MacRumors

Researchers from security firm FireEye have revealed a new bug in iOS that enables a malicious app to monitor and log a user's touch inputs and button uses while running in the background, reports Ars Technica. The exploit reportedly targets a flaw in iOS' multitasking capabilities to capture user inputs, and allows for them to be sent to a remote server.

To demonstrate the flaw, the researchers created a proof-of-concept monitoring app and developed approaches to "bypass" Apple's App Store Review process effectively. Once the app was installed on an iOS device, actions including keyboard inputs, use of the volume, home, and power buttons, screen touches with exact coordinates, and Touch ID events were all captured. The researchers also noted that disabling iOS 7's "Background App Refresh" setting would not disable a malicious app from logging data, as the only present solution to the problem is to manually remove apps from the task switcher.

FireEye also spoke about the flaw being identified in current versions of iOS:

Note that the demo exploits the latest 7.0.4 version of iOS system on a non-jailbroken iPhone 5s device successfully. We have verified that the same vulnerability also exists in iOS versions 7.0.5, 7.0.6 and 6.1.x. Based on the findings, potential attackers can either use phishing to mislead the victim to install a malicious/vulnerable app or exploit another remote vulnerability of some app, and then conduct background monitoring.

The group added that it is actively working with Apple on the issue, although the company has yet to comment publicly. The news comes less than a week after Apple issued iOS 7.0.6 in response to a SSL vulnerability that allowed a hacker to capture or modify data from Safari in supposedly secure sessions.

The SSL security bug was also found to be present in OS X, as new research over the weekend revealed that additional apps such as FaceTime and iMessage could be compromised. Apple confirmed to Reuters that it will issue an OS X software update "very soon" to patch the bug.

A bust of Steve Jobs by famed Serbian sculptor Dragan Radenovic was unveiled in Belgrade today, the result of a competition covering more than 10,000 submitted works that will see the statue placed at Apple's headquarters in Cupertino.

The statue unveiled today is a maquette, a sculpture substantially smaller than the final version for demonstration purposes, that features Jobs' head at the top, with a pair of Cyrillic letters, the Latin letter A, and the binary digits one and zero. According to a report in the Serbian press [Google Translate], sketches of the proposed statue were sent to Apple executives, who said they were very interested in the sculpture and liked "the imperfections of his work".

The statue features three letters, including the latin letter A, an older Serbian cyrillic letter similar to E from the Miroslav Gospel, and a cyrillic letter Ш at the bottom serving as an anchor for the statue. The sculptor, as translated by a MacRumors reader, described his letter choice as representative of a sort of "magnet".

I wanted to present some of the recognizable Serbian motifs such as a letter Ш which is the last letter of the Serbian alphabet and Apple rather liked the idea. I've also placed the Latin letter A and binary code 0.1 too. I've wanted it all to represent a sort of "magnet".

The sculptor will head to Apple HQ next to discuss the final version of the statue, which will be approximately 3 to 5 meters in height -- 10 to 16 feet -- and will be shipped to Cupertino upon completion.

Thanks Ivan!

Communications chip maker Broadcom today announced a new 5G Wi-Fi Multiple Input Multiple Output (MIMO) system-on-a-chip (SoC) designed for smartphones, bringing 802.11ac connectivity with 2x2 MIMO to mobile devices.

The Broadcom BCM4354 chip marks the first implementation of 2x2 MIMO for smartphones, bringing up to twice the Wi-Fi performance with 25 percent more power efficiency than the current 1x1 MIMO chips.

Some smartphones, such as the Galaxy Note 3 from Samsung have previously incorporated 802.11ac Wi-Fi using single stream chips such as the BCM4335 from Broadcom, but the new chip uses two spatial streams for speeds up to 867 Mbps.

MIMO is a technology that uses multiple antennas for both the transmitter and the receiver to improve communication performance. Apple first adopted MIMO technology for the iPad Air and the iPad mini with Retina display.

Broadcom's chip also uses the newer 802.11ac Wi-Fi protocol for transferring data, which is considered "Gigabit Wi-Fi" with transfer speeds up to three times as fast as 802.11n networks. With the addition of Broadcom's Transmit Beamforming technology, photo and video uploads can be twice as fast at crowded events.

