Apple’s macOS is also vulnerable to the root exploit affecting Linux

Over the years, we’ve seen a number of scary Linux-based exploits make the spotlight. Just a few days ago, when the researchers over at Qualys disclosed a privilege escalation vulnerability in the “Sudo” program, they predicted that the bug might impact other operating systems of the Unix family. Well, they were right: security researcher Matthew Hickey has confirmed that the CVE-2021-3156 vulnerability (AKA “Baron Samedit”) can easily be adapted to gain root access on Apple macOS.

CVE-2021-3156 also impacts @apple MacOS Big Sur (unpatched at present), you can enable exploitation of the issue by symlinking sudo to sudoedit and then triggering the heap overflow to escalate one’s privileges to 1337 uid=0. Fun for @p0sixninja pic.twitter.com/tyXFB3odxE

— Hacker Fantastic (@hackerfantastic) February 2, 2021

The underlying foundation of macOS is based on Darwin, which itself uses various elements of the FreeBSD operating system. Therein lies the problem, as common Unix utilities such as sudo and sudoedit are consequently present out-of-the-box in a vanilla macOS installation. What’s problematic about this revelation is that an official fix is not yet available from Apple. That means even the new ARM-based M1 Macs are vulnerable to the attack vector.

Can confirm with macOS Big Sur on both x86_64 and aarch64. pic.twitter.com/nQqQ8rskv7

— Will Dormann (@wdormann) February 2, 2021

Unlike regular Linux distributions, there is no straightforward way for macOS users to replace the system’s sudo binary with a patched one because of Apple’s System Integrity Protection feature. Keep in mind that even applying Apple’s latest security update (released on February 1), which consists of macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave, isn’t enough to remediate the vulnerability. As a result, the whole macOS ecosystem still remains vulnerable to Baron Samedit.

We hope Apple publicly acknowledges the serious issue and is transparent in its plans to fix it. Apart from macOS, CVE-2021-3156 also impacts the latest version of IBM AIX and Solaris, making it one of the most catastrophic local privilege escalation vulnerabilities discovered to date.

The post Apple’s macOS is also vulnerable to the root exploit affecting Linux appeared first on xda-developers.

from xda-developers https://ift.tt/2MSrv0s
via IFTTT

Google Maps is testing a new, cleaner look for the route option screen

You probably don’t do as much driving these days thanks to the COVID-19 pandemic. But the next time you use Google Maps to navigate, you might see a refreshed UI that looks a little cleaner.

The new layout, which appears to be in testing at the moment, tweaks the route option screen to be a little easier to understand.

Instead of a large white bar at the top, the new Google Maps route option screen now features a top bar that only includes your starting point and destination. The different modes of travel—driving, biking, walking, public transportation—are no longer attached to the destination box.

The modes of transportation are now featured in a scrollable list on the bottom half of the display, with travel information for each. There’s also an options button, where you can presumably set the directions to avoid highways, tolls, and more.

New UI (left) vs. current UI (right)

With people driving less, perhaps Google thought it was better to make other modes of transportation more prominent in Google Maps. Before, it was pretty easy to see travel times and other information for different modes of transportation, but if you didn’t know where to look, that information could be easy to miss.

The refreshed route option screen in Google Maps appears to be in testing at the moment, and it’s unclear if it’ll rollout to everyone down the road. This isn’t the only new feature Google is testing in Maps. Just this week, we discovered a new split-screen UI for navigation in Street View that is slowly rolling out to users on Android.

Meanwhile, the service has introduced a community feed and Go tab for accessing frequently visited places. Critically, the service is also set to show COVID-19 vaccine locations, so you know exactly where to go to get a vaccine.

The screenshot of the new UI comes courtesy of XDA Recognized Developer luca020400.

Google Maps - Navigate & Explore (Free, Google Play) →

The post Google Maps is testing a new, cleaner look for the route option screen appeared first on xda-developers.

from xda-developers https://ift.tt/2MmBnjt
via IFTTT

Your Android TV is getting an update to show personalized TV show and movie recommendations

Google is rolling out an update for the Android TV interface that will help you easily discover new content on the platform. The updated interface resembles the UI on the Google Chromecast with Google TV, but it features fewer tabs on the home screen.

