An anonymous reader quotes a report from Ars Technica: ClickFix often starts with an email sent from a hotel that the target has a pending registration with and references the correct registration information. In other cases, ClickFix attacks begin with a WhatsApp message. In still other cases, the user receives the URL at the top of Google results for a search query. Once the mark accesses the malicious site referenced, it presents a CAPTCHA challenge or other pretext requiring user confirmation. The user receives an instruction to copy a string of text, open a terminal window, paste it in, and press Enter. Once entered, the string of text causes the PC or Mac to surreptitiously visit a scammer-controlled server and download malware. Then, the machine automatically installs it -- all with no indication to the target. With that, users are infected, usually with credential-stealing malware. Security firms say ClickFix campaigns have run rampant. The lack of awareness of the technique, combined with the links also coming from known addresses or in search results, and the ability to bypass some endpoint protections are all factors driving the growth.

The commands, which are often base-64 encoded to make them unreadable to humans, are often copied inside the browser sandbox, a part of most browsers that accesses the Internet in an isolated environment designed to protect devices from malware or harmful scripts. Many security tools are unable to observe and flag these actions as potentially malicious. The attacks can also be effective given the lack of awareness. Many people have learned over the years to be suspicious of links in emails or messengers. In many users' minds, the precaution doesn't extend to sites that instruct them to copy a piece of text and paste it into an unfamiliar window. When the instructions come in emails from a known hotel or at the top of Google results, targets can be further caught off guard. With many families gathering in the coming weeks for various holiday dinners, ClickFix scams are worth mentioning to those family members who ask for security advice. Microsoft Defender and other endpoint protection programs offer some defenses against these attacks, but they can, in some cases, be bypassed. That means that, for now, awareness is the best countermeasure. Researchers from CrowdStrike described in a report a campaign designed to infect Macs with a Mach-O executive. "Promoting false malicious websites encourages more site traffic, which will lead to more potential victims," wrote the researchers. "The one-line installation command enables eCrime actors to directly install the Mach-O executable onto the victim's machine while bypassing Gatekeeper checks."

Push Security, meanwhile, reported a ClickFix campaign that uses a device-adaptive page that serves different malicious payloads depending on whether the visitor is on Windows or macOS.

In 2022 the iPhone 14 featured emergency satellite service, and there's now support for roadside assistance and the ability to send and receive text messages.

But for future iPhones, Apple is now reportedly working on five new satellite features, reports LiveMint: As per Bloomberg's Mark Gurman, Apple is building an API that would allow developers to add satellite connections to their own apps. However, the implementation is said to depend on app makers, and not every feature or service may be compatible with this system. The iPhone maker is also reportedly working on bringing satellite connectivity to Apple Maps, which would give users the chance to navigate without having access to a SIM card or Wi-Fi. The company is also said to be working on improved satellite messages that could support sending photos and not be limited to just text messages. Apple currently relies on the satellite network run by Globalstar to power current features on iPhones. However, the company is said to be exploring a potential sale, and Elon Musk's SpaceX could be a possible purchaser.
The Mac Observer notes Bloomberg also reported Apple "has discussed building its own satellite service instead of depending on partners." And while some Apple executives pushed back, "the company continues to fund satellite research and infrastructure upgrades with the goal of offering a broader range of features."

And "Future iPhones will use satellite links to extend 5G coverage in low-signal regions, ensuring that users remain connected even when cell towers are out of range.... Apple's slow but steady progress shows how the company wants iPhone satellite technology to move from emergency use to everyday convenience."

Singaporean super-app company Grab has dumped 200 cloudy Mac Minis and replaced them with physical machines, a move it expects will save $2.4 million over three years. From a report: Grab is Southeast Asia's leading rideshare and food delivery outfit and therefore needs to build apps for iOS to connect with customers. In a Thursday post, the company explains it builds those apps using Continuous Integration and Continuous Delivery/Deployment (CI/CD) infrastructure that runs on Apple Mac computers.

