fidzu : computers

Researchers have disclosed a new unpatchable BootROM exploit affecting Apple devices with A12, A13, S4, and S5 chips. The attack requires physical USB access and DFU mode, but can let an attacker run code before iOS loads, bypass signature checks, and boot modified software. 9to5Mac reports the details: In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8, a new exploit that "leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware" and cannot be patched. The PS Team explains that ahead of today's disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple's security team for its "prompt response, constructive engagement, and cooperation throughout" the process. In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. [...] They add that "technical support for A12X/Z is possible," but "it is not currently implemented." That could add the 2018 and 2020 iPad Pro lineups to the list. The way usbliter8 works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory. That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software. Importantly, the exploit does not affect or compromise the device's Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure. That said, PS Team says that "although usbliter8 doesn't affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave," adding that "by releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security." [...] Given that this is also an unpatchable exploit, the researchers note that "affected users should be aware that migrating to newer hardware remains the most effective mitigation."

Read more of this story at Slashdot.

19 Jun 2026 6:00pm GMT

The European Commission is reportedly preparing to provisionally classify Amazon Web Services and Microsoft Azure as "gatekeepers" under the Digital Markets Act, bringing cloud infrastructure under the law's stricter competition rules for the first time. The designation could require greater interoperability and data portability, making it easier for customers to switch providers, with a final decision expected by the end of 2026. Heise reports: This investigation began in November 2025, when the EU targeted the cloud power of US tech giants. The trigger was outages in cloud services with sometimes significant impacts on other internet services. Shortly before, an approximately 15-hour outage of the AWS cloud in the US meant that not only Amazon's own streaming services but also Atlassian, Docker, Epic Games, and the Signal messenger were unavailable or severely restricted. Shortly thereafter, Microsoft Azure also struggled with an outage, preventing air passengers from checking in and interrupting votes in the Scottish Parliament. As a result, European antitrust authorities have also scrutinized cloud services under the Digital Markets Act for the first time. The major cloud providers, primarily from the US, have so far evaded the EU's Digital Markets Act because a large part of their business is handled through corporate contracts. This makes it difficult to determine the number of individual users. However, this is one of the EU's most important criteria for determining the market power of companies. [...] As gatekeepers, AWS and Azure would be obliged to ensure interoperability and data portability. This would, for example, simplify switching cloud providers and allow customers to link other services with AWS or Azure clouds, instead of being limited to AWS and Azure offerings. Significant fines could also be imposed if the cloud services are found to be in violation of existing regulations.

Read more of this story at Slashdot.

19 Jun 2026 5:00pm GMT

An anonymous reader quotes a report from Wired: The Trump administration's move to impose export controls on Anthropic's most powerful AI technology followed a spat over the company granting South Korean telecom giant SK Telecom access to its Claude Mythos model, according to people familiar with the matter. US officials were concerned about what they alleged were SK Telecom's ties to China, those people said. Those concerns appear to have compounded when Amazon later flagged vulnerabilities to the White House it identified in Fable 5, a highly safeguarded version of Mythos that Anthropic released to the public on June 9. The Amazon researchers claimed that it was possible to circumvent some of Fable 5's guardrails and access Mythos' formidable cybercapabilities, though Anthropic and outside cybersecurity experts have argued these risks are not unique to Claude. The confluence of events is what ultimately led the White House to determine that it could not trust Anthropic to safeguard its most advanced AI technology, according to a person close to the administration. On Friday, the Trump administration ordered Anthropic to revoke access to Mythos and Fable 5 for all foreign nationals, including immigrants inside the US. Rather than gate access to its technology based on nationality, a process that would be difficult to implement while also preserving privacy, Anthropic decided it was better to disable access to the models entirely. The White House and Anthropic still remain at odds after days of negotiations about bringing Claude Mythos and Fable 5 back online. SK Telecom was one of roughly 150 organizations granted early access to Anthropic's vulnerability-detection model Claude Mythos through Project Glasswing, notes Wired. The White House later asked Anthropic to revoke the company's access, reportedly amid concerns about alleged China ties, and Anthropic immediately complied. There was, however, no mention of the telecom in the government's formal demand to restrict Mythos and Fable 5 to U.S. nationals. SK Telecom told a Korean newspaper that the "anonymous insider's remarks in foreign media lack verified facts, and our company has no ties to China."

Read more of this story at Slashdot.

19 Jun 2026 4:00pm GMT

A French launch startup is scrapping the name of its rocket, apparently due to a trademark issue.

