Apple today released a new iOS 12.1.4 update for the iPhone, iPad, and iPod touch, with the new software designed to fix an insidious privacy-invading Group FaceTime bug that could be exploited to eavesdrop on conversations.
The new iOS 12.1.4 software can be downloaded on all eligible devices over-the-air using the Settings app. To download it, go to Settings --> General --> Software update.
Though Apple's release notes for the update list "security updates" without going into specifics, the issue that's being fixed here is the Group FaceTime vulnerability. After the bug was widely publicized last week, Apple promised a fix, which was delayed to this week.
The FaceTime bug allowed someone to spy on you without your permission or knowledge. By exploiting the bug, a person could initiate a FaceTime call with you and then add themselves to the call again to force a Group FaceTime connection.
When this happened, the bug caused the person to be able to hear the audio on your end, despite the fact that the call was never answered and still looked like a standard FaceTime incoming call interface. In some situations, if you pressed the side button to silence a call, it would even give the person access to your video.
It was a serious bug, so serious that Apple took its entire Group FaceTime server offline as the company took the time to prepare the iOS 12.1.4 update. The Group FaceTime bug was publicized last Monday and Group FaceTime has been offline since then.
The Group FaceTime bug may have required some major under-the-hood changes to FaceTime given that it took Apple nearly two weeks to fix the issue. Following today's update, the Group FaceTime bug will no longer be able to be exploited and Apple will be able to bring its Group FaceTime server back online.
It continues to be unclear just how long the Group FaceTime bug was available for. Group FaceTime was introduced last October, and Apple has not let us know if the bug has been around since that launch date or if it was introduced in a later iOS 12 update.
Apple is today releasing an updated version of iOS 12.1.4, which is designed to address a major FaceTime bug that was widely publicized last Monday. The new update comes two weeks after the launch of iOS 12.1.3, an update that introduced bug fixes.
The iOS 12.1.4 update will be available on all eligible devices over-the-air in the Settings app. To access the update, go to Settings --> General --> Software Update. Apple typically releases new iOS software at 10:00 a.m. Pacific Time or 1:00 p.m. Eastern Time, so that's when the update should become available.
With this update, Apple is fixing an insidious FaceTime bug that could allow someone to spy on you without your permission or knowledge. By exploiting this bug, someone could force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's audio or video even without you accepting the FaceTime call.
To do this, all someone needed to do was initiate a FaceTime call with you and then add their own phone number to the FaceTime call to convert it to a Group FaceTime call, which, apparently, forces a FaceTime connection.
From there, the person would be able to hear your audio, even though on your end, it would look like the call hadn't been accepted. If you hit the power button to make the call go away, it would give the person access to your camera.
In our testing, the bug was able to be initiated on iPhones running both iOS 12.2 and iOS 12.1.3, and it affected iPhones, Macs, and iPads running the latest version of Apple's software.
Shortly after the bug was publicized last Monday, Apple said that it was aware of the issue and was already working on a fix set to be released later in the week, which was later delayed until this week. Apple also temporarily made Group FaceTime unavailable by taking the server offline, which put a stop to the bug. Going forward, Group FaceTime will only be available on devices running iOS 12.1.4 or later.
With today's update, the FaceTime bug will no longer be able to be exploited, though it remains unclear if it has been available for use since Group FaceTime launched in October last year or if it became an issue in a later software update.
Reliable accessory brands Anker and Aukey have a new suite of discount codes this week, offering customers the chance to save on portable battery packs, Lightning cables, wall chargers, car chargers, USB-C accessories, and much more.
Below you can find the full list of Anker and Aukey discount codes available this week. Note that all of Aukey's codes will expire on February 13, and as always both companies are offering their discounts on Amazon.
Anker Codes
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
I've been using the Safe & Sound for a few months now, and I must say, it's turned out to be more useful than I'd initially thought it would be.
Installation
The Onelink Safe & Sound is a hardwired smoke detector, so you'll have to use this in a location that's tied into your home's electrical system rather than being able to rely on battery power. But if you've already got hardwired smoke detectors, swapping them out for Safe & Sound units is simple and straightforward for anyone with a modicum of do-it-yourself experience. Just make sure you turn off power to your existing detector at the breaker, unscrew the detector from the ceiling, and disconnect the wiring.