In addition, Broadcom's Transmit Beamforming (TxBF) technology further improves rate over range performance in congested environments for data-intense applications. Photo and video uploads to social networking sites, for example, will be twice as fast in crowded sporting events or concert venues.

Apple uses Broadcom's technology in its line of Macs that support 802.11ac, including the newest MacBook Air, Retina MacBook Pro, and iMac. Broadcom also provides the Wi-Fi/Bluetooth chips for Apple's iPhones, so it is possible that the iPhone 6 will feature Broadcom's newest chip, marking the first iPhone with 802.11ac support. Previous iPhone 6 rumors have also pointed to 802.11ac support.

Samsung today revealed its next-generation Galaxy S5 flagship phone at its Unpacked 5 event at Mobile World Congress in Barcelona, Spain. As rumored, the 5.1-inch Galaxy S5 includes a fingerprint sensor built into the device's home button, mirroring Apple's own Touch ID introduced with the iPhone 5s.

Unlike Touch ID, which utilizes a round home button that captures a motionless fingerprint, Samsung's sensor is activated using a swiping motion that scans the finger from base to tip as the phone utilizes a rectangular home button. SlashGear has a demonstration of the fingerprint scanner.

Samsung is working with PayPal on integrating it into mobile payments, too, so that you could effectively buy apps, products, and services and authorize the transaction with a fingertip rather than a password or PIN. We found the hit-rate for the scanner recognizing our fingers was relatively high, though you do have to line your fingertip up properly: the Galaxy S5 prefers a clean downward swipe, not a sideways movement such as if you're holding the phone one-handed and sweeping your thumb across the sensor.

Design-wise, the polycarbonate Samsung Galaxy S5 looks similar to previous models, though it has a unique soft-touch textured backing, a water resistant casing, and it comes in both blue and copper gold along with black and white.

The 5.1-inch Super AMOLED display features a resolution of 1920 x 1080 and the phone offers a 2.5GHz quad core processor with 2GB of memory. It runs Android KitKat 4.4.2 and includes an upgraded 16-megapixel camera with quick autofocus and real-time HDR. It has a 20 percent better battery life than the previous generation phone and includes a built-in power saving mode that will activate a black and white display with limited app access when the battery is low.

Taking a cue from Apple's reported interest in health-related applications, Samsung has included a heart rate sensor next to the camera's flash, able to measure heart rate with a finger on the sensor. The heart rate sensor accompanies the standard accelerometer, gyroscope, proximity sensor, compass and an IR-based gesture sensor.

Samsung's Galaxy S5 is also designed to work with a new fitness device, the Gear Fit, which accompanies Samsung's recently revealed Gear 2 and Gear 2 Neo smart watches. The Gear Fit is smaller than Samsung's other offerings and focuses on measuring heart rate and counting steps. It incorporates an AMOLED touchscreen panel and offers smartphone notifications and alerts, but it does not include a camera, a microphone, or a speaker.

The Galaxy S5 and the Gear Fit will both be released in April, but Samsung has yet to announce pricing.

Details on Apple CEO Tim Cook's early life in Robertsdale, Alabama have been shared by Alabama news site AL.com, giving readers a look at Cook's high school years and detailing the place where one of the most well-known CEOs in the world grew up.

Don and Geraldine, Cook's parents, moved to the small town of Robertsdale, Alabama with Tim and his three brothers in 1971, when Cook was 11 years old. Cook attended the local schools and is said to have had a "studious nature." He joined the yearbook staff, taking care of the business end of things, and was a part of the band, where he played the trombone.

"You didn't go around calling him a nerd," said Barbara Davis, who taught Cook math. "He was just the kind of person you liked to be around." She added, "He was a reliable kid. He was always meticulous with his work, so I knew it would be done right."

Cook, who was salutatorian of his graduating class, was voted "most studious" and he was also selected as a Baldwin EMC Youth Tour candidate to take a trip to Washington, D.C. in 1977.

The Robertsdale school yearbook staff started its tasks very early, in the summer months. In his senior year, Cook was the staff's business manager, keeping the books and reeling in the ads. He was, said Davis, "the kind of person you need" for such a job.

