Categories
Security

You can uninstall iOS 16 Rapid Security Response updates, but you probably shouldn’t

Apple will let you remove the security patches installed by iOS 16’s Rapid Security Response system, which can install patches without the need to fully update your iPhone (or even without having to restart it, in some cases). According to a support document spotted by MacRumors, you can remove a Rapid Security Response update by going to Settings > General > About, then tapping on the iOS Version. From there, you’ll be presented with a “Remove Security Update” button.

The document doesn’t give any examples of why you’d need to uninstall one of the patches, leaving your phone open to the vulnerability it protects against. It’s easy to imagine a few special circumstances where the feature could be useful, perhaps if one messes up some special work-related software or management tools, for instance. Otherwise, it’s one of those features that most people should probably never use unless they have a very specific reason and fully understand what they’re doing — kind of like the new extreme Lockdown Mode, which is included to protect users from “highly sophisticated” targeted cyberattacks.

Rapid Security Response is turned on by default, although you can turn off the updates by going to Settings > General > Software Update > Automatic Updates and toggling “Security Responses and System Files.” If you do so, you’ll have to wait for full iOS updates to get the security patches. Again, I’d personally recommend against turning the feature off unless you have an explicit reason to, given how many of Apple’s recent updates have patched out pretty serious vulnerabilities.

The system is also coming to macOS in Ventura, which hasn’t been officially released yet — so far, Apple’s support documents for its desktop OS don’t mention whether you’ll be able to roll back those updates as well.

Repost: Original Source and Author Link

Categories
Security

If you have an iPhone 5S or 6, it’s time for a rare iOS update

Almost a year after the last update, Apple released a new version of iOS 12 on Wednesday, meant to patch a security hole that was recently fixed in newer versions of the OS. If you’re still using an iPhone 5S or an iPhone 6 or 6 Plus, it’s worth taking the time to update — Apple obviously doesn’t release security updates for its older software that often, so when it does, you know it’s a reasonably serious issue.

The vulnerability fixed by iOS 12.5.6 is one that could let a malicious website run unchecked code on your phone if you open it in Safari or another browser. What’s more, Apple says it’s possible someone out in the world has tried to use this exploit. While this type of warning isn’t a reason to panic — it’s relatively common for the company — it does mean that you should probably exercise a bit of caution until you update your phone.

You can download and install the update by going to Settings > General > Software Update. If your phone warns you that you don’t have enough storage to install the update, you can follow our guide on how to free up storage — some of the screens may look a bit different, but the basics will mostly be the same.

Tap the Download and Install button, and then enter your passcode to start the install process.

The update’s also available for a few other devices, too, such as the original iPad Air, the iPad Mini 2 and 3, and the sixth-gen iPod Touch. If you have any of those floating around, it’s probably a good idea to take some time today and update them.

Repost: Original Source and Author Link

Categories
Security

1Password 8 arrives on Android and iOS with a big redesign and personalized home

1Password is launching a big update to its Android and iOS apps today. 1Password 8 overhauls the design of the mobile password management apps in many of the same ways the 1Password 8 apps for Windows and Mac were redesigned in recent months. The new mobile interface includes a personalized home tab, which should make it easier to find logins, pin favorites, and organize your passwords.

The new personalized homescreen also lets you easily see logins you’ve recently created and even pin individual fields from a login. You can also reorder sections and add quick actions to the home tab, and the navigation bar now provides quick access to search, home, and settings.

Search isn’t super obvious in the current 1Password mobile app, and the navigation bar is split into favorites, categories, tags, and settings instead. 1Pasword 8 greatly simplifies the entire interface and navigation bar, making it easier for 1Password users who aren’t familiar with the mobile app to find their logins more easily. The updated app also has new and improved icons, typography, and detailed views for logins and vaults.

New icons and customizable homescreen on 1Password 8 mobile.
Image: 1Password

1Password has also added an updated Watchtower UI inside the mobile app, including alerts about data breaches inside items. Collections are also available in the mobile app now, allowing 1Password users to create custom groups of vaults. Autofill is also faster and more precise, so 1Password on mobile should more accurately auto fill payment cards, addresses, and identities across apps.