Once you've got the bare wires hanging out of the ceiling, it's just a matter of attaching the Safe & Sound's mounting plate to the ceiling (likely by simply screwing it directly into the existing junction box in the ceiling), plugging in the proper wiring harness to the back of the Safe & Sound, connecting it to the house wiring with included wire nuts, and attaching the body of the detector to the mounting plate with a twist.
Turn the power back on at the breaker, run through the setup for Onelink, HomeKit, and Alexa in the Onelink app on your iOS device, and you're good to go. It sounds like quite a few steps, but they're all pretty easy and quick to accomplish.
Setup
The Onelink app makes it easy to set up the Safe & Sound, walking you through a series of illustrated steps to ensure your device has Wi-Fi and Bluetooth active, configure Wi-Fi for the Safe & Sound, and pair it to your device with optional notifications for various events. From there, you can scan the HomeKit code on the body of the alarm to allow the Safe & Sound to show up alongside your other HomeKit devices, while also assigning it a name and location within the house and setting a name Siri will recognize.
If you have multiple detectors, you'll need to set them up one at a time in the Onelink app, but as you add them to the same home in the app it will automatically interconnect them so that an alarm activated in one area of the home will be repeated on all other alarms to ensure everyone in the house is alerted in the event of an emergency.
Verbal Cues
When the alarm activates, it includes both loud alert sounds and voice instructions urging residents to evacuate the premise. Using names given to the various locations for the alarms, the voice instructions will say, for example, "Smoke detected in the hallway." A carbon monoxide alarm trigger will include the location of the detected danger and the peak level of carbon monoxide detected.
Onelink App
Once the detector is set up, the app continues to be used as the place to manage it. The app lets you adjust various settings on the Safe & Sound, as well as activate a testing mode to ensure everything is working properly. First Alert recommends the alarms be tested weekly, although most people likely won't do it nearly that frequently once the novelty wears off.
The app can also be used to set the color and brightness of the nightlight feature of the detector, which I've found to be a nice addition considering its location in the upstairs hallway where my children and guests may need to find their way to the bathroom in the middle of the night.
Beyond the alarm and nightlight functions, the app is also where you can manage the Alexa and speaker functions of the Safe & Sound, which are the more unique aspects of this product.
Speaker Functionality
A distinguishing feature of the Safe & Sound is its ability to function as a Bluetooth speaker, allowing you to stream music to it directly from your phone, computer, or other Bluetooth-enabled sources. The sound is actually fairly decent with a surprising amount of depth considering the limitations of putting a speaker in a smoke detector. It's not going to win audio awards, but it's good enough if you just want some tunes or a podcast beamed to a centrally located speaker for background sound.
Following my original installation several months ago, I did notice a bit of choppiness over Bluetooth, particularly at the beginning of tracks as they were buffered. Performance improved the closer I got to the speaker, but given the fixed placement of the Safe & Sound, it's not always convenient to get closer to it. That choppiness has, however, improved significantly in recent months, presumably through firmware updates to the Safe & Sound. I can now reliably stream audio from my phone to the Safe & Sound from at least 20 feet away in another room with no choppiness.
Alexa
Not only does the Onelink Safe & Sound act as a Bluetooth speaker, but it also supports direct access to Amazon's Alexa voice assistant. My kids in particular have found it handy to use Alexa as an encyclopedia or dictionary, as it's the only Alexa-enabled device on our second floor.
I've found the Safe & Sound to be quite sensitive to the Alexa wake word, to the point where the Safe & Sound in our upstairs hallway will activate instead of the Amazon Echo in our living room even when I'm speaking in the living room. As with other Alexa products, we do experience the occasional spurious activation of the voice assistant, which isn't helped by having a kid named Alex, but aside from that, it will occasionally wake up in response to speech that isn't obviously close to the intended wake word.
If you've got Alexa set up to handle other functions in your house such as phone calls, smart home control, and more, you can also access those functions from the Safe & Sound.
