Britain is to ban the Chinese-owned video-sharing app TikTok from ministers' and civil servants' mobile phones, bringing the UK in line with the US and the European Commission and reflecting deteriorating relations with Beijing. From a report: The decision marks a sharp U-turn from the UK's previous position and came a few hours after TikTok said its owner, ByteDance, had been told by Washington to sell the app or face a possible ban in the country. The UK government's announcement was made on Thursday by Oliver Dowden, the Cabinet Office minister, in the Commons. He said the ban was taking place "with immediate effect."

The decision follows a review of TikTok by government cybersecurity experts at the National Cyber Security Centre, and will cover ministers' and civil servants' work phones, but not their personal phones. "This is a proportionate move based on a specific risk with government devices," Dowden added. At least two cabinet ministers use TikTok. Michelle Donelan, the science and technology secretary, and Grant Shapps, the energy security and net zero secretary have an account on the app, which is used by millions of young people and many celebrities and influencers.

An anonymous reader quotes a report from The Guardian: More than 1,000 scientists and postgraduate students were barred from working in the UK last year on national security grounds, amid a major government crackdown on research collaborations with China. Figures obtained by the Guardian reveal that a record 1,104 scientists and postgraduate students were rejected by Foreign Office vetting in 2022, up from 128 in 2020 and just 13 in 2016.

The sharp increase follows a hardening of the government's stance on scientific ties with China, with warnings from MI5 of a growing espionage threat, major research centers being quietly shut down and accusations by a government minister that China's leading genomics company had regularly sought to hack into the NHS's genetic database. Geopolitical tensions stepped up further this week, as the US, Australia and the UK announced a multi-decade, multibillion-dollar deal aimed at countering China's military expansion in the Indo-Pacific. China said the Aukus plan to build a combined fleet of elite nuclear-powered submarines was "a path of error and danger."

The Foreign Office declined to give a breakdown by nationality, but data supplied by leading universities including Oxford, Cambridge and Imperial College suggests that, at these institutions at least, Chinese academics account for a majority of those denied clearance. Some have welcomed the policy shift, with one security expert saying the number of academics being barred is "commensurate with the threat." But leading scientists say the scheme is leaving universities struggling to recruit the best talent from abroad. "A majority of applicants are thought to be scientists seeking to move to the UK to take up offers of research degrees or fellowships," adds the Guardian. "But the Guardian is also aware of researchers, including five Chinese scientists at Imperial college, who did not pass clearance despite having already held positions at UK universities for several years -- and who may have had to leave the UK as a result."

An anonymous reader quotes a report from Bloomberg: Convincing older British workers to stay in their jobs will cost the UK Treasury 75,000 pounds ($90,000) per person in tax breaks for some of the country's wealthiest savers, analysis of Chancellor of the Exchequer Jeremy Hunt's budget shows. In his budget speech on Wednesday Hunt scrapped the lifetime allowance on pensions -- the total that workers can pile into their retirement pot without incurring tax -- and increased the tax-free annual limit on contributions by 50%, to 60,000 pounds.

The shift is designed to reverse a trend in the number of older workers dropping out of jobs since the pandemic, which has contributed to a shortage of staff and is fanning inflation. But the Office for Budget Responsibility, the independent fiscal watchdog, calculated (PDF) that Hunt's pension reforms are likely to add just 15,000 more workers to the labor force by 2027/28. They will cost 1.1 billion pounds, meaning the reforms effectively offer a 75,000 pounds per person boost to those able to save enough in their pensions.

On Monday, Binance said it would suspend withdrawals and deposits for anybody using UK currency. The news came after the world's largest crypto exchange's banking partner in the UK, Paysafe, said it was abandoning crypto, at least as far as Binance was concerned. Gizmodo reports: In a statement to Gizmodo, a Paysafe spokesperson said that it was "too challenging" to offer its embedded wallet cryptocurrency services to UK customers because of the regulatory atmosphere in the UK. Paysafe is based in London, and said this decision was "taken in an abundance of caution." Paysafe did not clarify whether it was abandoning crypto altogether, or just in its partnership with Binance. Paysafe called its UK portion of its crypto business "small" but clarified it was still working with Binance elsewhere in Europe and in Latin America.