The company started with a single on-prem Mac Pro -- its post shows 2013's cylindrical model based around an Intel Xeon processor -- but eventually reached over 200 Macs, running in the cloud at an unnamed US cloud provider. "At the beginning, it was a no-brainer to rent when our demand for macOS hardware increased from 1 Mac Pro to 20 times that size," Grab's post explains. "However, when that grew to over 200 machines, the total cost became significant."

Apple has officially launched a web-based version of its App Store that lets users browse apps across all Apple devices through a redesigned interface. "There's no way to download apps from the App Store on the web, however," notes The Verge. "Apple just gives you the option to share an app or open it directly inside the App Store installed on your device." From the report: Now, when you navigate to apps.apple.com, you'll see the revamped interface instead of a webpage that just contains information about the App Store. [...] Along with the ability to switch between listings of apps for the iPhone, iPad, Mac, Vision Pro, Apple Watch, and Apple TV, you can check out recommendations on the Today tab as well as sort apps by category, such as productivity, entertainment, adventure, and more. The new web-based App Store also serves as a portal where you can search for apps, too.

Apple is preparing to enter the low-cost laptop market for the first time, developing a budget Mac aimed at luring away customers from Chromebooks and entry-level Windows PCs. Bloomberg News: The new device -- designed for students, businesses and casual users -- will target people who primarily browse the web, work on documents or conduct light media editing, according to people familiar with the matter.

[...] Apple plans to sell the new machine for well under $1,000 by using less-advanced components. The laptop will rely on an iPhone processor and a lower-end LCD display. The screen will also be the smallest of any current Mac, coming in at slightly below the 13.6-inch one used in the MacBook Air. This would mark the first time that Apple has used an iPhone processor in a Mac, rather than a chip designed specifically for a computer. But internal tests have shown that the smartphone chip can perform better than the Mac-optimized M1 used in laptops as recently as a few years ago.

A long-simmering battle over who controls credit scoring in America has erupted into open warfare. Fair Isaac, whose FICO score is used in about 90% of consumer-lending decisions in the U.S., announced it will double the price of its mortgage credit score to $10 next year. The company also said it will bypass the three credit-reporting firms that have supplied the data feeding into its algorithm for decades.

Equifax, Experian and TransUnion created VantageScore in 2006 as an alternative to FICO and collectively own the scoring system. The move came months after Bill Pulte, head of the Federal Housing Finance Agency, announced that Fannie Mae and Freddie Mac would allow lenders to use VantageScore for mortgage approvals. The three credit-reporting firms responded by offering VantageScore free for many loans. Fair Isaac had charged a few cents per score for decades before chief executive Will Lansing began raising prices several years ago. Revenue from selling credit scores reached $920 million in fiscal 2024, nearly five times what it was a decade earlier.

Microsoft has reorganized its Outlook team under new leadership as part of a broader effort to integrate AI into its core products. Gaurav Sareen, a corporate vice president at the company, recently assumed direct leadership of the Outlook division after Lynn Ayres, who previously ran the team, began a sabbatical. The move represents the latest in a series of AI-focused restructurings across Microsoft's divisions. Sareen wrote in an internal memo that the company now has an opportunity to reimagine Outlook from the ground up rather than add AI features to existing systems, according to The Verge.

Ryan Roslansky, the chief executive of LinkedIn, took on an expanded role earlier this year as head of Office. Sareen now reports to Roslansky, who oversees the Office suite, Outlook and Microsoft 365 Copilot teams. The restructuring comes after Microsoft spent several years developing One Outlook, a web-based version meant to replace separate Windows, Mac, and web applications.

OpenAI has acquired Software Applications Incorporated, the 12-person startup behind Sky -- an AI interface for Mac computers that can understand on-screen context and perform tasks across apps. The deal follows OpenAI's recent acquisitions of Statsig and Jony Ive's io. CNBC reports: The startup's product called Sky allows users of Mac computers to prompt it with natural language to get help with writing, coding, planning and managing their days, OpenAI said in a blog post. Sky can take actions through apps and understands what's on a user's screen.