As you can see in the attached screenshot, the new Android TV home screen has three new tabs at the top —Home, Discover, and Apps — next to the Search option. In contrast, the Google TV interface has six tabs — For You, Live, Movies, Shows, Apps, and Library.

The Home tab on the updated Android TV interface offers a familiar home screen that gives you quick access to your favorite apps and channels. The tab is divided into a couple of sections, including Favorite Apps, Play Next, YouTube, and more. As you’d expect, the Apps tab is home to all your installed apps. However, unlike its Google TV equivalent, it doesn’t show recommended apps from the Google Play Store.

The new Discover tab is the only major change in the updated interface, and it works a lot like the For You tab on Google TV. The tab features personalized content recommendations based on your activity, along with trending content from Google. Much like the Home tab, the Discover tab includes a couple of sections that show movie, show and live TV recommendations from all your apps and subscriptions. It has a ‘Top picks for you’ section that shows personalized recommendations, a ‘Trending TV Shows’ section, and a ‘New movies and shows’ section.

Google has already started rolling out the new Android TV interface, and it should show up for users in the US, Australia, Canada, Germany, and France in the next few days. Users in other regions will have to wait a few weeks to receive the update on their devices.

The post Your Android TV is getting an update to show personalized TV show and movie recommendations appeared first on xda-developers.

from xda-developers https://ift.tt/3oM5Q7F
via IFTTT

Get certified as a cloud computing expert with this $25 training bundle

Even before the world started working from home, cloud computing was one of the hottest trends in tech. Today, everyone wants to put their daily operations online. The 2021 Cloud Computing Architect Certification Bundle helps you build a career in this niche, with nine courses working towards certification. You can get the bundle today for just $25.49 using code VDAY2021 at the XDA Developers Depot.

For anyone with a technical mindset, cloud computing is an exciting industry to work in right now. Most new technology is powered by remote servers rather than local hardware, and certified architects earn $128k a year on average according to PayScale. 

This bundle helps you join the party, with 21 hours of video tutorials starting with the fundamentals. Along the way, you learn about various cloud deployment and service models together with storage and networking. The courses are based on Microsoft Azure, working through three different levels of certification.

In addition, the bundle provides extensive content on machine learning — the technology behind self-driving cars and facial recognition. You should come away with the foundational knowledge to build your own intelligent software.

Your instructor is Idan Gabrieli, an entrepreneur and cloud computing expert with years of experience. He now teaches people online, earning 4.5 stars from students on Udemy.

Worth $1,800 in total, these courses are now only $25.49 for a limited time when you use the promo code VDAY2021.

 

The 2021 Cloud Computing Architect Certification Bundle – $25.49 with code VDAY2021

See Deal

Prices subject to change 

The post Get certified as a cloud computing expert with this $25 training bundle appeared first on xda-developers.

from xda-developers https://ift.tt/36DUsVf
via IFTTT

Grab the Xperia 5 II in pink and get a free pair of Sony’s excellent WF-1000XM3 earbuds

The Sony Xperia 5 II is regarded by many as a spiritual successor to Sony’s now-defunct Compact series, offering essentially the same hardware and software experience as the Xperia 1 II in a smaller package. Nearly six months after its official launch, the company is now releasing a new pink version of the Xperia 5 II.

Originally exclusive to its home country Japan, the pink variant of the Xperia 5 II is now on sale across Europe alongside the usual black, blue, and grey colors. The price remains staggeringly high at €899. However, to make the deal compelling enough, Sony is throwing in a free pair of its excellent WF-1000XM3 ANC truly wireless earphones. The Sony WF-1000XM3 are routinely regarded as one of the best TWS on the market for their superb active noise cancellation performance and sound quality. They usually retail around €179 on their own, so this is a pretty good deal, in our opinion. So far, the pink variant has only gone sale in Germany, Italy, and Spain. It’s unclear if it will be coming to other markets such as the U.S as well.

For initiated, the Sony Xperia 5 II was launched in September of last year as a compact version of the Xperia 1 II. It features a 6.1-inch FHD+ OLED display with a 120Hz refresh rate and 240Hz touch response rate. It’s powered by the Qualcomm Snapdragon 865 chipset and only comes in a single 8GB/128GB model. It has three 12MP cameras on the back with ZEISS optic, packs a 4,000mAh battery, and offers a 3.5mm audio jack and stereo front speakers. The Xperia 5 II was launched with Android 10 out-of-the-box and recently received its Android 11 update.

