Connect with us

Tech

That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says – Ars Technica

Published

on


Apple is disputing the accuracy of this week’s report that found attackers have been exploiting an unpatched iOS bug that allowed them to take full control of iPhones.

San Francisco-based security firm ZecOps said on Wednesday that attackers had used the zero-day exploit against at least six targets over a span of at least two years. In the now-disputed report, ZecOps had said the critical flaw was located in the Mail app and could be triggered be sending specially manipulated emails that required no interaction on the part of users.

Apple declined to comment on the report at the time. Late on Thursday night, however, Apple pushed back on ZecOps’ findings that (a) the bug posed a threat to iPhone and iPad users and (b) there had been any active exploit at all. In a statement, officials wrote:

Apple takes all reports of security threats seriously. We have thoroughly investigated the researcher’s report and, based on the information provided, have concluded these issues do not pose an immediate risk to our users. The researcher identified three issues in Mail, but alone they are insufficient to bypass iPhone and iPad security protections, and we have found no evidence they were used against customers. These potential issues will be addressed in a software update soon. We value our collaboration with security researchers to help keep our users safe and will be crediting the researcher for their assistance.

A fair number of independent researchers have also questioned the ZecOps conclusion. Generally, the critics said that the evidence ZecOps based its findings on wasn’t persuasive. The disputed findings were based on evidence that the malicious emails were deleted, presumably to hide attacks, but that data that remained in logs indicated the deletions and crashes were the result of an exploit.

The critics said if the exploit was able to delete the emails it would have been able to delete the crash log data as well. The critics said that failure and some technical details contained in the ZecOps report strongly suggested the flaw was a more benign bug that got triggered by certain types of emails. Also skeptical, the critics said, is that an advanced exploit would cause a crash at all. Those doubts have continued ever since.

HD Moore, vice president of research and development at Atredis Partners and an expert in software exploitation, told me on Friday:

It looks like ZecOps identified a crash report, found a way to reproduce the crashes, and based on circumstantial evidence assumed this was being used for malicious purposes. It sounds like after he reported it to Apple, Apple investigated, found out these were just crash bugs, and that shuts the door on this being actually in-the-wild-exploitation of a new iOS zero-day.

It could be Apple is wrong, but given their sensitivity to this stuff, they probably did a decent job of investigating it. Through the grapevine I heard that the internal security team that handled this investigation at Apple was pissed off about it, since ZecOps went straight to press before they had a chance to review.

Other critics have delivered their critiques on Twitter.

“Looks like you have a real vuln but the evidence of exploitation looks weak… and no info in your post on post-exploitation chaining to lead to info disclosure or code execution,” researcher Rich Mogul wrote. “Any update you can share? Pretty big claim of a no-click mail 0-day being used.”

While Mogul left open the possibility of a real-world exploitation of a vulnerability, he said ZecOps didn’t provide adequate proof to rule out an intentional bug crash. Another criticism is here.

ZecOps, meanwhile, appeared to stand by its report, saying on Twitter:

According to ZedOps data, there were triggers in-the-wild for this vulnerability on a few organizations. We want to thank Apple for working on a patch, and we’re looking forward to updating our devices once it’s available. ZecOps will release more information and POCs once a patch is available.

ZecOps said that based on the data collected on iPhones it believes were exploited, company researchers were able to write a proof-of-concept exploit that took full control of fully updated devices. ZecOps has declined to publish the exploit or other data until Apple releases a fix for the bug. Apple has already released the patch for a beta version of the upcoming 13.4.5, and as Thursday night’s statement said, the company plans make it generally available soon.

The controversy, Apple’s denial, and the rarity of zero-click vulnerabilities in iOS are certainly reasons for skepticism. It will be worth reviewing the additional information ZecOps has pledged to publish once Apple releases a fix.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Ford Announces Return of the Mustang Mach 1 for 2021 If the Mach 1 proves to be a step up from the Bullitt it’s more or less replacing, we can expect some fireworks – Auto123.com

Published

on



After much speculation, the Ford Mustang Mach 1 is officially back. Ford made the announcement today, adding some extra sunshine to the upcoming weekend for fans of the model.

And according to Dave Pericak, Mustang program director, we’re in for “the most track-capable 5.0-liter Mustang ever.” Considering how well the Mustang GT Performance Pack 2 has been received, that’s a bold statement. However, the company confirms the 2021 Ford Mustang Mach 1 will be the range-topping 5-litre Mustang next year.

 Note, however, that it will be sold in limited quantities.

Beyond that, few other details have been divulged at this point. The model was seen – and photographed by Ford – on the test track test, but the front and rear ends were camouflaged. Still, some differences were discernible, the most obvious being the circular air intakes of the Mach 1, located inside the grille where the headlights were placed… back in 1969. In addition, the upper and lower grilles have a unique honeycomb mesh pattern.

At the rear, we can see massive exhaust pipes and a spoiler that looks a lot like that of the Shelby GT350. In addition, like the latter, the Mach 1 is fitted with Michelin Pilot Sport Cup 2 tires, with 305/30R19 ultra-grip rubber up front. Brembo brakes come as no surprise.

