Firehose – News, Alerts, Docs
- Tuesday November 19
- 02:45 pmCreative Aurvana Ace 2 earbuds: A glimpse into portable audio’s future [Review] ★★★☆☆
Our hands-on review of Creative Aurvana Ace 2 earbuds review finds a lot to like in the xMEMS micro speaker, but they're average otherwise. (via Cult of Mac - Apple news, rumors, reviews and how-tos)02:45 pmCreative Aurvana Ace 2 earbuds: A glimpse into portable audio’s future [Review] ★★★☆☆
Our hands-on review of Creative Aurvana Ace 2 earbuds review finds a lot to like in the xMEMS micro speaker, but they're average otherwise. (via Cult of Mac - Apple news, rumors, reviews and how-tos)02:41 pmApple Ending Support for Safari Bookmark Syncing on iOS 10 and Earlier
In a support document published this week, Apple said it will be dropping support for Safari bookmark syncing on iPhones and iPads running iOS 10 or earlier, and on Macs running macOS Sierra 10.12.5 or earlier, starting December 18. Apple said it made this decision in accordance with its minimum software requirements for iCloud. Apple said Safari bookmarks on devices running those older iOS and macOS versions will no longer be synced to other devices or uploaded to iCloud.com:You won't lose any bookmarks already on your devices and you'll still be able to create new bookmarks on those devices. However, new bookmarks won't sync across devices with iOS 10 or earlier and macOS Sierra 10.12.5 or earlier. They also won't be recoverable on iCloud.com.Apple said users will need to update their devices to iOS 11 or macOS Sierra 10.12.6 or newer to continue syncing their Safari bookmarks with the newer iCloud Bookmarks system, with steps for iPhone, iPad, iPod touch, Mac, and PC users outlined in Apple's support document. If you cannot or do not want to update your device, you can copy or export your bookmarks, with the support document outlining steps for that option as well. If your devices are already running iOS 11 or later or macOS Sierra 10.12.6 or later, no action is required, according to Apple. As we previously reported, Apple also announced that iCloud device backups for the iPhone, iPad, and iPod touch will require iOS 9 or later starting December 18. As outlined in another support document, users will need to update their devices to iOS 9 or later or manually back up the device to a Mac or PC. After the deadline, Apple said any data backed up to iCloud from devices that have not been updated to iOS 9 will be deleted.Tags: iCloud, SafariRelated Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+This article, "" first appeared on MacRumors.comDiscuss this article in our forums02:30 pmStay powered up on road trips with this high-output car charger
Meets the power demands of your devices on the road. The compact Naztech SpeedMax65 laptop car charger delivers speed and reliability. (via Cult of Mac - Apple news, rumors, reviews and how-tos)02:28 pmGet ready for the iPhone 17 Air, Apple’s thinnest phone ever
Macworld Apple is expected to launch an extra-thin model when it unveils the iPhone 17 line-up next year. But exactly how thin are we talking? A new report appears to confirm the figure is 6mm, which would make the iPhone 17 Air/Slim the thinnest smartphone Apple has ever released. The analyst Jeff Pu put out a research note Monday supporting a recent rumor about the device’s thickness. “We agreed with the recent chatter of [a] 6mm thickness ultra-slim design of the iPhone 17 Slim model,” he wrote in the note, seen by MacRumors. At 6mm, the Air would easily snatch the record previously held by the 6.9mm iPhone 6; the iPhone 16 is a comparatively chunky 7.8mm thick, while the 16 Pro and 16 Pro Max are a positively obese 8.25mm. Oddly enough, as MacRumors points out, you can get a thinner iPad: the 13- and 11-inch versions of the latest iPad Pro are just 5.1mm and 5.3mm respectively. And the final iPod nano came in under 6mm too, not that this is a fair comparison against a full smartphone. As ever with rumored Apple products, the iPhone 17 Air has come in for plenty of criticism long before it’s even been announced. There’s a sense among pundits that 6mm wouldn’t be thin enough to warrant an Air or Slim branding or the likely high price tag; MacRumors itself wrote a story earlier this month complaining that the device may not be much thinner than the iPhone 6, as if being thinner than the thinnest ever iPhone, which incidentally had just a 4.7-inch screen and vastly inferior components and cameras, would not be an engineering feat worth celebrating. Conversely, most of the negative discussion on Reddit argues that slimming down to 6mm goes beyond usefulness. In this thread: “Hard no for me. Gimme thicker with big battery.” “Does it really matter when most people will slap a massive case and screen protector on there? Give me a thicker phone with better battery life.” “I don’t think thinness or lightness is a huge priority.” “Why the obsession to go thin?” “I never loved the thinness of my iPhone 6s. It was just too thin.” [Editor’s note: the iPhone 6s was slightly thicker than the iPhone 6, at 7.1mm.] We’re still a long way off the launch of the iPhone 17 series, and Apple may find ways between now and then to further slim down the Air model–perhaps even rivaling the iPad Pro. But with half of the community complaining that it’s too thick and the other half complaining that it’s too thin, it feels like Apple might have got the balance about right. Catch all the latest news and rumors in our regularly updated iPhone 17 superguide. Or, if you don’t want to wait until next fall, pick up a bargain on the current range with our roundup of the best Black Friday iPhone deals.02:22 pmUnited Kingdom Account Security Carrier Partner Maintenance – Vodafone
THIS IS A SCHEDULED EVENT Nov 19, 15:00 - 20:00 PSTNov 19, 05:55 PSTScheduled - Our carrier partner Vodafone United Kingdom is conducting an emergency maintenance from 19 November 2024 at 15:00 PST until 19 November 2024 at 20:00 PST. During the maintenance window, there could be intermittent API request failures for Vodafone United Kingdom customers.Impacted Products: Legacy Identity MatchAndAttributes, Lookup Identity MatchWe are aware of the short notice and are working with our Carrier Partners to provide earlier notification where possible.02:19 pmMeta thinks its Orion augmented reality glasses can be the AirPods of AR
It was back in September when Meta first revealed an early prototype of its Orion AR glasses, and while they are a long way from becoming an actual product you can buy, the company does believe it can achieve this. Indeed, Meta’s wearables chief thinks that Orion can in time become the AirPods of augmented reality devices … more…02:18 pmExpand your podcast library from Apple’s list of most popular ones
Discover new podcasts by finding out what other people are listening to with Apple’s list of top podcasts of 2024. (via Cult of Mac - Apple news, rumors, reviews and how-tos)02:00 pmNew xMEMS micro speaker brings big sound to smartwatches, AR glasses and more
Already making (sound) waves in earbuds and headphones, xMEMS unveils the Sycamore micro speaker for wearables like Apple Watch. (via Cult of Mac - Apple news, rumors, reviews and how-tos)01:58 pmApple offers $100 million to cancel Indonesia’s iPhone 16 ban
Apple has increased its offer to invest in Indonesia by almost tenfold in the company’s latest bid to persuade the government to lift its… The post appeared first on MacDailyNews.01:47 pmSophos Home Premium for Mac Review
Macworld At a GlanceExpert's Rating Pros Good speed and performance, runs well in the background. Very good price point, the license allowing protection for up to 10 devices. Caught a respectable amount of test malware and some phishing site activity. Cons Allows AdWind and Adobe Flash Player sample malware to be installed, AdWind having to be removed with a separate utility. Awkward Web-based dashboard interface. Functions such as quicky scanning an external or network volume feel much harder than they have to be. Our Verdict Sophos Home Premium is available for a good price, protects up to 10 devices, and caught a fair amount of test case viral software, but there are too many issues with installation and set up, and certain elements of the program are awkward. Price When Reviewed This value will show the geolocated pricing text for product undefined Best Pricing Today Retailer Price Sophos (first year 25% off) $44.99 View Deal Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket Price When Reviewed$59.99 first year year, $99.99 for two years, and $139.99 for three years. Best Prices Today: Sophos Home Premium for Mac Retailer Price Sophos (first year 25% off) $44.99 View Deal Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket Sometimes an application doesn’t expand to match its competitors. This is the case with Sophos Home Premium, which we last reviewed in 2021. Since then only nominal changes, outside of supporting the current macOS operating systems, have been made and many of our criticisms made then still apply. Sophos Home Premium functions as a fairly well-rounded anti-piracy/anti-malware suite, its core modules centering around antivirus protection, web protection, ransomeware protection, and malicious traffic detection. The software usually retails for $59.99/£49.95 per year, $99.99/£89.95 for two years, and $139.99/£114.95 for three years, each subscription licensing up to 10 devices. You can currently get 25% off those prices, with the first year starting at $44.99/£37.46. In the past Sophos offered a free version of its Home product with just the antivirus protection and website protection. In late 2021, the company discontinued that version, leaving Sophos Home Premium as the only option for personal use. You can freely and fully use Home Premium for 30 days via an ad-free trial, the free trial protecting up to three devices. Find out how Sophos compares to the Best antivirus software for Mac we have tested. Sophos Home Premium is easy enough to download and requires macOS 10.12 (Monterey) or later to install and run. Installing the software proved to have its own set of issues and requires an online account to be set up. While the installer program functioned correctly, with the current version installing into the Sophos folder in the Applications folder, it didn’t activate the application in the expected way. Instead, everything was essentially controlled via the Menu Bar icon and a web-based interface. Yes, the program guides you through setting up permissions to install network tools, full disk access, and kernel extensions, but everything is based around the macOS menu bar pull-down menu and a web-based dashboard. Once you’ve signed into your Sophos account, it’s easy enough to customize and configure core elements such as actions that occur when malware is found, scan scheduling, and web filtering, and elements such as accessible scan logs, network file scanning, and easy access to creating whitelists and exceptions come in handy. Examining a scan log in Sophos Home Premium for Mac.Foundry Like similar programs, you can choose between quick scans to examine areas of the hard drive that might be infected with questionable software as well as full scans, which can take several hours and cover the full extent of the hard drive. While it takes a little nosing around the dashboard, users can configure the Web Filtering options to allow blocking for categories such as general interests, social networking and computing, and adult and potentially inappropriate categories and hone their filters in from there, excluding traffic that might be centered around adult content, gambling, hate, offensive content, violence, weapons, and other categories. The filters work reasonably well and helped block going to sites from some of my Gmail’s spam folder, and it’s easy enough to create a whitelist to provide exceptions for certain websites as needed. Unfortunately, there’s considerable room for improvement. Although Sophos Home Premium functions well with macOS’s GateKeeper feature and caught and filtered a respectable amount of test malware, it allowed both the AdWind malware and an infected copy of Adobe Flash Player to be installed. While the Adobe Flash Player application later offered an uninstallation option, the AdWind malware had to be removed with another utility, which proved discouraging. Other elements of the program felt awkward, and it felt surreal in that while the scan scheduling feature worked well, it only allows you to set schedule times set to every 30 minutes (11:00 AM, 11:30 AM, 12:00 PM, etc). The Dashboard’s home screen in Sophos Home Premium for Mac.Foundry The fact that the application runs entirely from the macOS Menu Bar and a web-based dashboard takes some getting used to, as nothing appears to be running by the Dock, and outside of a small Menu Bar animation, it can be difficult to gauge whether a scan is running unless the Menu Bar item is clicked on and Sophos Home Premium is opened from there. Finally, specifying and scanning an external volume such as a thumb drive or network volume feels like a harder process than it should be, with these elements included in the overarching Full Scan option, as opposed to being able to specify what you want to scan and doing this quickly and easily without having to wrestle with a web-based dashboard. Should you buy Sophos Home Premium? Sophos Home Premium is available for a good price to protect up to 10 devices, it caught a fair amount of test case viral software, and yes, it runs well in the background of the macOS operating system, but it feels like the elements that made the software feel awkward when we last looked at it three years ago haven’t been remedied and were barely looked into. Granted, there are some powerful customization options to be had within the depths of the Dashboard, but when it comes to ease of use (such as easily scanning an external volume), Sophos Home Premium seems lost in the dark with no hope of finding a flashlight in the near future. The price might be right, but there are other applications that take on these tasks and do them better, and they’re arguably worth looking into once the 30-day trial for this is complete.01:42 pmAre your Instagram recommendations a mess? You can now start from scratch