If you're listening to audio content on the Safe & Sound over a Bluetooth connection, you can still access Alexa. The Safe & Sound will reduce the Bluetooth audio to a whisper for the duration of your interaction with Alexa, returning it to normal volume when you're done.
With Alexa, you can also access a variety of music services, letting you stream songs and other content from Spotify, Amazon Music, Pandora, SiriusXM, iHeartMedia, Audible, and TuneIn. Playback can be controlled via voice and a simple info/control screen in the Onelink app, or in the Amazon Alexa iOS app to some degree. You won't have full app support in the Alexa app, but if you just need to access a playlist, album, or song, it's easy enough to get it going on the Safe & Sound.
For Apple fans with Alexa devices around the house, a welcome recent addition is support for Apple Music, letting you play content from your Apple Music subscription right from your Alexa devices. Unfortunately, the feature is currently limited to Amazon's own Echo devices, so Apple Music isn't supported on the Onelink Safe & Sound at this time. Amazon has, however, said it plans to extend support to third-party Alexa devices in the future.
HomeKit and Siri
With HomeKit support, the Onelink Safe & Sound detectors become part of your larger home automation ecosystem, meaning you can organize them into Rooms for grouping various HomeKit items in the same location. The detectors will also show up in some other apps such as the Eve and iDevices Connected apps, enabling you to see all of your connected devices and check on their status.
HomeKit support also means First Alert's smoke and carbon monoxide detectors work with Siri commands. Given that these detectors are generally passive devices that primarily only need to be interacted with on rare occasions, it's not a critical feature, but can be a handy one for those times. Available commands include variations of:
- How is my [location] CO detector? - How is my [location] smoke detector? - Do I have a smoke detector? - Is the [location] smoke alarm tripped? - Is the [location] CO alarm tripped? - Change the brightness on my [location] smoke detector to [x] percent.
Even though I don't use HomeKit and Siri controls very often with the Safe & Sound, it's nice to know they're available and that I can quickly use Siri or the Home app to check on my alarms while away from home if the need arises.
AirPlay 2
From the time of the Safe & Sound's original announcement at CES 2018 and launch in mid-2018, First Alert has promised future support for AirPlay 2, which would let the Safe & Sound's speaker functionality integrate with other devices and speakers in the Apple ecosystem for synchronized multi-speaker playback, Siri music support, and more. Unfortunately, a firmware update to add AirPlay 2 support to the Safe & Sound has yet to appear, and First Alert has not committed to a timeframe for a launch, so we're still waiting for that feature to make its debut.
Reliability
When I first had the opportunity to test the Onelink Safe & Sound, I was skeptical about how it would perform. I had a pair of first-generation Onelink Smoke and Carbon Monoxide Alarms (one hardwired and one battery) back in 2016 that simply failed to perform well, and that's a major issue when these detectors can be a matter of life and death. Despite being rated for a ten-year lifetime, my original battery-powered unit began chirping a low-battery warning within a matter of weeks. A replacement unit died within a similar timeframe. It wasn't clear whether something with my network setup or some other factor was causing excessive battery drain, and First Alert later issued a firmware update intended to address the battery life issue.
When it came to my original hardwired Onelink Smoke and Carbon Monoxide Alarm, that detector performed a bit more reliably than the battery-powered version, although it did lose its connection to the app and HomeKit and have to be reset a few times. And after a year, it stopped accepting firmware updates, with the app reporting the detector's firmware was up to date when it definitely was not. First Alert did replace the detector free of charge (as it did with the battery-powered ones that failed), and the replacement had no similar issues.
Those experiences gave me significant pause when considering the Onelink Safe & Sound, but in over six months of testing, I've had absolutely no problems with its reliability. It's maintained a connection to my HomeKit setup ever since the initial configuration, and I've had no trouble connecting to it via the Onelink app.
Besides the Safe & Sound, First Alert recently launched second-generation versions of its basic Smoke and Carbon Monoxide Alarms, so hopefully lessons learned from the original version and incorporated into the Safe & Sound have also made their way to the new standalone detectors.
The Future
Just last month at CES 2019, First Alert announced its second-generation Onelink Safe & Sound that includes built-in mesh Wi-Fi technology as part of First Alert's push into home Wi-Fi with an upcoming Onelink Surround Wi-Fi system that will be able to use second-generation Safe & Sound units as nodes for a mesh network.
