Ryan Whitwam (PDF): Late last year, Google and Epic concocted a settlement that would end the long-running antitrust dispute that stemmed from Fortnite fees. The sides have now announced an updated version of the agreement with new changes aimed at placating US courts and putting this whole mess in the rearview mirror. The gist is […]

Nick Heer: Snell converts the software score to an average letter grade of B to B–. Is Apple satisfied with shipping a consistently B product? I confess the grade I have given has been lower than this average. My experience with Apple’s software for the past several years has been markedly less than fine. Given […]

Gus Mueller (Mastodon): In episode 680 of ATP, at about 6:12 in, Marco Arment goes off on watchOS 26’s fitness app and trashes all the changes. And I couldn’t agree more with him. I thought it was just me who hated all the changes, and the slow animations, and the workout picker. It’s such a […]

Howard Oakley: To work out how long you can expect your Mac’s internal SSD to last before it reaches that cycle limit, all you need do is to measure how much data is written to it, and once that is 3,000 times the capacity of the SSD, you should expect it to fail through wear. […]

Google Threat Intelligence Group, earlier this week:

Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of 23 exploits. The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non-public exploitation techniques and mitigation bypasses.

The Coruna exploit kit provides another example of how sophisticated capabilities proliferate. Over the course of 2025, GTIG tracked its use in highly targeted operations initially conducted by a customer of a surveillance vendor, then observed its deployment in watering hole attacks targeting Ukrainian users by UNC6353, a suspected Russian espionage group. We then retrieved the complete exploit kit when it was later used in broad-scale campaigns by UNC6691, a financially motivated threat actor operating from China. How this proliferation occurred is unclear, but suggests an active market for “second hand” zero-day exploits. Beyond these identified exploits, multiple threat actors have now acquired advanced exploitation techniques that can be re-used and modified with newly identified vulnerabilities.