The following is a writeup of a cross-site scripting (XSS) vulnerability in a confidential Apple forum, which would allow a malicious actor to execute arbitrary Javascript in the context of a signed-in user’s browser.
The following is a writeup of CVE-2021-30673, a macOS vulnerability which allowed access to view sensitive phone and FaceTime call data for devices in a user’s iCloud account, which was resolved in macOS Big Sur 11.4 and Security Update 2021-003 for macOS Catalina.
The following is a writeup of CVE-2020-9977, a macOS vulnerability which allowed access to view sensitive Safari data for devices in a user’s iCloud account, which was resolved in macOS 11.0.1.
The following is a writeup of a vulnerability in Height’s desktop Mac app, which would allow a malicious actor to create and distribute malicious software using Height’s genuine signing certificate.
TL;DR, I’ve published a script to automate the installation here.
I recently wanted to use AppleGlot, a developer tool from Apple that facilitates the automatic translation of strings from Apple’s published string glossaries from macOS and iOS. A good demonstration of its functionality is available here.
However, the latest version of AppleGlot available from developer.apple.com at time of writing is 4.0 (v161.6), which has the following issues on macOS Catalina and Big Sur:
The signing certificate is invalid (FB8770951) and the installer hasn’t been updated to work on macOS Catalina’s Read-Only System Volume (FB8773764).
I’ve just released TodayFlights, which is a simple Notification Center widget that allows users to track flights.
It includes a map of the flight path, as well as detailed information about departure and landing times, including any encountered delays.
My latest Mac utility is Aristocrat – its purpose is to simplify the process of optical character recognition on OS X.
Using Chrome on OS X and Safari on my iOS devices means that I’m not able make use of iCloud Tabs – Apple’s tab syncing solution. CloudyTabs attempts to solve this.
Since iOS 5, Apple has included a system-wide dictionary within iOS, accessible from text fields in all applications on the platform. Whilst this is a fantastic solution when you come across an unfamiliar word as you’re reading a webpage or iBook, for example, it’s far from perfect when you need to arbitrarily define a word.
On OS X, this is simply a case of typing the word into Spotlight (however, I prefer to use LaunchBar to perform the same task). But on iOS, I’ve found myself jumping between three different processes:
Static blogging engines are the only way to go, not just for the reduction of server resources, but also for the unlimited ability for customization (and not being beholden to a behemoth like WordPress). This blog - and indeed this whole site, is built with the totally awesome Nanoc static site generator. Setting up and using Nanoc’s tools is already super easy, but I wanted to make them even easier and more enjoyable to use - so I’ve created a simple ZSH plugin that includes autocompletion and aliases for common tasks.
The Mountain Lion launch came and went last month without the lukewarm reception Lion endured the year before. 10.8 focuses on correcting 10.7’s flaws (Lion’s “Snow Leopard” upgrade if you will), but it steers far from the Snow Leopard “no new features” bandwagon. In summary, it continues down Apple’s path of application parity with iOS by porting several new apps to the Mac, gave an extremely prominent position to iCloud throughout the OS, whilst also refining the OS in small, but noticeable ways. Whilst I find that on the whole, 10.8 is far superior to 10.7 in almost every way, I (as many others) continue thinking about how Apple can continue to evolve and mature OS X into a better overall product. So here is my wishlist of things I’d like to see in 10.9; ranging from the almost certain to crazy, nerdy desires that will quite possibly never be included.