Wrap-up
I thankfully haven't had an opportunity to test out First Alert's Onelink Safe & Sound alarm capabilities in a real-life scenario, but I've been pleased with the easy setup and solid reliability in connecting to the Onelink app and HomeKit.
The Alexa and speaker capabilities are a nice bonus, and I was pleasantly surprised to find it's able to produce decent sound, certainly sufficient for casual music listening and providing assistant functions like answering questions, setting timers, and more. Music service integration through Alexa is rather basic with only barebones app support, but Bluetooth gives you another option for piping music straight from another device.
If you're okay with being part of the Alexa ecosystem, it's a convenient package, but the Onelink Safe & Sound's price tag will undoubtedly give many potential customers pause. It carries an MSRP of $249.99, although it can regularly be found through some retailers such as Amazon for around $199.
Granted, the technology packed into the Safe & Sound necessitates a premium price, but this probably isn't something you're going to want to buy a six-pack or more of and scatter all around your house wherever you need a smoke detector. But if you want to put one or two in central areas of your home to supplement your more basic smoke detectors, it's an interesting product.
AirPlay 2 could really be a game-changer for the product, delivering a lot of extra value to those in Apple's ecosystem by helping deliver whole-home audio through an array of speaker products. Unfortunately, the long-promised feature has yet to appear and we don't have an estimate of when it might show up. So at least for now, I'd recommend making any buying decisions under the assumption that AirPlay 2 may never arrive, and if it does, it'll be a nice bonus.
Note: First Alert provided MacRumors with a Onelink Safe & Sound for the purpose of this review. No other compensation was received. MacRumors is an affiliate partner Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Toyota today ahead of the Chicago Auto Show announced that its 2020 model year Tacoma, Tundra, Sequoia, and 4Runner vehicles will feature CarPlay, Android Auto, and Amazon Alexa in the United States.
CarPlay in 2020 Toyota Sequoia
CarPlay will be a standard feature in each vehicle, but screen size will vary by trim. With the 2020 Tacoma, for example, the base SR trim will feature a 7-inch touchscreen while SR5 trims and higher as well as TRD Pro trims of the Tundra, Sequoia, and 4Runner will feature a larger 8-inch touchscreen.
The press release doesn't specify whether the CarPlay implementation is wired or wireless, but it is presumably wired in line with its 2019 and newer Avalon, Corolla Hatchback, Camry, RAV4, Sienna, and C-HR. Toyota will offer wireless CarPlay in the 2020 Supra since it is based on a BMW platform.
Toyota was one of the last major automakers to offer CarPlay, which provides convenient dashboard access to iPhone apps such as Phone, Messages, Apple Maps, Google Maps, Waze, Apple Music, and Spotify. These will be the first-ever Tacoma, Tundra, Sequoia, and 4Runner models with factory-installed CarPlay.
CarPlay availability in Toyota vehicles may vary outside of the United States. Pricing and availability were not disclosed.
2020 Volkswagen Passat in Europe
In related news, Volkswagen this week announced that the 2020 Passat will be its first vehicle with wireless CarPlay, although the press release is for the European market. It's unclear if or when Volkswagen will offer wireless CarPlay in the United States or other countries—we've reached out to ask.
Apple has assembled an in-house modem engineering team led by its chipmaking chief Johny Srouji, according to Reuters.
From the report:
Apple Inc has moved its modem chip engineering effort into its in-house hardware technology group from its supply chain unit, two people familiar with the move told Reuters, a sign the tech company is looking to develop a key component of its iPhones after years of buying it from outside suppliers.
The report claims Srouji, senior vice president of hardware technologies at Apple, took over the company's modem design efforts in January.
Apple is expected to release its first 5G-enabled iPhone in 2020, but it's unclear if it will have an in-house chip ready by that time. If not, a previous report said Intel will supply Apple with 5G chips, but the iPhone maker is said to be "unhappy" with Intel's progress and may have to look elsewhere.