Auto123 launches Shopicar! All new makes and models and all current promotions.

2021 Ford Mustang Mach 1, rear

The most persistent speculation is that this Mach 1 will replace the Bullitt in the range as a limited-production model. This could mean that the Mach 1 will be equipped with the Bullitt’s 5.0L V8 engine, a block that develops 480 hp, or 20 more than the standard GT version – all thanks to an intake manifold derived from that of the GT350.

As for price, nothing was announced today. Going by precedent, we can expect a price tag somewhere between that of the GT and Shelby models. This could mean that the Mach 1 will be priced similar to the Bullitt. Also, if the other rumour about the GT350 version being removed from the catalogue is confirmed, it could leave Ford more leeway in terms of performance and price.  

A lot remains unknown, therefore, but one known known is that a lot of folks’ ears have just perked up.

The next generation of the Mustang is expected somewhere in 2022, probably as a 2023 model, unless Ford decides to move it up a year ahead of schedule.

2021 Ford Mustang Mach 1, Brembo brake

2021 Ford Mustang Mach 1, Brembo brake

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Spaced desks, one-way halls, voice technology — your post-COVID-19 office will look much different – TheChronicleHerald.ca

Published

on





The Office is Over

is a collection of Post stories looking at the how the pandemic has changed the view of the office.


As Canadians gear up to return to work, employers are putting into place a wide range of safety protocols to protect their workplaces from the threat of COVID-19.


As a result, offices in a post-pandemic world could look very different from before, experts say. And they might stay that way.


“There’s going to be a forced evolution at the office,” said Evan Hardie, who researches the future of work at Canadian workplaces.


Returning employees could see a host of changes, including spaced desks, personal lockers, voice-automated technology, staged areas for elevators and one-way hallways, Hardie said. They may also have to follow new protocols such as varying shifts, cleaning surfaces after usage, and wearing PPE to the office.


Some employees may never return to the office again, Hardie said, as companies who have been forced to develop technology for remote work during the pandemic may not be able to afford the new cost of renovating their spaces.


Yet all this doesn’t necessarily mean the end of the traditional office tower, according to Lisa Fulford-Roy, vice president with Toronto commercial real estate giant CBRE. “I think this is going to shine a lens on how can we be smarter about the spaces we’re creating for people to occupy safely and healthily and productively,” she said.


PHYSICAL LAYOUT


According to experts, the biggest challenge for firms will be having to redesign spaces that have been in place for decades, to allow for physical and social distancing rules.


Since the last economic downturn, companies have been following an open office trend, where “essentially everybody’s sitting really close to each other,” Hardie said, to allow for more communication. “I think we’re going to see a change there, where you’re going to have employees spaced out, they won’t maybe be facing each other in the office too.”


To maintain physical distancing rules, companies are considering spaced desks, one-way hallways, and the reconfiguration of common areas like kitchens, utility rooms and staging areas for elevators. Gensler, an American architecture firm, has released ‘ReRun,’ a tool which reconfigures your office’s existing floor plan to optimize physical distancing conditions, using computer algorithms.


Under new set-ups, workers may also be asked to come into the office at different times and bring their own equipment.


“Keyboards, mice, headsets, those things are going to be personal accessories now,” said Hardie. “So you’ll have either a locker at the office that you can lock yourself or you’re hauling it back and forth every day.”

Many workplaces could follow in the path of major tech companies and restructure their work environments from headquarters to hubs. “Rather than having a head office where the majority of their workforce is in one central location, firms may opt for regional hubs,” Hardie said.

Christian Paquette, a labour employment lawyer, said he’s gotten many questions from companies. These range from how to implement policies on shared rooms, to the nitty gritty details around personal garbage bins, ventilation systems, eating utensils, and desired cubicle heights.

“I think, ironically, one challenge for employers might be that some may not have sufficient space anymore because of social distancing,” he said. “They may need to find more space in some cases, or put an emphasis on some parts of their workspaces and less on others.”


WORK POLICY

At the beginning of May, Paquette and a colleague released a list of

key guidelines

for employers looking to incorporate COVID-19 requirements into their work policies.

“There needs to be clear lines of communication,” said Paquette. The article recommended that employers form a “dedicated, multi-disciplinary team” to monitor the workplace reopening and conduct risk assessments; create a contingency plan in case of a shutdown; and open a communication channel keeping employees informed of the measures being put in place and any changes thereafter.

Employers also need to develop a procedure to address attendance issues and work refusals, such as those for “employees who are afraid to return or may face special circumstances” such as compromised immunity or child or elder care obligations.

Mohammad

Abdoli-Eramaki, who teaches occupation health and safety at Ryerson University, emphasized the need for a system that monitors individuals, to identify those at risk of spreading the virus.


