iOS 12 Requires Biometrics Before Autofilling Passwords by Muhammad Amir Ayub

From iMore:

While Apple introduced iCloud Keychain year ago, the lack of any authentication check always prevented me from using it. I just never wanted to have to worry about handing my phone to a stranger in an emergency or even a friend at a conference and also handing them all my logins and credit cards.

iPhone X introduced Face ID as an authentication check, and that was great… but only for iPhone X. Now, iOS 12 adds Touch ID to the system as well, and that means iCloud Keychain is finally a first-class password manager.

If you’re already using a third-party password manager, Apple’s integrating those into the auto-fill system as well, so now it’s win/win all around.

This wasn't mentioned in the previous article I quoted from, but this is something new I've definitely noticed and appreciate. Before, if someone had already unlocked your device, they'd have the access to your passwords because there was no added layer of security before it autofills passwords. Now, you'd have to authenticate with biometrics first (either Touch ID/Face ID) before  iOS fills in the password.

And finally, you can control your flashlight via Siri!

Third-Party macOS Security Tools Vulnerable to Malware Code-Signing Bypasses (since 2007) by Muhammad Amir Ayub

From Macrumors:

Hackers have had an “easy way” to get certain malware past signature checks in third-party security tools since Apple’s OS X Leopard operating system in 2007, according to a detailed new report today by Ars Technica. Researchers discovered that hackers could essentially trick the security tools — designed to sniff out suspiciously signed software — into thinking the malware was officially signed by Apple while they in fact hid malicious software.


The researchers said that the signature bypassing method is so “easy” and “trivial” that pretty much any hacker who discovered it could pass off malicious code as an app that appeared to be signed by Apple.


Developer Patrick Wardle spoke on the topic, explaining that the bypass was due to ambiguous documentation and comments provided by Apple regarding the use of publicly available programming interfaces that make digital signature checks function: “To be clear, this is not a vulnerability or bug in Apple’s code... basically just unclear/confusing documentation that led to people using their API incorrectly.” It’s also not an issue exclusive to Apple and macOS third-party security tools, as Wardle pointed out: “If a hacker wants to bypass your tool and targets it directly, they will win.”

For its part, Apple was said to have stated on March 20 that it did not see the bypass as a security issue that needed to be directly addressed. On March 29, the company updated its documentation to be more clear on the matter, stating that “third-party developers will need to do additional work to verify that all of the identities in a universal binary are the same if they want to present a meaningful result.”

It looks like a case where human engineering fooled the so-called security programs (and not helped by Apple's usually not so helpful documentation). All the more reasons that for the Mac, trusting the built in security is the way to go for the most part. You've already paid a premium for the hardware.

Try out Backblaze for free and protect your precious files.

iOS 12 Tidbits From Macstories by Muhammad Amir Ayub

Previously available only on 3D Touch-enabled iPhones or with a two-finger swipe on the iPad’s keyboard, trackpad mode can be activated in a much easier way in iOS 12: just tap & hold on the space bar until the keyboard becomes a trackpad. This mode (seemingly inspired by Gboard and other custom keyboards with a similar implementation) gives owners of iPhones without 3D Touch a way to more precisely control the cursor in text fields.

I've been a heavy user of the 3D Touch cursor control when typing and now can't live without it. The long press is an excellent way to access it for non-3D Touch devices.

If you write longform content on an iPad, or if you want to always make a great impression with your ‘Sent from iPhone’ emails, iOS 12 has just the feature for you: a built-in thesaurus that lives alongside the system dictionary.

Having the thesaurus built in is excellent too. I always use it on the Mac.

For the past couple of years, iOS has offered a native Markup mode to annotate images and PDF documents. Initially rolled out for Notes and Mail, this feature eventually expanded to QuickLook for document previews as well as screenshots. In iOS 12, Apple is making Markup mode more powerful by adding new drawing options and a color picker with 120 color choices.

One of the weaknesses of the recent iOS releases were the very limited color choices during Markup. My children like to draw and scribble in Notes and were not happy when the color palette became limited to only a few colors instead of the many shades of each color.

Among the new skills it’s learning this year, Siri in iOS 12 is capable of finding one of your devices nearby and playing a sound on it. To try this feature, ask Siri to “find my iPhone” and the assistant will tell you whether or not it was able to locate it nearby. Additionally, Siri will offer to play a sound on the selected device (if you have multiple devices with a similar name under your iCloud account, you’ll have to select one from a list inside Siri); the sound won’t stop playing until you find and unlock your device. This is no different from what is already supported in the Find My iPhone app, but Siri activation makes it easier and faster to use.

This is useful. Many a times I've had to use the app on another phone or use iCloud on the laptop to use the feature and find lost iPhones (of course taken away by the children).

Other purported stuff include Podcast chapters (which I don't really care for) and tapbacks in notifications (which is useless in the non-US part of the world as iMessage isn't popular: Whatsapp/Telegram and the likes rule this part of the world by a mile).

I've been on the developer beta and like it so far: even the developer betas are much more stable than the initial public betas of the previous version of iOS.