Technology

Apple will patch a newly discovered iPhone vulnerability that security researchers say hackers have already used to steal data from their victims& devices.

News of the vulnerability dropped Wednesday by security firm ZecOps. Zuk Avraham, the companychief executive, said the firm found the bug last year during a routine investigation. At least six organizations were targeted by attackers as far back as 2018, he said.

Avraham said the bug is in the iPhonedefault Mail app. By sending a specially crafted email to the victimdevice, an attacker can overrun the devicememory, allowing the attacker to remotely run malicious code to steal data from the device, he said.

Worse, the bug doesn&t require any user interaction on the latest version of iOS 13, saidAvraham.

The bug dates back to iOS 6, which was first released in 2012. Avraham later confirmed in a tweet that macOS, which also comes with an in-built Mail app, is not vulnerable.

iPhone vulnerabilities are some of the most valuable bugs for hackers because they are so difficult to find. Some buyers will snap up these highly sought-after bug for as much as $1 million. But because these more sophisticated bugs are so valuable, they are typically only ever obtained by well-resourced threat actors, such as governments. These exploits are often used against their targets, such as criminals or terrorists, in highly precise operations. But some governments are also known to target certain ethnic groups, activists and journalists.

To wit, Avraham said in his blog post that the targets of this attack included staff at a U.S.-based Fortune 500 company and a journalist in Europe. Avraham also did not name the apparent hackers but said that at least one of the attackers was likely a nation state.

When reached, an Apple spokesperson did not immediately comment. Motherboard, which first reported the story, said the bug has been fixed in a beta version of the software, and a fix will be rolled out in an upcoming update.

Until then, high-risk users should disable the Mail app for now.

A year ago, back in the days of in-person conferences, Google officially announced the launch of its Anthos multi-cloud application modernization platform at its Cloud Next conference. The promise of Anthos was always that it would allow enterprises to write their applications once, package them into containers and then manage their multi-cloud deployments across GCP, AWS, Azure and their on-prem data centers.

Until now, support for AWS and Azure was only available in preview, but today, the company is making support for AWS and on-premises generally available. Microsoft Azure support remains in preview, though.

&As an AWS customer now, or a GCP customer, or a multi-cloud customer, […] you can now run Anthos on those environments in a consistent way, so you don&t have to learn any proprietary APIs and be locked in,& Eyal Manor, the GM and VP of engineering in charge of Anthos, told me. &And for the first time, we enable the portability between different infrastructure environments as opposed to what has happened in the past where you were locked into a set of APIs.&

Manor stressed that Anthos was designed to be multi-cloud from day one. As for why AWS support is launching ahead of Azure, Manor said that there was simply more demand for it. &We surveyed the customers and they said, ‘hey, we want, in addition to GCP, we want AWS,& & he said. But support for Azure will come later this year and the company already has a number of preview customers for it. In addition, Anthos will also come to bare metal servers in the future.

Looking even further ahead, Manor also noted that better support for machine learning workloads is on the way. Many businesses, after all, want to be able to update and run their models right where their data resides, no matter what cloud that may be. There, too, the promise of Anthos is that developers can write the application once and then run it anywhere.

&I think a lot of the initial response and excitement was from the developer audiences,& Jennifer Lin, Google CloudVP of product management, told me. &Eric Brewer had led a white paper that we did to say that a lot of the Anthos architecture sort of decouples the developer and the operator stakeholder concerns. There hadn&t been a multi-cloud shared software architecture where we could do that and still drive emerging and existing applications with a common shared software stack.&

She also noted that a lot of Google Cloudecosystem partners endorsed the overall Anthos architecture early on because they, too, wanted to be able to write once and run anywhere — and so do their customers.

Plaid is one of the launch partners for these new capabilities. &Our customers rely on us to be always available and as a result we have very high reliability requirements,& said Naohiko Takemura, Plaidhead of engineering. &We pursued a multi-cloud strategy to ensure redundancy for our critical KARTE service. Google CloudAnthos works seamlessly across GCP and our other cloud providers preventing any business disruption. Thanks to Anthos, we prevent vendor lock-in, avoid managing cloud-specific infrastructure, and our developers are not constrained by cloud providers.&

With this release, Google Cloud is also bringing deeper support for virtual machines to Anthos, as well as improved policy and configuration management.

