With the November security patch, Google today is rolling out the first update to Android 14 since launch for the following Pixel devices: 4a 5G, 5, 5a, 6, 6 Pro, 6a, 7, 7 Pro, 7a, Tablet, Fold, 8, and 8 Pro.
There are 17 security issues resolved in the Android 14 November patch dated 2023-11-01 and 22 for 2023-11-05. Vulnerabilities range from high to critical. The dedicated bulletin for Google devices lists eight additional security fixes. As of today, there are just global builds.
Google lists seven fixes across Display & Graphics, NFC, System, User Interface, and Touch.
Of note, the 4a 5G and 5 are still seeing updates. While the Pixel 5 technically met its “guaranteed security updates” date in October, the 4a 5G doesn’t hit it until November. Google might as well update both. The Pixel 4a also sees another Android 13 ipdate.
Monthly Pixel security bulletin now includes changelog of ‘Functional updates’ & fixes
Several months ago, Google added a section in the main Android Security Bulletin that listed patches specific to Pixel and Nexus devices. For October, that list was broken out into a dedicated “Pixel / Nexus Security Bulletin.” With the November patch, Google has added a section detailing “Functional updates” like bug fixes for its devices.
After listing the various security issues that have been patched for Pixel/Nexus devices, Google displays a new section called “Functional updates” or “issues not related to the security of Pixel devices.”
These updates are included to address functionality issues not related to the security of Pixel devices. The table includes associated references; the affected category, such as Bluetooth or mobile data; and a summary of the issue.
Notably, it only references “Pixel devices,” though this changelog of sorts does not specifically identify any particular phone or tablet, leaving the original Pixel, Pixel 2, and Pixel C as possible recipients of these fixes.
Each entry includes a description of the “Improvements” and a category, like Audio, Bluetooth, Camera, Mobile data, and Stability. There are also reference numbers, though it does not correlate to any publicly accessible bug tracker.
In November, 12 items are listed, with the bulk related to Bluetooth, including resolving issues related to cars and general pairing.
This is a very good step towards transparency and provides a centralized repository to list what has been resolved. In the past, Google has relied on posts in the User Community. This comes as the Pixel 2 and Pixel 2 XL are due for a slate of fixes for display issues, high-pitched noises, and clicking sounds.
Last week, some Apple Watch users reported on an increasingly widespread battery drain problem plaguing Apple Watch users. Following our report, Apple has confirmed the existence of the problem and says a fix is coming soon via a software update.
This Apple Watch battery drain problem appears to affect a wide range of Apple Watch users. This includes the newest models like the Apple Watch Series 9 and Apple Watch Ultra 2, as well as older models like the Apple Watch Series 4. Affected users say that their Apple Watch battery life started draining abnormally quickly after updating to watchOS 10.1.
In an internal memo shared with Apple Authorized Service Providers on Saturday, Apple confirmed that it is aware of the battery drain problem affecting Apple Watch users. The company said that a fix is “coming soon” via a software update for watchOS 10. Unfortunately, Apple didn’t provide any further details on when that update will be released (via MacRumors).
Apple’s memo also doesn’t offer specific details on how widespread the problem is. A quick search on Twitter, however, offers some context. One user says that their Apple Watch Series 9 went from 100% to dead in just three hours. Another user reports that their Apple Watch Series 7 battery drained 25% in just 30 minutes.
@AppleSupport watchOS 10.1 has a battery bug. My brand new S9 went from 100% to dead in 3 hours. Multiple people with the same problem. pic.twitter.com/MadJJYFl44
@9to5mac Since I updated my Series 7 to watchOS 10.1, my battery has drained a ton. It barely charged overnight (was even going backwards on the charger at one point) and, after 100% this morning, lost 25% in 30 minutes. Definitely a bug in there. Might be worth investigating.
Seemingly coinciding with the release of watchOS 10.1, a number of Apple Watch users are complaining of abnormal battery drain issues.
This problem appears to be rather widespread, but it does not affect all Apple Watch users. The people who are affected, however, are using a range of different Apple Watch models. This includes older devices like the Apple Watch Series 4 as well as Apple’s newest Apple Watch Series 9 and Apple Watch Ultra 2.
Affected Apple Watch users are reporting battery drain at far more rapid rates than usual. One user on Twitter says that their Apple Watch Series 9 went from 100% to dead in just three hours. Another user reports that their Apple Watch Series 7 battery drained 25% in just 30 minutes.
