Linked List: September 15, 2021

Wednesday, 15 September 2021

I enjoy that I’m credited in the headline simply as “expert”. I’ll take that.

The Old Last-Minute Hardware Design Switcheroo ★

Killian Bell, writing at Cult of Mac:

Apple Watch Series 7 is not the upgrade most of us expected to see from Tuesday’s Apple event. The new model doesn’t sport the big design refresh multiple sources said was coming. It doesn’t even pack a new chip.

Is this the upgrade Apple wanted to deliver this year? Or is it a last-minute substitution that Cupertino had to settle on because the refresh it really wanted to deliver just wasn’t ready to roll out?

Based on the evidence, we’re going to say it’s the latter.

The only way this could be funnier is if Bell included the theory that perhaps Apple changed the hardware at the last minute because the flat-edge designs leaked.

This is not how hardware works. These designs are set long in advance. In fact, from what I’ve heard, the flat-edge watch designs might be legitimate leaks, but they’re next year’s designs. That’s how far in advance Apple works on hardware — they were already in the advanced stages of designing the 2022 Apple Watches months ago. (Aesthetically, I am not sold on a flat-edge design for the watch. The round edges are iconic and organic.)

You can argue that Series 7 is a marginal upgrade over Series 6, but with an all-new screen (brighter and bigger), all-new crystal (more durable), and 33 percent faster charging, there are upgrades, and none of them could be slapped together.

NSO Group iMessage Zero-Click Exploit Captured in the Wild, Patched by Apple ★

Citizen Lab:

In March 2021, we examined the phone of a Saudi activist who has chosen to remain anonymous, and determined that they had been hacked with NSO Group’s Pegasus spyware. During the course of the analysis we obtained an iTunes backup of the device.

Recent re-analysis of the backup yielded several files with the “.gif” extension in Library/SMS/Attachments that we determined were sent to the phone immediately before it was hacked with NSO Group’s Pegasus spyware.

Because the format of the files matched two types of crashes we had observed on another phone when it was hacked with Pegasus, we suspected that the “.gif” files might contain parts of what we are calling the FORCEDENTRY exploit chain.

Citizen Lab forwarded the artifacts to Apple on Tuesday, September 7. On Monday, September 13, Apple confirmed that the files included a zero-day exploit against iOS and MacOS. They designated the FORCEDENTRY exploit CVE-2021-30860, and describe it as “processing a maliciously crafted PDF may lead to arbitrary code execution.”

The files with the “.gif” extension weren’t actually GIF files — they were carefully-crafted malformed PSD and PDF files that triggered image processing bugs. What makes attacks like this particularly dastardly is that the victim apparently doesn’t even see anything. It’s invisible.