Microsoft announced that MicrosoftEdge WebView2 eligibility and specific out-of-scope information are now included in the Edge Bounty Program.
The Microsoft Edge Bounty Program aims to find vulnerabilities that are specific to the upcoming Chromium-based Microsoft Edge, and that instantly affect customers’ security.
The Program invites people worldwide to look for and report Chromium-based Microsoft Edge-specific vulnerabilities.
Submissions that meet the requirements can earn bounty payments ranging from USD 250 to USD 30,000.
Updated Criteria to be Eligible for Bounty Awards
For vulnerability submissions to be eligible for bounty rewards, applicants must fulfill the following requirements:
Primarily, find a previously unreported vulnerability in the Dev, Beta, or Stable channels of Microsoft Edge that is exclusive to the Chromium platform and does not occur in the Google Chrome equivalent.
Further, this bounty program will take into account exploits in Microsoft Edge WebView2 that can be proven to work.
Microsoft Edge WebView2 Runtimes and SDKs:
WebView2 prerelease and release SDK
Evergreen WebView2 runtime, and the runtimes in the Dev and Beta channel of Microsoft Edge
When a vulnerability is reported, it must be able to be reproduced using the most recent WebView2 SDKs and runtimes on the most recent, fully patched version of Windows, including Windows 10.
Also, provide the WebView2 runtime version (e.g., Version 114.0.1823.79) and the WebView2 SDK version (e.g., 1.0.1905-prerelease or 1.0.2088.41) that were utilized to reproduce the vulnerability.
Under this bounty program, proven exploits in third-party components that reproduce in Microsoft Edge but not in Chrome are also eligible for consideration.
Microsoft said to provide clear, simple replication instructions in the form of written or video. Moreover, Proof of Concept (PoC) must be submitted with the submission.
Microsoft Edge on Chromium has a few features that make it stand out from the competition and could be useful areas to hunt for vulnerabilities that qualify for the Microsoft award.
These can include, Internet Explorer (IE) Mode that needs a supported version of Windows, PlayReady DRM, Sign in with Microsoft Account (MSA) or Azure Active Directory (AAD), Application Guard, Edge PDF, and Microsoft Edge WebView2.
Payment Amounts Set
“A high-quality report provides the information necessary for an engineer to quickly reproduce, understand, and fix the issue.
This typically includes a concise write-up or video containing any required background information, a description of the bug, and an attached proof of concept (PoC)”, Microsoft said.
Researchers are encouraged to visit this page for details on Microsoft Bounty Programs and the associated terms and FAQs.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
Chinese APT groups launched a cyberespionage campaign targeting ASEAN organizations with malware, coinciding with the recent ASEAN-Australia Special Summit — Palo Alto Networks’ Unit 42 report reveals the attacks, highlighting the need for robust cybersecurity measures in Southeast Asia.
A recent report by Palo Alto Networks’ Unit 42 cybersecurity research team has revealed a coordinated cyber espionage campaign that targeted countries affiliated with the Association of Southeast Asian Nations (ASEAN). The Chinese Advanced Persistent Threat (APT) groups are blamed for this.
The report, titled “ASEAN Entities in the Spotlight: Chinese APT Group Targeting,” highlights the activities of two separate APT groups. One identified group is Stately Taurus, a well-known threat actor with a history of cyberespionage operations.
Unit 42 researchers discovered that the cyber attack involved two malicious packages including “Talking_Points_for_China.zip,” a ZIP file and “PSO.scr,” an executable screensaver file. One of these malware packages was created by Stately Taurus specifically matching with the dates of the ASEAN-Australia Special Summit held in March 2024 in Melbourne.
The malicious package (Screenshot: Unit 42)
This suggests a targeted effort to gather intelligence during the critical regional event. This incident is also similar to the one in July 2023, where pro-Ukraine attendees of the NATO Summit were targeted with the RomCom RAT malware. Russian government hackers were suspected in that case.