Simultaneously, many of these people also say that they are having problems charging their Apple Watch due to apparent overheating problems. In the Settings app, users are seeing this message: “Charging was on hold due to Apple Watch temperature.” This leads to the Apple Watch battery actually draining while it’s on the charger for some people.
Since the rise of generative AI tools like ChatGPT, many people have wondered when Apple will introduce its own generative AI. Rumors suggest that this could happen next year. Until then, Apple CEO Tim Cook has been talking a lot about AI in recent months and has now reinforced that Apple is investing in generative AI.
Tim Cook says Apple will have its own generative AI
During a call with investors on Thursday to reveal Q4 2023 fiscal results, Cook was asked how Apple has been experimenting with generative AI, given that many other tech companies have already launched AI-based tools.
Unsurprisingly, Apple’s CEO highlighted many features in Apple devices that are based on artificial intelligence and machine learning, such as Personal Voice, Crash Detection, and ECG in the Apple Watch. But when it came specifically to generative AI tools like ChatGPT, Cook responded that “obviously, we have work going on.”
He didn’t give any details about what exactly Apple is doing but said that the company wants to have its own generative AI responsibly and that customers will see these technologies become the “heart” of future products.
In terms of generative AI, obviously, we have work going on. I’m not going to get into details about what it is, because as you know, we really don’t do that. But you can bet that we’re investing. We’re investing quite a bit. We’re going to do it responsibly, and it will… you will see product advancements over time where those technologies are at the heart of them.
This is not the first time Tim Cook has talked about AI. In an interview a few months ago, he said that Apple has been “doing research across a wide range of AI technologies, including generative AI, for years.” In May, the executive praised the potential of AI, although he claimed that there are “issues that need to be sorted.”
According to Bloomberg’s Mark Gurman, Apple has been ramping up the development of AI-based tools, targeting a release with iOS 18 next year. This technology would be implemented in apps such as Apple Music, Xcode, and of course, Siri.
Report: AI features in development for iOS 18, Siri, Apple Music, Xcode and more
In his Power On newsletter, Bloomberg’s Mark Gurman says that Apple was caught by surprise at the sudden swell of generative AI tools this year. But they are working hard to catch up with Apple SVPs Craig Federighi, John Giannandrea, and Eddy Cue all in charge of integrating AI-powered functionality into Apple’s products and services.
That will include various new AI features in iOS 18, such as smarter reply suggestions in Messages. Cue is pushing to include features like AI-generated playlists in Apple Music, and exploring how generative AI can be utilized in Apple’s productivity apps like Pages and Keynote. Giannandrea’s team is working on a new, smarter, version of Siri that should be ready to debut next year.
Gurman says embracing AI in end-user features is one of the primary objectives for Apple right now, as it looks to catch up to rivals like OpenAI, Google and Microsoft. Apple is consequently set to spend about $1 billion a year on AI research and product development.
In addition to new features in iOS 18 and Siri, Apple is also looking at ways to enhance the developer experience with AI-enhanced features in Xcode. This would likely include advanced code completion similar to what Github Copilot offers. The company is also looking at ways to streamline its internal AppleCare tools with artificial intelligence.
There is apparently some internal tension about whether to base these features off of AI neural network models running on device, or passed through Apple’s cloud services. Running on-device maximizes privacy, but large language models running on a server farm enable much more sophisticated capabilities. Gurman says Apple will likely decide on a case-by-case approach, with some features running wholly on-device and others relying on a cloud backend.
There are 34 bug fixes in U1B2.230922.013, which is still on the October 2023 security patch. This release is available for all devices out of the gate, with the on-device Android 14 QPR1 Beta 2.2 OTA coming in at 40.35 MB on a Pixel Fold.
There’s a fix for the pink text issue on the Pixel 8 Pro AOD.
Fixed an issue that sometimes prevented devices from receiving calls. (Issue #298747690)
Fixed an issue where tapping or long-pressing a Quick Settings tile sometimes failed to launch the corresponding app or settings menu. (Issue #302147272)
Fixed an issue that sometimes caused the Settings app to crash when checking for system software updates. (Issue #303739210)
Fixed an issue that sometimes caused the Camera HAL to apply the wrong tuning profile when an app requested a certain camera mode.
Fixed an issue that sometimes caused the system UI or device to crash if accessibility magnification mode was toggled rapidly.
Fixed an issue that sometimes caused the package installer to crash due to a null pointer exception.
Fixed an issue that sometimes caused the system launcher to crash due to a null pointer exception.
Fixed an issue that interfered with Bluetooth and Wi-Fi connectivity until the device was rebooted.
Fixed issues with Face Unlock reliability.