"Sky's deep integration with the Mac accelerates our vision of bringing AI directly into the tools people use every day," Nick Turley, the head of ChatGPT at OpenAI, said in a statement. Software Applications was founded in 2023, and the company unveiled Sky in May. OpenAI CEO Sam Altman contributed to the startup's $6.5 million seed funding round, according to its website.

An anonymous reader quotes a report from 9to5Mac: Apple has been working on a new framework called AppMigrationKit, which will be compatible with devices running iOS 26.1 and later, as well as iPadOS 26.1 and later. Like iOS and iPadOS 26.1, the framework is currently in beta and will allow developers to include their app's data during the migration process between Apple and non-Apple devices (which, for now, essentially means Android). Interestingly, Apple notes that this framework is not intended for data migration between iOS and iPadOS, but rather exclusively to and from non-Apple devices: "AppMigrationKit only supports migration to and from non-Apple platforms, such as Android. The system doesn't use the framework for migration between iOS or iPadOS devices. The framework also has no functionality in iOS apps running in visionOS or in macOS on Apple silicon. The framework ignores calls from Mac apps built with Mac Catalyst." The AppMigrationKit documentation can be found here.

Speaking of the new MacBook Pro, which Apple launched on Wednesday, Bloomberg News reports that the company is preparing to launch a touch-screen version of its Mac computer, reversing course on a stance that dates back to co-founder Steve Jobs. From the report: The company is readying a revamped MacBook Pro with a touch display for late 2026 or early 2027 [non-paywalled link], according to people with knowledge of the matter. The new machines, code-named K114 and K116, will also have thinner and lighter frames and run the M6 line of chips. In making the move, Apple is following the rest of the computing industry, which embraced touch-screen laptops more than a decade ago.

The company has taken years to formulate its approach to the market, aiming to improve on current designs. Bloomberg News first reported in January 2023 that Apple was working on a touch-screen MacBook Pro. The new laptops will feature displays with OLED technology, the same standard used in iPhones and iPad Pros, said the people, who asked not to be identified because the products haven't been announced. It will mark the first time that this higher-end, thinner system is used in a Mac.

Apple unveiled a new 14-inch MacBook Pro on Wednesday that features the company's M5 chip and represents what Apple describes as the next major advancement in AI performance for its Mac lineup. The laptop delivers up to 3.5 times faster AI performance than the M4 chip and up to six times faster performance than the M1 chip through a redesigned 10-core GPU architecture that incorporates a Neural Accelerator in each core.

The improvements extend beyond AI processing to include graphics performance that runs up to 1.6 times faster than the previous generation and battery life that reaches up to 24 hours on a single charge. Apple also integrated faster storage technology that performs up to twice as fast as the prior generation and allows configurations up to 4TB. The 10-core CPU delivers up to 20% faster multithreaded performance compared to the M4.

The laptop runs macOS Tahoe and includes a Liquid Retina XDR display available in a nano-texture option, a 12MP Center Stage camera, and a six-speaker sound system. The 14-inch MacBook Pro is available for pre-order starting Wednesday in space black and silver finishes and begins shipping October 22. The base model costs $1,599.

Steve Jobs died 14 years ago. But the blog Cult of Mac remembers that "Jobs himself was not sentimental." When he left Apple in the mid-1980s, he didn't even clear out his office. That meant personal mementos like his first Apple stock certificate, which had hung on his office wall, got tossed in the trash. Shortly after returning to Apple in the late 1990s, he gave the company's historical archive to Stanford University Libraries. The stash included records that Apple management kept since the mid-1980s. The reason Apple handed over this historical treasure trove? Jobs didn't want the company to fixate on the past...

All of which goes some way to saying why it was so heartening that Steve Jobs' death received so much attention. He wasn't the richest technology CEO to die. But the reaction showed that his life — faults and all — meant a lot to a great number of people. Jobs helped create products people cared about, and in turn they cared about him.
The site Mac Rumors remembered Sunday that Jobs "died just one day after Apple unveiled the iPhone 4S and Siri." Six years later, Apple CEO Tim Cook reflected on Jobs while opening Apple's first-ever event at Steve Jobs Theater in 2017. "There is not a day that goes by that we don't think about him."