Following his graduation from Robertsdale High School, Cook went on to attend Auburn University, a longtime goal of his. After working at IBM, Intelligent Electronics, and Compaq, he moved on to Apple in 1998. Following Steve Jobs' illness and subsequent death in 2011, Cook took over as CEO of the company, aiming to continue on with Jobs' legacy.

According to the Alabama newspaper, Cook still returns home to Robertsdale for holidays, and visited last December. That month, Auburn University also presented Cook with a lifetime achievement award at an event in New York City, and he gave a speech to attendees on equality. The full account of Tim Cook's childhood, which has additional details on both his high school years and his later impact, can be read at AL.com.

A new hearing aid launched today connects directly to iPhones and other iOS devices, allowing wearers to talk on the phone or listen to music, by GN ReSound, a Danish hearing aid manufacturer.

The ReSound LiNX is the first Apple-certified "MFi" or Made for iPhone hearing aid that connects directly to the iPhone or other iOS device without any intermediary devices.

Launching alongside the LiNX is a new iOS app that works as a remote for the hearing aid, allowing wearers to adjust volume levels, equalizers, and switch between preset environments for the hearing aid, allowing the device to optimize to the user's environment. Hearing aids can have several different modes, adjusting to the acoustics of each environment -- the app even uses geofencing to automatically change sound profiles based on the location of the wearer, changing for work, home, or a favorite restaurant. There is also a "Find My Hearing Aid" function to help users find their device if it's lost.

A company representative told MacRumors that the app was an attempt to connect the hearing aid to the Internet for the first time. By using GPS geofencing, the hearing aid can change and adapt to its environment for the first time without user intervention. The 2.4GHz protocol used by the LiNX is also unique -- the company worked closely with Apple to develop a special protocol specifically for communication between iPhones and hearing aids, and that GN built a new hearing aid processor to support it. It is much smarter about turning on and off quickly, saving battery life and delivering five to six days of battery life in normal use, even with the added technology.

ReSound LiNX launches in global markets today as a revolutionary hearing aid capable of streaming high-quality stereo sound from an iPhone, iPad and iPod touch without the need for an additional pendant-like device. Users can also customize their hearing experience through the ReSound Smart App. ReSound LiNX advances a number of ReSound technologies which already lead the hearing aid industry.

"We saw an opportunity to create the world’s best hearing aid by combining the capability of GN ReSound’s life-changing technologies with the compatibility and global prevalence of iPhone, iPad and iPod touch," said GN ReSound CEO Lars Viksmoen. "We are committed to improving people’s lives through use of innovative technology and look forward to more people correcting their hearing with this new technology – a triumph in accessibility for the hearing impaired."

Previously, hearing aid wearers would need to carry a cumbersome pendant or other wireless device in order to make changes to settings on a tiny hearing aid -- adjusting volume or switching between profiles -- now, users can make those changes directly on the iPhone, a device that many are carrying anyway in a significant quality of life improvement. It also allows users to listen directly to games, calls, FaceTime conversations, music, and any other audio directly from the iOS device, without a handheld dongle or other intermediary devices.

The technology will be available in hearing aids from both GN ReSound and its sister-brand Beltone, available through the company's network of dealer audiologists. Interested parties can sign up for the company's mailing list on its website.

World Wrestling Entertainment today announced that its WWE Network channel is now live on the Apple TV and its updated WWE app is available in the iOS App Store [Direct Link]. WWE subscribers will have full access to the 24/7 live streaming network, which includes replays of classic matches, pay-per-view events like WrestleMania and other original programming.

"Today is a historic day for WWE as we transform and reimagine how we deliver our premium live content and 24/7 programming directly to our fans around the world," said Vince McMahon, WWE Chairman & Chief Executive Officer. "WWE Network will provide transformative growth for our company and unprecedented value for our fans."

At launch, WWE Network programming is available only to U.S. customers, with access coming to other countries such as the United Kingdom, Canada, Australia, New Zealand, Singapore, Hong Kong and the Nordics before early 2015. The service requires a $9.99 monthly subscription with a six-month minimum commitment. Customers can demo the channel using a free one-week trial, which is available for a limited time.