In the latest Apple Pay promotion, customers can get $15 off at 1-800-Flowers when they use Apple Pay to shop in the retailer's "Gift Collection." This can be done in the 1-800-Flowers app or on 1800Flowers.com now through Friday, February 15 at 11:59 p.m. ET.
Apple's promo is themed around Valentine's Day (taking place one week from today on February 14), and notes that "sending love is easier with Apple Pay." The company also points towards its own Apple Store app, Etsy, and Barneys New York as places to get shopping ideas for your significant other this week.
Apple typically marks major holidays with Apple Pay promos, including a series of promotions that kicked off last December aimed at holiday shoppers. Promo partners typically include Postmates, Ray-Ban, Warby Parker, Nike, StubHub, Instacart, and more.
Skype is getting a new screen-blurring feature this week. Users of Microsoft's video and voice calling service can now choose to blur the background on video calls if the scene behind them is something they'd rather not share.
The idea behind the feature is to save the user's blushes because of the messy room they're skyping from, or to obscure a business plan on a whiteboard behind them, for instance.
Background blur in Skype and Teams uses artificial intelligence (AI)—trained in human form detection—to keep you in focus during your call. This technology is also trained to detect your hair, hands, and arms, making a call with background blur just as relaxed and easy as a regular video call.
Background blur in Skype is similar to background blur in Microsoft Teams, according to the software giant. The results are somewhat akin to the "bokeh" effect most commonly seen in Portrait photos on iPhone, but in this case in a live video stream.
The feature is rolling out on desktops, mobile, and web, and can be enabled in Skype's settings or by using the video call button.
Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.
Apps that include Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use "session replay" screen recording technology within their apps.
Session replays let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.
Some apps, such as Air Canada, don't properly mask data that's recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.
TechCrunch had mobile app expert The App Analyst look at some of the apps that Glassbox lists as a customer. Not all apps leaked masked data, and most appeared to be obfuscated, but there were instances where email addresses and postal codes were visible.
"Since this data is often sent back to Glassbox servers I wouldn't be shocked if they have already had instances of them capturing sensitive banking information and passwords," The App Analyst told TechCrunch.
As TechCrunch points out, all of the apps have a privacy policy, but not one makes it clear that they're recording a user's screen. Glassbox does not require special permission from either Apple or the user to record the screen, and without checking specific app data, there is no way to know if an app is doing this.
Glassbox also does not require its customers to mention the usage of the screen recording feature in their privacy policies.
"Glassbox has a unique capability to reconstruct the mobile application view in a visual format, which is another view of analytics, Glassbox SDK can interact with our customers native app only and technically cannot break the boundary of the app," the spokesperson said, such as when the system keyboard covers part of the native app/ "Glassbox does not have access to it," the spokesperson said.
There are other analytics companies that have practices similar to Glassbox, like Appsee and UXCam, and there are a lot of major companies that are using this kind of technology, based on their customer lists. This kind of tracking is also not limited to iOS apps -- it can be done on the web as well.
With no way to detect that this is going on, all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes without clear privacy policies.
Back in September, iOS and macOS email app Newton were shut down, much to the disappointment of Newton Mail enthusiasts. At the time, Newton parent company CloudMagic said that though the company tried various business models, it wasn't able to figure out how to maintain profitability and growth over the long term.
A couple of months later, Essential, a smartphone company owned by Android co-creator Andy Rubin, purchased CloudMagic and the Newton app. At the time, it wasn't known what Essential planned to do with the Newton app.
The company's plan became clear this week when a new version of the Newton email app showed up in the App Store and the Mac App Store, bringing it back to life. The Newton apps were never actually pulled, but they hadn't been updated for months and were becoming unusable due to bugs and crashes.
Since December, CloudMagic and Essential have been working to bring Newton Mail back to life, and there are interface improvements and new features like deleting a single email in a thread, resizing the Mac compose window, adding emails to OmniFocus, and other enhancements to the compose window on Mac.
Newton Mail has also had its pricing restructured. At the time it was shut down, CloudMagic was charging $100 per year upfront for Newton, which may be a major reason why it ultimately was an unsustainable business model. It's difficult to get people to pay $100 for an email app.
