complete such a task with impressive speed. Benchmarking is compared against OpenAI's ChatGPT 3.5 and ChatGPT 4.0: "As another baseline, we run the GPT-3.5 (Brown et al., 2020; Ouyang et al., 2022) and GPT-4 (Achiam et al., 2023) variants of ChatGPT, as available on January 24, 2024, with in-context learning. As in our setup, we aim to get both variants to predict a list of entities from a set that is available. In the case of GPT-3.5, which only accepts text, our input consists of the prompt alone; however, in the case of GPT-4, which also has the ability to contextualize on images, we provide the system with a screenshot for the task of on-screen reference resolution, which we find helps substantially improve performance."

So how does Apple's model do? "We demonstrate large improvements over an existing system with similar functionality across different types of references, with our smallest model obtaining absolute gains of over 5% for on-screen references. We also benchmark against GPT-3.5 and GPT-4, with our smallest model achieving performance comparable to that of GPT-4, and our larger models substantially outperforming it." Substantially outperforming it, you say? The paper concludes in part as follows: "We show that ReaLM outperforms previous ap- proaches, and performs roughly as well as the state- of-the-art LLM today, GPT-4, despite consisting of far fewer parameters, even for onscreen references despite being purely in the textual domain. It also outperforms GPT-4 for domain-specific user utterances, thus making ReaLM an ideal choice for a practical reference resolution system that can exist on-device without compromising on performance."

Apple has sued its former employee Andrew Aude for leaking information about more than a half-dozen Apple products and policies, including its then-unannounced Journal app and Vision Pro headset, product development policies, strategies for regulatory compliance, employee headcounts, and more. MacRumors reports: Aude joined Apple as an iOS software engineer in 2016, shortly after graduating college. He worked on optimizing battery performance, making him "privy to information regarding dozens of Apple's most sensitive projects," according to the complaint. In April 2023, for example, Apple alleges that Aude leaked a list of finalized features for the iPhone's Journal app to a journalist at The Wall Street Journal on a phone call. That same month, The Wall Street Journal's Aaron Tilley published a report titled "Apple Plans iPhone Journaling App in Expansion of Health Initiatives."

Using the encrypted messaging app Signal, Aude is said to have sent "over 1,400" messages to the same journalist, who Aude referred to as "Homeboy." He is also accused of sending "over 10,000 text messages" to another journalist at the website The Information, and he allegedly traveled "across the continent" to meet with her. Other leaks relate to the Vision Pro and other hardware: "As another example, an October 2020 screenshot on Mr. Aude's Apple-issued work iPhone shows that he disclosed Apple's development of products within the spatial computing space to a non-Apple employee. Mr. Aude made this disclosure even though Apple's development efforts were confidential and not known to the public. Over the following months, Mr. Aude disclosed additional Apple confidential information -- including information concerning unannounced products, and hardware information."

Apple believes that Aude's actions were "extensive and purposeful," with Aude allegedly admitting that he leaked information so he could "kill" products and features with which he took issue. The company alleges that his wrongful disclosures resulted in at least five news articles discussing the company's confidential and proprietary information. Apple says these public revelations impeded its ability to "surprise and delight" with its latest products. Apple said it learned of Aude's wrongful disclosures in late 2023, and the company fired him for his alleged misconduct in December of that year. [...] Apple is seeking both compensatory and punitive damages in an amount to be determined at trial, and it is also seeking other legal remedies. The full complaint can be read here (PDF).

An anonymous reader writes: What if you could update the device while it's still in the box? That's the latest plan cooked up by Apple, which is close to rolling out a system that will let Apple Stores wirelessly update new iPhones while they're still in their boxes. The new system is called "Presto." French site iGeneration has the first picture of what this setup looks like. It starts with a clearly Apple-designed silver rack that holds iPhones and has a few lights on the front. The site (through translation) calls the device a "toaster," and yes, it looks like a toaster oven or food heating rack.

