Archive for August 18, 2023

Friday, August 18, 2023

iOS 17 Moves “End Call” Button

Chance Miller:

In iOS 16 and earlier, the iPhone’s end call button was located at the very bottom of the in-call interface. Above it were two separate rows of buttons for things like mute, the keyboard, FaceTime, audio controls, and more.

In iOS 17, Apple has revamped this interface to shift everything down to the lower third of the screen. This means that the “End” button has been intermixed with other buttons for audio controls, FaceTime, muting, adding callers, and the keypad.


This feature and change has been included in iOS 17 since the first beta was released at WWDC in June. It’s going “viral” this week after being reported on by CNBC on Tuesday. Since then, a number of other outlets have also covered the change – including the Associated Press.

This was to make room for Contacts Posters.


Update (2023-12-11): David Kopec:

In this edition of dumb UI design, Apple decided to eliminate some of the space between the “End Call” button and the bottom of the screen in iOS 17. So now when you swipe up to look something up while you’re on a call you can accidentally end the call all together!

Dash 7


Dash 7 includes a completely rewritten fuzzy search engine, which makes it easier to find the page you need, fast.


Dash 7 will now search disabled docsets when you start your search query with the docset name or keyword (e.g. searching for “css display” will search for “display” in the CSS docset even when the CSS docset is disabled)


I’ve decided to switch Dash to a subscription pricing model, as the paid upgrade pricing model is no longer a good fit.

Dash’s highest development priority is docset updates and supporting new docsets, but the paid upgrade pricing model focuses on new features. The subscription pricing model will allow me to focus more on Dash’s #1 feature: its docsets.

Still one of my most-used developer tools.

It’s $15/year vs. formerly $30 to buy or $20 to upgrade (about every other year).


Update (2024-05-20): Christian Tietze:

After a long period of grand-fathering us non-subscription users of old versions, (the documentation browser for Mac) removed the old Apple API update feed. Now I’m getting periodical error notifications :)

macOS 13.5.1

Juli Clover (release notes, full installer, IPSW):

macOS Ventura 13.5.1 addresses a bug that impacts location services settings on the Mac. Mac users have complained since July of an issue with the location privacy settings, with the bug preventing them from accessing and controlling location permissions for first and third-party apps.

This was another troublesome update for me. I haven’t upated my main Mac yet. On my test Mac, after starting the update from System Settings it again failed to prepare. Using softwareupdate, the first time it restarted without actually applying the update. The second time it applied the update but kernel panicked right before showing the desktop. Restarting again worked. I suppose a benefit of the SSV is that, despite these problems, I can be sure that the installation is not actually damaged.

See also: Mr. Macintosh and Howard Oakley.


Update (2023-08-22): Howard Oakley (Hacker News):

I have now realised one cause of substantial discrepancies seen in the sizes of macOS updates for Apple silicon Macs.


The first download was similar in size to that for Intel Macs, and essentially the size given for the update by softwareupdate. In the case of the 13.5.1 update, that was around 500 MB for Intel, and just over 700 MB for Apple silicon Macs. As that part of each update should be similar between different architectures, there’s usually little difference. However, there’s a second component that is only downloaded by Apple silicon Macs, which is generally about 1.1 GB in size, bringing the total size to be downloaded to about 1.8 GB.


So if you’re updating an Apple silicon Mac, pay little attention to the download size given by softwareupdate or in SilentKnight, or at least add the fixed 1.1 GB overhead to it to arrive at the download size reported in the update progress window. Websites that report the size of macOS updates also need to make clear whether the figures they give are for Intel or Apple silicon Macs, and whether they include that overhead.

Post-Exploit Fake Airplane Mode

Jamf Threat Labs:

Jamf Threat Labs developed a post-exploit persistence technique on iOS 16 that falsely shows a functional Airplane Mode. In reality, after successful device exploit the attacker plants an artifical Airplane Mode that edits the UI to display Airplane Mode icons and cuts internet connection to all apps except the attacker application. This enables the attacker to maintain access to the device even when the user believes it is offline.


To accomplish this, we hooked two Objective-C methods and injected a piece of code that adjusts the cellular icon to pull off the intended effect.


Using this database of installed application bundle IDs we can now selectively block or allow an app to access Wi-Fi or cellular data using the following code. When combined with the other techniques outlined above, the fake Airplane Mode now appears to act just as the real one, except that the internet ban does not apply to non-application processes such as a Backdoor Trojan.

Via Guilherme Rambo:

“Here’s how we hacked a hacked device”

Saagar Jha:

I’m going to pick on @iMore for a moment. They definitely aren’t the only site doing it, but they do happen to do basically everything wrong here, even if they didn’t mean to.


@JamfSoftware researchers did not find an exploit. They presented their idea of a potential post-exploit technique. It’s not that this has “yet to be observed in the wild” but more that it’s something they created as a thought experiment.


To have this kind of access, an attacker has already completely pwned your system. Again, this is a post-exploit technique. It’s definitely a somewhat amusing one but 100% not something that works by itself.

John-Anthony Disotto:

When asked if there was any fix to this Airplane Mode threat users can take advantage of, Michael Covington, VP of Strategy at Jamf told us no (as of yet), but said, “Users should be on the lookout for unusual app crashes, unexpected device reboots, rapid battery drains, and the activation of sensors like the camera, microphone, or GPS, which can all trigger a UI indicator for the privacy-aware.”


Apple is aware of the exploit and will likely have a resolution sooner rather than later, heck, they may have already fixed this threat.

Saagar Jha:

My dude, did you even read your own blog post? It is literally about hiding UI indicators of an exploit. I’m sure that checking caller ID will help people avoid a 0-day 🙄


The real takeaway from this is: JAMF Threat Labs did some reverse engineering of Airplane Mode. They then made a little tweak that fakes the UI, which is always possible after an exploit. “omg be scared hackers can do unspeakable things to you” is not the right take.