One of the biggest problems with social media is that our feeds are full of things the algorithms think we want to see, rather than what we actually want to see. If your Instagram recommendations seem increasingly removed from your interests, Meta is now offering you the chance to start again from scratch … more…01:39 pmTop Apple Podcast charts for 2024 show what everyone's been listening to
Apple has released a list of the most popular shows listened to via Apple Podcasts in 2024, with "The Daily" taking the top spot for the year in the United States.Image credit: AppleApple regularly publishes year-end charts for its various content services, giving a hint to what the world is listening to on their iPhone and other devices. On Tuesday, Apple issued its 2024 Apple Podcasts lists.Year-end charts are offered in nearly 100 countries and regions, appearing in the Browse tab of Apple Podcasts through to the end of the year. The regional charts provide details of the top overall podcasts, top new shows, most-followed shows, the most shared shows and episodes, and the top free and subscriber channels. Continue Reading on AppleInsider | Discuss on our Forums01:34 pmApple Reveals Most Popular Podcasts of 2024
Apple today shared the most popular podcasts of 2024, with year-end charts available in the Browse tab of the Podcasts app through the end of the year. The 2024 charts include the top podcasts overall, the top new podcasts that debuted this year, the most followed podcasts, the most shared podcasts and episodes, and more. The most popular podcasts of 2024 in the U.S., according to Apple Podcasts:Top Shows 1. The Daily 2. Crime Junkie 3. The Joe Rogan Experience 4. Dateline NBC 5. SmartLess 6. Huberman Lab 7. This American Life 8. New Heights with Jason & Travis Kelce 9. Up First from NPR 10. Morbid Top New Shows 1. The Tucker Carlson Show 2. Three 3. Mortal Sin 4. Drowning Creek 5. The Rise and Fall of Ruby Franke 6. Blood is Thicker: The Hargan Family Killings 7. Noble 8. Murder in the Hollywood Hills 9. Hysterical 10. Who Killed JFK? Top Series 1. Serial 2. Up and Vanished 3. Three 4. The Bakersfield Three 5. CounterClock 6. Something Was Wrong 7. Dr. Death 8. The Binge Cases 9. Rachel Maddow Presents: Ultra 10. The Binge Crimes Top Episodes 1. Crime Junkie: “SERIAL KILLER: The Alphabet Murders Part 1” 2. The Joe Rogan Experience: “#2219 - Donald Trump” 3. The Daily: “Harris Baits Trump: Inside Their Fiery Debate” 4. Dateline NBC: “Dangerous Secret” 5. The Bakersfield Three: “Episode 1: Fight Like a Mother” 6. SmartLess: “Vince Vaughn” 7. Three: “Skylar Is Missing | Chapter 1” 8. Serial: “Serial S04 - Ep. 1: Poor Baby Raul” 9. Mortal Sin: “1 – Ashes to Ashes” 10. New Heights with Jason & Travis Kelce: “Travis Wins on the Road, Jason Celebrates Shirtless and Full Divisional Round Recap | Ep 75” Most Shared Shows 1. Huberman Lab 2. Scamanda 3. Wiser Than Me with Julia Louis-Dreyfus 4. The Daily 5. The Bible in a Year (with Fr. Mike Schmitz) 6. The Bible Recap 7. The Mel Robbins Podcast 8. Sold a Story 9. Who Killed JFK? 10. Crime Junkie Most Shared Episodes 1. The Tucker Carlson Show: “Calley & Casey Means: The Truth About Ozempic, the Pill, and How Big Pharma Keeps You Sick” 2. The Mel Robbins Podcast: “The #1 Menopause Doctor: How to Lose Belly Fat, Sleep Better, & Stop Suffering Now” 3. The Daily: “The Year of Taylor Swift” 4. Huberman Lab: “Dr. Stacy Sims: Female-Specific Exercise & Nutrition for Health, Performance & Longevity” 5. The Joe Rogan Experience: “#2219 - Donald Trump” 6. The Ezra Klein Show: “Is Tim Walz the Midwestern Dad Democrats Need?” 7. Honestly with Bari Weiss: “Why the Kids Aren’t Alright” 8. We Can Do Hard Things: “263. Healing from Emotionally Immature Parents with Lindsay C. Gibson” 9. Call Her Daddy: “Vice President Kamala Harris” 10. Good Inside with Dr. Becky: “The Anxious Generation with Jonathan Haidt” Most Followed Shows 1. The Joe Rogan Experience 2. New Heights with Jason & Travis Kelce 3. Huberman Lab 4. Call Her Daddy 5. The Tucker Carlson Show 6. The Mel Robbins Podcast 7. SmartLess 8. Wiser Than Me with Julia Louis-Dreyfus 9. Crime Junkie 10. The Daily Top Subscriber Shows 1. Apple News+ Narrated 2. Morbid 3. Dateline NBC 4. The Rise and Fall of Ruby Franke 5. Dr. Death 6. SmartLess 7. Something Was Wrong 8. Scamtown 9. American Scandal 10. Mortal Sin Top Channels 1. Wondery 2. iHeartPodcasts 3. The New York Times 4. audiochuck 5. SiriusXM Podcasts 6. Dateline NBC 7. Dear Media 8. iHeart True Crime 9. Scicomm Media 10. Cumulus Podcast NetworkThese charts in the Podcasts app are localized for listeners in nearly 100 countries and regions. Listeners can also explore "Shows We Love," a curated collection of standout narrative and episodic series that Apple says resonated this year. Apple added that it will reveal its Show of the Year on Tuesday, December 3.Tag: Apple PodcastsThis article, "" first appeared on MacRumors.comDiscuss this article in our forums01:30 pmIntroducing Copilot Actions, new agents, and tools to empower IT teams
Microsoft 365 Copilot is becoming a daily habit for people around the world—already, nearly 70% of Fortune 500 companies are using it. Dow anticipates that Copilot will save it millions of dollars on shipping operations in the first year; at Bank of Queensland Group, 70% of users are saving two and a half to five hours per week; Eaton is speeding up internal documentation processes by 83%; and Accenture is going big, rolling out Copilot to 100,000 employees. The post appeared first on Microsoft 365 Blog.01:18 pmApple reveals the most popular podcasts of 2024, with nine different Top 10 lists
Apple has put together no fewer than nine different Top 10 lists, revealing the most popular podcasts of 2024. The lists kick off with the top shows of the year, but go on to list the most popular in a number of different categories, from new shows to those with the highest subscriber counts … more…01:16 pmHow can I sync these two animations?
I'm trying to make a github-contributions-like graph with an animation that highlights the squares and horizontally scrolls. However, all of the scrolling happens first and then the highlighting of the squares. How can I animate the squares and update the scroll every time a new column starts to get highlighted? private func colorForValue(_ value: Double, […]01:00 pmOutdated Risk Management Frameworks Face Growing Criticism
Risk management in many organizations is mired in a framework that can't keep pace with the challenges that most enterprise risk teams face. It needs to be modernized. That's the verdict that senior analysts Cody Scott and Alla Valente handed down in a recent Forrester Research blog that's critical of the Three Lines of Defense (3LOD) approach, which is widely used to assess organizational risk. The post appeared first on TechNewsWorld.12:56 pmThe expensive iPhone 17 Air may have a lot in common with Apple’s cheapest iPhone
The latest iPhone 17 Air report suggests that the expected ultra-slim model could be as thin as 6mm, which would make it the slimmest iPhone ever made. While that would be a challenging metric to hit, and we’ll believe it when there’s supporting evidence, we do seem to have growing clarity on the market Apple is targeting with the device … more…12:39 pmREMINDER: Post your app in a Saturday!
It’s becoming ridiculous how many posts we have to remove each day because app self-promotion is not submitted on Saturday. It’s even more absurd when users select the “App Saturday” flair without giving any thought to why Saturday is specified. We’re considering banning users for their lack of reading comprehension. While this subreddit is for […]12:36 pmSMS Delivery Receipt Delays to Multiple Network in Portugal
Nov 19, 04:36 PSTInvestigating - We are experiencing delays in receiving message delivery reports when sending to multiple networks in Portugal. Our engineers are working with our carrier partner to resolve the issue. We expect to provide another update in 1 hour or as soon as more information becomes available.12:24 pmReport: Google Merging Chrome OS Into Android to Rival iPad
Google is working on a multi-year project to fully migrate Chrome OS to Android as part of an effort to better compete with Apple's iPad, according to a new report from Android Authority citing an internal source at the company. The initiative would apparently see future Chromebook devices shipping with a desktop-optimized version of Android rather than Chrome OS, which would be a major shift in Google's operating system strategy. Google announced in June 2024 that Chrome OS would begin incorporating portions of Android's technical foundation, but the reported plans go much further toward a complete merger of the two platforms. Google is already laying groundwork for the transition by developing a new version of Chrome for Android with extension support and a Terminal application for running Linux apps. The company is also working on improved keyboard, mouse, and external display support for Android, along with features like multiple desktop spaces. The consolidation aims to create a more unified platform that can better challenge Apple's dominance in the high-end tablet market while allowing Google to more efficiently manage its development resources. Currently, neither Chrome OS nor Android has successfully competed with iPad, despite the multitasking shortcomings of iPadOS. The report notes that the strategy could also benefit the Android ecosystem by expanding its user base and making it more attractive to developers. Meanwhile, a separate report from Android Headlines suggests Google is developing a high-end Pixel-branded laptop, which could potentially showcase the new desktop-oriented Android platform. Google has not officially confirmed plans to phase out Chrome OS in favor of Android, and the company declined to comment on the report when contacted by Android Authority.Tag: GoogleThis article, "" first appeared on MacRumors.comDiscuss this article in our forums12:15 pmCat in old Apple documentation
I found a cat picture in some old iOS documentation on the Apple website 🙂 It's nothing special really, I just found it funny that some tech writer decided to include a couple of screenshots which included a cat. https://preview.redd.it/u1ro8qs9ou1e1.jpg?width=661&format=pjpg&auto=webp&s=07aad385f1bd262ea07f06a97f017371e2251f3a Source: https://developer.apple.com/library/archive/documentation/WindowsViews/Conceptual/ViewControllerPGforiOSLegacy/ModalViewControllers/ModalViewControllers.html submitted by /u/BaronSharktooth [link] [comments]12:03 pmiPhone 16 ban: Apple offers $100M to access 278M customers in Indonesia
Apple has responded to an iPhone 16 ban in Indonesia by offering a ten-fold boost to its manufacturing investments in the country. The Indonesian government responded aggressively when Cupertino company fell a little way short of its promised spend in the country, and Apple seems extremely keen to resolve the matter … more…11:56 amCorsair Debuts K65 Plus Wireless Keyboard and M75 Mouse for Mac
