Archive for October 10, 2017

Tuesday, October 10, 2017

In-App Apple ID Password Phishing

Felix Krause (tweet, Hacker News):

As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so. However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, GameCenter or In-App-Purchases.

This could easily be abused by any app, just by showing an UIAlertController, that looks exactly like the system dialog.


Hit the home button, and see if the app quits:

  • If it closes the app, and with it the dialog, then this was a phishing attack
  • If the dialog and the app are still visible, then it’s a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.


Initially I thought, faking those alerts requires the app developer to know your email. Turns out, some of those auth popups don’t include the email address, making it even easier for phishing apps to ask for the password.

Previously: macOS 10.12.2 Impedes Safari Bookmarklets.

Update (2017-10-11): Marco Arment:

It’s long past time that Apple removes the random password popups that plague iOS.

They’re a security flaw that should not exist in 2017.

John Gruber:

I’ve been thinking about this for years, and have been somewhat surprised this hasn’t become a problem. It’s a tricky problem to solve, though. How can the system show a password prompt that can’t be replicated by phishers?

Twitterrific 5.0 for Mac

The Iconfactory (tweet, MacRumors):

Take control of your tweets with multiple windows for a single or multiple accounts, all neatly organized on your Mac’s desktop. Twitterrific’s new Media Viewer lets you easily browse multiple images or watch videos. Media and popover windows can be detached from a timeline for easy reference or tracking conversations.


Whether you use Twitterrific on your iPhone, iPad, or another Mac, the app automatically syncs your reading position for a seamless Twitter experience. Catch up on your latest tweets on mobile, then pick up right where you left off when you’re back at your desktop, just like magic! Twitterrific also syncs your muffles and mutes from iOS to help you avoid spoilers and unwanted tweets on your Mac’s desktop.

It’s $20, Mac App Store–only, with no trial. But, if you do buy it, trying it should in theory be easy. I’ve been using Tweetbot and iCloud syncing recently, since that seemed to be more reliable than Tweet Marker. However, I could enable Tweet Marker in both Tweetbot (on iOS) and Twitterrific (on Mac), and then my timelines would sync between the clients. Twitter now has native support for muting, so those settings should sync via Twitter itself.

Eli Schiff:

The @Twitterrific for Mac icon evolution.

Marco Zehe:

If you attach an image to a tweet in @Twitterrific for Mac, click on it again to add a description for your visually impaired followers.

Previously: Twitterrific for Mac Kickstarter.

Update (2017-10-11): The Iconfactory:

With each beta release, we tried to make TURBO do something different and fun. Sometimes the sound changed (“We’ve got a chicken!”) or maybe the text was slightly off (much like the CHOCK himself.) We eventually added the spinning animation that you see in the final product.

Sketch 47: Libraries and Smooth Corners


A Library works just like a normal Sketch document that contains Symbols, which you can then access and use in any other document. If you update a Symbol in your Library those changes will sync across all documents containing that component. If you’re working with other designers, as part of a team, Sketch’s Libraries have got you covered. Simply place your document somewhere your colleagues have read-access, like a Dropbox folder, or GitHub repository, have them add the document to their Libraries in Preferences, and they will have quick and easy access to any Symbols in that Library. When you update the Library file, everyone with access will automatically receive the updated version, ensuring you’re all on the same page.

Update (2017-10-18): Sketch:

Last week we launched Libraries, our biggest and most anticipated update yet. We’re really excited about it and we know a lot of you are too, so we thought we’d take a closer look at how Libraries work and what they can do for you.


For a more technical rundown of these features, head over to our documentation.