“Over the last couple years we’ve been making a concerted effort to unify our design language,” explained Michael Fey, VP of engineering for client apps at 1Password, earlier this year. “The updated designs result in a modern take on 1Password that is both familiar and fresh.”

The improvements in usability across mobile and desktop are particularly important as 1Password attempts to capture even more subscribers. 1Password now has more than 100,000 paying business customers, and it saw subscriber growth during the pandemic that led to a $6.8 billion valuation for the company earlier this year.

1Password has also been making it easier to share files, documents, and passwords with just a link and even helping people remember which “sign in” service they used on websites. The service also added a hide my email feature last year, giving all users the option of hiding their email addresses from apps and services.

Update, August 9th 9:40AM ET: Article updated with more 1Password 8 feature additions.

Repost: Original Source and Author Link

Categories
Security

iOS 16’s new Lockdown Mode takes iPhone security to the max

Apple has introduced an extra layer of security coming to iOS 16, called Lockdown Mode. The Cupertino, California-based company announced the new extreme cybersecurity feature on July 6 with the aim of protecting people at risk of being attacked by targeted mercenary spyware.

Lockdown Mode is an optional feature that not every iPhone user will need, but would most likely be used by politicians, activists, celebrities, and other public figures who fear they’re being targeted by spyware created by private companies. This includes the like of NSO Group, which was sued last fall for using Pegasus to hack the phones of political figures worldwide — including the widow of the late Saudi dissident journalist Jamal Khashoggi, and the prime minister of Spain, as well as dozens of journalists.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

When Lockdown Mode is enabled, it limits the iPhone’s functionality to render it invulnerable to attacks. It blocks some message attachment types other than images, disables preview links, blocks FaceTime calls from unknown contacts, and prevents wired connections to a computer or accessory when the iPhone is locked — among other things.

Apple is also making a $10 million grant out to the Dignity and Justice Fund to bolster research into enhancing cybersecurity, as well as investigating and preventing highly targeted cyberattacks. Any additional research money will come from the damages awarded from the ongoing lawsuit against NSO Group.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Google says attackers worked with ISPs to deploy Hermit spyware on Android and iOS

A sophisticated spyware campaign is getting the help of internet service providers (ISPs) to trick users into downloading malicious apps, according to research published by Google’s Threat Analysis Group (TAG) (via TechCrunch). This corroborates earlier findings from security research group Lookout, which has linked the spyware, dubbed Hermit, to Italian spyware vendor RCS Labs.

Lookout says RCS Labs is in the same line of work as NSO Group — the infamous surveillance-for-hire company behind the Pegasus spyware — and peddles commercial spyware to various government agencies. Researchers at Lookout believe Hermit has already been deployed by the government of Kazakhstan and Italian authorities. In line with these findings, Google has identified victims in both countries and says it will notify affected users.

As described in Lookout’s report, Hermit is a modular threat that can download additional capabilities from a command and control (C2) server. This allows the spyware to access the call records, location, photos, and text messages on a victim’s device. Hermit’s also able to record audio, make and intercept phone calls, as well as root to an Android device, which gives it full control over its core operating system.

The spyware can infect both Android and iPhones by disguising itself as a legitimate source, typically taking on the form of a mobile carrier or messaging app. Google’s cybersecurity researchers found that some attackers actually worked with ISPs to switch off a victim’s mobile data to further their scheme. Bad actors would then pose as a victim’s mobile carrier over SMS and trick users into believing that a malicious app download will restore their internet connectivity. If attackers were unable to work with an ISP, Google says they posed as seemingly authentic messaging apps that they deceived users into downloading.

Researchers from Lookout and TAG say apps containing Hermit were never made available via the Google Play or Apple App Store. However, attackers were able to distribute infected apps on iOS by enrolling in Apple’s Developer Enterprise Program. This allowed bad actors to bypass the App Store’s standard vetting process and obtain a certificate that “satisfies all of the iOS code signing requirements on any iOS devices.”

Apple told The Verge that it has since revoked any accounts or certificates associated with the threat. In addition to notifying affected users, Google has also pushed a Google Play Protect update to all users.

Repost: Original Source and Author Link

Categories
Computing

Twitter brings closed captioning toggle to Android and iOS

Twitter now offers the option to turn closed captioning on or off in its mobile apps for Android and iOS devices.

