Security firm REDTEAM.PL found a bug within Safari’s Web Share API that let them steal local files and Safari browsing history.
Andrew Orr
Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.
Articles by Andrew Orr
Epic v. Apple: Judge Rules Apple Can’t Restrict Unreal Engine
Judge Rogers ruled that Apple can’t restrict Unreal Engine on its platforms, but doesn’t have to bring Fortnite back to the App Store.
New Level Touch Lock Lets You Unlock With Your Finger and Voice
Level introduced a new lock on Tuesday called Level Touch that lets you unlock it with your finger, voice, or programmable keycard. It also has an app that works with HomeKit and Siri. Features include auto-lock, auto-unlock, sharing access, recent activity, passes, and audio confirmation. With HomeKit you get features like remote connectivity, voice control, automations, and notifications. You can order one today for US$329.
‘Mintegral’ iOS App SDK Caught Hijacking Ad Clicks
An iOS app SDK called Mintegral was found to contain malicious code that would hijack ad clicks so that iOS thinks a user clicked on one of its ads, instead of those belonging to a competitor. This SDK is used by over 1,200 apps representing over 300 million downloads per month.
The malicious code was uncovered in the iOS versions of the SDK from the Chinese mobile ad platform provider, Mintegral dating back to July 2019. The malicious code can spy on user activity by logging URL-based requests made through the app. This activity is logged to a third-party server and could potentially include personally identifiable information (PII) and other sensitive information. Furthermore, the SDK fraudulently reports user clicks on ads, stealing potential revenue from competing ad networks and, in some cases, the developer/publisher of the application.
Photo Service ‘Ever’ Shuts Down August 31
Citing increased competition from iCloud Photos and Google Photos, photo storage service Ever is shutting down on August 31.
Keira Knightley to Star in ‘The Essex Serpent’ for Apple TV+
Apple has ordered drama series “The Essex Serpent” for Apple TV+ starring Keira Knightley (“Colette”, “The Imitation Game”).
Apple Korea Proposes US$84M Donation to Address Antitrust Concerns
Apple’s office in South Korea has proposed 100 billion won in donations to small businesses, consumers, and manufacturers over antitrust concerns.
Celebrate National Parks’ 104th Birthday With Apple Watch, Apple Pay
The U.S. National Park Service celebrates its 104th birthday on Tuesday. Apple will donate US$10 for every purchase made with Apple Pay.
This ‘Clear Clipboard’ Shortcut Empties Your Clipboard Automatically
Redditor u/SpamSencer created a Clear Clipboard shortcut that does exactly what the name says: It automatically clears your clipboard. With iOS 14 Apple introduced a feature that shows when an app accesses the clipboard, like TikTok and Microsoft. You could even set it up as an automation so that whenever you open any app of your choosing, the shortcut will run (an iOS 14 feature). You’ll just have to painstakingly tap on every app you have installed if you choose to automate it.
Emails Reveal Epic Games Asked Apple for a Special Deal
In a legal filing on Friday, emails show that Epic Games’ CEO Tim Sweeney asked Apple for a “side letter” for special treatment.
News Publishers Ask Apple for Better App Store Terms
Major news publishers like The New York Times and The Wall Street Journal are asking Apple for better App Store terms.
Lightroom Bug Deleted Peoples’ Photos, They’re Not Recoverable
The latest update to Adobe’s Lightroom app for iOS and iPadOS had a bug that deleted peoples’ photos and presets that weren’t already synced to Creative Cloud. The company says they are unrecoverable and has a bit more information here.
“I’ve talked with customer service for 4+ hours over the past 2 days and just a minute ago they told me that the issue has no fix and that these lost photos are unrecoverable,” wrote the user. “Adobe is unbelievable some times. All I got was a ‘we’re sincerely sorry’ and nothing else. 2+ years of photo edits just gone because of Adobe and all they give is a sorry, lmao.”
Epic v. Apple Case Reassigned to Different Judge
The legal case known as Epic v. Apple has been reassigned to Judge Yvonne Gonzalez Rogers who is already presiding over two Apple cases.