Fixed an issue that sometimes caused the device unlock animation to stutter.
Fixed an issue that sometimes caused the screen to flicker when transitioning from always-on display mode to the lock screen.
Fixed an issue that caused the animation to display incorrectly when a user gestured to open the notification shade.
Fixed an issue that sometimes caused the system UI to crash or consume more memory than necessary.
Fixed an issue that caused the picture-in-picture window to stop displaying with rounded corners after locking and unlocking the device.
Fixed an issue that sometimes caused device-to-device transfer data to be saved to an incorrect account.
Fixed an issue that caused some UI elements to render incorrectly when the device font scale was increased.
Fixed an issue that sometimes caused the work profile badge for an app icon to be displayed in the wrong place while viewing the list of recent apps.
Fixed an issue that caused some text to display in the wrong colors when always-on display features were enabled.
Fixed issues that sometimes caused a device to crash and reboot.
Fixed an issue where additional power was still being consumed by mobile network connectivity even after a device connected to Wi-Fi.
Fixed an issue where audio failed to play back or was interrupted if Adaptive Sound was enabled.
Fixed issues with audio playback when using spatial audio.
Fixed an issue that sometimes caused Wi-Fi service to be interrupted and fail to connect until the device was restarted.
Fixed an issue where the battery level in the status bar sometimes displayed temporarily as 0%.
Fixed an issue for Pixel Fold and Pixel Tablet devices where the “All Apps” button on the taskbar was slow to appear immediately after launching an app.
Fixed an issue for Pixel Fold devices where the lock screen was sometimes still displayed if the device was unlocked and unfolded at the same time.
Fixed an issue for Pixel Tablet devices where a primary user’s live wallpaper selection would sometimes be overridden after a secondary user selected a different live wallpaper.
Fixed an issue for Pixel Tablet devices that caused an unsmooth animation when tapping to return to an app from the list of recent apps.
Fixed an issue for Pixel Tablet devices that caused audio to pop when adjusting the volume if a wired headset was connected.
Fixed an issue for Pixel Tablet where a user was returned to the Home screen instead of the app that was open when the device was locked if they unlocked the device using their fingerprint while a screen saver was active.
Fixed an issue that caused memory corruption in rare cases.
Fixed various issues that were impacting system stability, performance, and connectivity.
Most will install via the Android Beta Program, but you can also flash or sideload. If you need help, here’s our full guide on installing Android 14. Google says:
Your device will be automatically updated to Android 14 QPR1 Beta 2.2 within 5 days.
One UI 6 is finally available for some users in full, bringing a list of changes to the OS. One change is the addition of a new security tool called “Auto Blocker” which acts as additional security for Samsung Galaxy phones.
According to Samsung, Auto Blocker is intended to be somewhat of an expansion of additional and optional security tools at your disposal. Heading into the settings with bring you to a new page with a suite of options that are entirely a matter of preference, similar to how some would use malware protection on a computer.
One security option on this page is the familiar “Block app installation from unauthorized sources” feature. Normally, that option would be on a different page, but has since moved with One UI 6/ The option is now also off by default, which is a big change from previous versions of One UI where the first time users tried to sideload an app, it was blocked.
Now, users can sideload as much as they want with the knowledge that it’s not always entirely safe. The option will act as a prevention tool whenever apps are not being sideloaded intentionally.
Auto Blocker also brings app security checks to keep third-party programs in check, as well as a blocker for USB commands. Turning Samsung’s Auto Blocker on with the toggle at the top of that page looks to enable all three of these features at the same time. Below is an “Advanced” section with more tools that can be turned on and off individually, like Message Guard, to protect users from Zero Click attacks and malicious code in direct messages.
Auto Blocker is available for every Samsung Galaxy device running One UI 6, which is rolling out globally now.
Samsung confirms a list of over 20 Galaxy smartphones that will get Android 14
Earlier today Samsung officially announced that its Android 14 update is now rolling out to the Galaxy S23 series, and the company has also confirmed the first few Galaxy smartphones that will be eligible for Android 14 in the coming months.
Android 14 for Samsung devices comes in the form of One UI 6.0, an update that delivers platform improvements from Google as well as updates to Samsung’s skin. Those updates include a bunch of new camera features, updated emoji, and more. But, to start, it’s all exclusive to the Galaxy S23 series which is getting the update now.
What comes next?
According to a small list that Samsung has provided, other Galaxy smartphones getting Android 14 will begin with the past few years of flagships, foldables, and a couple of A-Series devices.
