EsquireCats

Spotify's constantly blaming of others for any perceived competition issues doesn't jibe well with them being the slowest and most behind in music features.

Side thought: their marketing visuals are so forced. All the psychedelic colours feels as poorly as "hello fellow kids".

I eagerly await Apple to return to making a display that includes a camera and speakers. The LG UltraFine 5K screen that Apple no longer sell was an absolute disaster - after buying it I quickly remembered why I swore away from pricy 3rd party displays. This screen was reputation damaging:

• It would receive interference from nearby wifi devices, which would crash the system
• It was slow to wake, or often didn't wake at all - sometimes waking with subtle visual distortions, or again crashing the system
• It has a sub-par viewing angle and excessive light bleed from the edges
• It was freaking expensive for being a dud product and LG made it near-impossible to return it

You can play this game with just about any 3rd party device, cost is irrelevant. Want a good wifi router that plays along with hand-off and homekit? The best device is still the old Apple Airport Extreme from 2013. Want a Network attached storage that won't silently corrupt your Time Machine backup? That's the 2013 Time Capsule. etc. etc.

As for the AppleTV being a "hobby" - seems Apple treat their "hobby" more seriously than Roku treats their main revenue stream.

I always keep these sorts of things in mind when people faff on about home vendor-bias and antitrust. I'm keenly aware of these things, but if the competition behaves like garbage their failures aren't the result of anticompetitive behaviour.

Take Spotify for example, how long did it take them to get an Apple Watch app? While other music vendors were in there early. I pop them and Roku right into that basket of vendors that don't take their main business seriously and frequently disregard their customers for unexplainable reasons.

 h4y3s said:

Anyone have more details?

Here is the first part of the deep dive: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

to over-simplify it (because it truly is a nation-state level hack.)
1. Overflow in a seldom used dependency that is actioned prior to blastdoor.
2. That overflow is carefully manipulated to utilise certain features of an image decompressor to establish a basic set of operators (AND/OR/XOR etc.) These are the fundamental building blocks of electronics circuits, aka processing on a computer.
3. Those building blocks are then used to build (I'm not joking) a full computer architecture including registers, a full 64-bit adder and comparator which then runs the relevant scripts to boot strap the next stage of the hack.
4. The article stops here, but the next part will detail how this is used to break through the relevant sandboxing to the installation of the spyware.

The fragility of it is exceptional, but the time and cost to develop such an exploit is what's more remarkable. It also forms a good argument about removing seldom used features and retiring old standards. The JBIG2 format provided the necessary tools for this exploit to run, but also is largely irrelevant and seldom used. It may just be better to remove that functionality altogether. (JBIG2 decoding is included as part of support for PDFs.)

Edit: Just as follow-up, Apple made a number of changes to address this entry method. Moving more areas to inside Blastdoor as well as greatly restricting the number of available formats available for Messages (i.e. just the ones it's meant to support.)