Newton Mail is now priced at $49.99 per year, which is still expensive, but more reasonable than $100. There's also a 14 day free trial so you can give it a go before downloading.
The app has a simple, clean interface and features like read receipts, send later, inbox filtering for newsletters and other junk mail, snooze, app integration, undo send, recap for notifying you about emails waiting for a reply, one-click unsubscribe, and push notifications, all features that many users like.
Of course, with any third-party email app, it's always worth investigating privacy policies to see what companies are doing with your data. Newton says it may share aggregated or de-identified information with third parties and works with third-party social platforms like Facebook to serve targeted ads unless you opt out, which is something to be aware of.
MacRumors videographer Dan is a big fan of Newton Mail and it's his go-to email app, so make sure to watch the video above to see Newton Mail in action. And if you're looking for other email app alternatives, we recently rounded up some of the best iOS email apps in the App Store.
Apple has once again reclaimed the title of most valuable publicly traded company marking the first time the Cupertino company has held that title since December.
As noted by CNBC, Apple surpassed Microsoft and Amazon this afternoon with a closing price of $174.24, for a market capitalization of $821.59 billion.
That beats out Microsoft's market value of $813.48 billion and Amazon's market value of $805.70 billion. Earlier this week, Apple also briefly surpassed the other two companies, and the top title has been shifting back and forth for months now.
Apple saw a significant drop in market value in January after lowering its revenue guidance for the first fiscal quarter of 2019 to $84 billion, down from $89 to $93 billion.
Apple's stock has recovered somewhat since its earnings release on January 29 where it reported revenue of $84.31 billion and net quarterly profit of $19.965 billion, or $4.18 per diluted share.
It was Apple's second best quarter ever in terms of revenue and profit, despite the fact that it ultimately ended up being lower than expected due to flagging iPhone sales.
Apple today announced that its retail store at the Natick Collection shopping mall in Natick, Massachusetts, near Boston, will reopen on Saturday, February 16 at 10:00 a.m. local time. The store had been closed for renovations since May 2018.
In line with other remodeled Apple Stores, this location should expand in size and feature a modernized design.
Apple Natick Collection prior to renovations
The reopening date was shared in the Apple Store app and highlighted by the Twitter account Storeteller. The date is not yet reflected on Apple.com.
Earlier this week, Apple announced that Angela Ahrendts will be stepping down as Apple's retail chief in April after five years in the role. She will be succeeded by 30-year Apple veteran Deirdre O'Brien, who has been promoted to Senior Vice President of People + Retail, expanding upon her HR responsibilities.
Apple operates 506 retail stores around the world.
In the release notes for Safari 12.1, the new version of Apple's browser installed in iOS 12.2, Apple says that it is removing support for the "Do Not Track" feature, which is now outdated.
From the release notes: "Removed support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable."
Do Not Track is no longer an option in iOS 12.2, as seen in iOS 12.2 screenshot on left. iOS 12.1.3 screenshot on right.
The same feature was also removed from Safari Technology Preview today, Apple's experimental macOS browser, and it is not present in the macOS 10.14.4 betas. According to Apple, Do Not Track is "expired" and support is being eliminated to prevent its use as, ironically, a fingerprinting variable for tracking purposes.
"Do Not Track" is an outdated feature that was added to Safari quite a long time ago, first showing up in OS X Lion in 2011. Proposed by the FTC, "Do Not Track" is a preference that is sent by a user's browser to various websites requesting that advertising companies not use tracking methods.
It is entirely up to the advertising companies to comply with the "Do Not Track" messaging, and it has no actual function beyond broadcasting a user preference. All it does is say something to the effect of "hey, I prefer not to be tracked for targeted advertisements," which websites, advertisers, and analytics companies are free to ignore.
In the settings for Safari in iOS 12.2, Apple is no longer listing "Do Not Track" as a setting that can be toggled off or on, and in the Safari Preview browser, "Ask websites not to track me" is no longer listed as an option.
To replace Do Not Track, Apple has been implementing much more stringent Intelligent Tracking Prevention options, which do actually have a tangible effect and prevent the tracking methods that many advertisers and analytics sites use to detect your cross-site internet browsing.