In talking about the new features coming to “Enhance-X,” Samsung also confirmed over 20 devices that will be updated to One UI 6.0, many of which come as no surprise. That initial list includes devices released in 2020 and newer, starting with Galaxy S series devices.
Galaxy S23 series
Galaxy S22 series
Galaxy S21 series
Galaxy S20 series
Beyond that, almost every Samsung foldable is going to get One UI 6.0 except for the original Galaxy Fold.
Galaxy Z Fold 5
Galaxy Z Fold 4
Galaxy Z Fold 3
Galaxy Z Fold 2
Galaxy Z Flip 5
Galaxy Z Flip 4
Galaxy Z Flip 3
Galaxy Z Flip 5G
Galaxy Z Flip
And, finally, Samsung has also confirmed that Galaxy Note 20, Galaxy A54, and Galaxy A53 will all be eligible, as well as some M-series devices.
Galaxy Note 20 series
Galaxy A54
Galaxy A53
Galaxy A34
Galaxy A33
Galaxy M54
Galaxy M53
Galaxy M34
Galaxy M33
Update: To address the elephant in the room, the Galaxy S20 series, Note 20 series, Flip/5G, and Fold 2 were not expected to get One UI 6.0, but Samsung’s wording here is pretty clear. The quote below is a footnote on Samsung’s blog post and refers to a new camera feature which requires One UI 6.0 or higher, meaning that the devices listed would need to be getting the update.
Available on Galaxy S23 series, S22 series, S21 series, S20 series, Note20 series, Z Fold5, Z Flip5, Z Fold4, Z Flip4, Z Fold3, Z Flip3, Z Fold2, Z Flip 5G and Z Flip LTE, A54, A53, A34, A33, M54, M53, M34, M33 devices operating on One UI 6.0 or above.
We have reached out to Samsung for comment on the status of 2020 device updates.
These devices will all get One UI 6.0 in time, and likely pretty quickly if last year’s Android 13 rollout serves as any indication. For now, though, we’re still waiting on Samsung to release Android 14 to the Galaxy S23 series in the US, which is coming “soon.”
This initial list, notably, is by no means complete. Samsung’s current policy for software updates means that many more smartphones and tablets will be updated to Android 14, but the company has not officially confirmed anything outside of this initial list.
Depending on the device, this issue can result in the primary user being unable to access media storage. Alternatively, the issue can reboot the device with a “Factory data reset” message. If this message is accepted, data that is not backed up can be lost, and if it is declined, the device repeatedly reboots with the “Pixel is starting” message.
Google starts by saying that this storage issue impacts the “Pixel 6 and later models” that “have both received the Android 14 update and have multiple users (other than the primary user) set up.” This includes “users, guests, restricted profiles, and child users,” but not simply having more than one Google Account signed in “within the primary user or work profiles.”
The company has already rolled out a Google Play system update to “help prevent this issue from being triggered on additional devices.” To install, open Settings > Security & privacy > System & update > Google Play system update. The latest version we’re seeing today is October 1, 2023.
For those currently “unable to access media storage,” Google is working on a system update that “will repair the issue and restore access to media files without requiring a factory reset.”
Google is also “investigating methods that may be able to recover some data” for devices in a “Pixel is starting” boot loop. However, this seems more tentative: “We’ll provide more information as soon as it is available.”
For all other users, including those that factory reset their device, Google says to avoid “creating or logging into a secondary user on the device until the OTA update is available.”
Google ends with an apology:
We’re sorry for the inconvenience this has caused, and we appreciate your patience.
Android 14 breaks storage on Pixel 6 phones with multiple user profiles
Android 14 is a solid update to Google’s smartphone OS, but the update does seem to be causing some significant issues regarding user profiles on Pixel 6 series devices.
Following the update to Android 14 that rolled out earlier this month, some Google Pixel 6, Pixel 6 Pro, and Pixel 6a owners are seeing some considerable issues with their devices, specifically around storage becoming unusable. A growing number of users across Google’sforums, Reddit, and elsewhere reporting that their Pixel 6 and Pixel 6 Pro devices are drastically hindered, to the point of breaking most tasks users would perform on their devices.
The storage problem takes effect if the user, before installing Android 14, had multiple profiles on the device.
Following the installation of Android 14, the main profile on a Pixel 6 series device seems to lose access to storage, which prevents users from taking photos or videos, downloading files, and both installing or uninstalling applications. However, on the second profile, things seem to work as expected.
Other limitations include that apps report the device as having no available storage, Google Photos can’t refresh a user’s library (only showing low-quality previews), and files can’t be accessed via USB from a connected PC, as one of our readers explained in an email.