“These types of campaigns continue to demonstrate how organizations are targeted for cyber espionage purposes, where nation-state affiliated threat groups collect intelligence of geopolitical interests within the region”
Palo Alto Networks’ Unit 42
The report goes on to show why organizations within ASEAN countries must take strong measures to defend against such cyberattacks. Palo Alto Networks recommends deploying advanced security solutions like DNS Security, Advanced URL Filtering, and WildFire to mitigate these threats.
While the Unit 42 report identifies two specific APT groups, the full extent of the campaign and the potential involvement of other actors remain under investigation. Continued monitoring and threat intelligence gathering are essential to fully understand the scope of this espionage activity.
Nevertheless, this discovery comes amidst heightened geopolitical tensions in the Southeast Asian region. The targeted nature of the attacks, coinciding with a major regional summit, raises concerns about potential attempts to gain an advantage in international relations.
Cybersecurity experts are urging ASEAN member states and affiliated organizations to remain alert against such cyberespionage efforts. Collaboration on information sharing and implementing proper cybersecurity measures is a must to defend against these ongoing threats.
Google has announced that Google I/O will be returning to the Shoreline Amphitheater on May 14 and May 15, 2024. Once again, it’s going to be a small in-person event. From the wording on Google’s announcement blog post and the Google I/O website, it does sound like this will be mostly for the press to go in-person and some developers. But it will still be open to all developers online, free of charge.
That’s similar to last year’s Google I/O, which was a single day. This year, Google is back to a two-day conference, which the company has done every year before the Pandemic. Google originally held the conference at Moscone West in San Francisco until 2016, when it moved to the Shoreline Amphitheater in Mountain View. It’s a larger venue, and it’s also right next to the Googleplex. As Google I/O has grown over the years, Google has needed more space to invite more people, do more demos and also do more sessions. So it makes sense.
Now, what might Google have up its sleeves for Google I/O this year? Let’s find out.
What is Google I/O?
Google I/O is the company’s annual developer conference, which typically takes place each May, usually around mid-May. It first started in 2008, and has happened every year since, with the exception of 2020.
Google I/O (which stands for Input/Output) is where the company will typically announce new software as well as updates to its products. Google has a lot of products these days, but a few mainstays of I/O include Android and Chrome.
I/O was always held at the Moscone Center in San Francisco until 2016. Moscone Center was the home to Apple’s WWDC and Microsoft’s BUILD conference as well. However, neither one takes place there anymore, with Microsoft moving its BUILD conference to Seattle after the pandemic. In 2016, Google moved I/O to the Shoreline Amphitheater, which is a stone’s throw away from the Google Plex. It’s a much larger venue and is now outdoors. Making it perfect for Google’s ever-expanding products.
How did Google I/O get its name?
The name, “Google I/O” is a bit of a nerdy name, as the “I/O” part stands for Input/Output. That references the computational concept of interfacing between a computer system and the outside world.
There is a second explanation for the origin, which says that I/O stands for “innovation in the open”, and that does line up with the Google I/O event quite nicely. As Google does spotlight all of the innovation the teams have done in the past year (sometimes longer).
Back in May 2006, Google actually held its first “Google I/O,” though it wasn’t called that. It was actually called the Geo Developer Day and was centered around the first publicly available developer tool, the Google Maps API. It had just 100 attendees and was held at the Googleplex in Mountain View. In 2007, Google held another similar event called “Google Developer Day”. It didn’t become “Google I/O” until 2008, when it moved to San Francisco’s Moscone West.
When is Google I/O?
This year, Google I/O will take place on May 14 and May 15. That’s longer than last year’s event, which was the first in-person event since the pandemic, where Google held just a single day of Google I/O. The number of attendees was also smaller than normal. In 2023, around 5,000 people attended Google I/O. Compared to pre-pandemic times where the attendee numbers were closer to 10,000 people.