Corsair has announced Mac-compatible versions of its K65 Plus Wireless keyboard and M75 Wireless mouse, offering both peripherals in exclusive "Glacier Blue" and "Frost" color options designed to complement Apple devices. The K65 Plus Wireless is a 75% mechanical keyboard featuring pre-lubricated MLX Red v2 linear switches with integrated sound dampening for quieter typing. It includes Mac-specific Command and Option keys and supports connectivity via Bluetooth or 2.4GHz wireless, with battery life rated at up to 266 hours on a single charge. Meanwhile, Corsair's M75 Wireless mouse features an ambidextrous design weighing 89 grams and includes a 26K DPI Marksman optical sensor. The mouse connects via Bluetooth or Corsair's proprietary Slipstream wireless technology. Both peripherals can be customized through Corsair's iCUE software, which is now available for macOS, allowing users to adjust key assignments, lighting effects, and other settings. However, according to Gizmodo, the keyboard requires the use of a bundled USB-C to USB-A converter from Anker to connect it to new Macs that don't come with legacy USB-A ports, so that's something to keep in mind. The Frost versions of the K65 Plus Wireless keyboard and M75 Wireless mouse are available now through Apple's online store, priced at $179.95 and $129.95 respectively. The Glacier Blue variants will be available at a later date.This article, "" first appeared on MacRumors.comDiscuss this article in our forums11:52 amAMS (Amsterdam) on 2024-11-22
THIS IS A SCHEDULED EVENT Nov 22, 01:00 - 06:00 UTCNov 19, 11:32 UTCScheduled - We will be performing scheduled maintenance in AMS (Amsterdam) datacenter on 2024-11-22 between 01:00 and 06:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.11:30 amThe coming AI apocalypse could be just the doom Apple ordered
Macworld Shocking technology news this week as… here, let the Macalope just have an AI summarize it. “AI is the coolest and everyone loves it.” What?! No! That’s not… gah. “OpenAI, Google and Anthropic Are Struggling to Build More Advanced AI” (Bloomberg) It appears the wheels might be coming off AI a bit. Which, honestly, is probably the problem right there. The Macalope isn’t a programmer, but even he knows these things shouldn’t run on wheels. They should run on silicon. So if you’re running your AI on wheels, that’s the first thing you should try to fix. You’re welcome, AI companies. According to Bloomberg OpenAI, Google and Anthropic are all finding diminishing returns on their efforts to get “untapped sources of high-quality, human-made training data” at the same time they are faced with high costs associated with running the word-sausage-making machines they’ve already shipped. You may cry the Macalope a river, AI companies. On the first item, these companies have routinely appropriated content without consent and, even when they’ve asked for consent, have done it in the most difficult manner to get out of possible. On the second item, burning the Earth to a crisp in order to get your large language model to tell people to eat rocks and glue… the Macalope guesses we’ll see which kills humanity first, global warming or death by misinformation. It is certainly possible this is just a speed bump on the road to machines that, if they are not really thinking, at least appear to be doing so. However, it’s more than a bit sigh-inducing to see AI start to disappoint in the same way that the previous energy vampire technologies (apologies to Colin Robinson) like crypto did. Way back in June (remember June?), the Macalope wrote: The Macalope doesn’t consider himself someone prone to conspiracy theories, but he would not be surprise to find out years from now that Nvidia has been running a powerful psychological ops campaign that dreams up technologies that require its boards to run and then convinces venture capital firms to invest in them. If it turns out AI is running out of gas and suddenly next year there’s some other processor-intensive technology that comes out that just happens to need GPUs, well, let’s just say this is looking less like a conspiracy theory and more like an educated guess. Also, the Macalope should probably put an expiration date on that “AI running on gas” metaphor because the incoming U.S. presidential administration would probably be all too willing to allow it to literally run on gas. AI is a party Apple is probably happy to have arrived to late and maybe leave early, but the company’s not immune to the collective yawn this technology seems to engender. As more people are testing the iOS 18.2 beta, more are experiencing the… “joys” is definitely the wrong word there. “Nightmare fuel” is probably a little strong, but more directionally correct. Ah. More are experiencing the fever dreams produced by Image Playground. Summaries often aren’t much better, apparently going so far as to turn children into husbands which is super awkward. IDG AI was supposed to drive a wave of upgrades to new phones for Apple but it’s a technology that few have asked for that often delivers results no one asked for. Absolutely everyone: [nothing at all] AI: “EAT ROCKS!” Absolutely everyone: “Who said that?!” Apple will, of course, continue to do just fine (thank you, services revenue) and is probably better poised to pivot away from this if it continues to run into a brick wall than many of its competitors. The Macalope started with a joke about summaries but he has to say Apple’s summarize tool did a pretty good job on this column: AI companies face challenges in improving their models due to limited data and high costs. Despite initial excitement, AI’s performance has fallen short of expectations, raising concerns about its future. Apple, while not immune to AI’s limitations, is better positioned to pivot away from it due to its strong services revenue. Still, the Macalope would have highlighted the metaphors used: “AI seems like its wheels are coming off and it’s running out of gas and headed for a brick wall.”11:20 amApple Offers $100 Million Investment to End Indonesia's iPhone 16 Ban
Apple has significantly raised its proposed investment in Indonesia to $100 million, a tenfold increase from its initial $10 million offer reported earlier this month. The new proposal aims to convince Indonesian authorities to lift their ban on iPhone 16 sales. According to Bloomberg, the increased investment would be spread over two years. However, Indonesia's Ministry of Industry is reportedly now pushing Apple to direct more of the investment toward smartphone research and development within the country. Indonesia blocked iPhone 16 sales in October after determining that Apple had not met the country's 40% domestic content requirement for smartphones. The government also claims Apple has invested only 1.5 trillion rupiah ($95 million) through developer academies, falling short of a promised 1.7 trillion rupiah commitment. The ministry has yet to make a final decision on Apple's enhanced proposal. Recent attempts by Apple executives to meet with industry minister Agus Gumiwang Kartasasmita in Jakarta are said to have been unsuccessful, with the executives meeting a director-general instead. Indonesia represents a significant market for Apple, with the country's population of 280 million operating some 354 million active mobile phones.Tag: IndonesiaThis article, "" first appeared on MacRumors.comDiscuss this article in our forums11:18 amSMS Delivery Delays to Telma Network in Madagascar
Nov 19, 03:17 PSTInvestigating - We are experiencing SMS delivery delays when sending messages to Telma Network in Madagascar. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available.11:15 amApple Vision Pro's ultra-wide Mac display mirroring is the killer app spatial computing needs | AppleInsiderApple Vision Pro's ultra-wide Mac display mirroring is the killer app spatial computing needs
With the release of visionOS 2.2, Apple will add support for ultra-wide displays when mirroring a Mac's display. And it might just be the Apple Vision Pro killer app I've been waiting for.Apple Vision Pro needed a killer app and it's finally getting oneAt the time of writing the visionOS 2.2 update is only available to developers willing to install it on the headset they use for app development. But it'll soon be made available to everyone who wants it. And while there are a few new improvements for Apple Vision Pro owners to look forward to, there's one that's particularly exciting — big Mac display mirroring upgrades.The Mac mirroring isn't new of course, but the addition of new wide and ultra-wide options most definitely is. And it makes for a huge improvement for those who want to use their fancy spatial computer as a display for their Mac. Continue Reading on AppleInsider | Discuss on our Forums11:15 amBeware: If you’re buying a new iPhone, porch pirates are smarter than ever
Macworld As Black Friday approaches, two things are certain: Piles of packages arriving on our doorsteps and porch pirates looking to snatch them all. And according to a new report, if you’re buying a new iPhone, you may be at an even higher risk. The Wall Street Journal reports that thieves have begun targeting iPhone deliveries across the U.S. by gaining access to AT&T tracking numbers. Since the carrier doesn’t generally require a signature for delivery, porch pirates can stake out homes and instantly grab the package before the homeowner is even aware it has been dropped off. The Journal says that some thieves are dressing up as delivery drivers themselves to allay any suspicion. For its part, AT&T says it will “work as quickly as possible with the customer to make it right,” but has no plans to change its policy. It only requires a signature in high-theft markets, and if you don’t live in one, that’s unlikely to change anytime soon. The company points out that in-store pickup is also an option. Apple requires a signature for purchases through its store, but many other stores, including Amazon, don’t, even on large purchases like a MacBook. So if thieves are able to gain access to AT&T tracking numbers, they can conceivably get other companies’ numbers as well. So if you don’t have a drop box or some other way to secure your deliveries, you’ll definitely want to be a little more vigilant when waiting for packages to arrive this season.11:00 amApple @ Work Podcast: FIDO Alliance’s plan for Passkey migration
Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. In this episode of Apple @ Work, I talk with Rew Islam from Dashlane about the plans from the FIDO Alliance to allow for Passkey migration between various password managers. more…10:48 amiMac M4 review: Minor changes lead to perfection for Apple's all-in-one Mac
Apple's 2024 iMac M4 got some internal updates to a familiar design, and the bevy of those small changes helped Apple perfect its ever-popular all-in-one.iMac M4 review: The new 2024 M4 iMac in greenThe new wave of colorful iMacs debuted in November 2024, alongside upgraded MacBook Pros and a redesigned Mac mini. We picked one up and have been testing it out in the studio for the past two week or so.Unsurprisingly, we were happy with what Apple delivered here. Continue Reading on AppleInsider | Discuss on our Forums10:46 amAqara Launches Smart Smoke Detector and Valve Controller
Aqara today announced two new smart home safety products – a Smoke Detector for European markets and a Valve Controller T1 for global release. Both devices expand the company's home safety lineup with Matter compatibility and Apple HomeKit integration. The Valve Controller T1 is designed to prevent water damage by retrofitting onto existing household water valves. It can automatically shut off water flow when linked to leak sensors and supports common pipe sizes from 1/2" to 1". The controller runs on four AA batteries with an estimated two-year battery life. The new Smoke Detector, available exclusively in Europe, features an 85-decibel siren and smartphone notifications for smoke detection. When paired with Aqara cameras, homeowners can visually verify alarms remotely. The detector can also trigger other Aqara hub sirens and grouped smoke detectors for whole-home alerts. Both products work with Apple Home, Amazon Alexa, and Google Home through Matter-over-Bridge support. This enables automated routines like flashing smart lights red during smoke detection or shutting down HVAC systems to prevent smoke circulation. The Smoke Detector utilizes Zigbee protocol for efficient power usage, offering up to 10 years of battery life. Both devices can be managed through the Aqara Home app for configuration and monitoring. The Valve Controller T1 is available now through Aqara's Amazon stores in the US and Europe. The Smoke Detector can be purchased from Aqara's European Amazon stores and select retailers.Tags: Aqara, HomeKitThis article, "" first appeared on MacRumors.comDiscuss this article in our forums10:42 amApple Watch is a bargain this Black Friday 2024
