Back in April, District Court Judge Yvonne Gonzalez Rogers delivered a scathing judgment finding that Apple was in “willful violation” of her 2021 injunction intended to open up iOS App Store payments. That contempt of court finding has now been almost entirely upheld by the Ninth Circuit Court of Appeals, a development that Epic Games’ Tim Sweeney tells Ars he hopes will “do a lot of good for developers and start to really change the App Store situation worldwide, I think.”
The ruling, signed by a panel of three appellate court judges, affirmed that Apple’s initial attempts to charge a 27 percent fee to iOS developers using outside payment options “had a prohibitive effect, in violation of the injunction.” Similarly, Apple’s restrictions on how those outside links had to be designed were overly broad; the appeals court suggests that Apple can only ensure that internal and external payment options are presented in a similar fashion.
The appeals court also agreed that Apple acted in “bad faith” by refusing to comply with the injunction, rejecting viable, compliant alternatives in internal discussions. And the appeals court was also not convinced by Apple’s process-focused arguments, saying the district court properly evaluated materials Apple argued were protected by attorney-client privilege.
Explore behavioral analysis techniques for securing AI models against post-quantum threats. Learn how to identify anomalies and protect your AI infrastructure with quantum-resistant cryptography.
An anonymous reader quotes a report from TechCrunch: Apple on Wednesday released its annual list of the most downloaded apps and games for the year. For the U.S. market, OpenAI's ChatGPT topped the ranks of free iPhone apps (not including games) with the most installs in 2025. The AI app was followed by Threads, Google, TikTok, WhatsApp, Instagram, YouTube, Google Maps, Gmail, and Google's Gemini. ChatGPT made it to No. 4 last year, but the top spot was taken by Chinese shopping app Temu. In 2023, the AI app didn't make the top-10 list despite being released on the iPhone in May 2023 to a strong debut.
World No 1 says ‘biological men’ have a ‘huge advantage’
‘She hit nail on the head,’ says battle of sexes rival Kyrgios
Aryna Sabalenka has weighed into the participation of transgender athletes in women’s sport, the world No 1 saying it would be unfair for women to face “biological men” in professional tennis.
The Women’s Tennis Association’s gender participation policy of its tour permits transgender women to participate if they have declared their gender as female for a minimum of four years, have lowered testosterone levels and agree to testing procedures. These conditions may be further varied by the WTA medical manager on a case-by-case basis.
Apple's next major iPhone software update will prioritize stability and performance over flashy new features, according to Bloomberg's Mark Gurman, who reports that iOS 27 is being developed as a "Snow Leopard-style" release [non-paywalled source] focused on fixing bugs, removing bloat and improving underlying code after this year's sweeping Liquid Glass design overhaul in iOS 26.
Engineering teams are currently combing through Apple's operating systems to eliminate unnecessary code and address quality issues that users have reported since iOS 26's September release. Those complaints include device overheating, unexplained battery drain, user interface glitches, keyboard failures, cellular connectivity problems, app crashes, and sluggish animations.
iOS 27 won't be feature-free. Apple plans several AI additions: a health-focused AI agent tied to a Health+ subscription, expanded AI-powered web search meant to compete with ChatGPT and Perplexity, and deeper AI integration across apps. The company has also been internally testing a chatbot app called Veritas as a proving ground for its re-architected Siri, though a standalone chatbot product isn't currently planned.
Last year, Apple finally added support for Rich Communications Services (RCS) texting to its platforms, improving consistency, reliability, and security when exchanging green-bubble texts between the competing iPhone and Android ecosystems. Today, Google is announcing another small step forward in interoperability, pointing to a slightly less annoying future for friend groups or households where not everyone owns an iPhone.
Google has updated Android’s Quick Share feature to support Apple’s AirDrop, which allows users of Apple devices to share files directly using a local peer-to-peer Wi-Fi connection. Apple devices with AirDrop enabled and set to “everyone for 10 minutes” mode will show up in the Quick Share device list just like another Android phone would, and Android devices that support this new Quick Share version will also show up in the AirDrop menu.