Binance suspended withdrawals and deposits for any new customers using British pounds late on Monday, and according to Bloomberg the crypto exchange plans to suspend all GBP transactions for all customers starting May 22. The company is reportedly working to find "an alternative solution" to again allow customers to trade GBP for crypto.

HSBC, in a stock exchange filing: HSBC Holdings plc announces that its UK ring-fenced subsidiary, HSBC UK Bank plc, is acquiring Silicon Valley Bank UK Limited (SVB UK) for 1 pound ($1.2). As at 10 March 2023, SVB UK had loans of around $6.6 bn and deposits of around $8.1bn. Noel Quinn, HSBC Group CEO, said, "This acquisition makes excellent strategic sense for our business in the UK. It strengthens our commercial banking franchise and enhances our ability to serve innovative and fast-growing firms, including in the technology and life-science sectors, in the UK and internationally. We welcome SVB UK's customers to HSBC and look forward to helping them grow in the UK and around the world. SVB UK customers can continue to bank as usual, safe in the knowledge that their deposits are backed by the strength, safety and security of HSBC. We warmly welcome SVB UK colleagues to HSBC, we are excited to start working with them."

Breaking news from CNN: Treasury Secretary Janet Yellen on Sunday instructed the Federal Deposit Insurance Corporation to guarantee Silicon Valley Bank customers will have access to all of their money starting Monday.

By guaranteeing all deposits — even the uninsured money customers kept with the failed SVB bank — the government can ensure public confidence in America's banking system, said Yellen, Federal Reserve Chair Jerome Powell and FDIC Chairman Martin J. Gruenberg in a joint statement....

The FDIC opened an auction Sunday for bids to acquire the bank, the Treasury Department said in a briefing with lawmakers in the California delegation, two sources familiar with the briefing told CNN.... Under Secretary for Domestic Finance Nellie Liang and Assistant Secretary for Legislative Affairs Jonathan Davidson led the briefing, during which they told members that the FDIC is prepared "to operate the institution" to ensure depositors can maintain payroll for their employees and that more operations will emerge in coming days, one of the sources said.
The treasury secretary's statement clarified that "No losses associated with the resolution of Silicon Valley Bank will be borne by the taxpayer." We are also announcing a similar systemic risk exception for Signature Bank, New York, New York, which was closed today by its state chartering authority. All depositors of this institution will be made whole. As with the resolution of Silicon Valley Bank, no losses will be borne by the taxpayer. Shareholders and certain unsecured debtholders will not be protected. Senior management has also been removed. Any losses to the Deposit Insurance Fund to support uninsured depositors will be recovered by a special assessment on banks, as required by law.

Finally, the Federal Reserve Board on Sunday announced it will make available additional funding to eligible depository institutions to help assure banks have the ability to meet the needs of all their depositors.
Meanwhile, congresswoman Nancy Pelosi said there are multiple potential buyers for SVB, and "What we would hope to see by tomorrow morning is for some other bank to buy the bank." The UK arm of the bank has already received a bid from the Bank of London.

From the treasury secretary's statement: The U.S. banking system remains resilient and on a solid foundation, in large part due to reforms that were made after the financial crisis that ensured better safeguards for the banking industry.

Those reforms combined with today's actions demonstrate our commitment to take the necessary steps to ensure that depositors' savings remain safe.

An anonymous reader quotes a report from The Guardian: WhatsApp would refuse to comply with requirements in the online safety bill that attempted to outlaw end-to-end encryption, the chat app's boss has said, casting the future of the service in the UK in doubt. Speaking during a UK visit in which he will meet legislators to discuss the government's flagship internet regulation, Will Cathcart, Meta's head of WhatsApp, described the bill as the most concerning piece of legislation currently being discussed in the western world.

He said: "It's a remarkable thing to think about. There isn't a way to change it in just one part of the world. Some countries have chosen to block it: that's the reality of shipping a secure product. We've recently been blocked in Iran, for example. But we've never seen a liberal democracy do that. "The reality is, our users all around the world want security," said Cathcart. "Ninety-eight per cent of our users are outside the UK. They do not want us to lower the security of the product, and just as a straightforward matter, it would be an odd choice for us to choose to lower the security of the product in a way that would affect those 98% of users."