Macworld The annual Black Friday sales event is a fantastic time to buy an Apple Watch, with big savings from a wide variety of retailers. Technically it lasts just four days, from Black Friday (November 29, 2024) to Cyber Monday (December 2, 2024), but prices tend to drop throughout November and the deals have started appearing already. In this article we will share all the best Apple Watch deals in the run up to Black Friday 2024 and throughout the event. We also share our advice about how to get the best deal on an Apple Watch, what to look out for, and what to avoid. Does Apple do Apple Watch deals on Black Friday? Apple doesn’t do discounts, but it holds a shopping event over the Black Friday weekend. This typically consists of gift card offers rather than actual savings. In 2023 you could get gift cards with qualifying purchases on Apple’s U.S. site or Apple’s U.K. site. We are still waiting for details of how much the gift cards will be worth this year, but last year you got a $50/£40 card when you bought the Apple Watch SE or Series 9. Read Apple’s Black Friday 2024 deal for the latest information. While Apple doesn’t cut Apple Watch prices for Black Friday, plenty of other retailers do. We are sharing the best deals we have seen so far below. Best Apple Watch deals for Black Friday 2024 U.S. Amazon, Apple Watch Series 10 (42mm): $349 ($50 off with coupon, MSRP $399) Amazon, Apple Watch Series 10 (46mm): $379 ($50 off, MSRP $429) Amazon, Apple Watch SE 2 (40mm): $189 ($60 off, MSRP $249) Amazon, Apple Watch SE 2 (44mm): $219 ($60 off, MSRP $279) Amazon, Apple Watch Ultra 2: $700 ($99 off, MSRP $799) U.K. Amazon, Apple Watch Ultra 2 (49mm, GPS + Cellular): £769 (£30 off, RRP £799) Amazon, Apple Watch Series 10 (46mm): £409 (£20 off, RRP £429) Amazon, Apple Watch Series 10 (42mm): £379 (£20 off, RRP £399) Argos, Apple Watch SE (40mm) (2022): £209 (£10 off, RRP £219) Argos, Apple Watch Series 9 (45mm): £329 (RRP was £429 – Clearance) Argos, Apple Watch Series 9 (41mm): £299 (RRP was £399 – Clearance) Black Friday 2024: How to get the best deal on the right Apple Watch Apple currently sells three Apple Watches: the standard Apple Watch Series 10 (starting at $399/£399), the cut-price Apple Watch SE (from $249/£219), and the premium Apple Watch Ultra 2 (from $799/£799). These are each available in a range of colors, materials, and sizes, which may affect the price. For most customers the Apple Watch SE will be more than sufficient; however, the Series 10 offers a bigger screen (with always-on functionality) and better health sensors. The Ultra is only worth getting if you live a life of adventure and need a watch that can cope with the rough and tumble of long hikes, perilous climbs, and underwater dives. For detailed advice on selecting the best model for you, check out our Apple Watch buying guide. You can get a deal on an Apple Watch all year round in our round up of the Best Apple Watch deals. You may also see deals on older models that Apple itself doesn’t sell any more. The Apple Watch Series 9 came out in fall 2023 and was only discontinued two months ago; that should still serve you perfectly well. For that matter, the Series 8 and 1st-gen Ultra launched in fall 2022, the same time as the current SE, so they ought to do fine too. But we’d probably steer clear of anything older than that. It’s important to be aware that Black Friday will bring bad deals as well as good ones. Retailers don’t want to give you a great deal; they want you to buy their unwanted stock at a high price, and will use all sorts of tricks to persuade you to do so. Don’t let them get away with it. Always check the current MSRP/RRP for the watch you’re planning to buy (we include these with all of our recommended deals). Apple tends to drop prices on older products on a yearly basis, but retailers may conveniently forget to mention this and quote the old price instead. That makes their discount look bigger and the deal more appealing. Some retailers also raise their own prices ahead of Black Friday, then drop them back down and claim a large saving. Price tracker sites like CamelCamelCamel can help you to work out if this has happened. We will also flag it if we see it. It’s worth checking reviews and buying guides (such as ours, linked above) to assess the age and worth of the device. Make sure you’re not being fobbed off with antiquated stock. Also, watch out for deals on the cellular models; these can look like big savings, but in our experience there is little point in owning a cellular Apple Watch. You might as well pay less and get the standard model. Finally, what actually constitutes a good deal? U.S. buyers should be looking at a benchmark of roughly $60 to $70 off the current models and $100 or more off discontinued ones, which is what we saw in 2023. But deals tend to be weaker in the U.K., where we struggled to find £30 off anything last year. We hope the retailers will do better this time around, but you may need to prepare yourself for disappointment. Black Friday: Latest Apple Watch Series 10 deals The Apple Watch Series 10 came out in September 2024. The 42mm model starts at $399/£399. Retailer Price $349 View Deal $349 View Deal $399 View Deal 399 View Deal $399 View Deal $399.99 View Deal Price comparison from over 24,000 stores worldwide View more prices Product Price Price comparison from Backmarket The 46mm version of the Apple Watch Series 10 starts at $429/£429. Retailer Price $379 View Deal $379 View Deal $429 View Deal $429.99 View Deal Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket Black Friday: Latest Apple Watch Ultra 2 deals Apple Watch Ultra 2 came out in September 2023. It has an MSRP of $799/£799. New Refurbished Retailer Price $799 View Deal $799 View Deal $799.99 View Deal Price comparison from over 24,000 stores worldwide Product Price Apple Watch Ultra 2 (2023) GPS + Cellular 49 mm – Titanium Natural Titanium – Ocean band Blue $556.28 View Deal Apple Watch Ultra 2 (2023) GPS + Cellular 49 mm – Titanium Natural Titanium – Alpine loop Blue $605.12 View Deal Price comparison from Backmarket Black Friday: Latest Apple Watch SE (2022) deals Apple’s first budget SE smartwatch came out in 2020; this is the second-gen model, which launched in September 2022. Prices start at $249/£219 for the smaller version. (If you don’t see any deals below this paragraph, that means there’s no stock left in your region.) Retailer Price $189 View Deal $299.99 View Deal Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket The larger 44mm version has an MSRP of $279/£249. Retailer Price $279 View Deal Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket Black Friday: Latest Apple Watch Series 9 deals The Series 9 was released in 2023, having launched alongside the Ultra 2. The 41mm version had an MSRP of $399/£399 before being discontinued. New Refurbished Retailer Price $379.99 View Deal $399 View Deal $399.99 View Deal $409 View Deal Price comparison from over 24,000 stores worldwide Product Price Smart Watch MR953LL/A HR – Pink $249.99 View Deal Apple Watch Series 9 (2023) GPS 41 mm – Aluminium Silver – Sport band Blue $267.15 View Deal Apple Watch Series 9 (2023) GPS + Cellular 41 mm – Aluminium Silver – Sport band Blue $349 View Deal Price comparison from Backmarket The 45mm version of the Apple Watch Series 9 was $429/£429. Retailers worth checking out U.S. Apple Amazon U.S. Best Buy Costco Target Walmart U.K. Apple Amazon U.K. Argos Currys John Lewis KRCS Very Amazon Lightning Deals Check out these time-limited tech deals before they go. (Prices subject to change.) Monster Boomerang Neckband Bluetooth Spe…$59.99 ( 33% off, was $89.99 ) Norton 360 Platinum 2024$39.99 ( 69% off, was $129.99 ) Beats Studio Buds – True Wireless Noise …$99.95 ( 33% off, was $149.95 ) Beats Studio Buds – True Wireless Noise …$99.99 ( 33% off, was $149.95 ) Beats Studio Buds – True Wireless Noise …$99.99 ( 33% off, was $149.95 ) Logitech G PRO X SUPERLIGHT Wireless Gam…$91.00 ( 43% off, was $159.99 ) BOSCH GPB18V-5CN 18V Jobsite Radio with …$150.54 ( 34% off, was $229.00 ) SAMSUNG 98-Inch Class QLED 4K Q80C Serie…$3997.99 ( 50% off, was $7997.99 ) Blink Outdoor 4 (4th Gen) + Battery Exte…$49.99 ( 58% off, was $119.99 ) Introducing Ring Pan-Tilt Indoor Cam | S…$49.99 ( 37% off, was $79.99 ) SAMSUNG 43-Inch Class QLED 4K QN90D Seri…$897.99 ( 40% off, was $1497.99 ) SAMSUNG 75-Inch Class QLED 4K QN90D Seri…$1797.99 ( 45% off, was $3297.99 ) Hisense 50-Inch Class U6HF Series ULED 4…$299.99 ( 40% off, was $499.99 ) Hisense 100-Inch Class U7 Series ULED 4K…$1798.00 ( 40% off, was $2997.95 ) Hisense 100-Inch Class U8 Series Mini-LE…$2997.99 ( 40% off, was $4997.99 ) SAMSUNG 85-Inch Class QLED 4K QN90D Seri…$2297.99 ( 52% off, was $4797.99 ) SAMSUNG 50-Inch Class QLED 4K QN90D Seri…$997.99 ( 37% off, was $1597.99 ) SAMSUNG 65-Inch Class OLED 4K S85D Serie…$1297.99 ( 38% off, was $2097.99 ) All New, Made for Amazon$14.99 ( 46% off, was $27.99 ) Made for Amazon$14.99 ( 40% off, was $24.99 ) Black Friday 2024: Best deals for Apple products Check out these roundups for the best Apple deals: Best Black Friday 2024 Apple accessory deals Apple Black Friday 2024 sale Best Black Friday 2024 Apple deals Best Black Friday 2024 Mac Deals Best Black Friday 2024 MacBook deals Best Black Friday 2024 AirPods deals Best Black Friday 2024 Apple Watch deals Best Black Friday 2024 iPad deals Best Black Friday 2024 iPhone deals Best Black Friday 2024 Mac monitor deals Best Black Friday 2024 SSD and external hard drive deals10:22 amRussia SMS Carrier Maintenance – Beeline
THIS IS A SCHEDULED EVENT Nov 20, 13:00 - 16:00 PSTNov 19, 02:13 PSTScheduled - The Beeline network in Russia is conducting an emergency maintenance from 20 November 2024 at 13:00 PST until 20 November 2024 at 16:00 PST. During the maintenance window, there could be intermittent delays delivering SMS to Beeline Russia handsets.10:22 amRussia SMS Carrier Maintenance – MOTIV
THIS IS A SCHEDULED EVENT Nov 20, 10:20 - 13:00 PSTNov 19, 02:15 PSTScheduled - The MOTIV network in Russia is conducting an emergency maintenance from 20 November 2024 at 10:20 PST until 20 November 2024 at 13:00 PST. During the maintenance window, there could be intermittent delays delivering SMS to MOTIV Russia handsets.10:15 amApple releases fix for disappearing data in Notes program
Apple has apparently acknowledged the issue and offered a solution to fix a scary bug in its Notes program that caused entered data to disappear. The company issued a new set of terms and conditions that appeared via a device pop-up window. That happened a couple of weeks ago for iCloud terms, and while the […] Source10:10 amNext word prediction in keyboard extension
I'm making a keyboard extension with the excellent keyboardkit. Does anyone know a library that can do next word prediction? Or perhaps a light ai model that could do it? submitted by /u/Electronic_Fly7364 [link] [comments]10:00 amApple to discontinue iCloud backup support for devices running iOS 8 or earlier in December | PowerPageApple to discontinue iCloud backup support for devices running iOS 8 or earlier in December
You’re going to have to upgrade your devices or find a workaround eventually. Beginning in December, Apple will require users performing a backup over iCloud to be running iOS 9 or later. Per an email to its customers, Apple stated that new backups for iPhones and iPads running iOS 8 or earlier will no longer […] Source09:47 amMeet Pidgeon: a different way to digest news and stay up to date with trends | Reddit on iOS ProgrammingMeet Pidgeon: a different way to digest news and stay up to date with trends
Hey everyone! First of all I wanted to thank this subreddit as it's been a great inspiration and source of information whilst developing the app. It was a very long journey but I'm finally excited to share Pidgeon, a news summaries app I've built that uses AI to deliver concise summaries of trending stories from […]09:35 amRevertibe – A state versioning library to replace UndoManager
Hey all, I've recently updated and open sourced my old state versioning library that I made to replace UndoManager. It tracks changes to your state for you and gives you access to undo and redo actions, as well as version tagging and scope management. The recent updates improved the interface, providing a single macro for […]09:24 amGetting started on paywalls
Just finished swiftUI, and planning on my first app right now. I'm trying to get my hands on paywall/verification right now but weren't able to find any valuable resources by googling and searching through this sub. A link to a well-written article could help. I am also going to build a relay server with python, […]09:23 amStats and Widgets for Google Admob
https://preview.redd.it/elsbqvkhtt1e1.png?width=2046&format=png&auto=webp&s=74a8a3020c75ece6ee6eb1fdcbf3ca8984c4c51e Hey Redditors! 🤙🏼 Not too long ago, I wanted a way to see my AdMob earnings right on my iPhone with clean, simple widgets. I found a few apps, but they were cluttered with ads and had a confusing layout—so I decided to create my own!! ⭐️ Features ✅ Daily, Weekly, and Monthly Revenue […]08:53 amSMS Delivery Delay To Multiple Airtel Networks In Congo.
