The Remained-Vulnerable Edition Friday, September 29, 2017

An Alarming Number Of Macs Remain Vulnerable To Stealthy Firmware Hacks, by Dan Goodin, Ars Technica

The exposure results from known vulnerabilities that remain in the Extensible Firmware Interface, or EFI, which is the software located on a computer motherboard that runs first when a Mac is turned on. EFI identifies what hardware components are available, starts those components up, and hands them over to the operating system. Over the past few years, Apple has released updates that patch a host of critical EFI vulnerabilities exploited by attacks known as Thunderstrike and ThunderStrike 2 as well as a recently disclosed CIA attack tool known as Sonic Screwdriver.

An analysis by security firm Duo Security of more than 73,000 Macs shows that a surprising number remained vulnerable to such attacks even though they received OS updates that were supposed to patch the EFI firmware. On average, 4.2 percent of the Macs analyzed ran EFI versions that were different from what was prescribed by the hardware model and OS version. 47 Mac models remained vulnerable to the original Thunderstrike and 31 remained vulnerable to Thunderstrike 2. At least 16 models received no EFI updates at all. EFI updates for other models were inconsistently successful, with the 21.5-inch iMac released in late 2015 topping the list, with 43 percent of those sampled running the wrong version.

Cracked It

Cultural Insularity And Apple TV, by John Gruber, Daring Fireball

I like Apple TV a lot, but I think Apple is ceding marketshare by not having a box that competes on price. I think there are a lot of people who look at iPhones, iPads, and MacBooks and see them as “expensive but worth it” but who look at Apple TV and see it as “ridiculously overpriced”.

Everyone Is Calling The New iPhone X The ‘Ecks’ Even Though Apple Says It’s Pronounced ’10’, by Caroline Cakebread, Business Insider

Whether out of confusion, personal preference or mere stubbornness, many people, it seems, prefer to call the new iPhone the “Ecks,” like the letter.

Government Requests

There's No 'FM Radio' In Your iPhone For Apple To Magically Turn On, by Rene Ritchie, iMore

Modern iPhones like iPhone 7 and iPhone 8 don't have FM radio capabilities on their chipsets and don't have a simple way to add antennas for FM radio signals.

For other phones, even if it was possible to just "flip a switch" and enable FM, doing so would likely require an update to the wireless chipset firmware (from Broadcom, Qualcomm, Intel, or whichever company manufactured it), which would then have to be baked into iOS and Android along with the interface elements needed to actually use it, and only then could it be pushed out as an update.

Trump’s FCC Commissioner Calls On Apple To ‘Activate’ iPhone FM Antennas That No Longer Exist, by John Gruber, Daring Fireball

No iPhone was ever designed to be an FM radio, and there is no “switch” that can be “flipped” — nor software update that could be issued — that could turn them into one. It’s a complete technical misconception.

What’s absurd is that the FCC commissioner would take his understanding of the iPhone’s technical capabilities from a newspaper editorial rather than from Apple’s own FCC regulatory filings, which I’m pretty sure would show that they’re not capable of acting as FM radios.

Apple Sees Sharp Increase In U.S. National Security Requests, by Stephen Nellis, Reuters

It was not immediately clear what drove the increase in requests to Apple. But Andrew Crocker, a staff attorney with the Electronic Frontier Foundation, said that the number of government requests to technology companies has been increasing since 2014, when data first started to become available as part of a settlement between technology firms and the government.


Index Is The Cleaner, Faster, Better Evernote We’ve Been Waiting For, by Bryan Clark, The Next Web

Index isn’t as feature-rich as Evernote. We should start there, because there are a few of you out there that still believe it’s worth stomaching Evernote’s bloat for the two times a year you might use that one feature. What Index lacks in features, it makes up for in efficiency. It’s sleek, minimalist, and fast — all things Evernote is not.

Critically Acclaimed Flower Debuts On iOS, by John Voorhees, MacStories

The game is designed to be a simple relaxing experience that’s accessible to anyone, not people who identify as gamers.

DisneyNow Moves Disney, XD, And Junior Channels To One App With New Features, by Zac Hall, 9to5Mac

As announced earlier this year, DisneyNow combines the company’s three kids cable channels — Disney Channel, Disney XD, and Disney Junior — into a single app that features content from each channel.


A Story Of Apple’s Excruciating & Outdated Legal Practices, by Jeppe Reinhold, Medium

This is a story of how I tried to do two seemingly simple things as an Apple developer: Changing my developer account name, and later the company’s developer account name. It turns out this is the equivalent of a bike ride through hell with triangular wheels, and not an easy stroll in the park as I thought it would be. Therefore beware: this is more of a rant (or actually two rants squished into one article) than a story, so there’s a slight chance you might miss the jokes, and get really angry when reading this.