On Thursday evening, the bird app’s official @TwitterSupport account announced via a tweet that a closed captioning toggle is now available to everyone using Twitter for Android or iOS. The tweeted announcement described the new mobile app feature as a “‘CC’ button” that works with videos with captions enabled.

The choice is now yours: the closed caption toggle is now available for everyone on iOS and Android!

Tap the “CC” button on videos with available captions to turn the captions off/on. https://t.co/GceKv68wvi

— Twitter Support (@TwitterSupport) June 23, 2022

In the replies to the tweeted announcement, @TwitterSupport offered a few more details about the feature that’s new to the Twitter mobile app:

The closed captioning toggle is “already available” for Twitter on the web and it should show up as users hover over a video that has captions enabled.

This is already available for everyone on web! On videos that have captions available, you can turn the captions off/on by clicking the “CC” button at the bottom that appears when you hover over the video.

— Twitter Support (@TwitterSupport) June 23, 2022

You also don’t have to tap the toggle button every time you want to enable captions for videos. Once you toggle captions on for one video, the other videos in your timeline that offer captions should also follow suit.

You're welcome, Courtney! When you use the “CC” button to turn on captions for one video, captions will stay on for other videos in your timeline that have captions available.

— Twitter Support (@TwitterSupport) June 23, 2022

We tested the new mobile-friendly closed captioning toggle feature on Twitter for Android, and currently it is live and working. But here are a couple of things we noticed:

  • As @TwitterSupport noted in their announcement, the new toggle feature only shows up for videos that have closed captions enabled. And depending on who you follow, you may not have that many videos in your timeline that are eligible to display the toggle. It was hard to find a video that had captions enabled (so that the toggle would appear).
  • Based on what we’ve seen so far on Android, the closed captioning feature and its toggle do not seem to be visible in videos embedded in tweets while in the timeline. You’ll have to click on the tweet itself (not the video) to open the tweet, in order to see the closed captions and the toggle button (which should then appear in the top-right corner of the video).

Editors’ Choice




Repost: Original Source and Author Link

Categories
Game

Razer’s Kishi gamepad for iOS is cheaper than ever right now

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

If you’ve been looking for a better way to play games on your phone than relying on touch controls, an external controller is what you need. The is a solid dedicated gamepad option and the iOS version has dropped to an all-time low price on Amazon. It’s , which is $45 off the regular price. The USB-C Android version, meanwhile, .

Buy Razer Kishi (iOS) at Amazon – $55

The controller has a wired connection to your device, meaning that you won’t need to charge it. That will also result in lower latency compared with a gamepad that’s connected via Bluetooth. There is a Lightning port, but that’s only for passthrough charging. You won’t be able to use wired headphones (rival has a 3.5mm headphone jack, however).

Along with and other native iOS games, the Kishi is compatible with cloud gaming services like Google Stadia, GeForce Now and Xbox Cloud Gaming. You can also use it to play Xbox or PlayStation consoles using remote play apps.

The controller is compact when not in use, which makes it easy to keep in your bag. To use it, you’ll need to unclip a rear panel. A belt holds the two halves together and it stretches to accommodate various phone sizes. You’ll likely need to remove your phone’s case before using the Kishi, since it needs to be plugged into the Lightning port.

The Kishi does the trick for on-the-go use, though some may find the stubby analog sticks and other design choices a little uncomfortable for long gameplay sessions. The iOS version of the gamepad has been heavily discounted ahead of the Kishi V2, a new version of the controller that’s expected to arrive later this year.

Razer of the Kishi V2 this month. It has a solid sliding bridge rather than the stretchy belt (an idea Razer seems to have cribbed from Backbone), clickier buttons and the option to keep certain cases on while using the device. There’s also a share button that only works with the Razer Nexus app on Android. Players can use that to stream gameplay to the likes of YouTube and Facebook.

Repost: Original Source and Author Link

Categories
Security

Microsoft Defender launches on Windows, macOS, iOS, and Android

Microsoft is launching a new Defender cybersecurity app across Windows, macOS, iOS, and Android today. While the software giant has used the Defender moniker for its antivirus protection for years, this new cross-platform Microsoft Defender app is designed for individuals as more of a simplified dashboard that taps into existing antivirus software or offers additional device protections.