Over the next few months, the Anthos Service Mesh will also add support for applications that run in traditional virtual machines. As Lin told me, &a lot of this is is about driving better agility and taking the complexity out of it so that we have abstractions that work across any environment, whether itlegacy or new or on-prem or AWS or GCP.&

Facebook today is introducing another feature aimed at making it easier to see whobehind the posts published across Facebook and Instagram. The company says it will now display the location of the Facebook Page or Instagram account with a large audience on every post it shares, so end users have a better understanding of how reliable or authentic the accounts may be. While the feature is described as one designed for overall increased transparency, it will initially launch only in the U.S.

That means Facebook will display the location information for Facebook Pages and Instagram accounts that are based outside the U.S., but that reach large audiences located primarily in the U.S.

The company declined to say how it defines what constitutes a &large& audience or how many accounts would be impacted.

The move is the latest attempt to crack down on outside influence on U.S. politics and elections, following the revelation that Russia-backed content reached as many as 126 million Americans on Facebookplatform during and after the 2016 presidential election.

That led Facebook to implement several new processes around Pages and political ad transparency in the years since.

In August 2018, for example, it implemented a new measure for securing Facebook Pages with large U.S. followings in order to make it more difficult for people to administer a Page using a fake or compromised account. This process involved having Facebook Page managers secure their accounts and verify their location. By December 2018, this &People Who Manage This Page& section had rolled out to all Facebook Pages with a large audience.

Facebook last year made this section easier to find by adding it to the Home tab on every Page, and expanded the feature to those who managed Pages with large audiences in India, Indonesia and the EU, as well.

Similar authentication and verification tools were also rolled out to Instagram in 2018.

The new feature arriving today is an expansion on those earlier efforts, as it will display the location of the Page or Instagram Account directly beneath their Page or Account name on the posts they share. This will read &Poster based in…& followed by their country on posts published on Facebook and &Based in…& on those published to Instagram.

Users will also be able to access an informational pop-up about the Page or Account which further explains that the person or account who posted this content and many of its followers are based in different locations. The message will also state that Facebook or Instagram is providing this information because some accounts attempt to mislead people about where they&re based.

This is a significant change compared with providing this location information somewhere more buried on the Facebook Page or profile, where it can be easily overlooked. And because it follows the account as the post is shared, it could cut down on the viral re-sharing of misleading information.

However useful, this feature will only be the latest volley in an ongoing war with often state-sponsored propaganda bot networks aimed at misleading Americans. As Facebooksystems evolve, so will the bot networks& tactics. They&ll find new ways to fake their location as being U.S.-based…or simply being based outside of Russia. In fact, Russian trolls had already outsourced some of their propaganda efforts to Africa, a recent investigation found. And the battle will continue.

Facebook says itpiloting the new location transparency feature in the U.S. now and is exploring ways to bring this transparency to more places on Facebook Pages and Instagram Profiles. The feature is live now on Facebook and rolling out currently on Instagram.

As part of its 90-day plan to enhance the security and privacy capabilities of its platform, Zoom has announced a number of new security enhancements as well as the general availability of Zoom 5.0.

The biggest of which is the addition of support for AES 256-bit GCM encryption which will provide increased protection for meeting data and resistance

Itlaunch day for yet another batch of Starlink satellites, which will bring the total launched by SpaceX to 422. With each launch, thererenewed discussion around the impact the growing constellation of low Earth orbit small satellites has on night-sky visibility and scientific research, and SpaceX has said itmaking changes to attempt to address those concerns. Now, SpaceX CEO Elon Musk has provided some more detail about some of the latest measures his company is taking to minimize Starlinkimpact on nighttime sky observation.

In response to a question about why the Starlink satellites have seemed to be even more visible and brighter in recent weeks, prompting many reports of them being spotted by more individuals, Musk said that this was due to the angle of the satellites& solar panels during their orbital raise and parking maneuvers, and said that a fix is being deployed to address this &now.&

All satellites will also be equipped with &sunshades& starting with the ninth Starlink launch, which is still three launches away from the one thathappening later today (Starlink 6). These will be made from &a special dark foam thatextremely radio transparent,& which is important for the constellationmain purpose of transmitting broadband internet connectivity to ground stations for use by customers on Earth.

SpaceX had previously discussed testing painting the Earth-facing side of Starlink satellites black in order to cut down their reflectivity, but this foam approach sounds like an additional measure that could go further. Ultimately, SpaceX anticipates launching many thousands of these small satellites, so itunlikely that the controversy around their impact on scientific observation is going anywhere soon, unless some of these measures really do significantly alter their nighttime visibility.

Given the coronavirus-led lockdown has disrupted supply chain and manufacturing lines in China, many companies have altered their product plans –and according to a new report, Apple is also delaying the launch of its 5G powered Apple iPad Pro to 2021.

The Cupertino-based tech giant had planned to launch the next-gen iPad around the end of this