With the recent release of iOS 16.1, Apple noted that CVE-2022-32929 was addressed: Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access iOS backups Description: A permissions issue was addressed with additional restrictions. CVE-2022-32929: Csaba Fitzl (@theevilbit) of Offensive Security What’s odd is that the wording of the issue indicates that an app on iOS can access backups, but backups are stored on the paired Mac....

Prior to iOS 16, storing credentials and then authenticating the user to authorize the use of said credential was cumbersome. First, you needed to create keychain queries for your CRUD operations which included ACLs. Second, you needed to create the credential (e.g. key pair) yourself and that was error prone (you could create the wrong kind and not be able to store it in the secure enclave). Lastly, you needed to deal with CoreFoundation objects instead of pure Objective-C/Swift objects....

WWDC this year was a hybrid event with media and select developers watching the pre-recorded keynote from Apple Park (and getting access to the new Developer Center) while the rest of us watched online. Tours of the Developer Center showed off some really nice conference rooms, workspaces, and a theater. Overall, seems like Apple is putting money down to try to win over developer perception as the current looming legal and regulatory pressure continue to eat away at developer trust in Apple....

While Apple is trying to convince its employees to return to the office, it’s also that time of year when the fruits of their labor are shared with the rest of the world. This year, there is a special event: the unveiling of the Developer Center. This may be a sign that next year that the event will be in person, but, I think that outside of the talks (those can still be prerecorded), Apple should focus on having the week just be labs and hands on time with their engineers so that those who cannot afford the trip can still enjoy what has been a good conference experience remotely (thanks COVID)....

The time has finally come. After years of removing features and reducing the overall value of the product, Apple has finally discontinued macOS Server. Going forward, it appears that the Server app will not function with the next release of macOS and users leveraging the last two features (Profile Manager and Open Directory) will need to move to other implementations. For Profile Manager, you’ll need to invest in a MDM vendor for Zero Touch configuration....