German security researcher Linus Henze this week discovered a new zero-day macOS vulnerability dubbed "KeySteal," which, as demoed in the video below, can be used to get to all of the sensitive data stored in the Keychain app.
Henze appears to use a malicious app to extract data from the Mac's Keychain app without the need for administrator access or an administrator password. It can get passwords and other information from Keychain, as well as passwords and details for other macOS users.
Henze has not shared the details of this exploit with Apple and says that he won't release it because Apple has no bug bounty program available for macOS. "So blame them," Henze writes in the video's description. In a statement to Forbes, Henze clarified his position, and said that discovering vulnerabilities takes time.
"Finding vulnerabilities like this one takes time, and I just think that paying researchers is the right thing to do because we're helping Apple to make their product more secure."
Apple has a reward program for iOS that provides money to those who discover bugs, but there is no similar payment system for macOS bugs.
According to German site Heise Online, which spoke to Henze, the exploit allows access to Mac Keychain items but not information stored in iCloud. Keychain is also required to be unlocked, something that happens by default when a user logs in to their account on a Mac.
Keychain can be locked by opening up the Keychain app, but an admin password then needs to be entered whenever an application needs to access Keychain, which can be inconvenient.
Apple's security team has reached out to Henze, according to ZDNet, but he has continued to refuse to provide additional detail unless they provide a bug bounty program for macOS. "Even if it looks like I'm doing this just for money, this is not my motivation at all in this case," said Henze. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and Researchers."
This isn't the first Keychain-related vulnerability discovered in macOS. Security researcher Patrick Wardle demoed a similar vulnerability in 2017, which has been patched.
Apple today released a new update for Safari Technology Preview, the experimental browser Apple first introduced three years ago in March 2016. Apple designed the Safari Technology Preview to test features that may be introduced into future release versions of Safari.
Safari Technology Preview release 75 includes bug fixes and performance improvements for WebRTC, Intelligent Tracking Prevention, Web Authentication, Media, Accessibility, Layout, Web API, WebDriver, Web Inspector, and CSS. This version of Safari Technology Preview includes support for WebRTC Screen Capture capabilities.
The new Safari Technology Preview update is available for both macOS High Sierra and macOS Mojave, the newest version of the Mac operating system that was released to the public in September.
Apple’s aim with Safari Technology Preview is to gather feedback from developers and users on its browser development process. Safari Technology Preview can run side-by-side with the existing Safari browser and while designed for developers, it does not require a developer account to download.
Apple may be working on new versions of the iPhone 7, 7 Plus, 8, and 8 Plus with updated modem hardware that does not violate the injunction levied against Apple in Germany.
As FOSS Patents points out, German website WinFuture says that sources in German retail have said that Apple will introduce modified iPhone 7 and 8 models that it will be able to sell in the Germany despite the sales ban enacted in December.
WinFuture says that Apple is set to begin selling modified versions of the iPhone 7 and iPhone 8 in approximately four weeks, and German retailers have already received lists of model numbers for the new devices.
The site does not list all of the new model numbers, but includes MN482ZD/A, which is a black iPhone 7 Plus with 128GB of storage, and MQ6K2ZD/A for the 64GB iPhone 8 in space gray. Neither of these new model numbers matches existing model numbers for the iPhone 7 and iPhone 8.
According to FOSS Patents, WinFuture has a credible reputation in Germany, and, coupled with the discovery of the new model numbers, there's a good chance this is true despite the fact that it has yet to be confirmed by an official source.
In its ongoing dispute with Qualcomm, Apple has had older iPhone models banned in both China and Germany. In China, Apple was able to get around the ban with a software update and has continued selling iPhone 7 and iPhone 8 models in that country.
In Germany, things are more complicated. A German court says that some iPhone models equipped with Intel modems infringe on Qualcomm's hardware patents, so there is a hardware issue that Apple needs to address. Apple has been ordered to cease the import and sale of infringing iPhone 7 and iPhone 8 models in Germany, both at its own retail stores and from third-party suppliers.
Introducing tweaked versions of the iPhone 7 and iPhone 8 without the allegedly infringing hardware would allow Apple to continue to sell its older iPhones in Germany while the legal battle with Qualcomm goes on.