Google will only support this feature on the Pixel 10 series, at least to start. The company is “looking forward to improving the experience and expanding it to more Android devices,” but it didn’t announce anything about a timeline or any hardware or software requirements. Quick Share also won’t work with AirDrop devices working in the default “contacts only” mode, though Google “[welcomes] the opportunity to work with Apple to enable ‘Contacts Only’ mode in the future.” (Reading between the lines: Google and Apple are not currently working together to enable this, and Google confirmed to The Verge that Apple hadn’t been involved in this at all.)
Apple has released a new round of security updates for its mobile platforms, introducing iOS 26.1 and iPadOS 26.1. The latest Apple security updates are available for a wide range of devices. iPhone models beginning with the iPhone 11 and later are supported. On the tablet side, the updates cover the iPad Pro (3rd generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later). Essentially, anyone using a relatively recent Apple device is eligible to install this patch.Modern smartphones and tablets have become central to users’ daily lives, storing passwords, personal communications, photos, and financial data. Any flaw in system security represents a potential gateway for malicious activity. These Apple security updates address multiple vulnerabilities that could otherwise allow unauthorized access to sensitive information or even cause system crashes.Apple reiterated its long-standing policy of confidentiality during investigations, stating that the company does not disclose or confirm security vulnerabilities until a full review has been completed and necessary fixes have been released.
Key Vulnerabilities Fixed in the latest Apple security updates
Apple’s documentation outlines dozens of component-level fixes. The following highlights the most notable ones:
Neural Engine flaws (CVE-2025-43447 & CVE-2025-43462): A malicious app could exploit the Neural Engine to crash system components or corrupt kernel memory. This was fixed through improved memory-handling within the Neural Engine framework.
Apple Account screenshot capture (CVE-2025-43455): Some apps could take screenshots of private data displayed in embedded views. Apple added stricter privacy checks to block this.
AppleMobileFileIntegrity & Assets: These components control how apps access files and enforce sandbox restrictions. Weaknesses here could allow an app to escape its sandbox or access protected data. Apple strengthened symlink validation and entitlement handling to close these gaps.
Audio and Camera systems: Both subsystems received new logic restrictions to reduce unwanted access.
Safari browser: The update fixes issues that could have allowed address bar spoofing or UI deception. Improved state management now prevents these attacks.
Component-Specific Fixes
Apple’s patch notes provide a detailed account of the components affected:
Accessibility (CVE-2025-43442): A permissions issue could allow an app to identify installed apps. The update adds stricter access restrictions.
Apple TV Remote (CVE-2025-43449): A malicious app might track users across installations. Apple improved cache handling to prevent tracking.
AppleMobileFileIntegrity (CVE-2025-43379): Prevents unauthorized access to protected data by improving symlink validation.
Assets (CVE-2025-43407): Prevents sandbox escapes with enhanced entitlement rules.
Audio (CVE-2025-43423): Fixed a flaw that could expose system logs when devices were paired to a Mac. Sensitive data is now redacted.
Camera (CVE-2025-43450): Prevents apps from learning about the camera view before permission is granted.
CloudKit (CVE-2025-43448): Reinforces sandbox protection to stop potential data leaks.
Contacts (CVE-2025-43426): Prevents unauthorized access to user data through better data redaction.
Control Centre (CVE-2025-43350): Closes a loophole that could reveal restricted lock-screen content.
CoreServices (CVE-2025-43436): Stops apps from enumerating installed apps.
CoreText (CVE-2025-43445): Fixes a memory corruption bug triggered by malicious media files.
FileProvider (CVE-2025-43498): Strengthens authorization handling to block unauthorized data access.
Find My (CVE-2025-43507): Addresses a potential user-fingerprinting issue.
Installer (CVE-2025-43444): Prevents app fingerprinting by tightening permissions.
