Feed aggregator

Apple Claims 'Most Significant Upgrade to Memory Safety' in OS History

Slashdot.org - Sun, 09/14/2025 - 17:10
"There has never been a successful, widespread malware attack against iPhone," notes Apple's security blog, pointing out that "The only system-level iOS attacks we observe in the wild come from mercenary spyware... historically associated with state actors and [using] exploit chains that cost millions of dollars..." But they're doing something about it — this week announcing a new always-on memory-safety protection in the iPhone 17 lineup and iPhone Air (including the kernel and over 70 userland processes)... Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry... For Apple, improving memory safety is a broad effort that includes developing with safe languages and deploying mitigations at scale... Our analysis found that, when employed as a real-time defensive measure, the original Arm Memory Tagging Extension (MTE) release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022. More importantly, our analysis showed that while EMTE had great potential as specified, a rigorous implementation with deep hardware and operating system support could be a breakthrough that produces an extraordinary new security mechanism.... Ultimately, we determined that to deliver truly best-in-class memory safety, we would carry out a massive engineering effort spanning all of Apple — including updates to Apple silicon, our operating systems, and our software frameworks. This effort, together with our highly successful secure memory allocator work, would transform MTE from a helpful debugging tool into a groundbreaking new security feature. Today we're introducing the culmination of this effort: Memory Integrity Enforcement (MIE), our comprehensive memory safety defense for Apple platforms. Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies. MIE is built right into Apple hardware and software in all models of iPhone 17 and iPhone Air and offers unparalleled, always-on memory safety protection for our key attack surfaces including the kernel, while maintaining the power and performance that users expect. In addition, we're making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that we released earlier this year during WWDC... Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products. Because of how dramatically it reduces an attacker's ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.

Read more of this story at Slashdot.

Japan Sets Record: Nearly 100,000 People Aged Over 100

Slashdot.org - Sun, 09/14/2025 - 15:34
The oldest person living in Japan is 114 years old, reports the BBC. But "The number of people in Japan aged 100 or older has risen to a record high of nearly 100,000, its government has announced." Setting a new record for the 55th year in a row, the number of centenarians in Japan was 99,763 as of September, the health ministry said on Friday. Of that total, women accounted for an overwhelming 88%... Health minister Takamaro Fukoka congratulated the 87,784 female and 11,979 male centenarians on their longevity and expressed his "gratitude for their many years of contributions to the development of society".... The higher life expectancy is mainly attributed to fewer deaths from heart disease and common forms of cancer, in particular breast and prostate cancer. Japan has low rates of obesity, a major contributing factor to both diseases, thanks to diets low in red meat and high in fish and vegetables. The obesity rate is particularly low for women, which could go some way to explaining why Japanese women have a much higher life expectancy than their male counterparts... But it's not just diet. Japanese people tend to stay active into later life, walking and using public transport more than elderly people in the US and Europe... However, several studies have cast doubt on the validity of global centenarian numbers, suggesting data errors, unreliable public records and missing birth certificates may account for elevated figures. A government audit of family registries in Japan in 2010 uncovered more than 230,000 people listed as being aged 100 or older who were unaccounted for, some having in fact died decades previously. The miscounting was attributed to patchy record-keeping and suspicions that some families may have tried to hide the deaths of elderly relatives in order to claim their pensions.

Read more of this story at Slashdot.

African Island Demanding Government Action Punished with Year-Long Internet Outage

Slashdot.org - Sun, 09/14/2025 - 13:34
"When residents of Equatorial Guinea's Annobón island wrote to the government in Malabo in July last year complaining about the dynamite explosions by a Moroccan construction company, they didn't expect the swift end to their internet access..." reports the Associated Press. "Residents and activists said the company's dynamite explosions in open quarries and construction activities have been polluting their farmlands and water supply..." Dozens of the signatories and residents were imprisoned for nearly a year, while internet access to the small island has been cut off since then, according to several residents and rights groups. Local residents interviewed by The Associated Press left the island in the past months, citing fear for their lives and the difficulty of life without internet. Banking services have shut down, hospital services for emergencies have been brought to a halt and residents say they rack up phone bills they can't afford because cellphone calls are the only way to communicate... The company's work on the island continues. Residents hoped to pressure authorities to improve the situation with their complaint in July last year. Instead, [the country's president] then deployed a repressive tactic now common in Africa to cut off access to internet to clamp down on protests and criticisms.