Microsoft Defender will be available for Microsoft 365 Personal and Family subscribers today, and the features will vary by platform. On iOS and iPadOS, for example, there’s no antivirus protection, and the app offers some web phishing protections instead alongside a dashboard that includes alerts for other devices.

Over on Android, Microsoft Defender includes antivirus protection and the ability to scan for malicious apps. The app will also scan links to offer web phishing protection. Microsoft Defender on Windows acts more like a dashboard rather than attempting to replace the built-in Windows Security app. You can view your existing antivirus protection from Norton, McAfee, or other vendors and manage and view security protections across devices.

Microsoft Defender on iOS.
Image: Microsoft

Microsoft Defender also includes security alerts and tips across multiple devices, although the tips are only available on Windows and macOS.

The app feels like it will be superfluous for many, but it will be useful for those wanting to protect family members and multiple devices in a simple dashboard. Microsoft is promising that more features are on the way, too.

“The expansion of our security portfolio with Microsoft Defender for individuals is the natural and exciting progression in our journey as a security company,” says Vasu Jakkal, corporate vice president of Microsoft security. “This is just the start. As we look forward, we will continue to bring more protections together under a single dashboard, including features like identity theft protection and secure online connection.”

Repost: Original Source and Author Link

Categories
Security

iOS 16 and macOS Ventura include Apple’s new Rapid Security Response

As part of today’s announcements at WWDC 2022, Apple briefly mentioned a new addition to its security tools that will apply to iPhone, iPad, and Mac platforms called Rapid Security Response. It didn’t go into a lot of detail about what Rapid Security Response is, but Apple is promising to have important security updates that get to your devices even faster. Currently, iOS and macOS users get their security updates rolled in with full system patches, usually with .1 or .0.1 version numbers, which can take quite some time for users to download and install.

Now, Apple says its Rapid Security Response updates include important security improvements that “can be applied automatically between standard software updates.” MacRumors reports that for users who’ve installed the iOS 16 developer beta, there’s a new toggle under the Automatic Updates section of settings for “Install System and Data Files” to apply new security configuration and system data files. It says that “some updates may only take effect once you restart your iPhone,” which suggests that some won’t require a reboot.

That’s the case on macOS Ventura, where Apple’s breakdown of the new features coming in version 13.0 includes the Rapid Security Response, however on this platform “This isn’t a standard software update. These improvements can be applied automatically between normal updates — without a restart.” The Verge has contacted Apple for more information about the new updates, and with beta testers already running the new software, we should know more about how they work soon.

Repost: Original Source and Author Link

Categories
AI

Amazon gives Alexa a new iOS widget and the ability to assign reminders

Amazon has updated the Alexa app on iOS so that you can access the voice assistant right from your home screen via a new widget. Everyone can use the assistant to remind specific members of your household to do tasks through a new “assign reminders” skill.

Due to the somewhat restrictive nature of the widgets on iOS, the new Ask Alexa widget isn’t so much Alexa itself as it is a link directly to the iOS app. But if you have the Alexa widget placed on any of your screens and you’ve already given the Alexa app permission to use your iPhone’s mic, you’ll be able to start making requests with a tap.

The Ask Alexa widget in iOS.

And now those requests can get a bit more granular. Amazon’s given Alexa the ability to assign reminders to specific members of your household if they have an Alexa Profile set up on the same Amazon account. So if you say “Alexa, remind Jeff to take the lasagna out of the freezer at 10AM,” Alexa will be able to deliver the reminder to the right person, at the right time, provided they’re logged in to their Alexa app.

You can create an Alexa Profile (up to 10 per Amazon account) each time someone new logs in to the Alexa app for the first time. Amazon says you can assign relationship nicknames to each profile, like mom, dad, daughter, etc. Additional Voice Profiles can also be added in Settings, so Alexa can recognize who’s speaking and making reminders based on their voice.

Alexa picks up new features and skills on a monthly basis, but Amazon also announced plans in June to open up Alexa even further to third-party developers. Among many new APIs, developers will be able to create custom widgets for the Echo Show.

Update August 6th, 7:00PM ET: Added information from Amazon on creating Alexa Profiles.

Repost: Original Source and Author Link