Bloomberg's Mark Gurman has been writing about whispers of this project for months, saying in one article that the device can "wirelessly turn on the iPhone, update its software and then power it back down -- all without the phone's packaging ever being opened." In another article, he wrote that the device uses "MagSafe and other wireless technologies." The iGeneration report also mentions that the device uses NFC, and there are "templates" that help with positioning the various-sized iPhone boxes so the NFC and wireless charging will work. With that wireless charging, downloading, and installing, all while being isolated in a cardboard box, Apple's "toaster" probably gets pretty hot.

An anonymous reader quotes a report from KrebsOnSecurity: Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. [...]

What sanely designed authentication system would send dozens of requests for a password change in the span of a few moments, when the first requests haven't even been acted on by the user? Could this be the result of a bug in Apple's systems? Kishan Bagaria is a hobbyist security researcher and engineer who founded the website texts.com (now owned by Automattic), and he's convinced Apple has a problem on its end. In August 2019, Bagaria reported to Apple a bug that allowed an exploit he dubbed "AirDoS" because it could be used to let an attacker infinitely spam all nearby iOS devices with a system-level prompt to share a file via AirDrop -- a file-sharing capability built into Apple products.

Apple fixed that bug nearly four months later in December 2019, thanking Bagaria in the associated security bulletin. Bagaria said Apple's fix was to add stricter rate limiting on AirDrop requests, and he suspects that someone has figured out a way to bypass Apple's rate limit on how many of these password reset requests can be sent in a given timeframe. "I think this could be a legit Apple rate limit bug that should be reported," Bagaria said.

Apple today announced that its 35th annual Worldwide Developers Conference (WWDC) is set to take place June 10 through 14, 2024. It'll be an online event open to all developers at no cost. MacRumors reports: Apple will hold a WWDC 2024 keynote event on Monday, June 10 to show off iOS 18, iPadOS 18, tvOS 18, macOS 15, watchOS 11, and visionOS 2. The keynote event will be available on the Apple Developer app, the Apple website, and YouTube, with Apple also planning to share videos and information all week long.

Though WWDC 2024 is an online event, Apple is once again planning a special event for select developers and students, which is set to take place on June 10 at the Apple Park campus in Cupertino, California. Attendees will be able to watch the keynote and State of the Union presentations at Apple Park, as well as meet Apple employees and attend the Apple Design Awards. Apple will provide developers with additional information about WWDC 2024 through email, the Apple Developer app, and the Apple Developer website.

Apple has been hit with a flurry of new consumer lawsuits accusing the iPhone maker of monopolizing the smartphone market, piggybacking on a sweeping antitrust case lodged by the U.S. Justice Department and 15 states last week. From a report: At least three proposed class actions have been filed since Friday in California and New Jersey federal courts by iPhone owners who claim Apple inflated the cost of its products through anticompetitive conduct. The lawsuits, seeking to represent millions of consumers, mirror the Justice Department's claims that Apple violated U.S. antitrust law by suppressing technology for messaging apps, digital wallets and other items that would have increased competition in the market for smartphones.

FrankOVD shares a report: Here's a paragraph from the DOJ's antitrust lawsuit against Apple in full: "In addition to degrading the quality of third-party messaging apps, Apple affirmatively undermines the quality of rival smartphones. For example, if an iPhone user messages a non-iPhone user in Apple Messages -- the default messaging app on an iPhone -- then the text appears to the iPhone user as a green bubble and incorporates limited functionality: the conversation is not encrypted, videos are pixelated and grainy, and users cannot edit messages or see typing indicators.

"This signals to users that rival smartphones are lower quality because the experience of messaging friends and family who do not own iPhones is worse -- even though Apple, not the rival smartphone, is the cause of that degraded user experience. Many non-iPhone users also experience social stigma, exclusion, and blame for 'breaking' chats where other participants own iPhones. This effect is particularly powerful for certain demographics, like teenagers -- where the iPhone's share is 85 percent, according to one survey. This social pressure reinforces switching costs and drives users to continue buying iPhones -- solidifying Apple's smartphone dominance not because Apple has made its smartphone better, but because it has made communicating with other smartphones worse."