A recent leak revealed that Sony might revive the Xperia Compact series to take on the iPhone 12 mini. As per the leak, the new Xperia Compact could feature a 5.5-inch flat panel with a water-drop notch on the front and a dual-camera setup on the back. The device is also said to feature a 3.5mm audio jack, a side-mounted fingerprint scanner, a USB Type-C port, and a bottom-firing speaker.

The post Grab the Xperia 5 II in pink and get a free pair of Sony’s excellent WF-1000XM3 earbuds appeared first on xda-developers.

from xda-developers https://ift.tt/3pKn8mT
via IFTTT

Samsung removes four phones from 2017 from its security update schedule

Samsung has been doing a great job of pushing security updates to its devices over the last couple of months. The company’s security update schedule has improved to the extent that it’s now pushing the latest Android security patches to some of its devices even before Google officially publishes the corresponding Android Security Bulletin. On top of that, Samsung recently announced that it would offer three generations of Android OS upgrades for most of its devices, which is the same level of software support that Google offers for its Pixel lineup. But while the company may release software updates for a longer duration to devices launched in the last couple of years, it has removed four phones from 2017 from its security update bulletin.

As per a recent report from Android Police, Samsung recently updated its Security Updates page and removed four devices from the security updates list: the Galaxy J3 Pop, Galaxy A5 2017, Galaxy A3 2017, and the Galaxy A7 2017. This means that these devices won’t get any Android security patches going forward. Along with these devices, Samsung also removed the Galaxy Fold 5G from the update list, but that seems to have been an error on the company’s part. The foldable device has now been added back to the monthly security update list.

The report further reveals that Samsung has moved the Galaxy A8 2018 from the monthly update schedule to the quarterly update schedule. The Galaxy A8s, on the other hand, has been moved to the “other regular” patches list. Samsung has also added the Galaxy S21, Galaxy S21 Plus, and Galaxy S21 Ultra to the monthly updates list, while the Galaxy A02 and Galaxy M12 have been added to the quarterly updates list.

Head over to Samsung’s Security Updates page to check the Android security update schedule for your device.

The post Samsung removes four phones from 2017 from its security update schedule appeared first on xda-developers.

from xda-developers https://ift.tt/3cFCTHY
via IFTTT

Microsoft makes it easy to switch from Chrome to Authenticator for password management

Microsoft Authenticator is a two factor (2FA) authentication app that adds an extra layer of security to your accounts and apps. Although the app was primarily designed to provide 2FA protection for Microsoft accounts and products, it can be used with any app or website which supports two-factor authentication for login. In December, the app gained a password management feature, allowing users to autofill saved passwords and log-in credentials.

The Microsoft Authenticator is now receiving (via Windows Central) a new beta on Android and iOS that expands the scope of the password management feature even further. Earlier the app could only sync passwords and login info saved to your Microsoft Edge browser. But the new beta now lets you import passwords directly from Google Chrome or any CSV file.

The new feature is only available in the latest beta of Microsoft Authenticator, version 6.21, to be precise. If you’re on the stable version, you can join the beta program here.

Microsoft Authenticator (Free, Google Play) →

After installing the beta app, head to the Passwords tab, and at the top, you should see a message inviting you to try out the new import feature — alternatively, you can also find the option under the Settings. Microsoft says it can import passwords directly from Google Chrome or a .CSV file. To import Google Chrome passwords, follow these steps:

1. Open the Chrome browser and head to Settings > Passwords.
2. Tap on the three-dot menu in the upper right-hand side corner and select “Export Passwords.”
3. Verify your identity using your PIN or fingerprint.
4. From the Share menu, select the Authenticator app. You’ll be again asked to verify your identity using your PIN or fingerprint.
5. All your passwords should now have been successfully imported to the Microsoft Authenticator app

Apart from Google Chrome, you can also import your passwords from Firefox, Lastpass, Bitwarden, and Roboform. To do so, simply export your data in a .CSV file and then share the file to the Authenticator app.

The post Microsoft makes it easy to switch from Chrome to Authenticator for password management appeared first on xda-developers.

from xda-developers https://ift.tt/2NXepQ5
via IFTTT