19 Jun 2026 1:36pm GMT

A fascinating novel approach by researchers at MIT, called Fractal, to study in-depth how processors actually work. A team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) decided to build something different. Fractal, an operating system kernel written from the ground up, treats the hardware itself as the object of study. Its first major use, a deep look at branch predictors - a CPU's way of guessing what code to run next, before it knows for certain, so it doesn't have to waste time waiting to find out - inside Apple's M1 processor, has already turned up findings that prior work missed, including the first evidence that a class of speculative attack known as "Phantom" affects Apple Silicon. "We're using hardware in ways it wasn't designed for," says Joseph Ravichandran, the MIT PhD student in electrical engineering and computer science (EECS) who led the project. "It's not even obvious that this is a possible thing you could do with the hardware. But we found a way to pull all these different primitives off. It's like a microscope. If you've got a hand magnifying glass, you can see a little bit. But if you had an electron microscope, now we're really talking. That's what Fractal is. The electron microscope of operating systems." ↫ Rachel Gordon at MIT News While Fractal is small, its creators also added POSIX system calls, a C library, vim, GCC, a shell, and more. This way, it feels more familiar, and makes it easier for researchers to get started with the tool. Fractal is open source and hosted on GitHub, it has its own website, and there's a detailed research paper with more in-depth information.

19 Jun 2026 12:34pm GMT

Researchers say these coral strongholds may help repopulate more degraded reefs.

19 Jun 2026 11:15am GMT

"I consider this a success already, just from the fact that we're even going to try this."

19 Jun 2026 12:39am GMT

Five years after releasing the Amiga 1000, Commodore was about to launch the Amiga 3000, their first real high-end Amiga. With a 68030 processor, on-board SCSI and a slightly updated graphics chipset, all in a sleek desktop case, the Amiga was truly ready for the era of professional 32-bit computing. But Moore's law wasn't the only thing thad had been pressuring Commodore since the release of the Amiga 1000: The desktop metaphor had matured even further, and the competition had been hard at work. IBM had launched OS/2, Windows 3.0 had turned Microsoft's offering from a proof of concept into something actually usable, and new players had entered the scene - among them NeXTStep, with its polished 3D look. It was time to bring AmigaOS, too, into the 1990s. ↫ Carl Svensson It's interesting - there's a lot of focus on the first version of the Amiga operating system and the third one, but you don't hear a lot about AmigaOS 2.x. It turns out this is rather odd, because as Svensson details, this version came with an absolute ton of changes and improvements, from an entirely new widget toolkit to a brand new file system, and so much more. The new widget toolkit and accompanying style guide also ensured that the operating system looked, felt, and behaved consistently. Remember when we cared about that? There's so much more cool features, though, like command history, line editing, universal clipboard support and more just for the CLI, as well as something called Commodities. These were tiny little programs managed from a central location, which didn't even need a GUI to work. Commodities included by default were things like ClickToFront, a focus-follows-mouse option, and more. Oh and of course, BASIC was replaced by ARexx. The list just keeps going, and you should really read Svensson's article.

18 Jun 2026 9:40pm GMT

Oracle is sticking to its promise of more regular Solaris updates with the release of Oracle Solaris 11.4 SRU93. This release, like other SRU releases, is for paying Solaris customers, as the CBE releases for enthusiasts are on a different cadence. With Solaris' focus being on enterprise server environments, it should come as no surprise that most of the changes and improvements are focused on things like enterprise networking and security, such as changes to how policy settings for the Kernel Crypto Framework (KCF) are stored, moving from using RPC over sockets instead of STREAMS, and more. Of course, there's also the long list of updated open source packages. SRU 93.221.2 updates a broad set of platform, runtime, developer, networking, desktop, and open source components. Notable updates include Apache Tomcat to 9.0.116, bash to 5.3 patch 9, BIND to 9.20.18 and 9.20.21, Django 4.2 to 4.2.30, Django 5.2 to 5.2.13, Firefox to 140.8.0esr, Golang to 1.25.8, Node.js 20 to 20.20.2, Node.js 22 to 22.22.2, Node.js 24 to 24.14.1, NSS to 3.119.1, Perl to 5.42, Python 3.11 to 3.11.15, Python 3.13 to 3.13.12, RabbitMQ to 4.2.4, Thunderbird to 140.8.0esr, vim to 9.2.0340, and zlib to 1.3.2. Additional updates include development tools, Python modules, X11 utilities, printing components, libraries, cryptographic packages, networking tools, and desktop-related packages. ↫ Colin Kavanagh at the Oracle Solaris Blog Existing Oracle Solaris customers can update to the new release through pkg update.

18 Jun 2026 8:46am GMT

Good morning from JetBrains Berlin office!

01 Jun 2026 12:00am GMT

Just trying to answer one simple question: What if the terminal was 3D?

11 May 2026 12:00am GMT

Break the pattern today or the loop will repeat tomorrow.

18 Apr 2026 12:00am GMT