Tag Archives: flaw

Technology

Galaxy Z Fold 5 could fix huge design flaw with Samsung’s foldables

Leave a comment

The Galaxy Z Fold 4 is arguably the best foldable smartphone released in 2022, as it offers a great balance of build quality, cameras, software, and battery life. But that doesn’t mean there’s no room for improvement. The company needs to fix a design flaw that can bring it closer to the recently released foldable phones from Chinese firms, and it is doing just that with the Galaxy Z Fold 5.

According to a report from the Korean publication Naver, Samsung has used a waterdrop-shaped hinge in the Galaxy Z Fold 5. It means that the South Korean firm’s next flagship foldable smartphone will be able to fold completely flat, with no gap between the two halves of the phone when it’s folded. Moreover, the Galaxy Z Fold 5’s inner screen will have a smoother and less visible crease. This is something that Galaxy Z Fold fans have been asking for at least a couple of years now.

However, unlike rival Chinese smartphone firms, Samsung will not leave out the IPX8 rating for water resistance. The Galaxy Z Fold 5 will be close to perfect in design and experience, featuring a perfectly flat folding design and water resistance. The only thing stopping it from being perfect would be the lack of dust resistance.

The report states that Samsung is calling its new hinge design ‘dumbbell,’ and the company patented this design back in 2016. However, it didn’t bring the design for reasons unknown (probably due to lack of IPX8 rating?). Thanks to this new dumbbell-shaped hinge, it is reported that the durability of the screen has improved as well, and it will be able to withstand more folding and unfolding actions over its lifetime.

Read original article here

Technology

PS5 Users Warned of Potential Design Flaw that Can Ruin Console

Leave a comment

PS5 users have been warned of a potential design flaw that is said to have the ability to ruin their console. The PlayStation 5 was released in 2020, and just like the Xbox Series X, there have been no hardware issues so far, at least of the major variety. However, sometimes it takes a little time for issues to present themselves and be discovered. To this end, it looks like those who have been using their console vertically may soon have a problem on their hands. 

As you may know, the PS5 can be positioned in two ways: horizontally and vertically. PlayStation has advertised the console in both positions in official marketing and promotional material. Yet, over on Twitter someone who runs a hardware repair shop has warned PlayStation users to not place their consoles vertically. 

What’s the issue with placing your console vertically? Well, according to the user, they’ve had multiple damaged PS5s where the liquid metal used for APU cooling spills, runs, and becomes uneven. As you would expect, this impact the console’s cooling, which in turn impacts other components of the machine. 

How widespread this problem is, we don’t know. The user in question claims they’ve seen the issue more than once and there are some other reports from other PS5 owners as well. This is far from being classified as a widespread problem, but with time that could change. Meanwhile, there’s nothing confirming the trigger for this issue is the console being placed vertically, but right now, that’s the only explanation that has been presented.

At the moment of publishing, Sony has not commented on the situation. If this changes, we will be sure to update the story accordingly. In the meantime, take everything here with a grain of salt. While there is enough evidence here to be concerned, it’s not enough to raise the alarms yet.

For everything on the PS5 — as well as the PS4, PS PlayStation Plus, and the upcoming new PlayStation VR headset — including all of the latest news, rumors, leaks, speculation, deals, previews, reviews, interviews, and hot-takes, click here or keep scrolling to the relevant and recent links right below:

H/T, Reset Era.



Read original article here

Technology

Nintendo Switch Joy-Con drift due to “design flaw”, UK consumer group reports

Leave a comment

A major new study from UK consumer group Which? has found evidence that the Nintendo Switch’s infamous Joy-Con drift is likely caused by a mechanical fault, pointing to fundamental design flaws.

The research found that the Joy-Con’s plastic circuit boards showed noticeable wear on the joystick slider contact points, despite only being used for months. It is this wear that ultimately results in drifting.

In addition, dust and other contaminants were found in the Switch’s internal components, despite attempts by Nintendo at dustproofing said areas.

The Eurogamer Newscast News Quiz of the Year 2022!

Which? also criticised Nintendo’s handling of the situation and its response to affected consumers.

The organisation has called upon Nintendo to provide a compensation or refund plan for any UK consumers who can prove they purchased a replacement Joy-Con due to drift since 2017, and said that this scheme should be widely promoted.

It has also called for Nintendo to offer a “no-quibble” repair or replacement of all Joy-Cons that have developed drift since 2017, completely free of charge.

In a response to the study, Nintendo issued the following statement: “The percentage of Joy-Con controllers that have been reported as experiencing issues with the analogue stick in the past is small, and we have been making continuous improvements to the Joy-Con analogue stick since its launch in 2017.”

“We expect all our hardware to perform as designed, and, if anything falls short of this goal, we always encourage consumers to contact Nintendo customer support, who will be happy to openly and leniently resolve any consumer issues related to the Joy-Con controllers’ analogue sticks, including in cases where the warranty may no longer apply.”

If your Joy-Con has developed drift, it’s worth remembering that your first point of contact should be Nintendo Support, which will likely repair your controllers at no cost to you including shipping. From my own experience, you don’t even need to provide proof of purchase, but it would certainly help your cause if you’re within warranty.