The keynote will start at 10 AM PT on May 14. That will last around two hours, sometimes a little longer. After a short lunch break, we’ll get the developer keynote. This is where Google will dive deeper into some of the more developer-centric announcements from the main keynote.
How can I watch Google I/O?
Google I/O is always free to watch online, and this year, it’ll be more accessible than ever. You can watch all of the keynotes and sessions on Google’s I/O website here. You’ll also be able to watch these on the Google Developers and Android Developers YouTube channels.
You can also register on the site, and set up your schedule to “attend” different sessions and get notifications when those sessions are set to begin.
What is Google expected to announce?
So, what exactly is Google going to announce at I/O this year? Well, we really don’t know just yet. As there’s been very few rumors and leaks about I/O so far. But there are a few things that are a lock-in for I/O every year.
Android 15
These days, Google will typically release the first developer preview of the new version of Android in February. With the first beta typically launching in April or in May at Google I/O. Last year, we did get the second beta at Google I/O, and this year’s schedule for the Android 15 release lines up that way as well.
Typically, Google will keep most of the bigger features for the Google I/O keynote. However, last year, there was barely a mention of Android 14 in the keynote. In the two-hour and five-minute keynote last year, Google only mentioned Android 14 in passing. And the feature they mentioned – wallpapers – wasn’t even exclusive to Android 14, as it launched in the new Pixel Feature Drop just a few weeks later.
In recent years, the new version of Android has become a much smaller deal than before. Google seems to be making “Android” the framework for its operating system, with all of the user-facing features coming in quarterly feature drops for Pixel and Android. That makes the yearly updates less exciting, but the quarterly updates much more exciting.
Google Pixel Fold 2?
Last year, at Google I/O, the company launched the initial Google Pixel Fold as well as the Pixel Tablet and Pixel 7a. But this year, it’s looking more likely that a lot of that hardware will launch in the fall instead.
That’s a good thing for the Pixel Fold 2, as the original launched with the Tensor G2 processor in June, and by October it was outdated with the Tensor G3. That’s a tough pill to swallow after you just spent $1,700 for the Pixel Fold. And judging by leaks we’ve seen, it appears that the Pixel Fold 2 is slated for October as well, this year. Launching alongside the Google Pixel 9 series.
As for the Pixel Tablet 2 and Pixel 8a, that’s also likely coming in the fall. Recently, we’ve seen a new leak showing that Google is working on a Pixel 9, Pixel 9 Pro, and Pixel 9 Pro XL. If that does happen, that could mean the A-series is going away and being replaced by the vanilla Pixel model. Considering both the Pixel 9 and Pixel 9 Pro are almost the same size, it makes sense.
In recent years, the Pixel a-series has received a few price bumps, making it closer to the vanilla Pixel model in terms of price. There are also very few differentiations between the two now. So making the Pixel 9 for around $500, then a Pixel 9 Pro at $900 and a Pixel 9 Pro XL at $1,000 or even $1,100 would make more sense for the lineup. Of course, this is all speculation right now. We’ll have to wait until May 14, to find out if the Pixel 8a is coming at Google I/O or if it even exists.
Google I/O is like Christmas for Google fans
I/O is always very exciting for Google and Android fans. A lot of people refer to it as “Christmas for Android users” and well, it really is. Lots of exciting announcements happen at Google I/O. Though in previous years, those announcements have gotten less exciting. And that’s because most of Google’s products are pretty mature now, and don’t need big updates or big features. Hopefully, Google can surprise us this year.
Either way, we are excited to see what Google has planned this year. Mark your calendars for May 14.
Where else but on X, Musk revealed that starting this week, Grok will be accessible to Premium subscribers. The chatbot won’t be restricted solely to those on the higher-end tier, Premium+, as it was before.
This shift could mean that X wants to go head-to-head with other popular chatbots like OpenAI’s ChatGPT or Google’s Gemini. Yet, it might also show that X is looking to boost its subscriber count. Additionally, giving users access to an AI chatbot could help keep them from switching to other platforms.