And Sunday Cook posted this remembrance of Steve Jobs. "Steve saw the future as a bright and boundless place, lit the path forward, and inspired us to follow.

"We miss you, my friend."

An anonymous reader writes: Landlords are using a service that logs into a potential renter's employer systems and scrapes their paystubs and other information en masse, potentially in violation of U.S. hacking laws, according to screenshots of the tool shared with 404 Media.

The screenshots highlight the intrusive methods some landlords use when screening potential tenants, taking information they may not need, or legally be entitled to, to assess a renter.

"This is a statewide consumer-finance abuse that forces renters to surrender payroll and bank logins or face homelessness," one renter who was forced to use the tool and who saw it taking more data than was necessary for their apartment application told 404 Media. 404 Media granted the person anonymity to protect them from retaliation from their landlord or the services used.

[...] "Argyle hijacked my live Workday session, stayed hidden from view, and downloaded every pay stub plus all W-4s back to 2024, each PDF seconds apart," they said. "Workday audit logs show dozens of 'Print' events from two IPs from a MAC which I do not use," they added, referring to a MAC address, a unique identifier assigned to each device on a network.

MacStadium's inaugural CIO survey shows Apple devices gaining major ground in U.S. enterprises, with 96% of CIOs expecting Mac fleets to expand in the next two years and Macs already representing an average of 65% of enterprise endpoints. "The results show rapid Mac deployment across US business in the last two years, with 93% of CIOs claiming increased use, and 59% claiming a significant increase in use of all Apple devices," adds Computerworld. From the report: "As the adoption of Apple hardware continues to rise with both consumers and business users, and Apple Silicon is emerging as a secure and energy-efficient option for AI workloads, Apple is turning its sights to the enterprise," [MacStadium CEO Ken Tacelli] said in an interview. Among the specifics:

- 93% of CIOs report increased Apple device usage over the past two years.
- 45% of CIOs describe their leadership's view of Macs as a strategic investment, reflecting growing executive-level buy-in.
- The top drivers for Apple adoption are security and privacy (59%), employee preference (59%), and hardware performance (54%).
- Perhaps most importantly, 65% of CIOs say Macs are easier to manage than Windows or Linux devices.

In addition to those factors, the unique technical capabilities of Apple's kit (53%) play a role. Businesses are buying Macs because they're cheaper to run, last longer, allow employees to be more productive, and are both more private and more secure. The survey also shows that AI has become a leading reason to choose Macs. Apple Silicon is highly performant and energy efficient, enabling Macs to run on-device, secure AI, and to access cloud-based AI services.

Writing in Communications of the ACM, former Go tech lead Russ Cox warns we need to keep improving defenses of software supply chains, highlighting "promising approaches that should be more widely used" and "areas where more work is needed." There are important steps we can take today, such as adopting software signatures in some form, making sure to scan for known vulnerabilities regularly, and being ready to update and redeploy software when critical new vulnerabilities are found. More development should be shifted to safer languages that make vulnerabilities and attacks less likely. We also need to find ways to fund open source development to make it less susceptible to takeover by the mere offer of free help. Relatively small investments in OpenSSL and XZ development could have prevented both the Heartbleed vulnerability and the XZ attack.
Some highlights from the 5,000-word article:

• Make Builds Reproducible. "The Reproducible Builds project aims to raise awareness of reproducible builds generally, as well as building tools to help progress toward complete reproducibility for all Linux software. The Go project recently arranged for Go itself to be completely reproducible given only the source code... A build for a given target produces the same distribution bits whether you build on Linux or Windows or Mac, whether the build host is X86 or ARM, and so on. Strong reproducibility makes it possible for others to easily verify that the binaries posted for download match the source code..."