The European Union has launched investigations into Apple, Meta and Google under its sweeping new digital-competition law, adding to the regulatory scrutiny large U.S. tech companies are facing worldwide. From a report: The suite of probes [Editor's note: the link may be paywalled; official press release here] announced Monday are the first under the EU's Digital Markets Act law, which took effect earlier this month. They come less than a week after the Justice Department sued Apple over allegations it makes it difficult for competitors to integrate with the iPhone, ultimately raising prices for customers. Apple and Google will now face EU scrutiny of how they are complying with rules that say they must allow app developers to inform customers about alternative offers outside those companies' main app stores. The European Commission, the EU's executive arm, said it is concerned about constraints the tech companies place on developers' ability to freely communicate with users and promote their offers.

The bloc will also examine changes that Google made to how its search results appear in Europe. The new digital competition law says companies cannot give their own services preference over similar services that are offered by rivals. Another probe will look at how Apple complies with rules that say users should be able to easily remove software applications and change default settings on their iPhones, as well as how the company shows choice screens that offer alternative search engine and browser options.

"On December 28 2023, bugreport 12604 was filed in the curl issue tracker," writes cURL lead developer Daniel Stenberg: The title stated of the problem in this case was quite clear: flag -cacert behavior isn't consistent between macOS and Linux , and it was filed by Yuedong Wu.

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error. This particular behavior and functionality in curl has been established since many years (this option was added to curl in December 2000) and of course is provided to allow users to know that it communicates with a known and trusted server. A pretty fundamental part of what TLS does really.

When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise. Therefore, when a user runs the check with a trimmed and dedicated CA cert file, it will not fail if the system CA store contains a cert that can verify the server!

This is a security problem because now suddenly certificate checks pass that should not pass.
"We don't consider this something that needs to be addressed in our platforms," Apple Product Security responded. Stenberg's blog post responds, "I disagree."

Long-time Slashdot reader lee1 shares their reaction: I started to sour on MacOS about 20 years ago when I discovered that they had, without notice, substituted their own, nonstandard version of the Readline library for the one that the rest of the Unix-like world was using. This broke gnuplot and a lot of other free software...

Apple is still breaking things, this time with serious security and privacy implications.

"There is a new side channel attack against Apple 'M' series CPUs that does not appear to be fixable without a major performance hit," writes Slashdot reader EncryptedSoldier. SecurityWeek reports: A team of researchers representing several universities in the United States has disclosed the details of a new side-channel attack method that can be used to extract secret encryption keys from systems powered by Apple CPUs. The attack method, dubbed GoFetch, has been described as a microarchitectural side-channel attack that allows the extraction of secret keys from constant-time cryptographic implementations. These types of attacks require local access to the targeted system. The attack targets a hardware optimization named data memory-dependent prefetcher (DMP), which attempts to prefetch addresses found in the contents of program memory to improve performance.

The researchers have found a way to use specially crafted cryptographic operation inputs that allow them to infer secret keys, guessing them bits at a time by monitoring the behavior of the DMP. They managed to demonstrate end-to-end key extraction attacks against several crypto implementations, including OpenSSL Diffie-Hellman Key Exchange, Go RSA, and the post-quantum CRYSTALS-Kyber and CRYSTALS-Dilithium. The researchers have conducted successful GoFetch attacks against systems powered by Apple M1 processors, and they have found evidence that the attack could also work against M2 and M3 processors. They have also tested an Intel processor that uses DMP, but found that it's 'more robust' against such attacks.

