EsquireCats

There is a vocal minority that has been busy trying to frame app tracking transparency as a means for Apple to bolster ads inside the app store, and simultaneously implying that Apple uses data improperly to generate those ads.
However Apple only produces ads based on what the user specifically searches for, via a typical keyword bidding system. Suggestions are similarly built without peeking on the user outside of the app, such as correlating data sources against the user.

An important distinction here is that “tracking” ads are not based on what you did inside the app, but instead based on places you may have visited around the internet, your physical location over time, purchases made on entirely different platforms and even the content of your text messages. That is what Google and Facebook do to serve ads and it is done in a measurable way to watch the impact from an ad impression through to an eventual purchase.

The “windfall” for apple is merely being the only provider of ads inside their own store front. All forms of direct (i.e non-creepy) advertising have seen improvements since the introduction of app tracking transparency. 

Ever since USB-C launched numerous voices including Kuo have repeatedly claimed that Apple only keep the lighting connector to protect a revenue source inside of the MFi program. Despite the mountain of evidence to the contrary and that the bulk of Apple's MFi program is based around wireless technologies and protocols e.g. GymKit, Hearing Aids, MagSafe, HomeKit, AirPlay, FindMy, CarPlay and Authentication to list a few examples.

Switching now to USB-C is the result of accessories being largely driven by wireless connections. Swapping earlier would merely produce unncessary landfill and breed resentment across both consumers and manufacturers of lightning-based devices.

Mandates for micro USB and then later USB-C solved the problem of budget manufacturers which made a new plug for every phone/device they built. That's not a problem that Apple has ever had.

Seems like a stand-in product, much the same way that the iMac Pro was. If the LG UltraFine wasn't a POS, this display probably wouldn't even exist.

Not measured here are the myriad of other issues with the LG UltraFine 5k, including:
1. slow wake time or more rarely unresponsive to waking.
2. backlighting issues best described as the macbook “stage light” problem.
3. The “hydraulic” adjustment system is jerky and requires two hands to operate, it’s also is easy to de-level the screen.
4. The apple community forums are full of system crash complaints related to the LG screen. Particularly if using a macbook pro with dual GPUs.
5. Colour consistency is poor with a noticeable gradient.
6. Sometimes the display will wake with a stripe of offset pixels.

One final note: the apple display has their typical hard glass surface, the LG has no protection, it’s just the cheaper plastic-feeling deformable/soft layer

 h4y3s said:

Anyone have more details?

Here is the first part of the deep dive: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

to over-simplify it (because it truly is a nation-state level hack.)
1. Overflow in a seldom used dependency that is actioned prior to blastdoor.
2. That overflow is carefully manipulated to utilise certain features of an image decompressor to establish a basic set of operators (AND/OR/XOR etc.) These are the fundamental building blocks of electronics circuits, aka processing on a computer.
3. Those building blocks are then used to build (I'm not joking) a full computer architecture including registers, a full 64-bit adder and comparator which then runs the relevant scripts to boot strap the next stage of the hack.
4. The article stops here, but the next part will detail how this is used to break through the relevant sandboxing to the installation of the spyware.

The fragility of it is exceptional, but the time and cost to develop such an exploit is what's more remarkable. It also forms a good argument about removing seldom used features and retiring old standards. The JBIG2 format provided the necessary tools for this exploit to run, but also is largely irrelevant and seldom used. It may just be better to remove that functionality altogether. (JBIG2 decoding is included as part of support for PDFs.)

Edit: Just as follow-up, Apple made a number of changes to address this entry method. Moving more areas to inside Blastdoor as well as greatly restricting the number of available formats available for Messages (i.e. just the ones it's meant to support.)