Nov 19, 00:53 PSTResolved - We are no longer experiencing SMS delivery delays when sending messages to Airtel Network in Congo. This incident has been resolved.Nov 18, 22:54 PSTMonitoring - We are observing recovery in SMS delivery delays when sending messages to Airtel Network in Congo. We will continue monitoring the service to ensure a full recovery. We will provide another update in 2 hours or as soon as more information becomes available.Nov 18, 03:36 PSTUpdate - We continue to experience SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 24 hours or as soon as more information becomes available.Nov 17, 03:36 PSTUpdate - We continue to experience SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 24 hours or as soon as more information becomes available.Nov 16, 03:42 PSTUpdate - We continue to experience SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 24 hours or as soon as more information becomes available.Nov 15, 11:46 PSTUpdate - We continue to experience SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 16 hours or as soon as more information becomes available.Nov 15, 03:47 PSTUpdate - We are experiencing SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 8 hours or as soon as more information becomes available.Nov 15, 00:05 PSTUpdate - We are experiencing SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 4 hours or as soon as more information becomes available.Nov 14, 22:19 PSTUpdate - We are experiencing SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 2 hours or as soon as more information becomes available.Nov 14, 21:26 PSTInvestigating - We are experiencing SMS delivery delays when sending messages to Airtel Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available.08:38 amMy First App in Apple Store
Hi Reddit! 👋 After months of hard work, I’m thrilled to share that I’ve officially launched my very first iOS app — Fish Mystery! 🎣 It’s a fun and engaging game perfect for anyone who loves puzzles and exploration. 💡 About the app: Unique gameplay Beautiful design Suitable for all ages 📲 You can download […]08:22 amUnited States SMS Carrier Maintenance – T-Mobile
THIS IS A SCHEDULED EVENT Nov 19, 23:00 PST - Nov 21, 04:00 PSTNov 18, 23:52 PSTScheduled - The T-Mobile network in the United States is conducting a series of emergency maintenances from 19 November 2024 at 23:00 PST until 21 November 2024 at 04:00 PST. During the maintenance window, there could be intermittent delays delivering SMS to and from T-Mobile United States handsets.Note, the maintenance will be carried out on each of the following dates and times:19 November 2024 at 23:00 PST until 20 November 2024 at 02:00 PST21 November 2024 at 00:00 PST until 21 November 2024 at 04:00 PSTWe are aware of the short notice and are working with our Carrier Partners to provide earlier notification where possible.08:04 amMy RSS Reader PoweReader is now on Product Hunt! 🚀
Why I Built This I was a long-time Reeder user, but as someone who heavily reads English RSS feeds, I constantly found myself switching between Reeder and translation tools. While my English is decent, reading in English is still slower than in my native language. After discovering immersive translation (which displays original text alongside translations), […]07:22 am💬❓ AppStore promotional codes and other free tokens
Hey everyone, I have an app on the AppStore with these characteristics: – it has a hard paywall – a single in-app monthly subscription with 1 month free trial – option to enter promotional codes (that I generate through the AppStoreConnect) and which extend that trial to 6 months – I have user authentication via […]07:16 amSMS Delivery Delay To Africell Network In Congo
Nov 18, 23:16 PSTInvestigating - We are experiencing SMS delivery delays when sending messages to Africell Network in Congo. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available.06:45 amSMS Delivery Failures to Telefonica Network in El Salvador
Nov 18, 22:45 PSTInvestigating - We are experiencing SMS delivery failures to Telefonica Network in El Salvador. Our engineers are working with our carrier partner to resolve the issue. We expect to provide another update in 1 hour or as soon as more information becomes available.06:06 amiPhone 17 Air could be Apple’s slimmest iPhone ever
Apple's 2025 iPhone 17 Air could be insanely thin at just 6mm, making it the slimmest iPhone ever, as per an Apple analyst. (via Cult of Mac - Apple news, rumors, reviews and how-tos)05:49 amCan I host a privacy policy page on GitHub io for iOS apps. Or must it be on custom domain to match app domain. | Reddit on iOS ProgrammingCan I host a privacy policy page on GitHub io for iOS apps. Or must it be on custom domain to match app domain.
Must the policy specify which app it relates to or can be a catch all company privacy policy. What is the bare minimum a need in terms of online presence. I will provide support through a ticket email system submitted by /u/Reasonable_Edge2411 [link] [comments]04:22 amUS SMS Carrier Maintenance – Small US Carriers
THIS IS A SCHEDULED EVENT Nov 20, 19:00 - 21:00 PSTNov 18, 20:08 PSTScheduled - A subset of small networks in the US are conducting a planned maintenance from 20 November 2024 at 19:00 PST until 20 November 2024 at 21:00 PST. During the maintenance window, there could be intermittent delays delivering SMS to and from small US carriers handsets.04:10 amHow to enable and use RCS for secure cross-platform messaging
Apple's messaging app Messages has adopted a new cross-platform messaging standard called RCS. Here's how to be sure you have it enabled on your iPhone, and what new features it gives you when messaging people on other platforms.RCS messaging brings more features to cross-platform messaging.The RCS protocol, which stands for Rich Communication Services, brings some of the abilities of Messages to users who aren't on iPhones. It has also been adopted by other messaging apps, such as WhatsApp.As of iOS 18, RCS is supported — meaning some features you previously only saw when reading or sending messages to other iPhone users also now work when conversing with Android owners. Continue Reading on AppleInsider | Discuss on our Forums02:36 amSMS Delivery Delay To Telikom Network In Papua New Guinea
Nov 18, 18:36 PSTInvestigating - We are experiencing SMS delivery delays when sending messages to Telikom Network in Papua New Guinea. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available.02:12 amApple to increase Indonesia investment tenfold to appeal iPhone 16 ban
Indonesia hasn't budged on Apple's $10 million investment offer to lift an iPhone 16 sales ban, so the company has reportedly increased its offer to $100 million.iPhone 16 has been banned from sale in IndonesiaIndonesia Ministry of Industry blocked Apple's ability to sell the iPhone 16 in the country after falling short of a $109.6 million commitment to invest. Apple reportedly offered an additional $10 million investment on November 5, but that appears to have not been enough to get the sales ban lifted.According to a report from Bloomberg, Apple has allegedly offered to invest almost $100 million into Indonesia over the next two years. The Ministry of Industry hasn't made a decision yet, but it is reportedly demanding Apple rethink its investment plans to focus on R&D. Continue Reading on AppleInsider | Discuss on our Forums01:52 amAMS (Amsterdam) on 2024-11-20
THIS IS A SCHEDULED EVENT Nov 20, 01:00 - 06:00 UTCNov 19, 01:46 UTCScheduled - We will be performing scheduled maintenance in AMS (Amsterdam) datacenter on 2024-11-20 between 01:00 and 06:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.01:47 amSms Delivery Delays to Spark in New Zealand
Nov 18, 17:47 PSTInvestigating - We are experiencing SMS delivery delays when sending messages to Spark in New Zealand. Our engineers are working with our carrier partner to resolve the issue. We will provide another update in 1 hour or as soon as more information becomes available.01:42 amSecurity Bite: Why email security is still so bad
It’s a little-known fact that before emails reach your inbox, they pass through a buffer designed to scan and block malicious content. However, over time, email providers—especially Gmail—have shifted their focus to just adding “warning labels” to those with suspicious links or attachments. This approach, best described as “beating around the bush” hasn’t reduced threats much at all. Shockingly, 91% of all cyberattacks still originate from emails. So, what gives? 9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. more…12:25 amOngoing iOS 18 Bug Prevents Photo Edits From Being Saved
There is an ongoing but infrequent Photos bug that some iPhone users have been experiencing since upgrading to iOS 18. The issue occurs when attempting to save edits on an image, with users seeing the following message: "There was an error saving this photo. Please try again later." As the message suggests, edits are not able to be saved, and hitting "Cancel" and discarding changes is the only way to get out of the editing interface. A lot of the complaints about the problem have been from users who have an iPhone 16 model, but it also appears to be impacting some older iPhones as well. We've run into this bug several times at MacRumors, and it seems to be impacting every version of iOS 18 to date. Reports about the bug started in September, and have continued since then. Most recently, several beta testers running iOS 18.2 have reported seeing the popup. It is worth noting that this is an error that some people ran into before iOS 18, but it appears to be much more frequent now. It's not clear what's causing the problem, and it does not seem to impact all users or even every photo. It could be linked to Live Photos, or it could be an issue with iCloud Photos. Some users have all photos from a specific day bugged, indicating a problem with photo capture or saving. There is no complete fix, but duplicating a broken image with a "still photo" allows the edits to be saved, but it removes Live Photo and Photographic Styles.Related Roundups: iOS 18, iPadOS 18Related Forums: iOS 18, iPadOS 18This article, "" first appeared on MacRumors.comDiscuss this article in our forums12:05 amPSA: M4 Macs can’t run virtual machines with older versions of macOS
iMac and , which brings a lot of performance improvements – especially when it comes to AI tasks. However, users are facing issues when trying to run virtual machines with some older versions of macOS on the new machines. more…Monday November 1811:22 pmUnited States SMS Carrier Partner Maintenance
THIS IS A SCHEDULED EVENT Nov 19, 23:00 PST - Nov 20, 03:00 PSTNov 18, 15:09 PSTScheduled - Our SMS carrier partner in the United States is conducting a planned maintenance from 19 November 2024 at 23:00 PST until 20 November 2024 at 03:00 PST. During the maintenance window, there could be intermittent delays delivering SMS to and from United States handsets via United States short codes.11:06 pmU.S. DoJ Wants Google to Sell Chrome Browser
The United States Department of Justice wants Google to sell off its Chrome browser as part of an ongoing antitrust lawsuit, reports Bloomberg. Earlier this year, Google was found to have a search monopoly, and antitrust regulators have since been deciding on the actions that should be taken to address Google's anticompetitive practices. The DoJ plans to ask the court to force Google to sell Chrome, which is the most popular web browser in the world by a wide margin. Chrome's integration with Google Search and other Google products has been cited as one of the factors limiting search competition. Regulators also want Google to uncouple the Android operating system from other products like Google Search and the Google Play Store, both of which are apps installed on Android devices by default. It's not clear how unbundling Android from Google Play would work as Google Play is the Android app store. he DoJ initially wanted Google to sell off Android entirely, but has since backed off of that suggestion. The DoJ will recommend that Google be required to license data and syndicate results from Google Search without restrictions. Bloomberg suggests that syndication would allow rival search engines and AI startups to improve their quality, while the data feed would let others build their own search indexes. Google could also be required to share more data with advertisers, with advertisers given more control over where their ads appear. Google will be prevented from entering into exclusive deals such as the deal that it has with Apple to make Google the default Safari search engine. Google paid Apple $20 billion in 2022 to be the Safari default. Google is appealing the antitrust, while the judge overseeing the case plans to hold a two-week hearing in April 2025 to go over what changes Google has to make to address anticompetitive search behavior. From there, a final ruling is set to be issued in August 2025.Tags: Chrome, GoogleThis article, "" first appeared on MacRumors.comDiscuss this article in our forums11:00 pmResearcher reverse engineers new iPhone security feature ‘Inactivity Reboot’
A recent report by 404 Media revealed that law enforcement agents have been concerned about automatically rebooting themselves, which makes it very difficult to hack these devices. Security researcher Jiska Classen later discovered that this behavior is caused by a new feature called “Inactivity Reboot,” which has now been reverse-engineered by Classen. more…10:52 pmUnited States MMS Carrier Partner Maintenance
THIS IS A SCHEDULED EVENT Nov 20, 22:00 PST - Nov 21, 03:00 PSTNov 18, 14:39 PSTScheduled - Our MMS carrier partner in the United States is conducting a planned maintenance from 20 November 2024 at 22:00 PST until 21 November 2024 at 03:00 PST. During the maintenance window, there could be intermittent delays delivering MMS to and from United States handsets.10:48 pmNFC card to apple wallet
Hello, I am working on a feature,where i want to add nfc card on my apple wallet, I have all necessary tools for that, apple developer account where I can create pass type identifiers and certificates, but I really do not know if it is even possible to add nfc card and use it as […]10:37 pm9to5Mac Daily: November 18, 2024 – Next-gen AirTag, ChatGPT upgrades
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple’s Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by CardPointers: The best way to maximize your credit card rewards. 9to5Mac Daily listeners can exclusively save 50%. more…10:29 pmiPhone 17 Air could be Apple's thinnest iPhone yet, with a thickness of just 6mm
The iPhone 17 range could introduce a redesigned iPhone with a thickness of just around 6mm, making it the thinnest iPhone ever. Here's what we know so far.The iPhone 17 Slim could be Apple's thinnest iPhone yet.Well before the release of the iPhone 16 range in September 2024, rumors of an iPhone 17 Slim or iPhone 17 Air started popping up.Apple reportedly wants to replace its existing Plus line with a redesigned iPhone 17 Slim, with a 6.6-inch display, ProMotion, and a single rear camera. The most noteworthy characteristic of the upcoming iPhone, however, is its thickness. Rumor Score: 🤔 Possible Continue Reading on AppleInsider | Discuss on our Forums10:26 pmiPhone 17 rumors: A19 chip details, smaller Dynamic Island, more
Apple analyst Jeff Pu is out with a new investor note this week with more details on what to expect from next year’s iPhone 17 lineup. There’s also an interest twist on what to expect from the so-called iPhone 17 Air’s design… more…10:22 pmGIG (Rio de Janeiro) on 2024-11-20
THIS IS A SCHEDULED EVENT Nov 20, 18:00 - 22:00 UTCNov 18, 22:06 UTCScheduled - We will be performing scheduled maintenance in GIG (Rio de Janeiro) datacenter on 2024-11-20 between 18:00 and 22:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.10:16 pmSwiftData – “‘insert’ with duplicate .unique property does an upsert” is not working at all. What am I missing? | Reddit on iOS ProgrammingSwiftData – “‘insert’ with duplicate .unique property does an upsert” is not working at all. What am I missing?