Fans can sign up for the newly launched WWE Network on the service's website or via iTunes from the Apple TV or WWE app. Customers who signup for the WWE Network automatically receive one free week before they are billed for the service.

Today marks what would have been Steve Jobs' 59th birthday, and Apple fans around the world are once again remembering the Apple co-founder and CEO more than two years after his death.

Apple CEO Tim Cook is unsurprisingly one of those remembering Jobs today, and Cook has acknowledged the day in a pair of Tweets honoring Jobs and vowing to continue "the work he loved so much".

While remembering Jobs' legacy, Cook may also be indirectly addressing Apple's lack of significant announcements so far in 2014, reminding his followers of Jobs' philosophy on making sure all details are taken care of.

Cook has promised that Apple is working on "some really great stuff" in new product categories, with a smart watch and new television-related products topping the list of rumors. With Apple rarely being a company to rush to market, Cook may be quietly asking for patience as the company continues work on its upcoming products and services.

Coincidentally, today also marks the 14th birthday of MacRumors. Founded in February 2000 before the introduction of the iPad, iPhone, and even the iPod and OS X, the site has grown enormously and fostered the creation of our sister sites TouchArcade and AppShopper. As always, we are grateful to our readers, contributors, sponsors, and all those for whom MacRumors is an online home or a regular stop.

Google and LG are working on a smart watch that will likely be unveiled at the Google I/O developer conference in June, reports CNET. Google will reveal details on the device's operating system in advance of the hardware announcement, giving developers time to create apps for the device's retail launch.

Google's smart watch endeavor will mirror its Nexus line of mobile devices, with Google providing the software and a manufacturer partner designing the hardware. Google is said to be working with LG on the smart watch, continuing a partnership established with the development of the Nexus 4 and Nexus 5. Similar to their work on the Nexus devices, Google will lead the marketing and sale of the smart watch, while LG will focus on developing the hardware.

Google's smart watch will be powered by a version of Android that will integrate the company's Google Now voice assistant and search feature. The Wall Street Journal also adds that Google's smart watch will be compatible with a variety of Android devices, setting it apart from other smart watches such as the Samsung Galaxy Gear and Gear 2.

Apple is rumored to be working on its own iWatch smart watch that could debut later this year. Recent reports suggest the device may include advanced sensors to track several health-related functions, such as blood glucose and hydration levels. Other rumors also suggest that Apple is developing Healthbook, an iOS 8 app that would utilize both the iPhone and iWatch for monitoring health statistics like weight, heart rate, calories and step counts.

Gaming peripheral company Mad Catz has debuted its C.T.R.L.i iOS 7 gaming controller at Mobile World Congress 2014, reports Engadget. The offering from Mad Catz brings yet another choice to the iOS gaming controller market that saw the release of the SteelSeries Stratus last month and the Logitech PowerShell and MOGA Ace Power last year.

Similar to the Stratus, the C.T.R.L.i can connect to any iOS 7 device through Bluetooth instead of using a Lightning port, and includes a spring-loaded mount that can be used with the iPhone 5, iPhone 5s, and iPhone 5c. The controller itself is based on Mad Catz's popular MLG Pro Circuit Controller for the Xbox 360, and features console-style controls such as a directional pad, two analog sticks, four face buttons, shoulder bumpers, and left and right triggers. The C.T.R.L.i's Bluetooth capabilities also allows connectivity for up to four controllers.

At the current point in time, multiple games offer iOS 7 controller support, including titles like Rayman Fiesta Run, Dead Trigger 2, and Asphalt 8: Airborne. Additional developers have also pledged to build controller support into their apps now that hardware is available to consumers, as more iOS games appear to be receiving updates that enable game controller support.

The Mad Catz C.T.R.L.i iOS 7 gaming controller will be available for $80 in April, and will come in colors of black, white, red, blue, and orange.

Apple has confirmed that it will issue a software update "very soon" to patch the security flaw found in OS X that allows attackers to capture or modify data protected by the SSL/TLS protocols in Safari, reports Reuters. The vulnerability of OS X to the bug was detailed by security firm CrowdStrike and a Google engineer last Friday, and came right after Apple released iOS 7.0.6 to fix the SSL-related issues on iOS.