Given that Android’s user profiles are more of a niche feature on smartphones (primarily used for personal and work profiles), this issue doesn’t appear excessively widespread, but the symptoms of the problem are affecting users pretty consistently.
Google has, so far, not offered any solution for this issue or public statement.
Earlier this month, Bloomberg’s Mark Gurman reported that Apple has been developing a new system that will allow its employees to install software updates on sealed iPhones without taking them out of the box.
Apple can now wirelessly update sealed iPhones
According to Gurman, the new system is being developed so that Apple can wirelessly update sealed iPhones to deliver them to customers with the latest software available. The company reportedly decided to invest in this system after being forced to release a day-one update for iPhone 15 models to fix a major bug during setup.
Interestingly, the iOS 17.2 beta SDK that comes with the latest Xcode 15.1 beta pretty much corroborates this report. There are three new internal frameworks named FactoryOTALogger, FactoryOTANetworkUtils, and FactoryOTAWifiUtils that enable wireless OTA firmware updates by using a special external device.
This is in line with what Gurman reported, as the journalist described the system as a “proprietary pad-like device that the store can place boxes of iPhones on top of.” The feature is not intended for end users and is clearly marked as internal in the codes seen by 9to5Mac. In the future, this will allow Apple to avoid major day-one bugs by installing iOS updates on sealed iPhones.
This system could also be useful in helping Apple to restore the firmware of iOS devices without the need for a cable. In recent years, Apple has been working on new technologies to help users restore devices such as the Apple Watch and Apple TV when they get stuck since these devices can’t be connected to a computer.
More about iOS 17.2
iOS 17.2 brings some new features for Apple Music subscribers, such as collaborative playlists and a new “Favorites” playlist that is automatically generated based on the songs you’ve marked as favorites. In addition, the update comes with the Journal app, a new Translate option for the Action Button, and some new Home Screen widgets.
The update is now available as a beta to developers and is expected to be released to the public by the end of the year.
iOS 17.2 adds one more function to the Action button on iPhone 15 Pro
When Apple unveiled the iPhone 15 Pro, it shared 10 customization options for the new Action button. One of those options, however, was described as coming later. With iOS 17.2, it has arrived.
Starting with iOS 17.2, iPhone 15 Pro and iPhone 15 Pro Max lets you assign Translate as the Action button task. The new option slots in between Voice Memo and Magnifier in the Action button section of the Settings app.
When assigned to Translate, pressing the Action button invokes a translation session from the Dynamic Island. No need to launch the Translate app.
Apple introduced its built-in Translate app as part of iOS 14 in 2020. Translation on iOS relies on the iPhone’s Neutral Engine to keep everything on-device. That means translations can work offline and do not need to rely on a network connection or server.
iOS 17.2 now includes these 10 options for the Action button on iPhone 15 Pro and later:
Silent mode: Turn Silent mode on or off.
Focus: Turn a specific Focus on or off.
Camera: Open the Camera app to quickly take a photo, selfie, video, portrait, or portrait selfie.
Flashlight: Turn the flashlight on or off.
Voice Memo: Start or stop recording a voice memo.
Translate: Translate phrases or have a conversation with someone in another language.
Magnifier: Open the Magnifier app.
Shortcut: Open an app or run your favorite shortcut.
Accessibility: Quickly access your favorite accessibility feature.
No action: Do nothing.
Apple debuts iMessage Contact Key Verification with iOS 17.2 beta
Apple has enabled the testing of a new security feature with the first iOS 17.2 beta. For use with iMessage, Contact Key Verification gives users more certainty they’re messaging with the people they’re intending.
Apple detailed the new iMessage Contact Key Verification feature in the release notes for iOS 17.2 beta 1. As it happens, there are three levels for how to verify contacts. Here’s the first:
With iMessage Contact Key Verification, users can choose to further verify that they are messaging only with the people they intend. Contact Key Verification uses Key Transparency to enable automatic verification that the iMessage key distribution service returns device keys that have been logged to a verifiable and auditable map. When a user enables Contact Key Verification, they will be notified about any validation errors directly in the Messages conversation transcript and Apple ID Settings.
However, for those in situations where stricter security is needed, iMessage Contact Key Verification can be used “in person, on FaceTime, or a through another secure call.”
Apple highlights users can also “choose to create or edit a contact and save a public key to turn on CKV with that person.”
To test out iMessage Contact Key Verification, you’ll need to have all devices connected to your iCloud account updated to the iOS 17.2 Beta, macOS 17.2 Beta, or watchOS 17.2 Beta or “sign out of iMessage on these devices in order to enable contact key verification.”