Really stuck here. As far as I can tell I should be able to insert a model that has a duplicate 'unique' identifier and it should perform an upsert. Instead, I'm seeing weird behavior that sometimes changes but mostly it's inserting duplicate models and sometimes updating? Here's the code: @Model class TestModel { @Attribute(.unique) var […]10:05 pmRumored ‘iPhone 17 Air’ would be thinnest iPhone ever
A recent research note suggests that Apple's upcoming "iPhone 17 Air" model may be significantly thinner than previous generations… The post appeared first on MacDailyNews.09:45 pmWidget does not work in Xcode Simulator
Xcode 16.1. Just finished building a couple widgets for an app. The strange thing is the widget never works (i.e., placeholder/snapshot or timeline view not rendered at all) in the simulator (tried all iPhone 16 variants running iOS 18.0 and none of them worked). However, the same widget works perfectly fine on real devices running […]09:44 pmiPhone 17: Newer 3nm Technology Expected for A19 and A19 Pro Chips
Apple's next-generation A19 chip for the iPhone 17 and iPhone 17 Air and A19 Pro chip for the iPhone 17 Pro and iPhone 17 Pro Max will be manufactured with TSMC's latest, third-generation 3nm process called "N3P," analyst Jeff Pu said today, in a broader tech-related research note with Hong Kong-based investment bank Haitong. The current A18 and A18 Pro chips for the iPhone 16 lineup are manufactured with TSMC's second-generation 3nm process "N3E," while the A17 Pro chip in the iPhone 15 Pro models is manufactured with TSMC's first-generation 3nm process "N3B." "N3P" is considered a process "shrink" compared to N3E, meaning that chips manufactured with the newer process will have increased transistor density. While this comes as no surprise, it means that next year's iPhone 17 models should have modestly improved performance and power efficiency compared to iPhone 16 models. Previous reports indicated that TSMC would begin mass production of chips built with the N3P process in the second half of 2024. In 2026, Apple is expected to use TSMC's first 2nm process for A20 chips in iPhone 18 models.Related Roundup: iPhone 17Tag: Jeff PuThis article, "" first appeared on MacRumors.comDiscuss this article in our forums09:10 pmApple CEO Cook ‘probably relieved’ when President Trump won re-election – Gurman
Apple CEO and other top company executives were probably relieved when former President Donald Trump won reelection this month… The post appeared first on MacDailyNews.09:07 pm'iPhone 17 Air' Rumored to Surpass iPhone 6 as Thinnest iPhone Ever
In a research note with Hong Kong-based investment bank Haitong today, obtained by MacRumors, Apple analyst Jeff Pu said he agrees with a recent rumor claiming that the so-called "iPhone 17 Air" will be around 6mm thick. "We agreed with the recent chatter of an 6mm thickness ultra-slim design of the iPhone 17 Slim model," he wrote. If that measurement proves to be accurate, there would be a few noteworthy aspects. First, the iPhone 17 Air would become the thinnest iPhone ever, coming in under the current 6.9mm record held by the iPhone 6. Second, the iPhone 17 Air would be around three quarters as thick as any of the iPhone 16 and iPhone 16 Pro models. While some customers may have hoped that the iPhone 17 Air would be even thinner, there is obviously a limit to how thin the battery and other components can be. If the device comes in around 6mm, it would still be impressively thin and light compared to the increasingly bulkier models released over the past few years. Here is how the iPhone 17 Air's thickness could compare to other models: iPhone 16 Pro and Pro Max: 8.25mm iPhone 16 and 16 Plus: 7.8mm iPhone 15 Pro and Pro Max: 8.25mm iPhone 15 and 15 Plus: 7.8mm iPhone 14 Pro and Pro Max: 7.85mm iPhone 14 and 14 Plus: 7.8mm iPhone 13 Pro and Pro Max: 7.65mm iPhone 13 and 13 mini: 7.65mm iPhone 12 Pro and Pro Max: 7.4mm iPhone 12 and 12 mini: 7.4mm iPhone 11 Pro and Pro Max: 8.1mm iPhone 11: 8.3mm iPhone XS and XS Max: 7.7mm iPhone XR: 8.3mm iPhone X: 7.7mm iPhone 8 Plus: 7.5mm iPhone 8: 7.3mm iPhone 7 Plus: 7.3mm iPhone 7: 7.1mm iPhone 6s Plus: 7.3mm iPhone 6s: 7.1mm iPhone 6 Plus: 7.1mm iPhone 6: 6.9mm iPhone 17 Air rumor: 6mmAll models prior to the iPhone 6 were between 7.6mm and 12.3mm thick. While the iPhone 17 Air could be the thinnest iPhone ever, it would not be the thinnest Apple product ever. That record is held by the 2024 version of the 13-inch iPad Pro, which is just 5.1mm thick. In addition, the last iPod nano was 5.4mm thick. For those who have not been following iPhone 17 Air rumors, several credible sources have claimed that Apple plans to release a redesigned, significantly thinner iPhone 17 model next year. The device's name is not yet known, so we are referring to it as the iPhone 17 Air for now. Pu has gone with the nickname "iPhone 17 Slim" instead. There have been conflicting rumors about the design and specifications for the device, but most sources have agreed that it will have around a 6.6-inch display. In July, Apple supply chain analyst Ming-Chi Kuo said he expects the device to have a standard A19 chip, a Dynamic Island, a single rear camera, and an Apple-designed 5G modem. Last month, Pu agreed the iPhone 17 Air will have a 6.6-inch display. He also expects the device to feature an aluminum frame, Face ID, a single 48-megapixel rear camera, a 24-megapixel front camera, and 8GB of RAM for Apple Intelligence. Apple will likely unveil the iPhone 17 Air in September 2025, so the device is still far away from launching, and rumors could change over time.Related Roundup: iPhone 17This article, "" first appeared on MacRumors.comDiscuss this article in our forums08:25 pmApple ends iCloud backup support for iOS 8 and earlier on December 18
Owners of iPhones running on iOS 8 and earlier will soon lose the ability to use iCloud device backups, unless they update to iOS 9 or later.iCloud backup options in iOSAs a way to keep hold of your data, iCloud backups are extremely convenient to users, but it won't be usable by everyone. Apple has started to warn users of devices running on iOS 8 or earlier that it will stop working in one month's time.In a support document titled "How to keep your devices and data backed up in iOS 8 or earlier," first published on Monday and found by 9to5Mac, Apple advises that support will be curtailed for older iOS installations. From December 18, 2024, "device backups will require iOS 9 or later," the post states. Continue Reading on AppleInsider | Discuss on our Forums08:19 pmiOS 18.2 makes Camera Control the killer feature it was always meant to be
The iPhone 16’s Camera Control feature arrived to mixed reviews, including from me. But iOS 18.2 upgrades the feature in several key ways, making it what it was always meant to be. more…08:11 pmIOS Development as 2025 career
I want to invest in an macbook and aim for a ios developer job in 2025. Are ios developers still in demand? submitted by /u/BongB0ng [link] [comments]08:10 pmApple TV+ greenlights new Cape Fear’ series from Steven Spielberg and Martin Scorsese | Mac Daily NewsApple TV+ greenlights new Cape Fear’ series from Steven Spielberg and Martin Scorsese
Apple TV+ on Monday announced it will expand its award-winning original series slate with a series order for “Cape Fear,” a new series that… The post appeared first on MacDailyNews.08:06 pmGoodTimes – Das Netzwerk für Macher & gefesselte Zuschauer!
Bist du ein Player, der Adrenalin sucht und Herausforderungen meistert? Oder ein Watcher, der mitfiebert, Aufgaben stellt und Entscheidungen trifft? 🔥 Egal, ob du spielst oder zuschaust – GoodTimes bringt euch zusammen für epische Challenges und unvergessliche Momente. Lass uns ein Team gründen und dieses soziale Netzwerk schreiben! Hit me up submitted by […]07:58 pmRoast my ugly code
This function works and does exactly what it is supposed to be yet feels overcomplicated and it is a pain to modify something. Do you have any recommendations on how to logically split it up. func calculateStartingPoint( _ dataHandler: DataManager ) async throws -> ( tracks: [SendableStoredTrack], timeInterval: TimeInterval, startDate: Date, endDate: Date ) { […]07:43 pmTwilio Flex and Task Router Degraded Performance
Nov 18, 11:43 PSTResolved - Twilio Flex, including Task Router, was degraded for 10 minutes between 11:19 AM and 11:29 AM Pacific Time on 11/18/2024. During this period of time customers may have experienced issues related to initiating, routing, and wrapping up calls. The issue has now been resolved.07:40 pmtvOS 18.2 gains new Snoopy screensavers with latest developer beta
With the latest developer beta of tvOS 18.2, Apple has finally added Snoopy-themed screensavers for Apple TV. Here's what you need to know.Snoopy-themed screensavers are now available with tvOS 18.2 developer beta 3.On Monday, the company released the third developer betas of visionOS 2.2 and tvOS 18.2. While the Apple Vision Pro software doesn't appear to have any noteworthy additions, the tvOS developer beta includes all-new screensavers.Subscribe to AppleInsider on YouTube{"@context":"https://schema.org/","@type":"VideoObject","name":"Check out the new Snoopy screensavers on Apple TV in tvOS 18.2 beta!","description":"The new beta 3 of tvOS 18.2 finally added the new Snoopy screensavers to Apple TV! Check them out! ","thumbnailUrl":"https://i.ytimg.com/vi/40cVDoefRUU/sddefault.jpg","uploadDate":"2024-11-18T19:20:27Z","duration":"PT50S","embedUrl":"https://www.youtube.com/watch/?v=40cVDoefRUU"} Continue Reading on AppleInsider | Discuss on our Forums07:39 pmThe cheapest M4 MacBook Pro just dropped another $200 ahead of Black Friday
Macworld Are you ready for one of the best Black Friday deals you’re going to see on this year’s MacBook Pro laptops? Because you can get the 14-inch M4 MacBook Pro for $1,400 right now, a solid $200 discount from its MSRP and the best price we’ve ever seen. Just note, you’ll need to check the coupon box in the listing to get the full savings. The MacBook Pro is one we deemed to be “marvelous,” giving the laptop a near-perfect score in our review. Our editor praised the laptop’s display, the high-quality camera that’s perfect for all the video meetings you have to attend, and the fact that the laptop comes with 16GB of memory instead of 8GB, a $200 value based on Apple’s upgrade pricing. The M4 chip ensures your laptop is ready to tackle any job you want to perform. You’ll be fast, too. Our tests pointed to a 23 percent speed boost over the M3 and a whopping 80 percent faster than the M1. Plus it was built to withstand a whole day of work without needing a charger. It was also created to cater to Apple Intelligence and its varying tasks, like helping you write assignments, organize files, or simply search online for things you’re interested in. Don’t miss out on this amazing early Black Friday deal for the M4 MacBook Pro for $200 off. Get the super speedy M4 MacBook Pro for $1,400.Buy it now at Amazon07:34 pmVulnerability Summary for the Week of November 11, 2024
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info 1000 Projects--Beauty Parlour Management System A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-12 7.3 CVE-2024-11100 1000 Projects--Beauty Parlour Management System A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-15 7.3 CVE-2024-11257 1000 Projects--Beauty Parlour Management System A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-15 7.3 CVE-2024-11258 1000 Projects--Portfolio Management System MCA A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-15 7.3 CVE-2024-11256 adobe -- after_effects After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47441 adobe -- after_effects After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47442 adobe -- after_effects After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47443 adobe -- illustrator Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-45114 adobe -- illustrator Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47450 adobe -- illustrator Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47451 adobe -- illustrator Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47452 adobe -- indesign InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49507 adobe -- indesign InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49508 adobe -- indesign InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49509 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47426 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47427 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47428 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47429 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47430 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47431 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47432 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47433 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-47434 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49515 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49516 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49517 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49518 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49519 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49520 adobe -- substance_3d_painter Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49525 Adobe--Adobe Commerce Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. 2024-11-12 7.7 CVE-2024-49521 Adobe--Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49526 Adobe--Animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49528 Adobe--Photoshop Desktop Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-11-12 7.8 CVE-2024-49514 adonesevangelista -- agri-trading_online_shopping_system A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout. 2024-11-14 7.5 CVE-2024-50968 algolplus--Advanced Order Export For WooCommerce The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). 