Which? also produced a report earlier this year which found that two in five Joy-Con controllers from the original Nintendo Switch release are experiencing drift.

Of course, issues surrounding Joy-Con drift have persisted for several years now. In 2019, a class action lawsuit against Nintendo was filed in the US over the problem, while last year the European Commission stated that it was considering opening an investigation.

fbq('init', '560747571485047'); fbq('init', '738979179819818');

fbq('track', 'PageView'); window.facebookPixelsDone = true;

window.dispatchEvent(new Event('BrockmanFacebookPixelsEnabled')); }

window.addEventListener('BrockmanTargetingCookiesAllowed', appendFacebookPixels);

Read original article here

Technology

iOS 16.2 Should Fix a Flaw With the iPhone 14 Pro’s Always-On Display

Leave a comment

The iPhone 14 Pro and 14 Pro Max have a handful of flashy software changes, such as the Dynamic Island for showing system alerts and a highly anticipated always-on display. That latter feature isn’t new exactly. For years, Android devices have had an always-on display that shows essential information when the screen is off. What you see is a black screen with the time and date and sometimes icons for notifications. But the iPhone’s version has Apple’s own twist.

The 14 Pro’s always-on display shows the time and date (along with widgets) against a darkened version of your wallpaper photo instead of a black screen. I’ve been using the iPhone 14 Pro for nearly three months, and it took about half that time to get used to the always-on display because it looked like my phone was unlocked. While Apple deserves praise for figuring out a way to make the always-on display look nearly identical to the regular lock screen, there’s a problem. Some of us want an always-on display that’s more discrete and doesn’t draw attention.

Lucky for us, iOS 16.2 is the answer. The beta version of iOS 16.2, Apple’s next iPhone software update, now has controls that let you turn off the wallpaper when the always-on display is active. That means you can finally have a solid black background for your iPhone’s always-on display without changing your lock screen’s photo.

If you want to try it out, go into Settings, tap Display and Brightness and choose Always On Display. From there, you will see options to show wallpaper or notifications. Disabling Show Wallpaper gets you a black always-on display.

In our tests, using the iPhone 14 Pro’s always-on display didn’t shorten battery life. But some people have had the opposite experience. For those who have experienced battery life issues, hopefully substituting the lock screen with a solid black background will address those concerns. I should also add that, in general, our tests found that the iPhone 14 series has a shorter battery life than the iPhone 13 series.

The iOS 16.2 update is currently in beta and a final version will likely be available in December, according to Bloomberg’s Mark Gurman in his newsletter. If you’re interested in trying the public beta version, read our iOS 16. 2 beta guide, which walks you through the process.


Now playing:
Watch this:

iPhone 14 Pro and 14 Pro Max Review: Tons of Upgrades,…



14:11

Read original article here

Technology

Apple security flaw ‘actively exploited’ by hackers to fully control devices | Apple

Leave a comment

Apple has disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.

On Wednesday the company said it was “aware of a report that this issue may have been actively exploited”.

Apple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications.

Security experts have advised users to update affected devices – the iPhones 6S and later models; several models of the iPad, including the fifth generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. It also affects some iPod models.

Apple’s explanation of the vulnerability means a hacker could get “full admin access to the device” so that they can “execute any code as if they are you, the user,” said Rachel Tobac, CEO of SocialProof Security.

Those who should be particularly attentive to updating their software are “people who are in the public eye” such as activists or journalists who might be the targets of sophisticated nation-state spying, Tobac said.

The company did not give specifics on how many users were affected by the vulnerability. In all cases, it cited an anonymous researcher.

Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.

NSO Group has been blacklisted by the US commerce department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had been exploited.

Read original article here

Technology

Apple warns of security flaw for iPhones, iPads and Macs

Leave a comment

  • ASSOCIATED PRESS

    An Apple logo adorns the facade of the downtown Brooklyn Apple store, in March 2020, in New York. Apple disclosed serious security vulnerabilities Wednesday for iPhones, iPads and Macs.

SAN FRANCISCO >> Apple disclosed serious security vulnerabilities for iPhones, iPads and Macs that could potentially allow attackers to take complete control of these devices.

Apple released two security reports about the issue on Wednesday, although they didn’t receive wide attention outside of tech publications.

Apple’s explanation of the vulnerability means a hacker could get “full admin access” to the device. That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security.

Security experts have advised users to update affected devices — the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.

Apple did not say in the reports how, where or by whom the vulnerabilities were discovered. In all cases, it cited an anonymous researcher.

Commercial spyware companies such as Israel’s NSO Group are known for identifying and taking advantage of such flaws, exploiting them in malware that surreptitiously infects targets’ smartphones, siphons their contents and surveils the targets in real time.

NSO Group has been blacklisted by the U.S. Commerce Department. Its spyware is known to have been used in Europe, the Middle East, Africa and Latin America against journalists, dissidents and human rights activists.

