In iOS 8, Apple is making the process of logging into apps a much smoother experience by allowing native iOS apps to access usernames and passwords stored in Safari. The new feature, which works by letting iOS apps tap into Safari’s AutoFill & Passwords feature, will allow users to login to apps with a simple tap rather than having to type login info. Imagine your username and password are stored in Safari’s AutoFill for Facebook, for example. When launching the native Facebook iOS app, the feature will let users select from passwords stored in Safari to quickly login (as pictured above with Apple’s demo “Shiny” app). Read more
As we reported in May, Apple is working on a split-screen multitasking feature for iPad apps for a version of iOS 8. The feature, akin to the key productivity function on the Microsoft Surface, was not announced at WWDC last week, but code references to the feature have been found across the iOS 8 Software Development Kit.
Now, developer Steven Troughton-Smith has dug further into the upcoming split-screen multitasking feature and has hacked the iOS 8 iPad Simulator to make the function partially work. As can be seen above, Safari is taking up half the display. The tweaking to the simulator is yet to completely unlock all functionality with two different apps running side by side, but this demonstrates that Apple has been definitely testing the feature internally.
Troughton-Smith has also put together a video showing the split-screen mode in action on the simulator. That video can be seen below:
Now you’ve had a chance to catch up on our coverage of the main new features of iOS 8 and OS X Yosemite, and seen our hands-on videos (iOS 8 overview, OS X Yosemite overview, iOS 8 Spotlight and iOS 8 interactive notifications), we’d like to hear your first impressions of each.
Whether you’re blown away by all the new features, disappointed by things you wanted but didn’t get, or just a bit underwhelmed, here’s your chance to let us know.
We’ve summarized the features Apple has chosen to highlight, and there are separate polls for each platform … Read more
With an estimated half a million sites vulnerable to the “Heartbleed” vulnerability revealed earlier this week, which allows an attacker to access user details of websites previously believed to be secured by industry-standard SSL/TLS, your favorite social networks, stores, and other services around the web could potentially be handing out your password or other personal information to anyone who exploits the issue.
The bug exists in a library called OpenSSL, which is an open-source SSL implementation that many—but not all—web services use to secure sensitive traffic. If a website you use is affected by the bug, your personal data could be given to just about anyone. Unfortunately, changing your password on an unsecure site won’t even help unless the site’s owners have installed a fix (because the attackers can simply exploit the bug again to get your new password).
This serious issue affects a number of high-profile sites, but it seems your Apple ID is safe. Today, Apple gave the following statement to Re/code:
After updating iWork for iCloud and its Mac and iOS counterparts, Apple has pushed out a new Safari update as well. The new version is 7.0.3 and contains mostly bug and security fixes. Apple has been beta testing this update with developers for the past few weeks. The two biggest parts of this update are changes to push notifications and the way URLs are handled.
For users who don’t want to be asked about push notifications from any site, there’s now a checkbox in the notification preferences that disables them entirely. Unchecking the box for “Allow websites to ask for permission to send push notifications” (seen above) will block all notification prompts in the future.
The second big change enables Safari to recognize new generic top-level domains (the .com bit at the end of the URL). The organization responsible for managing these has recently created several new ones for generic terms (like “.pizza”). Safari will now recognize these and go to the correct URL rather than trying to search for the term. Read more
The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.
The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.
Nuance has just announced the next major version of its Mac dictation software, Dragon Dictate 4. The new version improves recognition accuracy as well as several new features, including the ability to machine transcribe from a pre-recorded audio file. You no longer have to be recording a voice live to get transcription.
We’ve had a quick play with the software and the accuracy is almost scary good compared to older versions of the software. Speaking in a normal voice gives you almost 100% accuracy and even mumbling seems to work. While Mavericks uses the same Nuance speech engine, Dictate 4 has a better interface for transcription and tons of extra features as outlined in the videos above and below.
Dragon Dictate software has also been updated for modern system architectures — it is a 64-bit app now. This results in better performance and better memory management over its predecessors. The company says it has drastically reduced latency when interpreting speech.
Update: Apple says an OS X fix is coming soon.
Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for.
Researchers from CrowdStrike described the bug in a report:
“To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake. This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),”
Apple has released OS X 10.9.1 for Mac via the Mac App Store today. The update includes a number of Mail related fixes including improved support for Gmail as well as numerous bug fixes. The update also fixes a VoiceOver issue that prevented sentences with emoji characters from being read…
In addition to the incoming OS X Mavericks Mail Update that we reported on previously, sources say that Apple is readying a slew of performance and bug fix updates for several other OS X Mavericks applications. According to the updates seeded today to Apple employees, Apple is preparing updates for iBooks, Safari, and the Remote Desktop Client apps:
With the launch of Mavericks imminent, a handful of major websites have begun supporting the Safari Push Notification feature. These sites include The New York Times, NBA.com and social network Pinterest. HTML 5 web notifications have been supported by all major browsers, including Safari, for a while. However, the HTML 5 native feature requires the page to be open for notifications to be sent, as noted by MacRumors.
Meanwhile, Safari Push Notifications mirror the user experience associated with native app push notifications. With user consent, a supporting website can send notifications to your Mac without the page (or even, Safari) being open. This is because this system uses Apple’s Push Notification Service servers — rather than the local client — to function. Because of this server-side integration, the utility of website notifications increases dramatically.
With major support already implemented by such big sites, it seems like this will be a big deal for end-users. More sites will undoubtedly roll out support in the coming days. For instance, CNN was used to demo the feature at WWDC but is yet to go live publicly. Mavericks is expected to launch by the end of the week. It is very likely Apple will confirm the OS’ launch date at its special media event later today. Read more
Evernote, Adobe, even Apple … just a few of the companies who have found their user data compromised by hackers in recent times. The possibility of a hacker being able to access one of your web accounts is worrying enough – but if you use the same email address and password for almost all the websites you use, the risk becomes huge.
The first thing a hacker does when they get hold of a list of usernames and passwords is to use automated software to fire them at a whole bunch of popular websites. That means your online security is only as good as the most vulnerable of the websites you visit. Not good.
The answer, of course, is to use a unique – and strong – password for each website you access. But that creates its own hassles. Strong passwords aren’t easily memorised. Sure, we can ask our browsers to store logins for us, but when you might use several different computers, an iPhone and an iPad, you’d have to login once from each device as soon as you chose the password so it gets stored before you forget it. Not very convenient.
Which is where password managers come in. When you see the instructions, it’ll look like a long process, but it in fact takes only 10-20 mins if you have two or three devices … Read more