The UK government already has the power to demand the removal of encryption thanks to the 2016 investigatory powers act, but WhatsApp has never received a legal demand to do so, Cathcart said. The online safety bill is a concerning expansion of that power, because of the "grey area" in the legislation. Under the bill, the government or Ofcom could require WhatsApp to apply content moderation policies that would be impossible to comply with without removing end-to-end encryption. If the company refused to do, it could face fines of up to 4% of its parent company Meta's annual turnover -- unless it pulled out of the UK market entirely.

Reach, the owner of the UK's Daily Mirror and Daily Express tabloids among other newspapers, has started publishing articles with the help of AI software on one of its regional websites as it scrambles to cut costs amid slipping advertising revenues. The Register reports: Three stories written with the help of machine-learning tools were published on InYourArea.co.uk, which produces feeds of nearby goings-on in Blighty. One piece, titled Seven Things to do in Newport, is a listicle pulling together information on places and activities available in the eponymous sunny Welsh resort city. Reach CEO Jim Mullen said the machine-written articles are checked and approved by human editors before they're published online.

"We produced our first AI content in the last ten days, but this is led by editorial," he said, according to The Guardian. "It was all AI-produced, but the data was obviously put together by a journalist, and whether it was good enough to publish was decided by an editor." "There are loads of ethics [issues] around AI and journalistic content," Mullen admitted. "The way I look at it, we produce lots of content based on actual data. It can be put together in a well-read [piece] that I think AI can do. We are trying to apply it to areas we already get traffic to allow journalists to focus on content that editors want written."

Mullen's comments have been questioned by journalists, however, given that Reach announced plans to slash hundreds of jobs in January. The National Union of Journalists said 102 editorial positions would be cut, putting 253 journalists at risk, whilst 180 vacancies would be withdrawn.

Microsoft said it would license Activision Blizzard's "Call of Duty" (CoD) to Sony for 10 years to address concerns raised by Britain over its $69 billion takeover of the games maker, according to a document published by the regulator. From a report: "Microsoft is proposing a package of licensing remedies which (i) guarantee parity between the PlayStation and Xbox platforms in respect of CoD and (ii) ensure wide availability of CoD and other Activision titles on cloud gaming services," Microsoft said in the document published on Wednesday.

Ministers must consider changing the law to allow scientists to carry out genome editing of human embryos for serious genetic conditions -- as a matter of urgency. That is the key message of a newly published report by a UK citizens' jury made up of individuals affected by genetic conditions. From a report: The report is the first in-depth study of the views of individuals who live with genetic conditions about the editing of human embryos to treat hereditary disorders and will be presented at the Third International Summit on Human Genome Editing, which opens at the Crick Institute in London this week. Scientists say that in a few years, they will be ready to use genome editing techniques to alter genes and induce changes in physical traits, such as disease risk, in future generations. In the UK, around 2.4 million people live with a genetic condition. These include cystic fibrosis, sickle cell disease, muscular dystrophy, various cancers, and some forms of hereditary blindness.

"Genome editing offers the prospect of preventing such conditions affecting future generations but there needs to be a full national debate on the issues," said Prof Anna Middleton of Cambridge University, the project's leader. "These discussions need to start now because genome editing is advancing so quickly. Many affected individuals want to debate the ethical issues and explore what implementation might look like." Genome editing acts like a pair of molecular scissors that can cut a strand of DNA at a specific site, allowing scientists to alter the structure of a gene, a form of manipulation that does not involve the introduction of DNA from other organisms. In the UK, as in most countries worldwide, it is illegal to perform genome editing on embryos that lead to pregnancy.

Matt_Bennett (Slashdot reader #79,107) writes: Swedish power company Vattenfall released a study on the interactions of seabirds and offshore wind turbines. They used cameras and radar to record the tracks of the birds during daylight hours at Aberdeen Offshore Wind Farm over peak periods of bird activity in 2020 and 2021.

The study observed no collisions or even narrow escapes between birds and rotor blades. In 97.7% of the recordings, the birds avoided the RSZ (rotor swept zone).
The company (owned by the Swedish government) spent €3 million on the two-year study, according to Electrek, and now has ten thousand videos of birds flying...nowhere near the wind turbines. Herring gulls avoided the rotor blades by a full 90-110 meters (295-361 feet) while kittiwakes flew even further from the blades — 140-160 meters (459-525 feet).

