MacRumors Giveaway: Win a Thunderbolt Station 3 Lite From CalDigit

For this week's giveaway, we've teamed up with CalDigit to offer MacRumors readers a chance to win a Thunderbolt Station 3 Lite, which is designed to work with the new 2016 MacBook Pro.

The new MacBook Pro is equipped with Thunderbolt 3, but it offers a limited number of ports, making a dock or some form of dongle essential for most users who have older accessories. The TS3 Lite, a small hub that includes support for Thunderbolt 3, is ideal for users who need a robust but portable solution.

The TS3 Lite features two Thunderbolt 3 Type-C ports with 40Gb/s throughput, two USB 3.1 Type-A ports, 1 USB 3.1 Type-C port, a DisplayPort, a Gigabit Ethernet port, and Audio In/Out ports. It doesn't support 85W charging though, so you'll need a separate cable to power your MacBook Pro.


It's able to support a single 5K monitor at 60Hz or dual 4K monitors, and it ships with a Thunderbolt 3 cable. With daisychaining, up to six Thunderbolt 3 devices can be connected to a single computer, and the included USB-A and USB-C ports can be used to connect a variety of other accessories.

For instances when a computer is not available, the TS3 Lite features a Stand Alone Charging function that allows users to charge devices like an iPad or an iPhone using the USB-A ports on the TS3 Lite even when it's not connected to a computer.


The TS3 Lite, which features a brushed aluminum enclosure that matches well with Apple devices, measures in at 8 inches by 3.15 inches and it weighs less than a pound, so it's easy to pack into a bag with your computer and it doesn't take up much space on a desk.

CalDigit charges $199 for the Thunderbolt 3 Station Lite, but we have two to give away to MacRumors readers. To enter to win, use the Rafflecopter widget below and enter an email address. Email addresses will be used solely for contact purposes to reach the winner and send the prize. You can earn additional entries by subscribing to our weekly newsletter, subscribing to our YouTube channel, following us on Twitter, or visiting the MacRumors Facebook page.

Due to the complexities of international laws regarding giveaways, only U.S. residents who are 18 years of age or older are eligible to enter. To offer feedback or get more information on the giveaway restrictions, please refer to our Site Feedback section, as that is where discussion of the rules will be redirected.

a Rafflecopter giveaway

The contest will run from today (February 24) at 11:15 a.m. Pacific Time through 11:15 a.m. Pacific Time on March 3. The winners will be chosen randomly on March 3 and will be contacted by email. The winners will have 48 hours to respond and provide a shipping address before new winners are chosen.

Cloudflare Bug That Leaked Sensitive User Data From Various Websites and Apps Now Fixed

Content delivery network Cloudflare has confirmed the existence of a bug that caused search engines to cache sensitive user data from a variety of well-known apps and websites. Google researcher Tavis Ormandy discovered and reported the bug to Cloudflare, and the company has since fixed the bug and published a detailed blog post about exactly what happened.

According to Cloudflare, the period of greatest impact for the "parser bug" ran from February 13 to February 18, although the extent of the leak stretches back months. The heart of the issue was a security problem with Cloudflare edge servers, which were returning corrupted web pages by some HTTP requests running on Cloudflare's large network.


In what the company referred to as "some unusual circumstances," occasionally private information was returned as well, including "HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data."
It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

The bug was serious because the leaked memory could contain private information and because it had been cached by search engines. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence.
As shared in a tweet by Ormandy this week, that data also included private dating site messages from OKCupid, full messages from a "well-known chat service," passwords from password managing apps like 1Password, and more (via Fortune). In response, some companies -- like 1Password -- have published blog posts confirming that "no 1Password data is put at any risk through the bug reported about CloudFlare."

To expedite a solution, Cloudflare responded to Ormandy's discovery and turned off three minor features of the network -- email obfuscation, Server-side Excludes, and Automatic HTTPS Rewrites -- discovered to be using the same HTML parser chain "that was causing the leakage."

In its blog post, the company said that it has "not discovered any evidence of malicious exploits" in relation to the time that the parser bug was active. It also noted that, while serious, the scale of the bug was still relatively low: around 1 in every 3,300,000 HTTP requests through Cloudflare potentially resulted in memory leakage. "That’s about 0.00003% of requests," the company noted.

Cloudflare worked with the affected search engines, including Google, Yahoo, and Bing, to erase any remnants of the sensitive data from their caches. The company's chief technology officer, John Graham-Cumming, concluded the blog saying, "We are very grateful to our colleagues at Google for contacting us about the problem and working closely with us through its resolution. All of which occurred without any reports that outside parties had identified the issue or exploited it."

