Want the direct permalink to a post? Click the date!
- ✴︎ Links
☼
Asher Dipprey’s “Apple Event” Is Incredibly Well Done »
I knew I had to link this “Apple Event” the moment I saw it. It’s so convincing that after a while on in the background, I was wondering if this was an actual keynote. Magic really is in the air! Check it out above or at the link.
- ✴︎ Links
☼
Pixel 9a Announced, $499 USD Price Tag »
Pixel 9a is coming soon! Powered by our fastest, most efficient chip yet, Google Tensor G4, Pixel 9a comes with everything you expect from our Pixel 9 series — complete with a sleek redesign, upgraded main camera and Gemini built in.
Yep, more AI crap. But $499 undercuts the confusing iPhone 16e model by $100 so it’s probably a better deal outside of AI. Pixel 9a has no more camera “visor,” going all-flat (which is kind of sad, as that’s my favorite design aspect of Pixel phones, but whatever.)
Also, is any normal consumer buying phones based on AI promises? Genuine question.
- ✴︎ Links
☼
LEGO Pokémon? Hell Yes! »
Get ready to electrify your imagination in 2026 💛 ⚡️
Oh my God, I’m so excited. GET HERE FASTER, 2026!!
Security Flaw in Apple’s Passwords App, Leaving Users Vulnerable to Phishing Attacks for A Few Months
In iOS 18, Apple introduced the Passwords app, which brought the likes of Keychain Access and the “Passwords” submenu in settings out to the user. As part of the app, Passwords monitors every login credential saved in case they are implicated in a security breach or if the password is “easy to guess.” If it detects the credentials are simple, or were implicated in a breach, the Passwords app pops up a card that suggests the end user changes the password.
The vulnerability itself was found by Talal Haj Bakry and Tommy Mysk of Mysk Inc. Mysk tells me that the “change password” link that appears on that card seemed to be calling websites with HTTP by default. I was also shown a video demonstration of the flaw in action, which has now been published.
The video I linked above demonstrates the major security risk imposed by such a vulnerability. Using a piece of software, bad actors can sniff out, intercept, and even change the destination of HTTP traffic.
For those who do not know, HTTP is an insecure protocol that transmits data in plain-text with no encryption or security whatsoever. Any attacker utilizing the correct tools — as demonstrated in the video — could thus see your activity and any data entered on a given website. So if you got a prompt to change your password for your online banking system, a bad actor could send you to their convincing phishing site and get your personal information.
Thankfully, Apple has now patched the vulnerability (CVE-2024-44276) with the release of iOS and iPadOS 18.2:
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: An attacker in a privileged network position may be able to alter network traffic
Description: This issue was addressed by using HTTPS when sending information over the network.
CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
However, even though it was fixed in iOS and iPadOS 18.2, as well as macOS Sequoia 15.2, it is strongly recommended that users update to the latest version of their device’s operating systems as they release. This keeps users’ devices up-to-date with the latest bug fixes and important patches needed to stay safe and secure online. As of writing, the latest OS releases from Apple are iOS and iPadOS 18.3.2, and macOS Sequoia 15.3.2.