"By way of comparison, each of these human-related sources kill millions or even billions of birds per year: fossil fuels, deforestation, pesticides, windows, and the common housecat."

"Owners of Roald Dahl ebooks are having their libraries automatically updated with the new censored versions containing hundreds of changes to language related to weight, mental health, violence, gender and race," reports the British newspaper the Times. Readers who bought electronic versions of the writer's books, such as Matilda and Charlie and the Chocolate Factory, before the controversial updates have discovered their copies have now been changed.

Puffin Books, the company which publishes Dahl novels, updated the electronic novels, in which Augustus Gloop is no longer described as fat or Mrs Twit as fearfully ugly, on devices such as the Amazon Kindle. Dahl's biographer Matthew Dennison last night accused the publisher of "strong-arming readers into accepting a new orthodoxy in which Dahl himself has played no part."
Meanwhile...

• Dahl's publisher earlier announced they'd also resume publishing original versions of Dahl's novels "before the end of the year," reports the BBC.

• The Telegraph notes that when he was alive, Dahl himself "threatened to never write another word if his publishers ever changed his language, promising to send his 'Enormous Crocodile' to gobble them up if they did so."

• A New York Times opinion writer adds that "the changes to Dahl's texts first began to appear more than a year ago without attracting any significant attention until now."

• Children's book author Frank Cottrell-Boyce admits in the Guardian that "as a child I disliked Dahl intensely. I felt that his snobbery was directed at people like me and that his addiction to revenge was not good. But that was fine — I just moved along."

But Cottrell-Boyce's larger point is "The key to reading for pleasure is having a choice about what you read" — and that childhood readers faces greater threats. "The outgoing children's laureate Cressida Cowell has spent the last few years fighting for her Life-changing Libraries campaign. It's making a huge difference but it would have a been a lot easier if our media showed a fraction of the interest they showed in Roald Dahl's vocabulary in our children."

An anonymous reader quotes a report from Ars Technica: Netflix co-CEO Greg Peters spoke out against a European proposal to make streaming providers and other online firms pay for ISPs' network upgrades. "Some of our ISP partners have proposed taxing entertainment companies to subsidize their network infrastructure," Peters said in a speech Tuesday at Mobile World Congress in Barcelona (transcript). The "tax would have an adverse effect, reducing investment in content -- hurting the creative community, hurting the attractiveness of higher-priced broadband packages, and ultimately hurting consumers," he argued. [...] "ISPs claim that these taxes would only apply to Netflix. But this will inevitably change over time as broadcasters shift from linear to streaming," Peters said at MWC. Sandvine data suggests that nearly half of global Internet traffic is sent by Facebook, Amazon, Google, Apple, Netflix, and Microsoft. Online video accounts for 65 percent of all traffic, and Netflix recently passed YouTube as the top video-traffic generator.

Peters cited Nielsen data showing that "Netflix accounts for under 10 percent of total TV time" in the US and UK while "traditional local broadcasters account for over half of all TV time." Live sports account for much of that. "As broadcasters continue the shift away from linear to streaming, they will start to generate significant amounts of Internet traffic too -- even more than streamers today based on the current scope and scale of their audiences," Peters said. "Broadband customers, who drive this increased usage, already pay for the development of the network through their subscription fees. Requiring entertainment companies -- both streamers and broadcasters -- to pay more on top would mean ISPs effectively charging twice for the same infrastructure." Telcos that receive new payments wouldn't be expected to lower the prices charged to home Internet users, Peters said. "As the consumer group BEUC has pointed out, there is no suggestion these levies would be passed onto consumers in the form of 'lower prices or better infrastructure,'" he said.

Peters said Netflix's "operating margins are significantly lower than either British Telecom or Deutsche Telekom. So we could just as easily argue that network operators should compensate entertainment companies for the cost of our content -- exactly as happened under the old pay-TV model." While telcos claim companies like Netflix don't pay their "fair share," Peters pointed out that Netflix has spent a lot building its own network that reduces the amount of data sent over traditional telecom networks. "We've spent over $1 billion on Open Connect, our own content delivery network, which we offer for free to ISPs," he said. "This includes 18,000 servers with Netflix content distributed across 6,000 locations and 175 countries. So when our members press play, instead of the film or TV show being streamed from halfway around the world, it's streamed from around the corner -- increasing efficiency for operators while also ensuring a high-quality, no-lag experience for consumers." Peters also touted Netflix's encoding technology that cut bit rates in half between 2015 and 2020. While Internet traffic has increased about 30 percent a year, "ISPs have managed this increased consumer usage efficiently while their costs have remained stable," Peters said. "Regulators have highlighted this, too, calling out that infrastructure costs are not sensitive to traffic and that growing consumption will be offset by efficiency gains."