Kernel (CVE-2025-43398): Addresses system termination risks by improving memory handling.
libxpc (CVE-2025-43413): Prevents network activity observation from sandboxed apps.
Mail Drafts (CVE-2025-43496): Stops remote content from loading when the “Load Remote Images” setting is disabled.
Model I/O (CVE-2025-43383–43386): Prevents app crashes or corruption from malicious files.
Multi-Touch (CVE-2025-43424): Adds stronger bounds-checking against malicious hardware input.
Notes (CVE-2025-43389): Removes vulnerable code to stop unauthorized data access.
On-Device Intelligence (CVE-2025-43439): Eliminates data that could be used for user fingerprinting.
Photos (CVE-2025-43391): Improves handling of temporary files to prevent data leaks.
Sandbox Profiles (CVE-2025-43500): Fixes flaws in preference handling to better secure user data.
Siri (CVE-2025-43454): Resolves an issue that prevented devices from locking consistently.
Status Bar: Fixes a condition where sensitive information could be seen on locked devices.
Research Credits and Acknowledgments
Apple credited numerous independent researchers and teams for identifying these issues. Notable acknowledgments include Isaiah Wan (CVE-2025-43460, Stolen Device Protection), Will Caine (CVE-2025-43422, Text Input), and multiple contributors. The company also thanked contributors working on WebKit, Accessibility, Safari, and Photos vulnerabilities.Owners of eligible iPhones or iPads are advised to install iOS 26.1 or iPadOS 26.1 immediately. These vulnerabilities are not hypothetical; many involve exploitable memory-handling issues, sandbox escapes, and unauthorized data access. Installing the update drastically reduces potential exposure.Updating is straightforward: open Settings > General > Software Update, and follow the on-screen instructions. It is recommended that the device remain plugged in and connected to Wi-Fi during installation.
Apple has released security updates for iPhones, iPads and Macs to fix a zero-day vulnerability (a vulnerability which Apple was previously unaware of) that is reportedly being used in targeted attacks.
The updates cover:
iOS 18.6.2 and iPadOS 18.6.2 (iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later);
iPadOS 17.7.10 (iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation);
Apple has acknowledged reports that attackers may have already used this flaw in a highly sophisticated operation aimed at specific, high‑value targets.
But history teaches us that once a patch goes out, attackers waste little time recycling the same vulnerability into broader, more opportunistic campaigns. What starts as a highly targeted campaign often trickles down into mass exploitation against everyday users.
That’s why it’s important that everyone takes the time to update now.
How to update your iPhone or iPad
For iOS and iPadOS users, you can check if you’re using the latest software version, go to Settings > General > Software Update. You want to be on iOS 18.6.2 or iPadOS 18.6.2 (or 17.7.10 for older models), so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.
How to update your Mac
For Mac users, click on the Apple menu in the top-left corner of your screen and open System Settings. From there, scroll down until you find General, then select Software Update. Your Mac will automatically check for new updates. If an update is available, you’ll see the option to download and install it. Depending on the size of the update, this process might take anywhere from a few minutes to an hour, and your machine will need to restart to complete the installation.
As always, it’s a good idea to make sure you’ve saved your work before using the Restart Now button. Updates can sometimes require more than one reboot, so allow some downtime. After you install the update, your system gains stronger protection, and you can use your Mac without the constant worry of this vulnerability hanging over you.
Technical details
The flaw is tracked as CVE-2025-43300 and lies in the Image I/O framework, the part of macOS that does the heavy lifting whenever an app needs to open or save a picture.The problem came from an out-of-bounds write. Apple stepped in and tightened the rules with better bounds checking, closing off the hole so attackers can no longer use it.
An out-of-bounds write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.
In this case, an attacker could construct an image to exploit the vulnerability. Processing such a malicious image file would result in memory corruption. Memory corruption issues can be manipulated to crash a process or run attacker’s code.
We don’t just report on phone security—we provide it
Login
