iPadOS and iOS 14.8 Security Update

Credit Apple Inc.

Apple has released a series of updates to address maliciously crafted exploits. Users are encouraged to update promptly. These updates include WatchOS and MacOS.

Some of the details can be found here and include:

CoreGraphics

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

To learn more about how to update, read here.

Apple Event September 14, 2021

Credit Apple Inc.

Apple has announced an event that will stream on September 14, 2021 at 10 a.m. PDT. You can view the online event at Apple.com or on the Apple TV app.

No official products have been announced. There is speculation that Apple may announce iPhone 13, Apple Watch 7, new AirPods, or other hardware including iPad Mini.

It does not appear likely that iOS 15 or Monterey, the latest MacOS will be released on this date. But, as with most Apple events, you will likely not know until you know.

You can learn more here.

iOS 14.5.1 Update

Credit Apple Inc.

Apple has issued an iOS update. Users are encouraged to install this update as it fixes several security issues.

The update applies to iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

The WebKit fixes impact “maliciously crafted web content [that] may lead to arbitrary code execution.”

There are various updates to other Mac and Watch OS devices as well. As with any update, you should make a backup first.

Zoom Update – Share Multiple Programs

The latest update to Zoom Desktop (5.4.3) adds several new and enhanced features. The ability to share multiple open programs at once has been added. The new feature is described as follows:

• Share multiple programs at once 
  Users can select multiple desktop programs at once for sharing, instead of sharing their entire desktop. Other programs and unoccupied areas in the desktop will not be visible to the viewer. The sharer will always know which applications they are sharing by an extensible green border. Only the user employing this feature will need to be on version 5.4.3, viewers can be connected with older versions.

To do this, tap on the share button and select a window to share while holding down the shift button.

Now, you will be sharing several open apps at once, each with a green border around them. This new feature is helpful when you need to show several apps simultaneously.

Try it out.

Ulysses Turns 19

Ulysses, a writing app and markdown editor, turns 19. It adds material sheets, mouse and track support on iPad and keywords in Markdown Files and provides various fixes.

This writing app offers a different approach to turning your ideas into text. The basic unit is not so much a document but rather a “sheet.” A sheet is where the nugget of your idea, sentences or paragraphs are entered. Once you have created several sheets, you can order and nest them into groups for export in various ways.

By storing your Ulysses file in the cloud, you can work from your Mac or iOS device anytime the urge or impulse to write strikes you. The developer states “On iPad and iPhone, you’re now able to embed external folders from locations in the Files app, such as cloud storage providers or Git clients, and edit the contained files with Ulysses.” The ability to sync requires a subscription.

A main idea behind this writing app is to help the writer spend more time getting the thoughts down and less time worrying about formatting. The goal is to take the stress off of what the finished document will look like and help the attention be focused on the ease of entering the text and idea.

 Apple recently introduced mouse and trackpad support for iOS and Ulysses takes advantage of this.

You can try Ulysses for free. Download it from the App Store. All subscription plans contain a free trial. It is fully functional and syncs to all your Macs, iPads and iPhones.

So, if you are interested in trying out a new way to think about document creation, check out Ulysses.

iWork for iOS Updates

Apple has release updates for iWork for Mac and iOS versions. The updates include trackpad support with iPad OS 13.4, new themes and iCloud Drive folder sharing.

Keynote has new features like:

• Edit shared presentations while offline and your changes will upload when you’re back online. Requires iPadOS or iOS 13. Learn more
• Touch and hold, then drag across multiple objects to select them. Learn more
• Easily access your recently used themes in a redesigned theme chooser.
• Print or export a PDF of your presentation with comments included. Learn more
• Add a drop cap to make text stand out with a large, decorative first letter. Learn more
• Enhance your presentations with a variety of new, editable shapes.

You can learn more about the updates for iOS here:

Pages

Keynote

Numbers

Apple Special Event September 12, 2018

From the Steve Jobs Theater on the Apple Campus, several announcements were made today related to the new  Watch Series 4 and some new iPhones.

Orders for the devices will begin soon with delivery in about 10 days for the first products.

WWDC 2018 Today 10 am PDT

Apple is expected to display updates and refinements to the operating systems for Macs and iOS devices today.

You can watch the keynote address today from this link.

Hanx Writer – Hi-Tech Keyboard Old School Feel

Hanx Writer is a really nifty app for those who enjoy typing or want to switch up the feel of your keyboard. Basically, the app gives you the opportunity to type using a realistic typewriter GUI. The sounds and motions of the moving parts are recreated with accuracy.

Your screen can be used as the keyboard or you can connect an extern blue tooth or Smart Keyboard to the iOS device to give you more screen room as seen below.

[The app states it is not compatible with the iPad Pro but the standard free version of the typewriter seems to work with my iPad Pro 12.9″ with Smart Keyboard.]

You get one “Free” keyboard as shown. You can use and enjoy the sites and sounds of that keyboard from within the app.