Security researcher Will Strafach said he had seen no technical analysis of the vulnerabilities that Apple has just patched. The company has previously acknowledged similarly serious flaws and, in what Strafach estimated to be perhaps a dozen occasions, has noted that it was aware of reports that such security holes had being exploited.



Read original article here

Technology

A Single Flaw Broke Every Layer of Security in MacOS

Leave a comment

Every time you shut down your Mac, a pop-up appears: “Are you sure you want to shut down your computer now?” Nestled under the prompt is another option most of us likely overlook: the choice to reopen the apps and windows you have open now when your machine is turned back on. Researchers have now found a way to exploit a vulnerability in this “saved state” feature—and it can be used to break the key layers of Apple’s security protections.

The vulnerability, which is susceptible to a process injection attack to break macOS security, could allow an attacker to read every file on a Mac or take control of the webcam, says Thijs Alkemade, a security researcher at Netherlands-based cybersecurity firm Computest who found the flaw. “It’s basically one vulnerability that could be applied to three different locations,” he says.

After deploying the initial attack against the saved state feature, Alkemade was able to move through other parts of the Apple ecosystem: first escaping the macOS sandbox, which is designed to limit successful hacks to one app, and then bypassing the System Integrity Protection (SIP), a key defense designed to stop authorized code from accessing sensitive files on a Mac.

Alkemade—who is presenting the work at the Black Hat conference in Las Vegas this week—first found the vulnerability in December 2020 and reported the issue to Apple through its bug bounty scheme. He was paid a “pretty nice” reward for the research, he says, although he refuses to detail how much. Since then Apple has issued two updates to fix the flaw, first in April 2021 and again in October 2021.

When asked about the flaw, Apple said it did not have any comment prior to Alkemade’s presentation. The company’s two public updates about the vulnerability are light on detail, but they say the issues could allow malicious apps to leak sensitive user information and escalate privileges for an attacker to move through a system.

Apple’s changes can also be seen in Xcode, the company’s development workspace for app creators, a blog post describing the attack from Alkemade says. The researcher says that while Apple fixed the issue for Macs running the Monterey operating system, which was released in October 2021, the previous versions of macOS are still vulnerable to the attack.

There are multiple steps to successfully launching the attack, but fundamentally they come back to the initial process injection vulnerability. Process injection attacks allow hackers to inject code into a device and run code in a way that’s different to what was originally intended.

The attacks are not uncommon. “It’s quite often possible to find the process injection vulnerability in a specific application,” Alkemade says. “But to have one that’s so universally applicable is a very rare find,” he says.

The vulnerability Alkemade found is in a “serialized” object in the saved state system, which saves the apps and windows you have open when you shut down a Mac. This saved state system can also run while a Mac is in use, in a process called App Nap.

Read original article here

Technology

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Leave a comment

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that’s under active attack in the wild.

Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one of which plugs another zero-day flaw that Google disclosed as being actively exploited in real-world attacks.

Top of the list of this month’s updates is CVE-2022-22047 (CVSS score: 7.8), a case of privilege escalation in the Windows Client Server Runtime Subsystem (CSRSS) that could be abused by an attacker to gain SYSTEM permissions.

“With this level of access, the attackers are able to disable local services such as Endpoint Detection and Security tools,” Kev Breen, director of cyber threat research at Immersive Labs, told The Hacker News. “With SYSTEM access they can also deploy tools like Mimikatz which can be used to recover even more admin and domain level accounts, spreading the threat quickly.”

Very little is known about the nature and scale of the attacks other than an “Exploitation Detected” assessment from Microsoft. The company’s Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) have been credited with reporting the flaw.

Besides CVE-2022-22047, two more elevation of privilege flaws have been fixed in the same component — CVE-2022-22026 (CVSS score: 8.8) and CVE-2022-22049 (CVSS score: 7.8) — that were reported by Google Project Zero researcher Sergei Glazunov.

“A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM,” Microsoft said in an advisory for CVE-2022-22026.

“Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment.”

Also remediated by Microsoft include a number of remote code execution bugs in Windows Network File System (CVE-2022-22029 and CVE-2022-22039), Windows Graphics (CVE-2022-30221), Remote Procedure Call Runtime (CVE-2022-22038), and Windows Shell (CVE-2022-30222).

The update further stands out for patching as many as 32 issues in the Azure Site Recovery business continuity service. Two of these flaws are related to remote code execution and the remaining 30 concern privilege escalation.

“Successful exploitation […] requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server,” the company said, adding the flaws do not “allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable.”

On top of that, Microsoft’s July update also contains fixes for four privilege escalation vulnerabilities in the Windows Print Spooler module (CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226) after a brief respite in June 2022, underscoring what appears to be a never-ending stream of flaws plaguing the technology.

Rounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service (CVE-2022-30216) and Microsoft Defender for Endpoint (CVE-2022-33637) and three denial-of-service (DoS) flaws in Internet Information Services (CVE-2022-22025 and CVE-2022-22040) and Security Account Manager (CVE-2022-30208).

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including —

'+n+'...
'+a+"...
"}s+="",document.getElementById("result").innerHTML=s}}),t=!0)})}); //]]>

Read original article here