There appears to be an issue with recent versions of Adobe Premiere Pro that can result in blown out MacBook Pro speakers.
MacRumors reader Alvin Shen alerted us to multiple users on the Adobe support forums who report that Premiere Pro suddenly caused loud, distorted audio to play through their MacBook Pro speakers, resulting in permanent damage. In many cases, the issue arose when users were editing the audio settings of video clips.
"I was using the Adobe Premiere 2019 Audio suite for background sound and while tweaking the settings it made a loud distorted noise that hurt even my ears," wrote one user. "After that my speakers are unusable."
The discussion topic was posted in November, and there are replies from affected users through January, suggesting that the apparent bug is present in both versions 12.0.1 and 12.0.2 of Premiere Pro CC for Mac. It's unclear when the issue began, how many users are affected, or what the exact cause is.
It appears Adobe advised at least one customer to try disabling the MacBook Pro's microphone in Premiere Pro by selecting No Input under Preferences > Audio Hardware > Default Input, but the issue persists for some users.
Our tipster Shen took his MacBook Pro to the Genius Bar at an Apple Store in Canada and was provided with an over $600 repair quote for his 2018 15-inch MacBook Pro. The price is so high because Apple replaces the entire top case assembly containing the speakers, keyboard, trackpad, and battery.
It's unclear if Adobe, Apple, or both companies are at fault. We've reached out to both Adobe and Apple for comment.
There are quite a few deals on Apple devices going on this week, including notable discounts on the company's 2018 9.7-inch iPad, most recent 12-inch MacBook, HomePod, and more.
Note: MacRumors is an affiliate partner with these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
To start off, B&H Photo has the HomePod for just $279.00, down from an original price of $349.99. This is one of the lowest prices we've seen on the HomePod so far in 2019, and the price is just beating out a similar sale at Best Buy, where the smart speaker has been discounted to $279.99. B&H Photo says its HomePod sale will last through February 7 at 11:59 p.m. ET.
On Amazon, you can save on the 2018 9.7-inch iPad, which has been discounted to $354.99, down from $429.00. This sale is for the 128GB and Wi-Fi only version of the tablet, available in Space Gray, Silver, and Gold.
The 2018 iPad has a 9.7-inch Retina display, an A10 Fusion chip with 64-bit desktop-class architecture, Touch ID, and support for the first-generation Apple Pencil. Amazon is also marking down the 32GB models to $279.99, from $329.00.
Both Amazon and B&H Photo continue to discount the 12-inch MacBook, which was last updated in mid 2017. In these sales, you can get the 256GB MacBook for $999.00, down from $1,299.00 (Gold: B&H / Amazon) (Rose Gold: B&H). The 512GB MacBook is also available for $1,299.00, down from $1,599.00 (Gold: B&H / Amazon) (Rose Gold: B&H).
MacRumors has also partnered with leather tech accessory company Mujjo this month, offering our readers the chance to save 15 percent on their orders through Valentine's Day. To gain access to the sale, add any item to your cart on Mujjo.com, head to the checkout screen, and enter the coupon code #lovemujjo to take 15 percent off.
Mujjo offers high-quality leather accessories, including cases for the iPhone XS, XS Max, XR, 8, 8 Plus, and many more. The company also sells sleeves for the MacBook and iPad. Head to Mujjo.com to browse everything on the retailer's site and place your order before the exclusive code expires on February 14.
Lastly, we have a few quick-mention deals: the iTunes gift card sale from earlier this week is still going on, so if you haven't had a chance to get the $100 iTunes gift card for $85 yet, be sure to head to PayPal on eBay before it expires. Today only, Best Buy has the Beats Solo3 Wireless Headphones (Matte Gold) for $159.99, down from between $200-$240. Twelve South's PowerPic Wireless Charger (Black) is on sale again as well, discounted to $52.21 on Amazon, from an original price of $89.99.
Our full Deals Roundup has information on even more sales happening this week.
Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
Skype is getting a new screen-blurring feature this week. Users of Microsoft's video and voice calling service can now choose to blur the background on video calls if the scene behind them is something they'd rather not share.
Apple today 
Note: MacRumors is an affiliate partner with these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.