Earlier this week, it was reported that Apple cut ties with server supplier Super Micro Computer in order to avoid a potential future scenario where user data might be put at risk, similar to Cloudflare's leak. Early in 2016, Apple was said to have discovered a potential security vulnerability in one of Super Micro Computer's data center servers and effectively ended its business relationship with the network company shortly thereafter.

For a technical dive into Cloudflare's parser bug and its origins, check out the company's blog post.

Apple CEO Tim Cook Will Move His Office to Apple Park

Apple CEO Tim Cook plans to work out of Apple Park, the official name for Apple's second spaceship-shaped campus, according to information obtained by The Chronicle.

Cook will presumably move his office from Apple's Infinite Loop campus to Apple Park when it opens for employees in April of 2017. Apple announced its plans to open Apple Park in April in a press statement released this morning.


Apple Park will eventually house more than 12,000 employees, who will move to the campus over a period of six months. While Apple Park will open in a little over a month, smaller construction projects and landscaping will continue into the summer.


In addition to the main ring-shaped building, Apple Park includes a visitor's center with a full Apple Store and cafe, a fitness center for employees, auxiliary research buildings, underground parking structures, a cafeteria, and a theater named "Steve Jobs Theater" after late Apple CEO Steve Jobs.

The entire campus is powered by 100 percent renewable energy and features huge swathes of greenery suitable for the California climate, with more than 9,000 native and drought-resistant trees.

First conceived in 2011 by Steve Jobs, Apple Park has been under construction since 2013 and is rumored to have cost Apple upwards of $5 billion.

Latest Chrome Canary Build Includes Support for MacBook Pro Touch Bar

The newest build (58.0.3020.0) of Chrome Canary, Google's experimental browser, includes support for the Touch Bar built into the 2016 MacBook Pro, indicating Touch Bar support will soon be added to the Chrome browser.

On the Touch Bar, the current Chrome Canary build offers a search/URL bar, forward and back buttons, a refresh/stop option, a button for opening a new tab, and a button for adding a new bookmark.


It's much a simpler implementation than Touch Bar support in Safari, which includes preview tabs for quickly switching between windows. There are also no controls available for video or music playback in the browser.

Features are tested in Canary before being added release builds of the Google Chrome browser, so Touch Bar support is expected in Chrome 58, set to be released during the week of April 25th.

Those who want to give Touch Bar support a try ahead of the release of Chrome 58 can download Chrome Canary from Google.

Tags: Google, Chrome

Apple Releases Safari Technology Preview 24 With User Timing and Link Preload

safaripreviewiconApple today released a new update for Safari Technology Preview, the experimental browser Apple first introduced in March of 2016. Apple designed the Safari Technology Preview to test features that may be introduced into future release versions of Safari.

Safari Technology Preview release 24 includes fixes and improvements for Web API, JavaScript, CSS, Web Inspector, Rendering, Accessibility, and more. Both User Timing and Link Preload are new experimental features in this version of Safari Technology Preview.

The Safari Technology Preview update is available through the Software Update mechanism in the Mac App Store to anyone who has downloaded the browser. Full release notes for the update are available on the Safari Technology Preview website.

Apple's aim with Safari Technology Preview is to gather feedback from developers and users on its browser development process. Safari Technology Preview can run side-by-side with the existing Safari browser and while designed for developers, it does not require a developer account to download.

Apple's Presence in Cambridge Office Confirmed, Reportedly Centering on Siri Research

Over two years ago it was reported that Apple was planning on opening a new R&D office in Cambridge, England, and after that multiple reports suggested that the company was primarily working on Siri research at the location.

Besides a few job posts Apple never formally admitted to being the occupant at 90 Hills Road in Cambridge. This week, however, Cambridge News has spotted confirmation of Apple's presence in the city, in the form of the Apple logo appearing on signage outside of the office building.

For the last two years Apple has been tight-lipped about its office in Cambridge, but now it seems the iPhone maker is ready to come out of the closet.

The tech giant has repeatedly refused to confirm it is operating out of 90 Hills Road, next to the entrance of the Botanic Gardens. But now its iconic logo has appeared on signage outside the building.
News of the office in Cambridge began in November 2014, and then one year later in November 2015 Cambridge News reported that Apple was hiring staff in the area to work on Siri. That rumor came in the wake of Apple's acquisition of the UK-based startup VocalIQ, which specializes in speech technology and finding ways for users and computers to have a more natural dialogue.