Then you can head to iPhone Settings > your name > Contact Key Verification (very bottom) > toggle it on.
While Apple has never seen an attack like this, Contact Key Verification is another security feature that will give peace of mind to those who may be highly targeted individuals.
Even though a very small percentage of iPhone users may need security of this level, the neat part is turning it on doesn’t reduce the functionality of your iPhone or iMessage – so it could end up being more widely used than something like Lockdown Mode.
Apple has launched its first major update for all users since debuting iOS 17 in September. iOS 17.1 comes with a range of security patches and none of them were identified as exploited in the wild ahead of the fixes.
Per usual, Apple shared the details of the latest vulnerability fixes on its security page.
Patches range from fixing security bugs in Contacts, Find My, Kernel, Passkeys, Photos, Siri, Weather, WebKit, and more.
Fortunately, there were no known reports of any of the security flaws being actively exploited ahead of Apple releasing the fixes.
Here are the full security fix notes for iOS 17.1:
Contacts
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-41072: Wojciech Regula of SecuRing (wojciechregula.blog) and Csaba Fitzl (@theevilbit) of Offensive Security
CVE-2023-42857: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)
CoreAnimation
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2023-40449: Tomi Tokics (@tomitokics) of iTomsn0w
Find My
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-40413: Adam M.
ImageIO
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing an image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2023-40416: JZ
IOTextEncryptionFamily
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-40423: an anonymous researcher
Kernel
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations
Description: The issue was addressed with improved memory handling.
CVE-2023-42849: Linus Henze of Pinauten GmbH (pinauten.de)
Mail Drafts
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Hide My Email may be deactivated unexpectedly
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2023-40408: Grzegorz Riegel
mDNSResponder
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A device may be passively tracked by its Wi-Fi MAC address
Description: This issue was addressed by removing the vulnerable code.
CVE-2023-42846: Talal Haj Bakry and Tommy Mysk of Mysk Inc. @mysk_co
Passkeys
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to access passkeys without authentication
Description: A logic issue was addressed with improved checks.
CVE-2023-42847: an anonymous researcher
Photos
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Photos in the Hidden Photos Album may be viewed without authentication
Description: An authentication issue was addressed with improved state management.
CVE-2023-42845: Bistrit Dahla
Pro Res
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2023-42841: Mingxuan Yang (@PPPF00L), happybabywu and Guang Gong of 360 Vulnerability Research Institute
Siri
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access may be able to use Siri to access sensitive user data
Description: This issue was addressed by restricting options offered on a locked device.
CVE-2023-41982: Bistrit Dahla
CVE-2023-41997: Bistrit Dahla
CVE-2023-41988: Bistrit Dahla
Status Bar
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: A device may persistently fail to lock
Description: The issue was addressed with improved UI handling.
CVE-2023-40445: Ting Ding, James Mancz, Omar Shibli, an anonymous researcher, Lorenzo Cavallaro, and Harry Lewandowski
Weather
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2023-41254: Cristian Dinca of “Tudor Vianu” National High School of Computer Science, Romania
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 259836
CVE-2023-40447: 이준성(Junsung Lee) of Cross Republic
WebKit
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: A use-after-free issue was addressed with improved memory management.
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to arbitrary code execution
Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 260173
CVE-2023-42852: an anonymous researcher
WebKit Process Model
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later
Impact: Processing web content may lead to a denial-of-service
Description: The issue was addressed with improved memory handling.
We would like to acknowledge Bahaa Naamneh for their assistance.
libxml2
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project Zero for their assistance.
Power Manager
We would like to acknowledge Xia0o0o0o (@Nyaaaaa_ovo) of University of California, San Diego for their assistance.
VoiceOver
We would like to acknowledge Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain College Of Technology Bhopal India for their assistance.
WebKit
We would like to acknowledge an anonymous researcher for their assistance.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.
Exactly two weeks after the previous release, Android 14 QPR1 Beta 2.1 is rolling out today with a handful of bug fixes, but the Pixel 8 and 8 Pro aren’t getting updated right away.
There are just three fixes for Pixel devices, which are getting U1B2.230922.010 today with the October 2023 security patch:
Fixed issues with biometric authentication, such as an issue that sometimes prevented the under-display fingerprint sensor from activating while always-on display features were enabled.
Fixed an issue where, in some cases after swapping SIM cards on a device, the device couldn’t connect to cellular service.
Fixed various issues that were impacting system stability and performance.