“The issue with COVID-19 is that it’s not identifiable,” he said, which in turn makes it difficult to determine certain hot spots in a workplace where exposure to the virus is increased. Ergo, “there should be a system in place where (the individual) monitors (themselves) … and if (they) don’t follow the policy, someone else does (monitor them).”

Paquette said it ultimately comes down to the level of risk each employer faces.

“For instance, (if) you have a proven outbreak in a work environment, that may justify different measures than an office space where people are not in close quarters (and) where other types of measures can really be put in place that are much less intrusive, like social distancing and self-reporting,” he said.


TECHNOLOGY

The pandemic has forced several workplaces to hastily upgrade and/or invest in technology to allow for people working remotely. On one hand, for those coming back to the office, employers might continue to make investments to keep the office accessible and safe, such as voice and automation technology.

“The ability to not have to touch everything in the office, to have technology that steps in, either through automation or through your voice, allows you to take your hands off a lot of things that you would have been touching in the past,” said Hardie. Companies looking to track employee movements could do so via keycard access, or by using technology that produces heat maps and monitors social distancing.

On the other hand, companies who have already invested in technology that supports remote work may find the additional investments too costly. “They may well say, okay we’ve made this major investment on ramping everybody up for home office, so maybe we’ll wait until we figure out a good plan of attack for the actual office itself’,” explained Hardie.


ALTERNATIVES TO THE OFFICE

For employers who have successfully adapted to working from home during the pandemic, there may no longer be a need for an office anymore, said Allison Cowan, director of capital of the Conference Board of Canada.

“They are seeing advantages in the long term, such as real estate savings, benefits from commuting, benefits for employee heath,” she said. Several large companies such as Twitter and

Open Text

have already asked staff to continue working remotely indefinitely, while others like BMO have confirmed they are looking into hybrid schemes that would combine the office with remote work opportunities.

For some companies, that might mean rethinking their current spaces, for others it might mean letting go of their leases entirely and opting for flexible alternatives, i.e., rentable co-working spaces.

Kevin Penstock is the CEO of The Profile, a Vancouver company that offers rental co-working spaces. He said he’s been receiving a lot of calls. “There’s no question (that demand for these spaces will go up),” he said. “People are going to try and figure out how to get all their staff in their offices downtown, half the people will be stuck at home, these companies are going to need this type of select space.”

Penstock has rolled out a

multi-phased plan

for the reopening of his spaces, which includes modified shared spaces (two-person tables instead of five), the phased return of members, physical distancing signage, health screenings and a new cleaning regimen.

The challenge, he said, will be catering to demand despite the limits on the number of people per shared space, as well as monitoring those who flout the rules. “We can ask people to start doing some shift work,” he said. “Then we’re going to have to start sharing the space in a way that’s a bit different than we’re used to.”

However, while the demand for traditional offices may go down, it won’t entirely disappear, according to Fulford-Roy of

CBRE. That’s because

people miss the social element that comes with working at an office.

“There may be subsets of employees or departments where (working remotely) might be suitable”, she said. “But I think, for the most part, we’re missing our colleagues, we’re missing the interaction.”


“It’s going to be less about changing the landscape of engagement and productivity. (Instead) it’s going to be a lens of how do we do that safely?”

Copyright Postmedia Network Inc., 2020

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Ford is bringing back the Mustang Mach 1 for 2021 – Driving

Published

on


Seventeen years after the last Mustang Mach 1 rode off into the sunset, Ford is bringing back that storied nameplate for 2021.

There’s no EcoBoost four-cylinder here, of course. It’s 5.0L V8 all the way, and Ford said the new Mach 1 will be the “most track-ready 5.0L Mustang ever.”

The automaker has only unveiled teaser images for now, but we’re seeing huge quad pipes, Brembo brakes behind 19-inch wheels wrapped with Pilot Sport Cup 2 performance tires, and honeycomb grilles, but with round inlets that are mindful of the lights on the first Mach 1 of 1969.

That first Mach 1 came stock with a 351-cubic-inch (5.7-L) V8 that made 250 horsepower, with two optional V8s. That was matched to a GT handling suspension for improved performance.

Exactly what 5.0L V8 the 2021 Mach 1 will get is still up in the air. For 2020, Ford offers 460 horses in the GT; 480 hp in the Bullitt; and moving up to the Shelby models, you get 526 hp in the GT350, and 760 hp in the supercharged GT500.

The Mach 1 was traditionally Mustang’s step between the base cars and the top-of-the-powerband models. The Bullitt has come and gone before, and both it and the GT350 are slated for the chopping block at the end of this model year. That would logically slide the Mach 1 between the GT and GT500, and give it bragging rights as the most powerful naturally-aspirated eight-cylinder.

The original Mach 1 debuted for 1969, and continued through when the Mustang grew larger and longer for 1971. It also made the transition to the smaller, all-new Mustang II in 1974, but was discontinued in 1978. It returned for the 2003 and 2004 model years as a retro-style edition with 4.6L V8 making 302 horsepower, and with a stick shift or automatic transmission.

Let’s block ads! (Why?)



Source link

Continue Reading

Trending