Grok might catch the interest of Musk’s followers and avid X users because it’s designed to tackle topics other AI chatbots usually steer clear of, such as more controversial political notions, for example.
Plus, it’s programmed to respond with what Musk has called “a rebellious streak.” What sets Grok apart even more is its capability to tap into real-time X data, a feature that its competitors can’t match.
X Premium sits in the middle of the company’s subscription offerings, starting at $8 per month (on the web) or $84 per year. Previously, Grok was exclusively accessible to Premium+ subscribers, priced at $16 per month or a substantial $168 per year. Initially offering only one premium subscription, X now provides three paid tiers:
A critical vulnerability in Ray, an open-source AI framework that is widely utilized across various sectors, including education, cryptocurrency, and biopharma.
This vulnerability, known as CVE-2023-48022, has been under active exploitation for the past seven months, allowing attackers to hijack computing power and leak sensitive data.
The Discovery of CVE-2023-48022: ShadowRay
Late in 2023, five unique vulnerabilities were disclosed to Anyscale, the developers of Ray, by cybersecurity entities Bishop Fox, Bryce Bearchell, and Protect AI.
Anyscale addressed four of these vulnerabilities in Ray version 2.8.1, but the fifth, CVE-2023-48022, remains disputed and unpatched.
The Oligo team has dubbed this vulnerability “ShadowRay” due to its ability to evade static scans and lead to significant breaches.
AI environments are goldmines for attackers due to the sensitive information they contain, such as private intellectual property, third-party tokens, and access to company databases.
The high-powered machines used for AI models are also prime targets for their computing power.
The Oligo research team has uncovered an active attack campaign that has put thousands of servers at risk.
Meet Ray: The Affected Framework
Ray is a unified framework designed to scale AI and Python applications.
Anyscale maintains it and has garnered significant attention, with 30K stars on GitHub.
Large organizations like Uber, Amazon, and OpenAI use Ray in production for its scalability and efficiency.
Source: anyscale.comSource: ray.io
The Exploitation of Ray Clusters
The lack of authorization in Ray’s Jobs API has been a critical point of exploitation.
Attackers with network access to the dashboard can invoke arbitrary jobs on the remote host without authorization.
Ray’s official Kubernetes deployment guide [10] and Kuberay’s Kubernetes operator encourage people to expose the dashboard on 0.0.0.0:
This oversight has led to the compromise of numerous publicly exposed Ray servers, with attackers leveraging the flaw for cryptocurrency mining and data theft.
The collective value of the compromised machines is staggering, with the potential worth nearing a billion USD.
Attackers are drawn to these machines not only for the sensitive information they can extract but also for the high value of the GPUs, which are in short supply and expensive.
A6000 GPUs from the machine above are out of stock on NVIDIA’s website
The Common Thread: Crypto Miners
Oligo Research has identified patterns in the compromised clusters, suggesting that the same attackers targeted them.
Crypto-mining campaigns have been leveraging ShadowRay to install miners and reverse-shells, with some attackers reaching the top 5% of miners in certain pools.
XMRig crypto miner connected to Zephyr mining pool
In light of these findings, organizations using Ray are urged to review their environments for exposure and analyze any suspicious activity.
For more detailed information on the vulnerabilities and the steps taken by Anyscale, readers can refer to the blog posts by Bishop Fox, Bryce Bearchell, and Protect AI.
Ray users must be aware of the security aspects and common pitfalls associated with the framework.
As the battle between functionality and security continues, the Ray incident serves as a stark reminder of the importance of vigilance in the digital age.
