MyAppleMenu - Thu, Jun 18, 2015

Thu, Jun 18, 2015The Design-Problem Edition

Security Matters

Zero-Day Exploit Lets App Store Malware Steal OS X And iOS Passwords, by Glenn Fleishman, Macworld

The short-term fix for these exploits is a combination of new recommendations and requirements to app developers, and additional procedures in the App Store review. “What the App Store can do is run something similar at least to identify—not malicious apps, but at least those vulnerable as targets,” Wang said.

His colleague, PhD candidate Luyi Xing, noted that “Apple should do something to enforce scheme management” as well. However, Xing said that it boils down to being a design problem, rather than an app implementation issue. That will require some deep rethink at Apple, and put some burden on developers as new authentication and registration procedures make their way into App Store requirements.

1Password Inter-Process Communication: A Discussion, by Agile Bits

Neither we nor Luyi Xing and his team have been able to figure out a completely reliable way to solve this problem. We thank them for their help and suggestions during these discussions. But, although there is no perfect solution, there are things that can be done to make such attacks more difficult.

Unauthorized Cross-App Resource Access On MAC OS X And iOS, by Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-Min Hu, Xinhui Han,

On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs. Given the complexity of today's OSes, less clear is whether such isolation is effective against different kind of cross-app resource access attacks (called XARA in our research). To better understand the problem, on the less-studied Apple platforms, we conducted a systematic security analysis on MAC OS~X and iOS. Our research leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Stores, to gain unauthorized access to other apps' sensitive data. More specifically, we found that the inter-app interaction services, including the keychain, WebSocket and NSConnection on OS~X and URL Scheme on the MAC OS and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the app sandbox on OS~X was found to be vulnerable, exposing an app's private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result, sensitive user data, like the notes and user contacts under Evernote and photos under WeChat, have all been disclosed. Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications. To better understand their impacts, we developed a scanner that automatically analyzes the binaries of MAC OS and iOS apps to determine whether proper protection is missing in their code. Running it on hundreds of binaries, we confirmed the pervasiveness of the weaknesses among high-impact Apple apps. Since the issues may not be easily fixed, we built a simple program that detects exploit attempts on OS~X, helping protect vulnerable apps before the problems can be fully addressed.

This Is Tim

Had a great time meeting customers and our team at the Apple Store Boylston St in Boston. Enjoy your Apple Watches!

— Tim Cook (@tim_cook) June 17, 2015

How Many WWDC Presenter Used The Watch As A Remote?

First time controlling a Keynote from my Apple Watch. Weird to have both hands free.

— Robert Sharl (@Sharl) June 18, 2015

Slow And Blind

Utah Valley University Creates A ‘Texting Lane’ For Busy Staircase, by Michael Rosen, Fusion

There’s a “culture of walking and texting” on the Utah Valley University campus, according to conversations with students, but that’s not the main reason Matt Bambrough, the creative director at UVU, came up with an idea to paint a “texting lane” on a staircase leading up to the brand-new Student and Wellness Center. According to Bambrough, it’s first and foremost a design project—the texting lane was a tongue-in-cheek reference to the college-wide epidemic of kids walking around with their faces buried in their iPhones.


Flipboard Users Can Now Add Their Own Voice, Opinions And Photos To Their Magazines, by Sarah Perez, TechCrunch

It will now enable magazine creators to add more of their own voice to their publications by allowing them to share thoughts and opinions on the news they’re sharing, as well as ask questions, quote text, customize their magazine with links or their own personal photos, and more.

The Best Launcher Apps For iOS, by Michael Simon, Macworld

Contrast might not have been the first developer to make one, but it was certainly the first to get it right, and nearly three years after its debut, Launch Center Pro is still the one to beat.

Dark Sky 5.0 Gets A New Look And Advanced Alert Options, by Joseph Keller, iMore

Dark Sky, a weather app specializing in hyper-local forecasts, has hit version 5.0, refreshing the layout, adding advanced alert options, and more. The app also packs advanced functionality for iPhone 6 owners, letting them opt in to sending pressure sensor data for better short-term forecasts.

Vimeo Completely Revamps Its iPhone Video Editing App, by Mariella Moon, Engadget

Mellel 3.4, by Agen G. N. Schmitz, TidBITS

Hands On: Editorial 1.2 (iOS), by William Gallagher, MacNN

Nest Gets Into The Home Security Game With The Nest Cam, by Nathan Ingraham, The Verge

How To Sync Your iPhone Photos To Your Chromebook Using Google Drive, by Conner Forrest, TechRepublic


The definition of insanity is typing the same word over and over again, and expecting autocorrect to not screw it up this time.

— Nick Arnott (@noir) June 18, 2015


Behind The App: The Story Of Notepad++, by Andy Orin, Lifehacker

Back in 2003, software engineer Don Ho wasn’t satisfied with the source code editor he was using for work and decided to take on the challenge of crafting something better. Notepad++ has since become a staple of many users looking for richer features than your OS’s default text editor, and better performance than more bloated options. We caught up with Don to learn about what went on behind the app.

Protocol Oriented Programming, by David Owens II


*breaks down in hysterical laughing fit* (from Apple's new "UI Design Dos and Don'ts"

— Sebastiaan de With (@sdw) June 15, 2015


Record Labels Attack Apple Deals That Would Leave Them 'Completely Screwed', by Christopher Williams, Telegraph

Mr Heath said: “If you are running a small label on tight margins you literally can’t afford to do this free trial business. Their plan is clearly to move people over from downloads, which is fine, but it will mean us losing those revenues for three months.”

Apple Gets Top Marks From The EFF On Its Transparent Data Policies, by John Callaham, iMore

The non-profit watchdog group has praised the company for its transparent policies regarding how it handles data requests from government agencies.

Software Is A Service, by Bob O'Donnell, Re/code

Microsoft Finally Gets That It Won’t Win The Smartphone War, by Issie Lapowsky, Wired

The announcement included a number of senior departures, as well as a reorganization of existing executives, but the most telling of these changes is, perhaps, the departure of Stephen Elop, Nokia’s ex-CEO. [...] His exit from the company seems to be as strong a sign as any that Microsoft is—at least in spirit—seceding from a crowded smartphone market that has become increasingly difficult to penetrate.


According to the email Apple just sent me, my iTunes Match subscription is due for renewal this June 30th.

Whether this timing is good or bad remains to be seen: the Apple Music web page on Apple Singapore's web site still says "Coming Soon" instead of promising a specific date.


Have we invented a new medical term for the condition of the weakening of the heart due to the dropping or potential dropping of one's iPhone onto concrete floor?

Parting Words

Why machines will never replace humans. They just don't understand us.

— Simon Cobb (@s13mon) June 16, 2015

Thanks for reading.