Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth

The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user’s email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.

Appleid

We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.

Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.

Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.

The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user’s devices.

Update 1:29 PM: Apple has taken its iForgot password reset system offline.

iforgot_offline
Update 8:48 PM: Apple’s iForgot system is active once again, and iMore has confirmed that the issue has been fixed.

Apple Adds ‘Offers In-App Purchases’ Disclosure for App Store Apps [Update: Now on iOS Stores]

angry_birds_in_app_purchaseAs noted by The Guardian, Apple today rolled out a new “Offers In-App Purchases” disclosure directly underneath the Buy/Free button for App Store apps supporting the feature. The addition helps make clear to potential purchasers that free or even paid apps may require additional purchases in order to unlock the apps’ full functionality or for other benefits such as acquiring in-game currency.

The new tagline is currently only appearing in the desktop version of the App Store that sits within iTunes. For now, it’s not shown in the iOS App Store app, nor does it appear on webpages for iOS apps.

Apple confirmed to The Guardian that the message is a new addition to the App Store. Its location – directly below the icon and “Free” button on each app’s page – makes it even easier for people to identify that an app uses in-app purchases (IAP) before downloading it.

Apple just recently settled a lawsuit over the issue of children being able to make unauthorized in-app purchases sometimes totaling as much as thousands of dollars. With today’s move, Apple is clearly attempting to make it even more clear to users before they download or purchase an app whether it includes In-App Purchase content.

The report notes that Apple could easily use the new disclosure to deploy a filter that would allow parents to restrict their children’s downloads to only free apps with no In-App Purchase content, but the company has not yet taken that step.

Update: The notifications are now on the iOS App Store as well.

Apple Updates OS X Anti-Malware Definitions to Block ‘Yontoo’ Adware

Yesterday, word surfaced of new malware targeting major browsers on the Mac platform with adware capable of injecting advertising into users’ browsing experiences. The malware, known as “Yontoo”, masquerades as a video plug-in or download accelerator in order to trick users into installing the package.

yontoo_xprotect
As noted by security firm Intego, Apple has already updated its “Xprotect” anti-malware system to recognize Yontoo and warn users who attempt to install it on their machines.

Apple has decided the Yontoo Adware has fallen too far on the side of undesirable behavior, as they have released an update to the XProtect.plist definitions file to provide Mac OS X with basic detection for the Yontoo adware as OSX.AdPlugin.i. In testing, it appears this detection is very specific and potentially location-dependent. This extra specificity is likely there so as to catch only the surreptitious installations of this file.

Apple routinely uses its Xprotect anti-malware tools introduced in OS X Snow Leopard to provide rudimentary protection against threats, and has expanded its efforts in OS X Mountain Lion with the introduction of Gatekeeper to allow users to restrict app installation to software from identified developers registered with Apple, or even to only apps installed through the Mac App Store.

Apple has also been using Xprotect to enforce minimum version requirements for plug-ins such as Java and Flash Player, forcing users to upgrade from earlier versions known to have significant security issues.

Blizzard Announces ‘Hearthstone: Heroes of Warcraft’ for Mac and iPad [Mac Blog]

NewImage
Blizzard today announced Hearthstone: Heroes of Warcraft, a new free-to-play collectible card game set in the Warcraft universe. In a first for Blizzard, it will be available on the iPad in addition to the Mac and PC. It appears that players will be able to play multiplayer games across platforms.

Set in the World of Warcraft universe, each Hearthstone deck will revolve around heroes of nine of the MMO’s classes. At least 300 cards will be available at launch, and you’ll be able to earn or buy packs. Also, you’ll be able to put together your own decks and be able to “disenchant” duplicates and craft better, presumably original cards from them.

The competitive side of the game will feature one-on-one fights via Battle.Net, which, if you didn’t know, is the service Blizzard uses for its PC games. We’re not sure what the iPad version will use — details are still coming out from the event.

Hearthstone is due out later in 2013, with the iPad version coming after the initial PC and Mac release. Users can register for the beta on Blizzard’s website.

Alleged iPhone 5S Home Button, Vibrator and Volume/Mute Flex Cable Parts Surface

Nowhereelse.fr reports [Google translation] that it has spotted a pair of alleged parts for the iPhone 5S. The parts appear to have been posted by Japanese vendor Moumantai.

The first part is the device’s home button, which looks very similar to the home button on the iPhone 5 with the exception of the flex cable used to connect to the main logic board. The cable on the iPhone 5S is much longer than seen in the iPhone 5 and is routed differently through the device’s body.

iphone_5s_home_button
Apple has been rumored to be adding a fingerprint sensor to the iPhone 5S in the area of the home button, but if such a feature is to be integrated into the home button itself somehow, it does not seem to be apparent from this part.

The second part is claimed to be the vibrator for the iPhone 5S, although the image shows the vibrator attached to a flex cable that also appears to support the volume buttons and mute switch along the side of the device. The cable appears to be of a more compact layout than the corresponding iPhone 5 part.

iphone_5s_vibrator
Part leaks from the iPhone 5S have so far been difficult to find, although speaker enclosures for both the iPhone 5S and iPhone 6 allegedly surfaced several months ago. The legitimacy of those claims has, however, remained unconfirmed.