However, the security flaw, which has been termed "GoToFail" by security specialists due to the improperly used "goto" command that triggers it, may be affecting more than just Safari. Independent privacy researcher Ashkan Soltani has pointed out on his Twitter (via Forbes) that Apple's vulnerable SSL library is also used by apps including FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update, and more.

Soltani does point out that apps such as iMessage and FaceTime have addded security measures that weaken the effects of the security flaw, but also added that the initial iCloud login used to authenticate such apps may also be compromised. The researcher states that other parts of the protocol such as the handshake between a service and a device are vulnerable to an attack as well, and will need to be secured by Apple.

Currently, users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari. As users wait for a fix to the flaw, CrowdStrike recommends avoiding untrusted and unsecured WiFi networks while traveling. The site also recommends that users update to iOS 7.0.6 if they have not yet installed it on their iOS devices.

Samsung today unveiled its new line of Gear 2 smart watches, which follows the release of its Galaxy Gear smart watch last year. Like its predecessor, the flagship Gear 2 features a 1.63-inch touchscreen, 4GB of internal storage, 512MB of RAM, and mobile speakers, but also now contains a built-in IR blaster and a camera that has been moved from the wristband to the front of the device. Meanwhile, the cheaper Gear 2 Neo is lighter than its higher-end counterpart, and does not feature a camera.

Both watches are running Samsung's new Tizen mobile platform, which was developed in collaboration with Intel as well as multiple telecommunications companies. Samsung says that users can expect an "enriched application ecosystem" as well as compatibility with over a dozen Samsung Galaxy smartphones at launch.

The Gear 2 is said to include a 300 mAh battery that provides anywhere from 2-3 days of typical usage, as well as a heart rate sensor and pedometer for fitness tracking.

The ability to monitor health-related metrics will reportedly be one of the main features of Apple's iWatch, which is in development and could be released later this year. Throughout the past year, Apple has hired a number of health experts in fields related to health metrics, and also is said to be developing a "Healthbook" app for iOS 8. It was also reported last week that Apple is interested in acquiring health wearable maker Basis, which currently integrates many advanced health-centric technologies into its current products.

Samsung will be releasing the Gear 2 and Gear 2 Neo in various colors, with both devices receiving Charcoal Black and Wild Orange options. Additionally, the Gear 2 will be released in a Gold Brown option while the Gear 2 Neo will be offered a Mocha Grey colorway.

The Gear 2 and Gear 2 Neo will be available internationally starting April, with pricing to be announced soon. The company is also expected to unveil its flagship Galaxy S5 smartphone at its Unpacked 2014 event during Mobile World Congress 2014 later this week, with recent reports suggesting that the device will feature an integrated fingerprint sensor.

Yesterday's iOS 7.0.6 update provided a fix for an SSL connection verification issue, which turned out to be a major security flaw in the operating system. In a support document, Apple noted the patch repaired a specific vulnerability that could allow an attacker with a "privileged network position" to capture or modify data protected by SSL/TLS.

In other words, iOS was vulnerable to a man-in-the-middle attack where an attacker could pose as a trusted website to intercept communications, acquiring sensitive information such as login credentials and passwords, or injecting harmful malware.

According to security firm CrowdStrike, OS X may be vulnerable as well, because it exhibits the same authentication flaw. OS X users are open to an attack on any shared wired or wireless network as SSL/TLS verification routines can be bypassed.

To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.

This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).

The bug, which has been detailed by Google software engineer Adam Langley, may have been introduced in OS X 10.9. According to Hacker News users, it remains unclear whether the issue is fixed with the latest version of the software, OS X 10.9.2, which is currently only available for developers. Users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari.

It is likely that Apple plans to release a fix for OS X in the near future to repair the vulnerability, but in the meantime, CrowdStrike recommends avoiding untrusted WiFi networks while traveling. The site also recommends an immediate update to iOS 7.0.6 for users who have not yet installed the newest version of the operating system on their iOS devices.

Update: Apple has told Reuters that it is aware of the issue and has a software fix that will be released "very soon."