Google says the “Pixel 8 and 8 Pro will receive this update at a later time.” The initial Beta 2 update rolled out a week ago.
The OTA and factory images are now available, while the on-device OTA is also rolling out immediately (66MB on the Pixel Fold and 7 Pro).
Google wants every Android version to be ‘higher quality than the previous release’
Dave Burke, VP of Engineering for Android, was interviewed during The Android Show today and shared a lot of interesting tidbits, especially around quality and performance.
In the context of Android releases, Burke considers quality the “number one feature” given how much we use our phones:
If you think about how much we depend on our devices and how much we use them [in] a day, it’s just really important that the device runs really, really well. Really, really reliably. The highest performance, highest fidelity.
The Android team has a “pledge” internally to “ensure that every release was higher quality than the previous release by a set of expanding metrics that we measure in the lab and in the field.”
We’ve been holding ourselves to that. It’s difficult, I can tell you, because you’re only as good as the weakest metric. So you’ve got to chase everything down, but it’s really causing us to force the bar higher and higher.
Burke described one way the team is doing that:
Even internally, we’re looking at actually changing some of our developer practices in 2024 where rather than sort of go[ing] off for a year and work[ing] on a release for a very long time, we break that up into chunks internally so that we sort of keep the branch green as we go.
From the description we have today, this just seems to be an internal change rather than anything that would impact the yearly cycle.
On Android 14, Burke highlighted expression (gen AI wallpapers, lockscreen clocks, and shortcuts) and performance as the big tentpoles. Burke said the team “may not have talked enough” about performance. (Frankly, Google should have discussed it on-stage at I/O in May.)
We’ve done a ton of work to reduce CPU activity of background apps, and the result is that there’s 30% less cold starts now on Android 14. Cold starts are when you have to literally read the code pages off the flash and read them into memory before you execute them. A 30% reduction is pretty dramatic, and you feel that as a user.
This involved increasing the number of cached processes, but doing so risks increased CPU usage and, therefore, battery drain. Android 14 does a better job of properly freezing the processes.
Burke also mentioned how large-screen-related work, like the transient taskbar, was originally part of Android 14 but moved up into Android 13 (QPR2) as Google worked to be more competitive in the space and to support foldables.
Google Assistant’s Wear OS tile is now available with customizable shortcuts
After we spotted it in development earlier this year, Google has rolled out a new tile for Google Assistant that allows for custom shortcuts on Wear OS.
On both Wear OS 3 and Wear OS 4 watches, the Google Assistant tile provides access to the Assistant with a swipe, but the useful element here is instead the ability to add custom shortcuts that are accessible without an audible voice command or typing.
The tile, which first showed up on Pixel Watch 2 last week for us and is now appearing on the original Pixel Watch as well (still on Wear OS 3), has two slots for custom shortcuts. These can do virtually anything, from a simple request for the day’s weather to even handling smart home controls. Google lists out a bunch of suggested actions:
Set an alarm for 7 a.m.
Send a message
Set a 5 minute timer
What’s on my calendar?
Turn off the lights
Alternatively, you can set a fully custom request or question using voice or the QWERTY keyboard.
The actions themselves work almost instantly, with a command for turning off the lights taking about 10 seconds to process and actually shutting down my Philips Hue lights. But once the actions are set, you have to fully remove the tile to set new actions.
As mentioned, this appears to have been rolling out for a week or so at least. It works across Wear OS 3 and 4 and should work on Pixel Watch, Galaxy Watch, and any other modern watches. Assistant on Wear OS 2 was taken offline over the summer.
Wear OS 4 says it has a built-in internet browser, but you can’t really use it
On Google’s Pixel Watch series, the Wear OS 4 upgrade is now showing that the platform has a built-in internet browser, but it’s actually a bit more complicated than that.
Wear OS 4 brings only a handful of user-facing perks to the Android-based smartwatch platform, such as the ability to “transfer” a watch between devices. In the Settings, another new feature is the ability to set a default internet browser for the system.
Of course, Wear OS has pretty infamously lacked browser apps for a while. There’s Samsung’s internet browser and a few other options, but Google Chrome isn’t offered.
With Wear OS 4, though, “Wear OS” now appears as the default system browser unless you swap it for something else. That “browser” doesn’t really seem to do anything, though, and isn’t even showing up for all users. Our Dylan Roussel says that, even on Wear OS 4, “Wear OS” doesn’t appear under the list of browser apps at all on his watch.
And, beyond that, the “app” doesn’t appear anywhere else. It’s not in the app drawer, and appears to only work to accept clickable links from other apps that are intended to be opened in a browser.
