The Exploited-in-the-Wild Edition Thursday, January 27, 2022

Apple Releases, iOS 15.3, iPadOS 15.3, macOS Monterey 12.2, watchOS 8.4, tvOS 15.3, And HomePod Software Version 15.3, by Josh Centers, TidBITS

It’s time once again to fire up Software Update. Apple has released updates for all of its shipping operating systems with bug fixes and security updates but no new features, apart from Siri on the HomePod learning to recognize two new languages. Apple says that one of the security vulnerabilities addressed may have been actively exploited in the wild, so we recommend updating soon.

Apple Releases iOS 15.3 And iPadOS 15.3 With Fix For Safari Bug That Leaks Browsing Activity, by Juli Clover, MacRumors

In iOS 15 and ‌iPadOS 15‌, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Websites that use IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session, which essentially allows a malicious website to spy on other websites that a Safari user visits.

What Has Changed In Monterey 12.2?, by Howard Oakley, The Eclectic Light Company

Initial quick testing unfortunately demonstrates that one major bug in 12.0.1 and 12.1 hasn’t been fixed: the Finder still leaks memory badly when its Find feature is used. This doesn’t appear to have even been reduced. A more minor bug also persists, in the Bluetooth menu item. That is still unable to show charge levels of peripherals such as Apple keyboards and trackpads while they’re charging, so doesn’t tell you when charging is complete.

Apple Releases watchOS 8.4 With Fix For Apple Watch Charging Bug, by Juli Clover, MacRumors

According to Apple’s release notes, watchOS 8.4 fixes a bug that could cause some Apple Watch chargers not to work as expected with the Apple Watch.

Fixing iCloud

Apple Fixed iCloud Bug Causing Syncing Issues For Third-Party Apps, by Juli Clover, MacRumors

Apple appears to have fixed an ongoing iCloud server issue that was causing some apps that have implemented ‌iCloud‌ support to fail to sync properly. The bug has persisted since November, and app developers were becoming increasingly upset with Apple’s lack of effort to address the problem.

Coming Soon?

Apple To Rival Square By Turning iPhones Into Payment Terminals, by Mark Gurman, Bloomberg

Apple Inc. is planning a new service that will let small businesses accept payments directly on their iPhones without any extra hardware, according to people with knowledge of the matter.

The company has been working on the new feature since around 2020, when it paid about $100 million for a Canadian startup called Mobeewave that developed technology for smartphones to accept payments with the tap of a credit card. The system will likely use the iPhone’s near field communications, or NFC, chip that is currently used for Apple Pay.


Apple Launches Black Unity Braided Solo Loop With 'Unity Lights' Watch Face, by Hartley Charlton, MacRumors

Apple today announced the Black Unity Braided Solo Loop for the Apple Watch, as well as a new downloadable watch face, to celebrate Black History Month.

Apple Previews New Content, Collections In Celebration Of Black History Month, by Mike Peterson, AppleInsider

In a new feature story Wednesday, Apple previewed and showed off the new content and curated collections, which includes special episodes of "The Message" on Apple Music 1 focusing on Black creators and new workouts that honor Black History Month on Apple Fitness+.

Podcastle's The iPhone App All Podcasters Need With Local Audio Recording And More, by Oliver Haslam, iMore

If you're someone who needs to record a podcast on their iPhone and wants their guests to also create local recordings for the best possible quality, you need to try Podcastle.


Apple To Expand Xcode Cloud Beta Access 'Over The Coming Weeks', by Filipe Espósito, 9to5Mac

While the platform is still available as a private beta, Apple says access will be expanded to more developers soon, while the official launch is still expected later this year.


Apple System Status Page Needs To Switch Off Its Reality Distortion Field, by Ben Lovejoy, 9to5Mac

I mean, I get it. There will always be minor and temporary glitches affecting a tiny number of people, and it’s not realistic for Apple to update the page to reflect each one of these. But I think there’s no denying the fact that the page currently has its own reality distortion field.

Why Online Stars Are Mad At Apple, by Shira Ovide, New York Times

Many internet creators say that Apple doesn’t deserve such a big chunk of their earnings for what they see as the company’s marginal involvement in the relationship between creative online work and fans. And they say that Apple’s fees — on top of those from sites like YouTube, Facebook and Twitter — make creative pursuits, which are already difficult, even harder.


An Apple spokesman told me that the fees on a small minority of what people do in apps are fair compensation for the company’s role in the internet economy and for making it easy to pay for stuff from our phones. People also feel more confident paying with the credit card on file with Apple than with handing over account information to people on YouTube or Instagram.

Pennsylvania Could Become First State To Pass Law Targeting AirTag Abuse, by Zac Hall, 9to5Mac

This week, Pennsylvania State Representative John Galloway proposed legislation that would specifically prohibit an AirTag from being used for anything beyond locating personal items. Citing a recent New York Times article on AirTag abuse, Galloway says Pennsylvania’s Crimes Code needs updating to prohibit remote stalking.

Bottom of the Page

Looks like it's a weekend of operating-system-updates for me.

Actually, I'm no longer afraid of updating iOS. Recent updates have all been solid, including the one where the entire file system has been updated. (Recent? These strange times are giving me weird sense of time.)

The other reason: probably except for a few app settings here and there, I don't have any data stored on my iPhone. Everything exists on the 'cloud', and can be re-downloaded onto a newly-resetted iPhone. Time is all that is wasted.

My Mac, however, is a different story. I can still remember the one time where macOS updates wiped up people's hard disks. (Okay, that was even longer ago. But, yeah, strange times.)

And more importantly, I have tons and tons of data -- including photos and videos -- on my Mac. And Homebrew stuff. I know they are backed up. But I am still much more cautious in updating my Mac.

Anyway, I'll be waiting for two days. If nobody's hard disks has been wiped out, I'll install the new update.


Thanks for reading.