The experts said Apple is investigating the issue, but fully addressing it does not seem trivial. The researchers have proposed several countermeasures, but they involve hardware changes that are not easy to implement or mitigations that can have a significant impact on performance. Apple told SecurityWeek that it thanks the researchers for their collaboration as this work advances the company's understanding of these types of threats. The tech giant also shared a link to a developer page that outlines one of the mitigations mentioned by the researchers. The researchers have published a paper (PDF) detailing their work.

Ars Technica's Dan Goodin also reported on the vulnerability.

DOJ, in the court filing (PDF): Many prominent, well-financed companies have tried and failed to successfully enter the relevant markets because of these entry barriers. Past failures include Amazon (which released its Fire mobile phone in 2014 but could not profitably sustain its business and exited the following year); Microsoft (which discontinued its mobile business in 2017); HTC (which exited the market by selling its smartphone business to Google in September 2017); and LG (which exited the smartphone market in 2021). Today, only Samsung and Google remain as meaningful competitors in the U.S. performance smartphone market. Barriers are so high that Google is a distant third to Apple and Samsung despite the fact that Google controls development of the Android operating system.

An anonymous reader shares a report: The U.S. Department of Justice filed a lawsuit against Apple Thursday, accusing the company led by CEO Tim Cook of engaging in anti-competitive business practices. The allegations include claims that Apple prevents competitors from accessing certain iPhone features and that the company's actions impact the "flow of speech" through its streaming service, Apple TV+.

However, even if the DOJ proves any of the allegations, it is highly unlikely that Apple will face material changes for years, as history shows that such lawsuits often take a significant amount of time to reach the trial, let alone a resolution. The DOJ's ongoing case against Google, filed in 2020, only went to trial in 2023, with no remedies or financial implications expected for up to two more years.

This is not the first time Apple has faced legal action from the DOJ. In 2012, the agency sued Apple for conspiring with publishers to increase ebook prices, a lawsuit that was not settled until 2016. "Precedents suggest that resolution of the complaint will take three to five years, including appeals," Bernstein analysts wrote in a note.

Apple has held preliminary talks with Baidu about using the Chinese company's generative AI technology in its devices in China, the latest example of the iPhone maker's efforts to widen its AI capabilities. From a report: The U.S. tech giant has been exploring using external partners to help accelerate its AI ambitions. It has held discussions with companies including Google and OpenAI about using their technology to power its mobile features. In China, Apple has been looking for a local generative AI model provider, mainly because China requires such models to be vetted by its cyberspace regulator before being launched to the public, people familiar with the matter said.

Apple has launched a new "Documentation" page to its website that provides links to user guides, repair manuals, tech specs, software downloads, and more for a variety of its products. MacRumors reports: Some of this information was previously found across separate pages on Apple's website, and it has now been combined in one place for convenient access. The page includes categories for the Mac, iPhone, iPad, iPod, Vision Pro, Apple Watch, Apple TV, AirPods, HomePod, displays like the Studio Display and Pro Display XDR, accessories like the Apple Pencil and Magic Keyboard, and software. There is also a search tool on the page that provides links to support documents and other relevant information based on the keywords entered.

The Coalition for App Fairness, an industry body that represents Epic, Spotify, Match Group and Proton among others, issued the following statement following the U.S. announcing it had sued Apple: "With today's announcement, the Department of Justice is taking a strong stand against Apple's stranglehold over the mobile app ecosystem, which stifles competition and hurts American consumers and developers alike. The DOJ complaint details Apple's long history of illegal conduct -- abusing their App Store guidelines and developer agreements to increase prices, extract exorbitant fees, degrade user experiences, and choke off competition. The DOJ joins regulators around the world, who have recognized the many harms of Apple's abusive behavior and are working to address it. As this case unfolds in the coming years more must be done now to end the anticompetitive practices of all mobile app gatekeepers. It remains imperative that Congress pass bipartisan legislation, like the Open App Markets Act, to create a free and open mobile app marketplace." Further reading: Apple Loses $115 Billion in Market Value as Regulators Close In.