2024-11-13 8.1 CVE-2024-10828 amd -- ryzen_ai_software Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. 2024-11-12 7.8 CVE-2024-21974 amd -- ryzen_ai_software Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. 2024-11-12 7.8 CVE-2024-21975 AMD--AMD Cloud Manageability Service Software Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21939 AMD--AMD Management Console Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21957 AMD--AMD Management Plug-In for SCCM Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21938 AMD--AMD Provisioning Console (APC) Software Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21958 AMD--AMD Ryzen AI Software Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. 2024-11-12 8.8 CVE-2024-21976 AMD--AMD Ryzen Master Monitoring SDK Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21945 AMD--AMD Ryzen Master Utility for Overclocking Control Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21946 AMD--AMD Software: PRO Edition Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. 2024-11-12 7.3 CVE-2024-21937 AMI--AptioV APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. 2024-11-12 7.2 CVE-2024-42442 ampache -- ampache Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-11 9 CVE-2024-51490 ampache -- ampache Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-11 8.1 CVE-2024-51484 ampache -- ampache Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-11 8.1 CVE-2024-51485 ampache -- ampache Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL?-?Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-11 8.4 CVE-2024-51486 ampache -- ampache Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-11-11 8.1 CVE-2024-51487 angeljudesuarez -- construction_management_system A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. 2024-11-13 7.2 CVE-2024-50971 angeljudesuarez -- construction_management_system A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. 2024-11-13 7.2 CVE-2024-50972 angeljudesuarez -- tailoring_management_system A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "inccat" to be affected. But it must be assumed "desc", "date", and "amount" are affected as well. 2024-11-11 9.8 CVE-2024-11074 anisha -- job_recruitment A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-11 9.8 CVE-2024-11076 anisha -- job_recruitment A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-11-11 9.8 CVE-2024-11077 anisha -- job_recruitment A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-11-12 9.8 CVE-2024-11099 anisha -- job_recruitment A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-12 8.8 CVE-2024-11127 Anthony Carbon--WDES Responsive Mobile Menu Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18. 2024-11-16 9.8 CVE-2024-52414 Apache Software Foundation--Apache Airflow Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. 2024-11-15 7.5 CVE-2024-45784 Apache Software Foundation--Apache CloudStack Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "nn"; doneFor checking the whole template/volume features of each disk, operators can run the following command: for file in $(find /path/to/storage/ -type f -regex [a-f0-9-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "nn"; done 2024-11-12 8.5 CVE-2024-50386 Apache Software Foundation--Apache Traffic Server Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue. 2024-11-14 9.1 CVE-2024-50306 Apache Software Foundation--Apache Traffic Server Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. 2024-11-14 7.5 CVE-2024-38479 Apache Software Foundation--Apache Traffic Server Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. 2024-11-14 7.5 CVE-2024-50305 Arttia Creative--Datasets Manager by Arttia Creative Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5. 2024-11-14 10 CVE-2024-52375 Autodesk--Installer A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. 2024-11-15 7.2 CVE-2024-9500 Avigilon--VideoIQ iCVR HD camera Avigilon - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2024-11-14 7.5 CVE-2024-45253 axelkeller--GPX Viewer The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. 2024-11-13 8.8 CVE-2024-10629 ays-pro--Chartify WordPress Chart Plugin The Chartify - WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. 2024-11-14 9.8 CVE-2024-10571 Baxter--Life2000 Ventilation System The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. 2024-11-14 10 CVE-2024-48966 Baxter--Life2000 Ventilation System The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance. 2024-11-14 10 CVE-2024-48967 Baxter--Life2000 Ventilation System The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. 2024-11-14 9.3 CVE-2024-48970 Baxter--Life2000 Ventilation System The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges. 2024-11-14 9.3 CVE-2024-48971 Baxter--Life2000 Ventilation System The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. 2024-11-14 9.3 CVE-2024-48973 Baxter--Life2000 Ventilation System The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure. 2024-11-14 9.3 CVE-2024-48974 Baxter--Life2000 Ventilation System There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure. 2024-11-14 9.3 CVE-2024-9832 Baxter--Life2000 Ventilation System Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. 2024-11-14 9.3 CVE-2024-9834 BdThemes--Instant Image Generator Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4. 2024-11-14 10 CVE-2024-52377 Bigfive--CF7 Reply Manager Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3. 2024-11-16 9.9 CVE-2024-52404 Bikram Joshi--B-Banner Slider Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1. 2024-11-16 9.9 CVE-2024-52405 BlackBerry--SecuSUITE A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. 2024-11-12 7.3 CVE-2024-51721 Boa web server--Boa web server 0.94.14rc21 Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 2024-11-14 7.5 CVE-2024-47916 Bosch Rexroth AG--IndraDrive FWA-INDRV*-MP* A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. 2024-11-13 7.5 CVE-2024-48989 Ciprian Popescu--W3P SEO Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6. 2024-11-14 7.1 CVE-2024-51684 Cisco--Cisco BroadWorks A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition.This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable.Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2024-11-15 8.6 CVE-2023-20125 Cisco--Cisco Cyber Vision A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2024-11-15 7.5 CVE-2022-20685 Cisco--Cisco Industrial Network Director A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device.This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITYSYSTEM on the underlying operating system of an affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2024-11-15 9.9 CVE-2023-20036 Cisco--Cisco IOS XR Software A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root. 2024-11-15 8.8 CVE-2022-20655 Cisco--Cisco Modeling Labs A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges.This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator. A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server.Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. 2024-11-15 9.1 CVE-2023-20154 Cisco--Cisco Redundancy Configuration Manager A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container.This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2024-11-15 8.1 CVE-2022-20649 Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2024-11-15 7.4 CVE-2022-20814 Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 2024-11-15 7.4 CVE-2022-20853 Citrix Session Recording--Citrix Session Recording Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server 2024-11-12 8.8 CVE-2024-8069 Clarisse K.--Writer Helper Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6. 2024-11-16 9.9 CVE-2024-52399 cli--cli The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is used in [executing `ssh` commands]( https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L2... https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L263 ) for `gh codespace ssh` or `gh codespace logs` commands. This exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects `ssh` arguments within the SSH connection details. `gh codespace ssh` and `gh codespace logs` commands could execute arbitrary code on the user's workstation if the remote username contains something like `-oProxyCommand="echo hacked" #`. The `-oProxyCommand` flag causes `ssh` to execute the provided command while `#` shell comment causes any other `ssh` arguments to be ignored. In `2.62.0`, the remote username information is being validated before being used. 2024-11-14 8 CVE-2024-52308 cmorillas1--External Database Based Actions The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator. 2024-11-15 7.5 CVE-2024-10311 cmsMinds--Boat Rental Plugin for WordPress Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1. 2024-11-14 10 CVE-2024-52376 code-projects--Job Recruitment A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-11-15 7.3 CVE-2024-11241 codeSavory--BasePress Migration Tools Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0. 2024-11-16 9.9 CVE-2024-52407 craftcms--cms Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5. 2024-11-13 8.4 CVE-2024-52291 craftcms--cms Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8. 2024-11-13 7.7 CVE-2024-52292 craftcms--cms Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. 2024-11-13 7.2 CVE-2024-52293 creativeinteractivemedia--Real3D Flipbook Lite 3D FlipBook, PDF Viewer, PDF Embedder The 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. 2024-11-16 8.8 CVE-2024-9849 cyberlord92--Login using WordPress Users ( WP as SAML IDP ) The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-11-16 7.2 CVE-2024-9887 Dang Ngoc Binh--Audio Record Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0. 2024-11-11 10 CVE-2024-51792 Davor Zeljkovic--Convert Docx2post Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4. 2024-11-16 9.1 CVE-2024-52397 decidim--decidim Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0. 2024-11-13 7.7 CVE-2024-45594 decidim-ice--decidim-module-decidim_awesome An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands. 2024-11-12 9 CVE-2024-43415 dell -- smartfabric_os10 Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. 2024-11-12 7.8 CVE-2024-49557 dell -- smartfabric_os10 Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. 2024-11-12 7.8 CVE-2024-49558 dell -- smartfabric_os10 Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. 2024-11-12 7.8 CVE-2024-49560 Dell--SmartFabric OS10 Software Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution 2024-11-12 7.8 CVE-2024-48837 Delta Electronics--DIAScreen If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code. 2024-11-11 7.8 CVE-2024-39354 Delta Electronics--DIAScreen If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code. 2024-11-11 7.8 CVE-2024-39605 Delta Electronics--DIAScreen If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. 2024-11-11 7.8 CVE-2024-47131 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user's password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user's account. 2024-11-11 9.8 CVE-2024-11068 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. 2024-11-11 7.2 CVE-2024-11062 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. 2024-11-11 7.2 CVE-2024-11063 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. 2024-11-11 7.2 CVE-2024-11064 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. 2024-11-11 7.2 CVE-2024-11065 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. 2024-11-11 7.2 CVE-2024-11066 dlink -- dsl6740c_firmware The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password. 2024-11-11 7.5 CVE-2024-11067 DMC--Airin Blog Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1. 2024-11-16 9.8 CVE-2024-52413 DonnellC--Global Gateway e4 | Payeezy Gateway Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0. 2024-11-14 8.6 CVE-2024-52371 DoThatTask--Do That Task Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5. 2024-11-14 10 CVE-2024-52374 dotnetzip.semverd_project -- dotnetzip.semverd Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-11-13 9.8 CVE-2024-48510 Elastic--Kibana A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv  and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html  assigned to them. The following Elasticsearch indices permissions are required * write privilege on the system indices .kibana_ingest** The allow_restricted_indices flag is set to true Any of the following Kibana privileges are additionally required * Under Fleet the All privilege is granted* Under Integration the Read or All privilege is granted* Access to the fleet-setup privilege is gained through the Fleet Server's service account token 2024-11-14 9.1 CVE-2024-37285 Eugen Bobrowski--Debug Tool Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. 2024-11-16 10 CVE-2024-52416 Flowcraft UX Design Studio--Advanced Personalization Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2. 2024-11-16 9.8 CVE-2024-52411 fortinet -- forticlient A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. 2024-11-12 8.8 CVE-2024-36513 fortinet -- forticlient A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. 2024-11-12 7.8 CVE-2024-36507 Fortinet--FortiClientWindows A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. 2024-11-13 7.8 CVE-2024-47574 Fortinet--FortiManager A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigDataat least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. 2024-11-12 7.5 CVE-2024-23666 Fortinet--FortiOS A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. 2024-11-12 7.5 CVE-2023-50176 FraudLabs Pro--FraudLabs Pro SMS Verification Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1. 2024-11-14 7.1 CVE-2024-51688 FreeBSD--FreeBSD The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. 2024-11-12 7.5 CVE-2024-45289 GeekRMX--Twitter @Anywhere Plus Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through 2.0. 2024-11-14 7.1 CVE-2024-51659 GentleSource--Appointmind Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0. 2024-11-14 7.1 CVE-2024-51679 GeoVision--GV-VS12 Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. 2024-11-15 9.8 CVE-2024-11120 GitLab--GitLab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations. 2024-11-14 8.5 CVE-2024-9693 glpi-project--glpi GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17. 2024-11-15 8.1 CVE-2024-40638 gogs--gogs/gogs A remote command execution vulnerability exists in gogs/gogs versions07:22 pmIAD (Ashburn) on 2024-11-19