Read more of this story at Slashdot.

America's FTC Opens New Probe into Amazon and Google Advertising Practices

Slashdot.org - Sun, 09/14/2025 - 12:34
America's Federal Trade Commission is investigating whether Amazon and Google misled advertisers placing ads on their websites, reports Bloomberg, and specifically whether the two companies "properly disclosed the terms and pricing for ads." The FTC is seeking details about Amazon's auctions and whether it disclosed "reserve pricing" for some search ads — price floors that advertisers must meet before they can buy an ad, the people said. Separately, the FTC is examining practices by Google, including its internal pricing process and whether it increased the cost of ads in ways that weren't disclosed to advertisers, the people said... According to one of the people, the FTC's latest investigation emerged from its earlier antitrust case. In that complaint, the agency alleges that Amazon litters its marketplace with irrelevant results for search queries, making it harder for shoppers to find what they are looking for and more expensive for sellers to use the platform. The practice effectively forces sellers to buy ads to make their product appear in response to consumer searches.

Read more of this story at Slashdot.

Can Lab-Grown Coral Restore Reefs Damaged By Climate Change?

Slashdot.org - Sun, 09/14/2025 - 11:34
Many coral reefs "have now turned ghostly white," reports CBS News — and "a major culprit is climate change." SFGate adds that more than 50% of the world's coral reefs have been lost, mostly over the past 10 years, according to coral reef scientist Rebecca Albright at the California Academy of Sciences. "If changes aren't made soon, 90% to 99% of the coral reefs that are remaining could be deteriorated by 2050, Albright said..." But CBS News notes that Albright's lab is the first in America to successfully spawn coral to regenerate the reefs: The lab is mastering the art and science of creating baby corals, and the scientists have brought their expertise into the wild. The location: the second-largest reef in the world, known as the Mesoamerican Reef, stretching some 700 miles along the coasts of Mexico, Belize, Guatemala, and Honduras... Armed with test tubes, the scientists quickly dove into the water and collected the tiny packets of gametes. Back on land, the eggs were fertilized, incubated, and then brought back into the wild. "Then we planted over 3,000 baby corals back to the reef," explained Albright. The baby corals are now two months old. The Roatan staff will dive in a few months to see how many survived. Scientists are worried because bleaching events "are becoming more common," notes SFGate, "happening more frequently and affecting more parts of the world... The most current event was confirmed on April 15, 2024, and is still ongoing, impacting approximately 84% of the world's coral reefs as of August 31. "It has been documented in at least 83 countries and territories."

Read more of this story at Slashdot.

Microsoft Escapes EU Competition Probe by Unbundling Teams for Seven Years, Opening API

Slashdot.org - Sun, 09/14/2025 - 10:34
TechCrunch reports: Thanks to a pledge to unbundle its corporate messaging app Teams from its productivity suites, Microsoft has managed to slip unscathed through a major antitrust investigation by the European Commission that could have resulted in massive fines for the tech giant. The Commission on Friday okayed Microsoft's concessions to address the EU's competition concerns over the company including Teams along with the rest of its Office productivity suite for free, concluding a multi-year investigation that was sparked by complaints from rival office messaging app Slack in 2020. Microsoft has promised that for the next seven years, it will provide Microsoft 365 and Office 365 without Teams at a lower price and will let customers choose whether they want to pay more to add the collaboration app to the suites... Microsoft is voluntarily offering some versions of both its productivity suites without Teams at a 50% lower price compared to versions that bundle the app, worldwide. And Microsoft dodged punitive measures and a big fine, as the Commission's penalties for breaching competition rules can reach up to 10% of annual global revenue — which, considering the tech giant last year recorded $245 billion in revenue, would have been truckloads of money. The article adds one more interesting detail. "The Commission has also managed to get Microsoft to agree to open up its APIs to enable interoperability for key features between its suite and third-party messaging and collaboration tools, as well as let them export their data out of teams for the next five years..." The Commission's official announcement says this will "open up the market for other providers of communication and collaboration tools in Europe." And Microsoft will also allow customers with long-term licenses the option of switching to a suite switch without Teams...