Now, it is believed that more than 30 employees -- including former staff from VocalIQ -- are at work at the Cambridge office. Today's report states that the workers at 90 Hills Road are "developing new versions of Siri to compete with the likes of Amazon and Google." Last month, industry sources stated that Apple is working on "enhanced Siri" capabilities for future iPhones, citing another Apple acquisition (machine learning startup Turi), while also mentioning the company's desire to best its competitors in the AI assistant space.

Tag: England

Apple Names its New Campus Auditorium 'Steve Jobs Theater'

Apple today announced that the 1,000-seat auditorium at its new Apple Park campus will be named the "Steve Jobs Theater" in memory of the company's late co-founder, who would have turned 62 years old on February 24.


Steve Jobs Theater, a 20-foot-tall glass cylinder with the world's largest freestanding carbon-fiber roof, is situated atop a hill at one of the highest points of the 175-acre campus, overlooking meadows and the main building.

Apple CEO Tim Cook:
“Steve’s vision for Apple stretched far beyond his time with us. He intended Apple Park to be the home of innovation for generations to come,” said Tim Cook, Apple’s CEO. “The workspaces and parklands are designed to inspire our team as well as benefit the environment. We’ve achieved the most energy-efficient building of its kind in the world and the campus will run entirely on renewable energy.”
Jobs' widow Laurene Powell Jobs:
“Steve was exhilarated, and inspired, by the California landscape, by its light and its expansiveness. It was his favorite setting for thought. Apple Park captures his spirit uncannily well,” said Laurene Powell Jobs. “He would have flourished, as the people of Apple surely will, on this luminously designed campus.”
Apple design chief Jony Ive:
“Steve invested so much of his energy creating and supporting vital, creative environments. We have approached the design, engineering and making of our new campus with the same enthusiasm and design principles that characterize our products,” said Jony Ive, Apple’s chief design officer. “Connecting extraordinarily advanced buildings with rolling parkland creates a wonderfully open environment for people to create, collaborate and work together. We have been extremely fortunate to be able to work closely, over many years, with the remarkable architectural practice Foster + Partners.”
Apple Park will be ready for employees to begin occupying in April, and the Steve Jobs Theater will open later this year.

Apple Updates Logic Pro X With Minor Bug Fixes and Feature Improvements

Apple today updated Logic Pro X, its software for audio professionals, to version 10.3.1. The new update introduces a few bug fixes and refines two previously implemented features.

According to Apple's release notes, Logic Pro X 10.3.1 fixes a bug that caused regions to behave unexpectedly when moved, and it fixes an issue that could cause regions on Track Alternatives to get deleted.


As for feature additions, global edits cutting or inserting time are now also applied to inactive Track Alternatives, and projects that use sample rates other than 44.1kHz can be shared to GarageBand for iOS.

Today's 10.3.1 update comes just over a month after Apple released Logic Pro X 10.3, a major update introducing a refreshed interface, Track Alternatives, and Touch Bar support for the new MacBook Pro.

Logic Pro X is available for purchase from the Mac App Store for $199.99. [Direct Link]

Apple Releases Third macOS Sierra 10.12.4 Public Beta for Public Beta Testers

Apple today seeded the third beta of an upcoming macOS Sierra 10.12.4 update to public beta testers for testing purposes, two weeks after seeding the second public beta and one day after releasing the third 10.12.4 beta to developers.

Beta testers who have signed up for Apple's beta testing program will receive the third 10.12.4 macOS Sierra beta through the Software Update mechanism in the Mac App Store.

macos-10-12-4-beta
Those who want to be a part of Apple's beta testing program can sign up to participate through the beta testing website, which gives users access to both iOS and macOS Sierra betas. Betas should not be installed on a primary machine due to the potential for instability.

macOS Sierra 10.12.4 brings iOS's popular Night Shift mode to the Mac, allowing users to cut down on blue light exposure in the evening. Believed to affect sleep by upsetting the body's circadian rhythm, blue light is thought to be more harmful than yellow light.

Subscribe to the MacRumors YouTube channel for more videos.

With Night Shift, the Mac's display automatically shifts from cool to warm at sunset and then shifts back at sunrise. Users can also set custom times for the display's colors to shift, or toggle the effect on manually. A Toggle to turn Night Shift on is available in the Notification Center, and Siri can also be used to activate the feature.

macOS Sierra 10.12.4 also includes Shanghainese dictation support, cricket scores for Siri, improved PDFKit APIs, and iCloud Analytics options.