The disputed nature of CVE-2023-48022 has not only highlighted the complexities of software development but also the critical need for robust security measures in protecting valuable AI infrastructure.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter
After raising $2.5 million in its latest seed funding round, Unstable Protocol is on a mission to transform the burgeoning Liquid Restaking Token Finance (LRTfi) movement. The project, which is building the leverage layer of (re)staked Ether, attracted investment from multiple ETH-aligned funds including Lattice, Laser Digital (Nomura Group), Blockchain Founders Fund, Assouline Ventures, Agnostic Fund, Artichoke Capital, Black Edge Capital, NewTribe Capital, and NxGen.
Several notable angel investors, protocol executives, media partners, and KOLs also threw their support behind the Protocol, including @dcfgod, @wsbmod, @AltcoinSherpa, @devchart, Trader Lenny, Wes Cowan (Juice Finance), Rahim Noorani (Satori Finance), Tony Jiang (Cognition AI), Adil Virani (blitz.gg), Collin Goltra (YGG), Peter Huo (Whampoa Digital), Andy (TheRollup), Tian Zeng, and BlockBuilders (MarketAcross).
A subsector of DeFi, LRTfi enables users to leverage liquid staking and restaking tokens for innovative yield strategies to maximize returns. Unstable will use the capital it has raised to power its groundbreaking zkOracles and serve as the day-one leverage layer for staked and restaked Ether.
The LRT market has witnessed remarkable growth of approximately $50 billion in the last year, surging from virtually zero to around $15 billion in three months
As an LRTfi-native lending protocol, Unstable Protocol offers users the ability to borrow against their (re)staked ETH and even unlock the utility of their (re)staked ETH on Layer-2 blockchains. The latter is made possible thanks to a strategic partnership with interoperability platform Axelar, whose executive team already backs Unstable.
“Unstable’s pioneering use of zkOracles to enhance DeFi utility for the LST and LRT ETH market is exactly the kind of forward-thinking technology that will push the entire ecosystem forward,” said Mansoor Madhavji, Partner at Blockchain Founders Fund. “We look forward to seeing the impact this will have on liquid staking and the broader DeFi landscape.”
Unstable’s lending protocol engine is powered by a zkSNARK-based validator and EigenLayer AVS balance proofs, valuing collateral based on the underlying backing. This is powered by a key partnership with Succinct Labs that concluded its own $55 million funding round, co-led by Paradigm.
“ZKPs are a powerful technology that will enable DeFi to be more expressive and secure. Unstable’s use of ZK oracles to power their lending protocol engine shows how ZK can enable a new category: zkDeFi,” said Uma Roy, Founder and CEO of Succinct Labs.
About Unstable Protocol:
Unstable Protocol utilizes zkOracles to enhance DeFi utility for the LRTfi market. Backed by several prominent Web3VCs and angel investors, the protocol enables users to borrow against their LST and LRT collateral and unlock the utility of their (re)staked ETH on L2 chains. Unstable’s lending protocol engine is powered by a zkSNARK-based validator and EigenLayer AVS balance proofs. The Unstable Protocol testnet launches today and will be accessible via its website.
When watching YouTube videos, you are likely to skip forward to certain parts of the video you’re watching for whatever reason. It’s natural to want to jump to certain spots in videos, so the company is looking to make this process easier. YouTube just announced a new Jump Ahead feature that will make it easier to jump to important parts of videos.
Currently, YouTube launched this test to a small subset of users. Since it is an experimental feature, it’s only accessible to people who are on YouTube Premium. If you have a Premium membership, and you want to try these features out, you can use one of two methods. Firstly, you can go to the official YouTube experiments page on your desktop. Those of you using the mobile app should open the app, tap on your profile picture, go to the settings, and scroll down to the Try Experimental Features section. There, you’ll see the ability to enable that and other experimental features.
These experimental features are only available for a limited time, so if you want to try them out, you better act fast.
YouTube is working on a Jump Ahead feature
This feature may not be available to all YouTube premium users, as the company is testing it on a small subset of users. Basically, if you double-tap to skip ahead in a video, YouTube will prompt you to skip to a certain section in the video. This section will be suggested based on user data. If there’s a section in the video that numerous people gravitate to, YouTube will suggest that as a spot to jump to.