Read more of this story at Slashdot.

Most Earth-Like Planet Yet May Have Been Found Just 40 Light Years Away

Slashdot.org - Sun, 09/14/2025 - 09:34
One of the worlds in the TRAPPIST-1 system, a mere 40 light-years away, just might be clad in a life-supporting atmosphere," reports ScienceAlert. "In exciting new JWST observations, the Earth-sized exoplanet TRAPPIST-1e shows hints of a gaseous envelope similar to our own, one that could facilitate liquid water on the surface." Although the detection is ambiguous and needs extensive follow-up to find out what the deal is, it's the closest astronomers have come yet in their quest to find a second Earth... [T]he first step is finding exoplanets that are the right distance from their host star, occupying a zone where water neither freezes under extreme cold nor evaporates under extreme heat. Announced in 2016, the discovery of the TRAPPIST-1 system was immediately exciting for this reason. The red dwarf star hosts seven exoplanets that have a rocky composition (as opposed to gas or ice giants), several of which are bang in the star's habitable, liquid water zone... Red dwarf stars are also much more active than Sun-like stars, rampant with flare activity that, scientists have speculated, may have stripped any planetary atmospheres in the vicinity. Closer inspections of TRAPPIST-1d, one of the other worlds in the star's habitable zone, have turned up no trace of an atmosphere. But TRAPPIST-1e is a little more comfortably located, at a slightly greater distance from the star... [T]he spectrum is consistent with an atmosphere rich in molecular nitrogen, with trace amounts of carbon dioxide and methane. This is pretty tantalizing. Earth's atmosphere is roughly 78 percent molecular nitrogen. If the results can be validated, TRAPPIST-1e might just be the most Earth-like exoplanet discovered to date. That is not a small if, though. Luckily, more JWST observations are in the pipeline, and the researchers should be able to validate or rule out an atmosphere very soon. After analyzing four transits of TRAPPIST-1e across TRAPPIST-1, "We are seeing two possible explanations," says astrophysicist Ryan MacDonald of the University of St Andrews in the UK. "The most exciting possibility is that TRAPPIST-1e could have a so-called secondary atmosphere containing heavy gases like nitrogen. "But our initial observations cannot yet rule out a bare rock with no atmosphere..." Astrophysicist Ana Glidden of MIT led the second team interpreting the results, and says "We are really still in the early stages of learning what kind of amazing science we can do with Webb. It's incredible to measure the details of starlight around Earth-sized planets 40 light-years away and learn what it might be like there, if life could be possible there." "We're in a new age of exploration that's very exciting to be a part of."

Read more of this story at Slashdot.

Facebook Begins Sending Settlement Payments from Cambridge Analytica Scandal Soon

Slashdot.org - Sun, 09/14/2025 - 06:34
"Facebook users who filed a claim in parent company Meta's $725 million settlement related to the Cambridge Analytica scandal may soon get a payment," reports CNN, since "on August 27, the court ordered that settlement benefits be distributed." It's been over two years since Facebook users were able to file claims in Meta's December 2022 settlement. The class-action lawsuit began after the social media giant said in 2018 that as many as 87 million Facebook users' private information was obtained by data analytics firm Cambridge Analytica... Meta was accused of allowing Cambridge Analytica and other third parties, including developers, advertisers and data brokers, to access private information about Facebook users. The social media giant was also accused of insufficiently managing third-party access to and use of user data. Meta did not admit wrongdoing as part of the settlement. Following the Cambridge Analytica incident, Facebook restricted third-party access to user data and "developed more robust tools" to inform users about how data is collected and shared, according to court documents... Any US Facebook user who had an active account between May 24, 2007, and December 22, 2022, was eligible to file a claim, even if they have deleted the account. The deadline to file was August 25, 2023. Almost 29 million claims were filed and about 18 million were validated as of September 2023, according to Meta's response in a 2024 legal document... Payments will either be sent directly to the bank account provided on the claim form, or via PayPal, a virtual prepaid Mastercard, Venmo or Zelle. Unsuccessful or expired payments will receive a "second chance email" to update the payment method.

Read more of this story at Slashdot.

Syndicate content
Comment