Month: September 2023

Enlarge / Students from Launch Charter School gather for a rally for National Gun Violence Awareness Day at Restoration Plaza on June 2, 2023, in the Crown Heights neighborhood of Brooklyn borough in New York City. (credit: Getty | Michael M. Santiago)

As the COVID-19 pandemic took hold in 2020, so did another grim reality: For the first time, guns became the leading cause of death for American children and teenagers, surpassing car accidents, the long-standing leader.

In 2021, youth firearm death rates did not fall to pre-pandemic levels as hoped, but instead continued a sharp rise to hit a new record high. That's according to a recent study led by researchers in New York and published in the journal Pediatrics. The study was based on national mortality data from the Centers for Disease Control and Prevention.

Nationwide, there were 4,752 firearm deaths of American children and teens (ages 0 to 19) in 2021, translating to a rate of 5.8 gun deaths per 100,000 people. The deaths represent a nearly 9 percent increase from 2020 (4,368 or 5.4 deaths per 100,000).

Enlarge (credit: Apple)

Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12.

The CVE-2023-41064 and CVE-2023-41061 flaws were reported by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Also dubbed "BLASTPASS," Citizen Lab says that the bugs are serious because they can be exploited just by loading an image or attachment, which happens regularly in Safari, Messages, WhatsApp, and other first- and third-party apps. These bugs are also called "zero-click" or "clickless" vulnerabilities.

Citizen Lab also said that the BLASTPASS bug was "being used to deliver NSO Group’s Pegasus mercenary spyware," the latest in a long line of similar exploits that have been used to infect fully patched iOS and Android devices.

Enlarge / Google's not looking as good as it used to. (credit: Aurich Lawson)

Don't let Chrome's big redesign distract you from the fact that Chrome's invasive new ad platform, ridiculously branded the "Privacy Sandbox," is also getting a widespread rollout in Chrome today. If you haven't been following this, this feature will track the web pages you visit and generate a list of advertising topics that it will share with web pages whenever they ask, and it's built directly into the Chrome browser. It's been in the news previously as "FLoC" and then the "Topics API," and despite widespread opposition from just about every non-advertiser in the world, Google owns Chrome and is one of the world's biggest advertising companies, so this is being railroaded into the production builds.

Google seemingly knows this won't be popular. Unlike the glitzy front-page Google blog post that the redesign got, the big ad platform launch announcement is tucked away on the privacysandbox.com page. The blog post says the ad platform is hitting "general availability" today, meaning it has rolled out to most Chrome users. This has been a long time coming, with the APIs rolling out about a month ago and a million incremental steps in the beta and dev builds, but now the deed is finally done.

• 

  Chrome users will see this pop-up, telling them the ad platform has rolled out to them. [credit: Aurich Lawson ]

Users should see a pop-up when they start up Chrome soon, informing them that an "ad privacy" feature has been rolled out to them and enabled. The new pop-up has been hitting users all week. As you can see in the pop-up, all of Google's documentation about this feature feels like it was written on opposite day, with Google calling the browser-based advertising platform "a significant step on the path towards a fundamentally more private web."

Enlarge (credit: Dmitry Nogaev | Getty Images)

North Korea-backed hackers are once again targeting security researchers with a zero-day exploit and related malware in an attempt to infiltrate computers used to perform sensitive investigations involving cybersecurity.

The presently unfixed zero-day—meaning a vulnerability that’s known to attackers before the hardware or software vendor has a security patch available—resides in a popular software package used by the targeted researchers, Google researchers said Thursday. They declined to identify the software or provide details about the vulnerability until the vendor, which they privately notified, releases a patch. The vulnerability was exploited using a malicious file the hackers sent the researchers after first spending weeks establishing a working relationship.

Malware used in the campaign closely matches code used in a previous campaign that was definitively tied to hackers backed by the North Korean government, Clement Lecigne and Maddie Stone, both researchers in Google’s Threat Analysis Group, said. That campaign first came to public awareness in January 2021 in posts from the same Google research group and, a few days later, Microsoft.

Enlarge / Lotus has developed a new architecture for electric vehicles. The second EV to use this new architecture will be this, the Emeya four-door GT, which follows the Eletre SUV, released earlier this year. (credit: Jonathan Gitlin)

NEW YORK—After languishing with a lack of serious investment for decades, Lotus Cars is now starting to show the results of its 2017 acquisition by Geely. After building a low-volume electric hypercar and then its last gasoline-powered sportscar, it debuted an all-new electric vehicle, an SUV called the Eletre. And next year another new EV goes into production, a new four-door GT called the Emeya that uses the same Electric Premium Architecture platform as that SUV.

Despite sharing a corporate parent and a very similar design brief, the Lotus Emeya is unrelated to the Polestar 5 four-door GT that we rode in a few weeks ago. Both cars clearly target the Porsche Taycan, offering high power outputs, very rapid charging, and an engaging driving experience. But there's nothing shared between the Polestar and the Lotus, which, unlike the Polestar 5, uses a more conventional chassis construction that's a mix of different strength steels and aluminum.

"This is a Lotus like you've never seen before," said Lotus Group Vice President of Design Ben Payne. "We've built on everything Lotus has achieved so far, creating a luxury performance car for the drivers, designed to inspire confidence, exhilarate with raw emotion and pure joy—connecting them to the road."