‘Deep Social’ Data Leak Exposes 235 Million Profiles of Instagram, TikTok, YouTube
A database containing almost 235 million social media profiles of users from Instagram, TikTok, and YouTube has been exposed because it wasn’t password-protected.
Evidence suggests that much of the data originally came from a now-defunct company: Deep Social. The names of the Instagram datasets (accounts-deepsocial-90 and accounts-deepsocial-91) hint at the data’s origin. Based on this, [security researcher Bob] Diachenko first contacted Deep Social using the email address listed on its website to disclose the exposure. The administrators of Deep Social forwarded the disclosure to Social Data. The CTO of Social Data acknowledged the exposure, and the servers hosting the data were taken down about three hours later.
Adobe Fresco 1.9 Update Brings Clipping Masks and Brush Management
Adobe announced updates to its Fresco drawing app on Thursday, bringing features like Clipping Masks, Brushes Management, and Brush Stamp Preview.
Mophie Launches New Powerstation Batteries With PD Fast-Charge
On Thursday mophie launched new powerstation universal batteries with Power Delivery fast-charge capabilities.
Incase, Bionic Launch Sustainable MacBook Accessories
Incase and Bionic are teaming up to launch a collection of sustainable MacBook accessories made from recycled ocean plastic.
Apple Releases Public Beta 5 for iOS 14, iPadOS 14
Apple has released iOS 14 public beta 5 after releasing beta 5 for developers on Tuesday, bringing features like a taller Apple News widget.
Batch Rename Files on iOS Using This Shortcut
One task that was always easier on macOS was to rename multiple files at once using Automator. The Files app on iOS/iPadOS doesn’t have a lot of bulk actions. But I finally cracked it with Shortcuts to let you batch rename files on iOS and iPadOS. My shortcut lets you do three specific things: prepend text, append text, and replace text in a file name. If I think of more things to do with file names in the future, I’ll update the shortcut.
AI Company ‘Cense AI’ Leaks 2.5 Million Medical Records
Secure Thoughts worked with security researcher Jeremiah Fowler to uncover how Cense AI leaked 2.5 million medical records, which included names, insurance records, medical diagnosis notes, and a lot more.
The records were labeled as staging data and we can only speculate that this was a storage repository intended to hold the data temporarily while it is loaded into the AI Bot or Cense’s management system. As soon as I could validate the data, I sent a responsible disclosure notice. Shortly after my notification was sent to Cense I saw that public access to the database was restricted.
1: Burn this company down. 2: Sounds like most of the data are from patients in New York.
Some Developers Use TestFlight as an Unofficial App Store
Writing for Protocol, David Pierce shares stories from developers who use TestFlight as an unofficial App Store.
TestFlight is not an alternative to the App Store, it’s a staging ground on the way there. Developers told me Apple doesn’t review TestFlight apps very intensively, other than to make sure they’re not fundamentally broken or obviously malicious. And if Apple’s already reviewed, say, version 1.0 of your app, they say it won’t even look at 1.0.1. It doesn’t think of TestFlight as a long-term home for apps.
A cool, clever workaround to the App Store’s strict rules.
Apple Seeds Developer Beta 5 for iOS 14, watchOS 7
Apple seeded developer beta 5 for iOS 14, iPadOS 14, and watchOS 7 on Tuesday, two weeks after developer beta 4 was released.
UBS Switzerland Adds Support For Apple Pay
The Union Bank of Switzerland is the largest Swiss banking institution in the world, and it just added support for Apple Pay.
Instagram: Please Give Us Your Government ID
Instagram will start asking “suspicious accounts” to verify their identity with a government ID. Instagram claims this will help users understand when accounts are “attempting to mislead their followers” although it’s not clear what kind of behavior the Facebook-owned company thinks is suspicious. One reason is shared: If most of your followers are in a different country than you.
IDs will be stored securely and deleted within 30 days once our review is completed, and won’t be shared on the person’s profile as pseudonymity is still an important part of Instagram.