Say, you’re watching a compilation of satisfying video clips, and the most satisfying clip is what was featured in the thumbnail. Well, naturally, most people will gravitate to that section in the video. If it turns out to be true, YouTube will suggest that point in the video when you are jumping ahead.
Right now, YouTube is testing this feature on a limited selection of videos. So, chances are that you will not see this feature in action anytime soon. However, here’s hoping.
Right now, we are in the midst of a huge AI race, and big companies are trying their hardest to keep their top employees. Apparently, this is so true that a Google co-founder directly reached out to an employee to keep them from jumping ship. Sergey Brin, one of Google’s co-founders, convinced one of Google’s employees not to leave via a personal phone call.
Employees leaving companies for different positions is not something new. The fact that AI technology is on the rise only exacerbates this. For example, Mark Zuckerberg has been personally reaching out to several Google employees to get them to join Meta’s AI team.
Sergey Brin convinced a Google employee not to leave through a personal phone call
The name of the employee in question remains unreleased. However, based on the information we have, it appears that the employee was a personal friend of Brin. So, this makes it seem less out of the blue. Apparently, the employee considered taking a position at OpenAI. Since OpenAI in Google are at each other’s throats, it’s only natural to assume that Google is not a fan of any of its employees crossing the pond over to OpenAI.
We’re not quite certain what was mentioned in the phone call, but we do know that the employee’s salary was raised. So, with the familiar voice of a friend, along with more money in their pocket, it appears that the employee decided to stay at Google.
This is a trend in the tech community where companies are looking to acquire people they think will be able to push their AI ventures forward. It’s also bittersweet, as many of the same companies are dropping other employees like flies. We get news that major companies are hiring a handful of AI specialists, but we also hear that they’re laying off thousands of other employees. So, we’re just going to have to see where this trend leads.
While navigation apps are incredibly helpful, their constant GPS usage and background processes can take a toll on your phone’s battery life. And let’s face it, battery life is super important, especially on the road. So, it’s definitely an upside for an app to be battery-sufficient.
GPS usage: The core function of navigation apps relies on GPS, which consumes significant battery. Frequent location updates further drain the battery
Screen brightness: A bright screen, especially during daytime navigation, contributes to battery drain
Data usage: Apps that rely on live traffic updates or real-time rerouting require constant data connection, impacting battery life
Background processes: Some apps keep background services running even when not actively used, draining battery
It’s a tough call to declare a single winner, given the array of phone models, usage habits, and app versions out there. While there’s no official data, user feedback, and real-world experience shed some light. Generally, some apps tend to be more battery-friendly than others. Out of Google Maps, Apple Maps, and Waze, here’s the lowdown from most battery drain to least:
Waze: Renowned for its community-driven traffic updates, Waze’s constant background location updates for traffic data gathering and real-time rerouting can be a drain on your battery.
Google Maps: Strikes a good balance between features and battery usage. It might use slightly less battery than Waze, particularly with features like live traffic turned off. However, frequent location updates and high-resolution maps can still eat up some juice.
Apple Maps: Recent updates have amped up Apple Maps’ battery efficiency. User feedback suggests it might be the most battery-friendly option among the trio, especially on iPhones. This could be due to optimizations for Apple devices and potentially less aggressive background processes compared to Waze.
Remember, running the app in the background is an easy way to conserve battery life.
Mobile data usage: Apple or Google?
Every byte counts when you’re surfing on mobile data, and when it comes to its usage, actual consumption can differ based on factors like network speed, map details displayed, and features used (live traffic, rerouting). According to statistics, Apple Maps takes the lead in data usage, with an estimated consumption of 1.83 MB per 20 minutes.