schwit1 writes: In the early days of the COVID-19 pandemic, when little was known about the virus, the U.K. government briefly considered asking the public to exterminate every cat amid fears that the pets could spread the disease. Lord Bethell, a former deputy Health Minister from 2020 to 2021, revealed the news Wednesday during an interview with Britain's Channel 4 News.

"Can you imagine what would have happened if we had wanted to do that?" he added. The U.K. has some 10.9 million cats, according to the 2022 PDSA Animal Wellbeing report. The bombshell revelations have sparked astonishment from some on social media, with users sharing images of their own cats and vowing they would have put up a fight. 10 Downing Street's own feline friend Larry's unofficial Twitter parody account wrote: "hard not to take this personally."

MIT Technology Review has revealed two cases in which babies conceived with the three-parent baby technique have shown what scientists call "reversion." "In both cases, the proportion of mitochondrial genes from the child's mother has increased over time, from less than 1% in both embyros to around 50% in one baby and 72% in another," they report. From the report: When the first baby born using a controversial procedure that meant he had three genetic parents was born back in 2016, it made headlines. The baby boy inherited most of his DNA from his mother and father, but he also had a tiny amount from a third person. The idea was to avoid having the baby inherit a fatal illness. His mother carried genes for a disease in her mitochondria. Swapping these with genes from a donor -- a third genetic parent -- could prevent the baby from developing it. The strategy seemed to work. Now clinics in other countries, including the UK, Greece, and Ukraine, are offering the same treatment. It was made legal in Australia last year. But it might not always be successful. [...]

Fortunately, both babies were born to parents without genes for mitochondrial disease; they were using the technique to treat infertility. But the scientists behind the work believe that around one in five babies born using the three-parent technique could eventually inherit high levels of their mothers' mitochondrial genes. For babies born to people with disease-causing mutations, this could spell disaster -- leaving them with devastating and potentially fatal illness. The findings are making some clinics reconsider the use of the technology for mitochondrial diseases, at least until they understand why reversion is happening. "These mitochondrial diseases have devastating consequences," says Bjorn Heindryckx at Ghent University in Belgium, who has been exploring the treatment for years. "We should not continue with this." "It's dangerous to offer this procedure [for mitochondrial diseases]," says Pavlo Mazur, an embryologist based in Kyiv, Ukraine, who has seen one of these cases firsthand.

Britain's failed attempt to send satellites into orbit was a "disaster" and MPs are being urged to redirect funding to hospitals, with the country now seen as "toxic" for future launches. The Guardian reports: Senior figures at the Welsh company Space Forge, which lost a satellite when Virgin Orbit's Start Me Up mission failed to reach orbit, said a "seismic change" was needed for the UK to be appealing for space missions. Lengthy delays by the Civil Aviation Authority (CAA), as well as the launch failure, had left Space Forge six months behind its competition in the race to be the first company to bring a satellite back down to Earth, when it had been six months ahead, the science and technology committee heard.

Patrick McCall, a non-executive director at Space Forge, said: "The CAA is taking a different approach to risk, and a bit to process and timing as well. But I think unless there is, without wanting to be too dramatic, a seismic change in that approach, the UK is not going to be competitive from a launch perspective. I think the conclusion I've reached is right now it's not a good use of money, because our regulatory framework is not competitive." He added that the UK ought to consider spending the money it was investing in launch capability on other areas, such as hospitals.

Greg Clark, the chair of the committee, said it was a "disaster" that an attempt to show what the UK was capable of had turned "toxic for a privately funded launch." "We had the first attempted launch but the result is that you as an investor in space are saying there is no chance of investors supporting another launch from the UK with the current regulator conditions." Dan Hart, the CEO of Virgin Orbit, told MPs he had expected the CAA to work more similarly to the Federal Aviation Authority in the US but he had found the UK regulator more conservative. The company has since ended its contract with Spaceport Cornwall at Newquay airport but said it was still hoping to launch from the site in the future. Sir Stephen Hillier, the chair of the CAA, said: "Our primary duty is to ensure that the space activity in the UK is conducted safely. The CAA licensed in advance of technical readiness."