Apple’s Contracts With European iPhone Carriers Examined for Potential Antitrust Issues

The New York Times reports that regulators with the European Union are taking a close look at contracts between Apple and its iPhone carrier partners, seeking to determine whether Apple’s strict terms amount to anti-competitive behavior. In particular, Apple’s practice of requiring carriers to commit to selling a certain number of iPhones has placed pressure on the carriers to promote the iPhone above other alternatives.

[S]ome of Apple’s competitors complain that the big purchases Apple requires from carriers strongly pressure them to devote most of their marketing budgets to the iPhone, leaving little money to promote competing devices, said an executive at one of Apple’s rivals, who declined to be named to avoid jeopardizing carrier relationships.

Apple’s practice of telling carriers how many phones they must sell and threatening to penalize them shows just how powerful the iPhone has become as a bargaining chip. Other manufacturers typically allocate fewer handsets to each carrier than they estimate it can sell to ensure that there is little, if any, leftover inventory, an executive at one rival handset maker said.

iphone_5_france_store_promo
Carriers are of course not required to carry the iPhone, but customer demand for the device means that most carriers believe they have little choice and must agree to Apple’s terms in order to remain competitive in the marketplace.

The European Commission has not yet launched a formal investigation of Apple over its contract terms, and it is unclear what its next steps will be, with spokesman Antoine Colombani simply noting that the competition regulators are “monitoring the situation”. For its part, Apple says only that its contracts are compliant with all local laws.

Apple’s Lower-Cost iPhone to Lack Retina Display?

iphone_3gs_obliqueRBC Capital Markets analyst Amit Daryanani has released a new research report today citing supply chain checks as the basis for predicting a June or July launch for both the iPhone 5S and a lower-cost iPhone, in line with other recent reports. Daryanani says, however, that the lower-cost iPhone appears set to omit a Retina display.

Our supply-chain checks indicate that AAPL is working to launch multiple new phones in the June/July time-frame this year. Specifically, AAPL will launch the iPhone5s and a more affordable but lower-end iPhone at the same time, in either late CYQ2 or early Q3. The low-end iPhone will have the same 4″ form factor as the iPhone5 but will have plastic casing and no retina display. With a lower price-point, AAPL will be able to target a growing and important part of the Smartphone market (sub-$400 price-band).

Daryanani’s claim of no Retina display for the lower-cost iPhone conflicts with reports from reliable KGI Securities analyst Ming-Chi Kuo, who has claimed several times that the cheaper iPhone’s 4-inch display will carry the same 326 pixels per inch seen on all Retina iPhone displays released to date.

Daryanani’s claims also raises suspicion because Retina displays are a long-established feature of Apple’s iPhone lineup, with all the iPhone models currently offered by Apple supporting the feature. This includes the iPhone 4, which is offered for free with a two-year contract in the United States, although this new low-cost iPhone is said to be seeking to bring prices even lower to attract customers in markets where carrier subsidies are uncommon.

Just yesterday, Apple announced to developers that all apps submitted to the App Store must support both Retina resolution and the larger 4-inch screen of the iPhone 5 and fifth-generation iPod touch as of May 1. Apps can, of course, also support devices such as the iPhone 3GS using non-Retina displays.

Apple Blames High Australian Markups for Digital Content on Media Rights Holders

At an Australian Parliament inquiry into high markups on technology goods and services today, Apple Australia Vice President Tony King blamed rights holders for international price disparities in the company’s digital content, according to The Sydney Morning Herald.

“The pricing of this digital content is based on the wholesale prices which are set through negotiated contracts with the record labels, movie studios and TV networks,” said Mr King, who is Apple’s vice president for Australia, New Zealand and South Asia.

King went on to say that “the content industry still runs with perhaps old-fashioned notions of country borders or territories or markets” and that it creates confusion for customers. He also said that Apple’s iTunes pricing in Australia is “comparable to other Australian physical and online stores.”

When asked by Labor MP Ed Husic, who is a member of the committee conducting the inquiry, whether Apple could influence the price of digital content in Australia, King said that it was up to the rights holders. King also said that Apple would love to see “cheaper, lower prices in the Australian market,” according to News.com.au.

australianmarkup
Earlier today, MacStories noted that markups in Australia average as much as 61.4% for music, 33.5% for movies and 25.9% for TV shows when a subset of content offerings is compared to prices in the United States once Australia’s Goods and Services Tax (GST) has been accounted for. Markups for Apple’s hardware products are more reasonable, with Mac, iPad and iPod prices in Australia generally falling within 10% of U.S. prices. The iPhone line, however, can go as high as a 16% markup for the iPhone 5 and 4S, while the iPhone 4 is actually slightly cheaper in Australia than it is in the United States.

King said that Apple had gone to great lengths to make sure that its hardware products are priced at “parity” in Australia, which takes into account Australian GST as well as the cost of delivering its products to the country.

Adobe and Microsoft were also questioned as part of the inquiry following summonses being issued last month, with Adobe explaining that it charges Australian customers $1000 extra for a software suite because users are receiving a “personalized” service on their local website. Microsoft said its prices, which include a $2000 increase for a software suite, were based on market competition and that users would vote with their wallets if they didn’t agree.