Apple Maps: 1.83 MB per 20 minutes
Google Maps: 0.73 MB per 20 minutes
Waze: 0.23 MB per 20 minutes
Google Maps, on the other hand, uses 0.73 MB. However, data usage can increase with features like live traffic turned on or using high-resolution satellite imagery. Interestingly, Waze, also owned by Google, uses the least amount at 0.23 MB per 20 minutes. This could be because Waze relies more on community-sourced traffic data, potentially reducing the need for extensive data download.
User interfaces: Beauty is in the eye of the scroller
Apple Maps on the left, Google Maps in the center, Waze on the right
So, let’s talk about something more personal – the user interface. Comparing how the navigation apps look and feel can be a bit of a puzzle since we all have our own tastes. But hey, let’s see how they stack up against each other. First off, let’s check out the pros and cons of the Google Maps interface. If you have any other thoughts, feel free to drop them in the comments.
So, when it comes to Google Maps, there are a few things that come to mind:
Pros:
It’s got a clean and familiar layout
The map is big and easy to read
The search bar is right there for quick destination searches
And those traffic updates? They’re right on the map, super clear
Cons:
Sometimes, it feels like there’s too much stuff in the menu
And the icons are kinda small, so you might need a few extra taps
Now, let’s check out Apple Maps:
Pros:
It’s got that sleek, minimalist vibe that fits right in with iOS
The map is nice and clean, no clutter
Have you seen the 3D Flyover feature? Pretty cool stuff
Plus, it’s got clear lane guidance for those tricky highway exits
Cons:
You don’t have as much freedom to customize stuff compared to Google Maps
And those point-of-interest icons? They could stand out a bit more
And, of course, we can’t forget about Waze:
Pros:
The interface is all vibrant and interactive and feels like you’re part of a community
You get those real-time traffic updates and user-generated alerts front and center
And big buttons make it easy to report stuff like hazards or police sightings
Cons:
Sometimes it feels like there’s just too much going on, a bit overwhelming
You might need a bit of time to figure out what all the buttons do
And the map itself? It’s not always as clear as the others
So, in the end, it really comes down to personal preference. Try them all out and see which one clicks for you. Personally, I’ve got all three on my phone, not because I have to, but because I like to mix things up depending on what I need. But if I had to pick a favorite, it’s gotta be Google Maps, although I own an iPhone. It just gives me all the info I need, plain and simple.
Content and features: The Swiss army knife of apps
The 3D feature of Apple Maps (Image Credit–Apple)
When it comes to features and content about different points of interest (POIs), Google Maps is the real MVP. It’s packed with all the goods, like detailed reviews, ratings, photos, and even videos for some restaurants. Plus, you can book reservations or order food straight from the app.
Not long ago, Apple Maps stepped up its game with Apple Business Connect, offering similar info and letting businesses update their details. And guess what? iPhone users can now also order food or make reservations right from the card. Now, let’s check out some of the features of Apple Maps:
Some cool 3D building visuals in select cities
Turn-by-turn navigation with voice guidance
Real-time traffic conditions with color-coded overlays
Multi-stop routing for planning trips with multiple stops
Look Around: A street-level view feature for exploring places virtually
Lane guidance for tricky interchanges
And hey, it’s all about user privacy – your data stays on your Apple device
Now, onto Google Maps:
Everything from Apple Maps, plus more
Detailed street maps, high-res satellite imagery, tons of POI info with reviews and pics, and 3D building visuals in many areas
Live traffic updates with incident reports and ETAs
Extensive public transit directions with real-time info
Street View: Take a virtual stroll with panoramic street-level imagery
Indoor maps for shopping malls, airports, and big buildings
Offline maps for when you’re off the grid
Google Assistant integration for voice commands while navigating
And last but not least, let’s take a look at Waze:
Get real-time traffic updates straight from the Waze community
Speed limit warnings and alerts for upcoming cameras
Gas station price comparisons along your route
Plus, earn points and badges for contributing reports
Offline navigation: Lost in the no-signal abyss?