Related Roundup: macOS Sierra

Apple Comes Fifth, Amazon Ranked Top, in Company Reputation Poll

Apple is the fifth most reputable major company active in the U.S. according to an annual poll that gauges public perception of 100 consumer brands (via The Korea Herald).

The Reputation Quotient Ratings from the 2017 Harris Poll are based on an online survey completed by over 30,000 adults in the U.S. The survey analyzes brand reputation across six gauges: social responsibility, vision and leadership, financial performance, products and services, workplace environment, and emotional appeal.


The Reputation Quotient Ratings saw Apple fall three places from the previous year, losing ground to Wegmans, Publix Super Markets, and Johnson & Johnson. Amazon meanwhile maintained its 2016 position at the top of the table, but the effects of the exploding Note7 phone debacle saw Samsung slump to 49th after last year ranking at seventh.

Other companies in the top ten include Google, which slipped from fifth in 2016 to eighth, and Tesla Motors, which was not included in last year’s rankings. Netflix and Microsoft both ranked in the top 20 (18th and 20th, respectively), with Facebook sitting at 66th.

According to Harris Polls, the biggest risks to a company's reputation are illegal actions by corporate leaders and lies about products or services. The poll was carried out between November 28 and December 16 of last year, so just before Consumer Reports denied Apple's new MacBook Pro line-up a buyer recommendation, based on perceived battery life issues. Consumer Reports later revisited the issues with Apple's input, and ultimately decided to award the laptops a recommendation in January.

Samsung meanwhile will be eager to resuscitate its brand in 2017 after some of its Galaxy Note7 phones caught fire, leading to the discontinuation of the model in October. However, the company had a setback last week when Samsung chief Lee Jae-yong was arrested over his alleged role in an influence-peddling scandal that has led to the South Korean president's impeachment.

Apple Shifts Towards Digital and Regional Ad Campaigns

Apple's shift towards regionally-focused digital and social media campaigns, and away from translating broader TV-focused campaigns for global markets, has led to layoffs and reorganizational efforts at its longtime global advertising partner TBWA\Media Arts Lab, according to Adweek.


The agency's translation and transcreation teams were naturally among those hardest hit by the downsizing, the report claims. The exact number of employees laid off was not revealed, but the staff reductions are said to have occurred at TBWA's Los Angeles headquarters and other offices around the world.

Nevertheless, the report said TBWA expanded other departments, most prominently digital and social media. The agency said its new operating model will allow it to "keep pace with the way people consume media and content," which increasingly involves platforms such as Instagram, Snapchat, Facebook, and YouTube.
“TBWA\Media Arts Lab is reorganizing and introducing a new operating model to keep pace with the way people consume media and content,” an agency spokesperson told Adweek. “This will result in a reduction in areas such as localization and further investment in areas such as digital, social, data analytics, content creation and a more diverse set of strategic skills. We will also have greater integration with media partners at OMD.”
A recent example of Apple's regional work is "Meu Bloco na Rua," a Brazilian Carnival-focused video promoting Portrait Mode on iPhone 7 Plus. Apple shared the 90-second spot on its YouTube account in Brazil last week ahead of the Carnival beginning on the afternoon of February 24.


Apple has also shared an increasing number of social-friendly 15-second ads on YouTube for products such as the iPhone, Apple Watch, and AirPods. Just two days ago, Apple launched a series of new ads in which it promotes the iPad Pro and its features by responding to real tweets printed on large posters.


Apple will continue to work with TBWA\Media Arts Lab in tandem with its growing in-house marketing team, the report said.

Tags: Apple ads, TBWA

Adobe Issues Critical Security Update for Flash Player on Mac

Adobe this week released Flash Player version 24.0.0.221 to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," including Mac, Windows, Linux, and Chrome OS.

Mac users with Flash Player version 24.0.0.194 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also available from the Adobe Flash Player Download Center.

Flash Player users who had enabled the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 24.0.0.221. Select "About Google Chrome" under the Tools menu to verify the browser is up-to-date.

Adobe said the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro.

Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released fifteen Flash Player security updates over the past year.

In 2010, Apple co-founder Steve Jobs shared his "Thoughts on Flash," in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was "the number one reason Macs crash," while criticizing its performance on mobile devices. "Flash was created during the PC era – for PCs and mice," he opined.