A critical bug found in Slack could allow an attacker access to users’ private channels and conversations. Threatpost broke down the details of the flaw in the popular messaging and collaboration app.

To exploit the bug, attackers would need to upload a file to their own HTTPS-enabled server with a payload; then, they could prepare a Slack post with an HTML injection containing the attack URL pointing to that payload (hidden in an image). After that, they need only to share that post with a public Slack channel or user. If a user clicks on the booby-trapped image, the code will be executed on the victim’s machine. As for accomplishing the HTML injection, the issue lies in the way Slack posts are created, according to the researcher. “[Creating a post] creates a new file on https://files.slack.com with [a specific] JSON structure,” according to the writeup. “It’s possible to directly edit this JSON structure, which can contain arbitrary HTML.”

The first Apple Silicon devices are imminent, but we’re still waiting to really see what it all means in reality. Rene Ritchie at iMore thinks the Mac mini could benefit from the shift away from Intel. I certainly hope so!

My biggest hope with Apple Silicon is that we start getting Mac mini updates every 12-18 months, just like iPad Pro updates. Whatever the next-generation equivalent to the AX-Series for iPads is, put it in the Mac version of that. 14X, 15X, 16, and on. Other than that, I expect we’ll see the same type of improvements from Apple Silicon in the Mac mini they we’d see from Apple Silicon in the MacBook Air — way better performance, especially for graphics, and especially for anything and everything Apple includes custom accelerators for, like 4K and above video rendering, H.265 encode and decode, hypervisor acceleration for virtual machines, and a few other things to make developers and power users alike just smile just a little or a lot wider.

For many of us organizing documents and the like on our iPhones is dull and something we’d rather the device did. As Bradley Chambers noted on 9to5Mac, the often overlooked Files app makes that possible.

Before the release of the Files app, I had my documents in separate buckets. I kept personal documents in iCloud Drive, shared folders in Dropbox, and work files in Google Drive since my school uses G Suite. After the Files app’s release with iOS 11, it became the app I used 99% of the time to search for and open files regardless of which cloud provider they were stored in. For people who live and breathe technology every day, I could generally tell you where my files are stored, but for people who see technology as a path to getting something done, trying to locate files is a chore. Thanks to Apple’s Document Provider API, the Files app becomes a centralized place to search for, manage, and open files.