Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail.
The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.
[...]
The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist.
Writing Tools, in particular, can and should be better. I write a little on my iPhone, but I write a lot on my Mac — not just posts here, but also emails, messages, and social media posts. A more advanced spelling and grammar checker that has at least some contextual awareness sounds very appealing to me. This is a letdown, and because of so many basic reasons. I do not need Apple Intelligence to be the apex of current technology. What I do expect, at the very least, is that it is user-friendly and feels at home on Apple’s own platforms. It needs work.
To be more sensitive about the public mood, I think they probably should have kept notification summaries as an opt-in feature, even if Apple Intelligence in general is turned on by default now. That’s the only real critique of this I can field.
Among the numerous security updates, the iOS/iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, and visionOS 2.3 updates patch a CoreMedia zero-day flaw. Exploitation of CVE-2025-24085 could allow a malicious application to access privileged parts of the system and was fixed with improved memory management.
CoreMedia is a framework used for time-based audio-visual assets such as podcast apps and other media players.
Video game studio comedy Mythic Quest returns today for season four on Apple TV+. The comedy features Rob McElhenney as Ian, a maverick game producer, and his surrounding team as they struggle to stay relevant in the modern gaming market.
Apple is continuing to promote the Beats Pill speaker, today sharing a new Valentine's Day-themed short ad that uses the cute anthropomorphized "Pill People" characters to highlight battery life.
The app lets me instantly restore all my app windows to my preferred sizes and positions, whether I’m using my MacBook Pro in standalone mode or hooked up to my external monitor.
Folder Preview lets you expand Quick Look's full functionality to folders. You select a folder, press the Spacebar, and Folder Preview will let you see all the files and folders inside of it, without actually opening it.
In the span of two key presses, your app is open, boom. And it's not just limited to apps. You can use it to open URLs (works with any apps that expose URLs to third-party apps) and trigger commands or scripts. It essentially makes everything on your Mac just a few keystrokes away.
Some apps may surprise you. For example, why would a calendar app need access to the health data on your phone? Why would a calculator require your list of contacts? It’s a good idea to ask yourself these questions before downloading any new apps. If the answer doesn’t seem obvious, don’t download the app. With that in mind, let’s look at some of the most invasive apps that may be on your phone right now.
Welcome to the year of the snake.
Snakes!
~
Thanks for reading.