• Prevent Vulnerabilities. "The most secure software dependencies are the ones not used in the first place: Every dependency adds risk... Another good way to prevent vulnerabilities is to use safer programming languages that remove error-prone language features or make them needed less often..."

• Authenticate Software. ("Cryptographic signatures make it impossible to nefariously alter code between signing and verifying. The only problem left is key distribution...") "The Go checksum database is a real-world example of this approach that protects millions of Go developers. The database holds the SHA256 checksum of every version of every public Go module..."

• Fund Open Source. [Cox first cites the XKCD cartoon "Dependencies," calling it "a disturbingly accurate assessment of the situation..."] "The XZ attack is the clearest possible demonstration that the problem is not fixed. It was enabled as much by underfunding of open source as by any technical detail."

The article also emphasized the importance of finding and fixing vulnerabilities quickly, arguing that software attacks must be made more difficult and expensive.

"We use source code downloaded from strangers on the Internet in our most critical applications; almost no one is checking the code.... We all have more work to do."

An anonymous reader shares a report: Apple supply chain analyst Ming-Chi Kuo today reiterated that a more affordable MacBook powered by an iPhone processor is slated to enter mass production in the fourth quarter of 2025, which points towards a late 2025 or early 2026 launch.

Kuo was first to reveal that Apple is allegedly planning a more affordable MacBook. In late June, he said the laptop would have around a 13-inch display, and an A18 Pro chip. Kuo said potential color options include silver, blue, pink, and yellow, so the laptop could come in bright colors, like 2021-and-newer models of the 24-inch iMac.

This time around, he only mentioned the MacBook will have an unspecific iPhone processor. Apple recently introduced the A19 Pro chip, which has 12GB of RAM, so it will be interesting to see if the lower-cost MacBook uses that chip instead. The entire Mac lineup has started with at least 16GB of RAM since last year, with the only option with 8GB being the MacBook with an M1 chip, which is sold exclusively by Walmart for $599.

A search for "AI chat" in the Mac App Store returns dozens of applications sporting black-and-white icons nearly identical to ChatGPT's official logo. OpenAI's ChatGPT desktop application isn't available through the Mac App Store and can only be downloaded from the company's website. The copycat applications use various combinations of "AI," "Chat," and "Bot" in their names, including "AI Chat Bot : Ask Assistant," "AI Chatbot: Chat Ask Assistant," and dozens of similar variations. One application named itself "Al Chatbot" using a lowercase L instead of a capital I in "AI." Additional lookalike icons mimicking Claude, Grok, and Gemini applications also appear in search results.

Apple released iOS 26, iPadOS 26 and macOS Tahoe 26 today, introducing Liquid Glass, a translucent design language that represents the biggest visual redesign since iOS 7 in 2013. The new interface elements dynamically refract and reflect background content across all three platforms. iOS 26 requires iPhone 11 or later and second-generation iPhone SE or newer. iPadOS 26 runs on the same hardware as iPadOS 18 except the 7th-generation iPad. macOS Tahoe 26 supports all Apple silicon Macs, the 2019 16-inch MacBook Pro, 2020 13-inch MacBook Pro, 2020 and later iMac, and 2019 and later Mac Pro. The transparent menu bar on macOS increases perceived display size.

iOS 26's adaptive Lock Screen time display resizes around notifications and Live Activities. Desktop icons, folders, app icons and widgets support light, dark, tinted, and clear appearances across all systems. iOS 26 adds Visual Intelligence for on-screen content analysis through screenshot button combinations. Live Translation operates across Messages, FaceTime and Phone on all platforms, translating text and audio in real-time on-device. The Camera app received streamlined navigation and lens cleaning hints for iPhone 15 and later models.

iPadOS 26 brings Mac-style windowing and multitasking. Apps support free-form placement and menu bars. The Phone app and new Apple Games app arrived on iPad. macOS gained the Phone app through Continuity, including Call Screening and Hold Assist features. Spotlight executes hundreds of actions without opening applications and automatically assigns quick keys to frequent actions. Apple Intelligence expands across all systems. The Shortcuts app gained intelligent actions for text summarization and image generation. The Wallet app tracks orders across platforms, while Apple Music introduced AutoMix for song transitions.