Third Party Keyboard Functionality

With an in app purchase, you can upgrade to get other typewriters or add additional functionality like working with multiple documents from within the app or hearing all of the sounds in other apps while using this third party keyboard. The least expensive upgrade costs 99¢ and includes the standard “Prime Select” keyboard.

Like other keyboard apps, you can add this third-party keyboard. Tap Settings > Keyboard > Add New Keyboard… and choose Hanx Writer. Then, tap on Allow Full Access.

Now, from your keyboard, tap and hold on the Globe at the bottom left and choose Hanx Writer.

With the in-app purchases, you can have the ability to change the font size, color, and look of your keyboard.

Conclusion

If you are looking for a fun way to type, jot down notes or share the fun of an old fashioned typewriter, check out Hanx Writer.

iOS 10.3.2 is Out

Apple has just released iOS 10.3.2. To update your compatible iOS device, tap Settings > General > Software Update. Make sure you make a back up first.

The only information currently available is that the update improves the security of your iOS device and includes bug fixes.

According to Apple, the security updates includes:

Released May 15, 2017

AVEVideoEncoder

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

CoreAudio

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team

iBooks

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: A maliciously crafted book may open arbitrary websites without user permission

Description: A URL handling issue was addressed through improved state management.

CVE-2017-2497: Jun Kokatsu (@shhnjk)

iBooks

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with root privileges

Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)

IOSurface

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to gain kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-6979: Adam Donenfeld of Zimperium zLabs

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed through improved locking.

CVE-2017-2501: Ian Beer of Google Project Zero

Kernel

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2017-2507: Ian Beer of Google Project Zero

CVE-2017-6987: Patrick Wardle of Synack

Notifications

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to cause a denial of service

Description: A denial of service issue was addressed through improved memory handling.

CVE-2017-6982: Vincent Desmurs (vincedes3), Sem Voigtlander (OxFEEDFACE), and Joseph Shenton of CoffeeBreakers

Safari

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Visiting a maliciously crafted webpage may lead to an application denial of service

Description: An issue in Safari’s history menu was addressed through improved memory handling.

CVE-2017-2495: Tubasa Iinuma (@llamakko_cafe) of Gehirn Inc.

Security

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Update to the certificate trust policy

Description: A certificate validation issue existed in the handling of untrusted certificates. This issue was addressed through improved user handling of trust acceptance.

CVE-2017-2498: Andrew Jerman

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: A maliciously crafted SQL query may lead to arbitrary code execution

Description: A use after free issue was addressed through improved memory management.

CVE-2017-2513: found by OSS-Fuzz

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: A maliciously crafted SQL query may lead to arbitrary code execution

Description: A buffer overflow issue was addressed through improved memory handling.

CVE-2017-2518: found by OSS-Fuzz

CVE-2017-2520: found by OSS-Fuzz

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: A maliciously crafted SQL query may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2519: found by OSS-Fuzz

SQLite

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro’s Zero Day Initiative

TextInput

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Parsing maliciously crafted data may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2524: Ian Beer of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2017-2496: Apple

CVE-2017-2505: lokihardt of Google Project Zero

CVE-2017-2506: Zheng Huang of the Baidu Security Lab working with Trend Micro’s Zero Day Initiative

CVE-2017-2514: lokihardt of Google Project Zero

CVE-2017-2515: lokihardt of Google Project Zero

CVE-2017-2521: lokihardt of Google Project Zero

CVE-2017-2525: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative

CVE-2017-2526: Kai Kang (4B5F5F4B) of Tencent’s Xuanwu Lab (tencent.com) working with Trend Micro’s Zero Day Initiative

CVE-2017-2530: an anonymous researcher

CVE-2017-2531: lokihardt of Google Project Zero

CVE-2017-2538: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative

CVE-2017-2539: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative

CVE-2017-2544: 360 Security (@mj0011sec) working with Trend Micro’s Zero Day Initiative

CVE-2017-2547: lokihardt of Google Project Zero, Team Sniper (Keen Lab and PC Mgr) working with Trend Micro’s Zero Day Initiative

CVE-2017-6980: lokihardt of Google Project Zero

CVE-2017-6984: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of WebKit Editor commands. This issue was addressed with improved state management.

CVE-2017-2504: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of WebKit container nodes. This issue was addressed with improved state management.

CVE-2017-2508: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of pageshow events. This issue was addressed with improved state management.

CVE-2017-2510: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in the handling of WebKit cached frames. This issue was addressed with improved state management.

CVE-2017-2528: lokihardt of Google Project Zero

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues with addressed through improved memory handling.

CVE-2017-2536: Samuel Groß and Niklas Baumstark working with Trend Micro’s Zero Day Initiative

WebKit

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue existed in frame loading. This issue was addressed with improved state management.

CVE-2017-2549: lokihardt of Google Project Zero

WebKit Web Inspector

Available for: iPhone 5 and later, iPad 4th generation and later, and iPod touch 6th generation

Impact: An application may be able to execute unsigned code

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-2499: George Dan (@theninjaprawn)