The Offline maps feature introduced with iOS 17 (Image Credit–Apple)
When you find yourself without a signal but still need to get to where you’re going, offline maps come to the rescue. Nowadays, not many folks are lugging around paper maps in their cars, so it’s handy that both Apple and Google Maps offer offline map options. With iOS 17, Apple jumped on board by introducing offline maps, allowing users to download maps for use when there’s no connection.
Google Maps has had this feature for a while, which is pretty nifty. It’s great to see both big players offering this option, as it can be a real lifesaver. However, Waze is a bit behind the curve in this department. While it’s got some cool features, like using real-time traffic conditions to find the quickest route, it still doesn’t offer a straightforward offline mode.
Here’s the deal with Waze: It relies on a data connection to do its magic. So, if you’re offline, you might hit a snag. But hey, if you’ve previously looked up info on your area of interest, Waze’s maps might still be available offline. So, it’s not a total bust, but it’s definitely something to keep in mind.
The final countdown: Google Maps, Apple Maps, or Waze?
Image Credit–Waze
When it comes down to choosing between Google Maps, Apple Maps, or Waze, it’s all about what works best for you. Personally (as I already mentioned), I’ve got all three on my iPhone, and I use them for different reasons. Google Maps is my trusty sidekick when I need valuable info about places and the most accurate routes in my neck of the woods. If I’m off the beaten path, Google Maps is my go-to.
Now, let’s talk about Waze. It’s got its perks, like keeping me informed about what’s happening on the road ahead. But sometimes, it takes me on routes that are… let’s just say, less than ideal, if they even exist, but that is a story for another time. It’s had its fair share of mishaps, but hey, it can still come in handy when you need to dodge a traffic jam or avoid a speeding ticket.
As for Apple Maps, it’s my go-to when I just need some background guidance. It’s there when I need it, simple and straightforward.
With so many navigation apps out there, you’re bound to find one that fits your needs like a glove. So, go ahead, explore your options, and find the one that suits you best.
Another attack has emerged online, demonstrating the notorious Rowhammer’s persistent existence as a threat to processors. The researchers have exploited Rowhammer in the new ZenHammer attack against AMD Zen CPUs.
ZenHammer Attack Targets AMD Zen CPUs
Researchers from ETH Zurich have devised a new attack strategy against AMD processors, demonstrating the continued risk of the well-known Rowhammer vulnerability.
While this vulnerability has long been a threat to Intel CPUs, this time, the researchers exploited it against AMD Zen CPUs, thus calling the attack “ZenHammer.” Since, unlike Intel, AMD chips haven’t been analyzed much regarding Rowhammer, this study holds significance.
Specifically, the researchers conducted the ZenHammer attack against AMD Zen 2 and 3 chips even with deployed Target Row Refresh (TRR) mitigations. For this, they reverse-engineered the DRAM addressing functions in AMD. Once done, they perform the proposed ZenHammer attack and could induce bit flips DDR4/AMD Zen 2 (Ryzen 5 3600X) and Zen 3 (Ryzen 5 5600G) in most test cases, including some success with DDR5 chips on AMD Zen 4 that otherwise boasts resistance to Rowhammer. However, the researchers couldn’t succeed with the Ryzen 7 7700X, which exhibits numerous Rowhammer mitigations.
The researchers shared their study via a detailed research paper scheduled to appear in the USENIX Security 2024 in August 2024, alongside setting up a dedicated web page with ZenHammer’s information. Moreover, the researchers have also shared their ZenHammer fuzzer on GitHub for the users to check whether their DRAM is vulnerable to ZenHammer.
AMD’s Response To ZenHammer
Following this discovery, the researchers responsibly disclosed the issue to AMD in February 2024, going ahead with the public disclosure in March 2024.
In response to the researchers’ report, AMD issued a detailed advisory explaining that it plans to address Rowhammer bit flips on its DDR5 devices. Alongside confirming the inclusion of memory controllers that meet industry-standard DDR specifications, AMD also shared various Rowhammer mitigations to prevent such attacks.