The blog OMG Ubuntu notes that Microsoft Copilot chatbot support has been added in the latest Firefox Nightly builds. "Firefox's sidebar already offers access to popular chatbots, including OpenAI's ChatGPT, Anthropic's Claude, Le Chat's Mistral and Google's Gemini. It previously offered HuggingChat too." As the testing bed for features Mozilla wants to add to stable builds (though not all make it — eh, rounded bottom window corners?), this is something you can expect to find in a future stable update... Copilot in Firefox offers the same features as other chatbots: text prompts, upload files or images, generate images, support for entering voice prompts (for those who fancy their voice patterns being analysed and trained on). And like those other chatbots, there are usage limits, privacy policies, and (for some) account creation needed. In testing, Copilot would only generate half a summary for a webpage, telling me it was too long to produce without me signing in/up for an account.

On a related note, Mozilla has updated stable builds to let third-party chatbots summarise web pages when browsing (in-app callout alerts users to the 'new' feature). Users yet to enable chatbots are subtly nudged to do so each time they right-click on web page. [Between "Take Screenshot" and "View Page Source" there's a menu option for "Ask an AI Chatbot."] Despite making noise about its own (sluggish, but getting faster) on-device AI features that are privacy-orientated, Mozilla is bullish on the need for external chatbots.
The article suggests Firefox wants to keep up with Edge and Chrome (which can "infuse first-party AI features directly.") But it adds that Firefox's nightly build is also testing some non-AI features, like new task and timer widgets on Firefox's New Tab page. And "In Firefox Labs, there are is an option to enable JPEG XL support, a super-optimised version of JPEG that is gaining traction (despite Google's intransigence).

Other Firefox news:

• There's good news "for users still clinging to Windows 7," writes the Register. Support for Firefox Extended Support Release 115 "is being extended until March 2026."

• Google "can keep paying companies like Mozilla to make Google the default search engine, as long as these deals aren't exclusive anymore," reports the blog It's FOSS News. (The judge wrote that "Cutting off payments from Google almost certainly will impose substantial — in some cases, crippling — downstream harms to distribution partners..." according to CNBC — especially since the non-profit Mozilla Foundation gets most of its annual revenue from its Google's search deal.)

• Don't forget you can now search your tabs, bookmarks and browsing history right from the address bar with keywords like @bookmarks, @tabs, and @history. (And @actions pulls up a list of actions like "Open private window" or "Restart Firefox").

An anonymous reader quotes a report from TechCrunch: WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of "specific targeted users." The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate flaw found in iOS and Macs, which Apple fixed last week and tracks as CVE-2025-43300.

Apple said at the time that the flaw was used in an "extremely sophisticated attack against specific targeted individuals." Now we know that dozens of WhatsApp users were targeted with this pair of flaws. Donncha O Cearbhaill, who heads Amnesty International's Security Lab, described the attack in a post on X as an "advanced spyware campaign" that targeted users over the past 90 days, or since the end of May. O Cearbhaill described the pair of bugs as a "zero-click" attack, meaning it does not require any interaction from the victim, such as clicking a link, to compromise their device.

The two bugs chained together allow an attacker to deliver a malicious exploit through WhatsApp that's capable of stealing data from the user's Apple device. Per O Cearbhaill, who posted a copy of the threat notification that WhatsApp sent to affected users, the attack was able to "compromise your device and the data it contains, including messages." It's not immediately clear who, or which spyware vendor, is behind the attacks. When reached by TechCrunch, Meta spokesperson Margarita Franklin confirmed the company detected and patched the flaw "a few weeks ago" and that the company sent "less than 200" notifications to affected WhatsApp users. The spokesperson did not say, when asked, if WhatsApp has evidence to attribute the hacks to a specific attacker or surveillance vendor.