Night mode is an automatic setting which takes advantage of the new wide-angle camera that's in the iPhone 11 and 11 Pro models. It's equipped with a larger sensor that is able to let in more light, allowing for brighter photos when the light is low.
macOS Catalina Now Available
Safari Autofill Security Issue Permits Access to Personal Information
Earlier this week, The Register detailed a security vulnerability found in Apple's Safari Autofill feature that could enable malicious websites to extract users' personal information from their Address Book entries. The security researcher, Jeremiah Grossman of WhiteHat Security, followed up with a blog post yesterday detailing the exploit and offering a proof of concept webpage allowing users to see if they are vulnerable.
The vulnerability arises from Address Book's usage of simple form text fields to store the user's personal information, paired with Safari's ability to automatically grab that information through its Autofill feature to assist users with filling out web forms.
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill'ed, it can be accessed and sent to the attacker.
For some reason, fields that begin with numbers such as phone numbers and street addresses are not subject to this vulnerability. A user's name, company affiliation, city/state/country, and email addresses can, however, typically be accessed.Still, such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it's not exploit code designed to deliver rootkit payload. In fact, there is no guarantee this has not already taken place. What is safe to say is that this vulnerability is so brain dead simple that I assumed someone else must have publicly reported it already, but exhaustive searches and asking several colleagues turned up nothing.
Grossman reports that he submitted information on the vulnerability to Apple on June 17th, but has received nothing more than an automatic acknowledgement of his submission despite an attempted follow-up. Consequently, Grossman is making public disclosure of the vulnerability so that users can take steps to protect themselves by disabling the Autofill feature, which is turned on by default.Update: According to All Things Digital, Apple has acknowledged the issue and promised that it is working on a fix, but no timeframe for a release has been shared.
[ 88 comments ]
Apple today sent out emails for a new Apple Pay promotion, offering a $5 discount on groceries when you spend $35 or more through Instacart. To get the discount, you'll need to use Apple...
Luna Display today introduced a new Mac-to-Mac mode that allows any Mac released within the last decade to be used as a second display for another Mac. This includes any combination of Macs, ranging...
Apple has released a third trailer for the upcoming comedy series "Dickinson" ahead of its November 1 premiere on Apple TV+.
Dickinson is a half-hour comedy series starring...
Adobe remains committed to releasing Photoshop CC for the iPad by the end of 2019, and plans to provide an update on the app at its Adobe MAX creative conference in early November, according to...
Smart camera brand Arlo has launched a new internet connected Video Doorbell that's "designed to capture what traditional video doorbells can't."
Arlo says the Video Doorbell...
While not yet reflected on Apple's system status page, a number of Apple services are currently experiencing downtime or slow performance, including the App Store, Apple Music, iCloud, and the...
Apple today seeded the fourth beta of an upcoming watchOS 6.1 beta to developers, just under a week after seeding the third watchOS 6.1 beta and a month after releasing the watchOS 6 update with full...
Apple today seeded the third beta of an upcoming tvOS 13.2 update to developers for testing purposes, just under a week after seeding the second tvOS 13.2 beta and three weeks after releasing the...