THIS IS A SCHEDULED EVENT Nov 19, 13:00 UTC - Nov 20, 01:00 UTCNov 18, 19:06 UTCScheduled - We will be performing scheduled maintenance in IAD (Ashburn) datacenter between 2024-11-19 13:00 and 2024-11-20 01:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.07:15 pmCDN mTLS certificate issue
Nov 18, 19:15 UTCMonitoring - A fix for this issue has been applied and we are currently monitoring the results.Nov 18, 19:05 UTCIdentified - Custom certificates used for mTLS with customer origins fails to load. This issue will cause customer's origin servers to reject these connections due to lack of certificates. We are currently working on a fix for this issue.07:15 pmiCloud backups will be deleted and discontinued for iPhones running iOS 8 and older
Apple has started notifying users running older software about a very compelling reason to update. iCloud backups will soon stop working—and even be deleted—on devices running iOS 8 and prior. more…07:02 pmApple looks to be discontinuing Lightning adapter for iPhones and wired headphones
It appears that Apple is discontinuing the Lightning to 3.5mm headphone jack adapter that's been around since the release of the iPhone 7… The post appeared first on MacDailyNews.07:00 pmMagSafe Monday: Reviewing the Baseus Nomos 8-in-1 magnetic charging station – the ultimate all-in-one power solution | 9 to 5 MacMagSafe Monday: Reviewing the Baseus Nomos 8-in-1 magnetic charging station – the ultimate all-in-one power solution
The perfect charging setup is a powerful and space-saving solution. The n aims to meet that demand with wired and wireless charging capabilities. With support for Qi2-certified 15W wireless charging and a 67W PD USB-C port, this slim, foldable station is a convenient and efficient way to power up everything from a MacBook Air to an iPhone 15. I recently tested this charging station to see if it lives up to its promise of flexibility and high performance. more…06:57 pmtvOS 18.2 beta 3 adds new Snoopy screensaver to Apple TV
Back at WWDC 2024 in June, Apple teased new screensavers for Apple TV with tvOS 18, including screensavers based on popular Apple TV+ movies and shows. Now Apple is finally rolling out one of these screensavers with the latest beta of tvOS 18.2, starting with Snoopy. more…06:56 pmJavier Bardem set to terrorize Apple TV+’s reimagined Cape Fear
Javier Bardem in "Cape Fear?" Yes, the talented Spaniard plays a good psycho. His Max Cady in Apple TV+'s new series should thrill and chill. (via Cult of Mac - Apple news, rumors, reviews and how-tos)06:55 pmDoorDash delivers convenience with Apple Reminders integration
DoorDash now lets you import grocery lists straight from Apple's Reminders app, making things a little less chaotic when trying to juggle holiday responsibilities.iPhone 15The new integration lets iOS users import their grocery lists from the Reminders app into DoorDash, automatically adding items to their shopping cart. For those without iOS, there's also the option to paste a list directly into the app.The update is part of a larger effort by DoorDash to make shopping more convenient for the holidays. A redesigned shopping experience lets users search for items across multiple retailers, comparing prices and delivery times at a glance. Continue Reading on AppleInsider | Discuss on our Forums06:55 pmApple Intelligence on M1 chips happened because of a key 2017 decision, Apple says
Apple Intelligence is made possible by Apple’s silicon efforts as a whole, as a new interview reveals. And apparently, those efforts took a big shift all the way back in 2017 in preparation for AI. more…06:47 pmLatest tvOS 18.2 Beta Adds Snoopy Screensavers
The third beta of tvOS 18.2 that Apple provided to developers today adds a selection of new Snoopy screen savers that can be set as an alternative to the aerial, memory, and portrait screen saver options. Apple first announced the Snoopy screen savers way back in June when tvOS 18 was first unveiled, but there has been no sign of them since then. With tvOS 18.2, Snoopy fans will finally be able to set Snoopy as their screen saver. Apple has an existing partnership with Peanuts, and there is already a Snoopy watch face available on the Apple Watch. Peanut specials and classic episodes are also available on Apple TV+.Related Roundup: Apple TVBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home TheaterThis article, "" first appeared on MacRumors.comDiscuss this article in our forums06:39 pmApple Dropping Support for iCloud Backups on iPhones and iPads Running iOS 8 and Earlier | MacRumorsApple Dropping Support for iCloud Backups on iPhones and iPads Running iOS 8 and Earlier
Starting next month, making a device backup over iCloud will require iOS 9 or later, Apple has informed some customers via email. New backups for iPhones and iPads running iOS 8 or earlier will no longer be supported, and Apple will delete all existing iCloud backups of those devices as well. Apps and data stored on an iPhone or iPad running iOS 8 or earlier will not be affected, and Apple says that customers can still manually back up their devices to a Mac or a Windows PC. I just got this email from Apple pic.twitter.com/HkFRO8Jmsh— Nicolás Alvarez (@nicolas09F9) November 18, 2024 These iCloud backup changes will be made on December 18, 2024, so customers who have a device running iOS 8 or earlier should update to the latest available version of iOS if possible in order to continue to be able to back up their devices. According to Apple, iCloud backups for older devices are being discontinued in order to "more closely align" with Apple's "published minimum software requirements." With iOS 9, Apple adopted CloudKit for iCloud backups rather than the prior system, and it seems that the company is now discontinuing the old backup system.This article, "" first appeared on MacRumors.comDiscuss this article in our forums06:38 pmApple seeds third betas of tvOS 18.2 and visionOS 2.2
Apple has handed out the third developer betas of tvOS 18.2 and visionOS 2.2 for testing, as a fourth general beta round looms.An Apple Vision Pro, which runs visionOS 2.2Monday's developer beta collection was unusual, as it consisted of just two. This time, tvOS and visionOS were the subjects for the latest testing by the Apple developer beta testing program.The third tvOS 18.2 beta build is number 22K5148a, while the third visionOS 2.2 build is 22N5794a. The second build of tvOS was issued on November 11, while the second visionOS 2.2 build was provided on November 12. Continue Reading on AppleInsider | Discuss on our Forums06:15 pmApple Seeds Third Beta of tvOS 18.2 to Developers
Apple today seeded the third beta of an upcoming tvOS 18.2 update to developers for testing purposes, with the beta coming a week after second tvOS 18.2 beta. Registered developers are able to download the tvOS 18.2 update by opting in to the beta through the Settings app on the Apple TV. A registered developer account is required. tvOS 18.2 adds improved support for projectors with a 21:9 aspect ratio and several other aspect ratio options to choose from. The update allows the Apple TV to automatically detect the aspect ratio of your device, selecting the correct setting.Related Roundup: Apple TVBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home TheaterThis article, "" first appeared on MacRumors.comDiscuss this article in our forumsFirehose II – Jobs, Deals, Apps
- Wednesday November 27
- 08:54 amCashier – *Apple* Blossom Mall – JCPenney (United States)
Cashier - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Blossom Mall08:54 amSeasonal Operations Associate – *Apple* Blossom Mall – JCPenney (United States)
Seasonal Operations Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) -08:54 amSeasonal Fine Jewelry Commission Associate – *Apple* Blossom Mall – JCPenney (United States) | Job Search EngineSeasonal Fine Jewelry Commission Associate – *Apple* Blossom Mall – JCPenney (United States)
…Fine Jewelry Commission Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states)08:54 amSeasonal Cashier – *Apple* Blossom Mall – JCPenney (United States)
Seasonal Cashier - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple08:54 amOperations Associate – *Apple* Blossom Mall – JCPenney (United States)
Operations Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple08:53 amOmnichannel Associate – *Apple* Blossom Mall – JCPenney (United States)
Omnichannel Associate - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple08:53 am*Apple* / Mac Administrator – JAMF Pro – Amentum (United States)
Amentum is seeking an ** Apple / Mac Administrator - JAMF Pro** to provide support with the Apple Ecosystem to include hardware and software to join our team and08:53 am*Apple* Engineering Architect – NANA Regional Corporation (United States)
Cloud Lake Technology is looking for an Apple Engineering Architect/Team Lead to support a Department of Homeland Security (DHS) prime contract that provides08:27 amAnesthesia Technician – *Apple* Hill Surgery Center – Full Time – Days – WellSpan Health (United States) | Job Search EngineAnesthesia Technician – *Apple* Hill Surgery Center – Full Time – Days – WellSpan Health (United States)
Anesthesia Technician - Apple Hill Surgery Center - Full Time - Days Location: WellSpan Medical Group, York, PA Schedule: Full Time Full Time (80 hours/Biweekly)08:27 amAccount Manager – Commercial Roofing – Apple Roofing (United States)
…in the greater Kansas City, MO area to service designated territory and clients. Apple Roofing is a leading name in the roofing industry, recognized for providing08:27 amEnvironmental Services Technician – *Apple* Hill – Evening/Night – WellSpan Health (United States) | Job Search EngineEnvironmental Services Technician – *Apple* Hill – Evening/Night – WellSpan Health (United States)
Environmental Services Technician - Apple Hill - Evening/Night Location: WellSpan Health, York, PA Schedule: Part Time Part Time (40 hours Biweekly) Monday - Friday08:27 amPharmacy Technician Retail – *Apple* Hill – Part Time – Day/Evening – WellSpan Health (United States) | Job Search EnginePharmacy Technician Retail – *Apple* Hill – Part Time – Day/Evening – WellSpan Health (United States)
Pharmacy Technician Retail - Apple Hill - Part Time - Day/Evening Location: WellSpan Health, York, PA Schedule: Part Time Schedule: Part Time 20-hours per week08:27 amBi-lingual (Spanish) Level 1 *Apple* Support Specialist – CompuCom (United States) | Job Search EngineBi-lingual (Spanish) Level 1 *Apple* Support Specialist – CompuCom (United States)
…right people. Our client is currently seeking a qualified Bi-lingual (Spanish) Level 1 Apple Support Specialist to join their team. This role can be hybrid / remote08:26 amRetail Assistant Department Manager, *Apple* Tech Shop – Barnes & Noble Education (United States) | Job Search EngineRetail Assistant Department Manager, *Apple* Tech Shop – Barnes & Noble Education (United States)
…combination of education, certification and experience will be considered. + A+ and/or Apple certified or able to achieve certification within 60 days required. +08:26 amPharmacist (Retail) – *Apple* Hill – Part Time – Day/Evening – WellSpan Health (United States) | Job Search EnginePharmacist (Retail) – *Apple* Hill – Part Time – Day/Evening – WellSpan Health (United States)
Pharmacist (Retail) - Apple Hill - Part Time - Day/Evening Location: WellSpan Health, York, PA Schedule: Part Time Schedule: Part-time 20-hours per week Day/Evening08:26 amLead Teacher – Glenda Drive/ *Apple* ValleyTeacher – Learning Care Group (United States) | Job Search EngineLead Teacher – Glenda Drive/ *Apple* ValleyTeacher – Learning Care Group (United States)
Lead Teacher - Glenda Drive/ Apple ValleyTeacher Share by Email Share on LinkedIn Share on X08:26 am*Apple* Tier 2 Operations Support Specialist – AIG (United States)
Apple Tier 2 Operations Support Specialist Status: Full-Time Location Jeffersonville, In Who we are American International Group, Inc. (AIG) is a leading global08:26 amSupply Planner III- *Apple* – DISH Network (United States)
…large. **Job Duties and Responsibilities** We are seeking a Supply Planner III for Apple products to join our Retail Wireless Product Team. This critical role is08:25 amBeauty Consultant – *Apple* Blossom Mall – JCPenney (United States)
Beauty Consultant - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple08:25 amHair Stylist – *Apple* Blossom Mall – JCPenney (United States)
Hair Stylist - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Blossom08:25 amCashier – *Apple* Blossom Mall – JCPenney (United States)
Cashier - Apple Blossom Mall Location:Winchester, VA, United States (https://jobs.jcp.com/jobs/location/191170/winchester-va-united-states) - Apple Blossom Mall08:25 am