Our best theory at the moment is that this “browser” might be used to just redirect links over to a paired smartphone, but we haven’t been able to prove it just yet.
But, this ultimately isn’t all that important.
It’s exceedingly rare for Wear OS apps to feature clickable URLs. Even the Gmail app automatically forces you to use links from the app on your phone. So whatever functionality there is here, it won’t be used often, if ever. The bigger perk, it seems, is support for setting a default browser for the entire system, as those who do wish to use a browser on their wrist will be more easily able to interact with any links they do encounter with the browser of their choice.
Google rolling out Wear OS 4 to the original Pixel Watch
With this year’s model less than a week old, Google is now rolling out Wear OS 4 to the original Pixel Watch.
The 2022 Pixel Watch has not seen an update yet this month, with TWD4.2301005.002 also bringing the October security patch. Google’s previous “later this year” timeline suggested Wear OS 4 was not coming this soon.
Google is highlighting six tentpole features of Wear OS 4 in addition to “numerous bug fixes, battery improvements and performance updates for Pixel Watch users.”
Backup and restore — with Google One — preserves watch faces, Tiles, data, and other settings if you’re getting a new watch or have to reset an existing one for whatever reason. It goes hand-in-hand with watch transfer:
When you upgrade your Pixel phone, you can now easily transfer your Pixel Watch to your new phone without having to factory reset it. Your devices will be synced and ready to go.
Meanwhile, Google Calendar is pre-installed and should replace the Wear OS 3 “Agenda” experience. You’ve been able to download it from the Play Store since last week. There’s also Google Tasks integration, Tiles, and complications.
In terms of Personal Safety features, you get Safety Check, Emergency Sharing, and Emergency Info. Open the app to set things up, with the latter accessible by holding down on the crown.
Keep your most important medical info easily accessible on your wrist or sent to participating emergency services(2) in the event of an emergency with Medical ID Info. Have peace of mind when you’re walking home alone at night, on an early morning run, or in any other situation where you need a little safety net, with Safety Check and Emergency Sharing.”
There’s also Accessibility & customization and Enhanced notifications:
“New and improved customization capabilities, like a new text-to-speech engine supporting a faster, a more reliable TalkBack experience on your watch, bold text, new and improved magnification, and audio balance to adjust intensity of sound between right and left audio channels.”
“Notifications come with smart link recognition of phone numbers and addresses, allowing you to tap to call, message, or get directions. Embedded media previews let you quickly view images and GIFs without leaving the notification shade. These enriched alerts provide more information upfront so you can take action faster.”
Google says the “rollout will continue over the coming weeks in phases depending on carrier and device.” As of Tuesday afternoon, repeatedly tapping “Your watch is up to date” does not pull down the update.
Google and Qualcomm working on RISC-V chip for Wear OS
RISC-V is an open-source alternative to ARM and x86 that’s getting a big boost today with a Google-Qualcomm partnership to develop a “RISC-V Snapdragon Wear platform that will power next-generation Wear OS solutions.”
Qualcomm refers to its chips as platforms and sums up the benefit of RISC-V as such:
As an open-source instruction set architecture (ISA), RISC-V encourages innovation by allowing any company to develop completely custom cores. This allows more companies to enter the marketplace, which creates increased innovation and competition. RISC-V’s openness, flexibility, and scalability benefits the entire value chain – from silicon vendors to OEMs, end devices, and consumers.
Not having to be an ARM licensee for its cores and other designs would be the big appeal. Qualcomm describes this move as an “important first milestone to bring RISC-V compatible CPUs to the Android Ecosystem,” with Google picking Wear OS as the best place to start.
Both are touting “custom CPUs that are low power and high performance.” Work by the Wear OS team and Qualcomm is already underway, but “commercial product launch of the RISC-V wearable based solution timing will be disclosed at a later date.” The two want to “ensure that applications and a robust software ecosystem for RISC-V will be available for commercial launches.”
“Qualcomm Technologies have been a pillar of the Wear OS ecosystem, providing high performance, low power systems for many of our OEM partners,” said Bjorn Kilburn, GM of Wear OS by Google. “We are excited to extend our work with Qualcomm Technologies and bring a RISC-V wearable solution to market.”
In the meantime, Qualcomm says it will “continue to invest in Snapdragon Wear platforms as the leading smartwatch silicon provider for the Wear OS ecosystem,” so it sounds like the successor to the 2022 Snapdragon Wear W5 and W5+ will presumably still be ARM-based.