If an artificial intelligence machine can be named as an inventor for a patent, pet cats could be next, lawyers said at the UK's top court arguing only humans can be inventors in law. From a report: The UK's Supreme Court will decide whether an AI machine can be named as an inventor and who may own the patent. Imagination Engines founder, Stephen Thaler, challenged the rejection of his patent applications naming his AI machine as inventor for a beverage container and a flashing light. Allowing an AI machine to be named as the inventor can open doors to "plainly ridiculous assertion," Stuart Baran, a lawyer for the patent office, said in documents prepared for the case. Should the judges rule in favor of Thaler inventors could include "my cat Felix" or "cosmic forces," he said. Thaler tried registering the patent naming his system, DABUS, as inventor in several countries but was successful only in Australia and South Africa, according to the court documents.

Apple has taken billions from game developers but failed to reinvest it, leaving the App Store a confusing mess for mobile gamers, writes Neil Long, former App Store editor. The Guardian: Late last year, the developer of indie hit Vampire Survivors said it had to rush-release a mobile edition to stem the flow of App Store clones and copycats. Recently a fake ChatGPT app made it through app review and quickly climbed the charts before someone noticed and pulled it from sale. It's not good enough. Apple could have reinvested a greater fraction of the billions it has earned from mobile games to make the App Store a good place to find fun, interesting games to fit your tastes. But it hasn't, and today the App Store is a confusing mess, recently made even worse with the addition of ad slots in search, on the front page and even on the product pages themselves.

Search is still terrible, too. Game developers search in vain for their own games on launch day, eventually finding them -- having searched for the exact title -- under a slew of other guff. Mobile games get a bumpy ride from some folks -- this esteemed publication included -- for lots of reasons. [...] However, finding the good stuff is hard. Apple -- and indeed Google's Play store -- opened the floodgates to developers without really making sure that what's out there is up to standard. It's a wild west. Happily things may be about to change -- including that 30% commission on all in-app purchases. After a bruising US court battle between Apple and Epic Games over alleged monopolistic practices, government bodies in the UK, EU, US, Japan and elsewhere are examining Apple and Google's "effective duopoly" over what we see, do and play on our phones.

Since the earliest versions of the iPhone, "The ability to dynamically execute code was nearly completely removed," write security researchers at Trellix, "creating a powerful barrier for exploits which would need to find a way around these mitigations to run a malicious program. As macOS has continually adopted more features of iOS it has also come to enforce code signing more strictly.

"The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.... The vulnerabilities range from medium to high severity with CVSS scores between 5.1 and 7.1. These issues could be used by malicious applications and exploits to gain access to sensitive information such as a user's messages, location data, call history, and photos."

Computer Weekly explains that the vulnerability bypasses strengthened code-signing mitigations put in place by Apple on its developer tool NSPredicate after the infamous ForcedEntry exploit used by Israeli spyware manufacturer NSO Group: So far, the team has found multiple vulnerabilities within the new class of bugs, the first and most significant of which exists in a process designed to catalogue data about behaviour on Apple devices. If an attacker has achieved code execution capability in a process with the right entitlements, they could then use NSPredicate to execute code with the process's full privilege, gaining access to the victim's data.

Emmitt and his team also found other issues that could enable attackers with appropriate privileges to install arbitrary applications on a victim's device, access and read sensitive information, and even wipe a victim's device. Ultimately, all of the new bugs carry a similar level of impact to ForcedEntry.

Senior vulnerability researcher Austin Emmitt said the vulnerabilities constituted a "significant breach" of the macOS and iOS security models, which rely on individual applications having fine-grain access to the subset of resources needed, and querying services with more privileges to get anything else.
"The key thing here is the vulnerabilities break Apple's security model at a fundamental level," Trellix's director of vulnerability research told Wired — though there's some additional context: Apple has fixed the bugs the company found, and there is no evidence they were exploited.... Crucially, any attacker trying to exploit these bugs would require an initial foothold into someone's device. They would need to have found a way in before being able to abuse the NSPredicate system. (The existence of a vulnerability doesn't mean that it has been exploited.)

Apple patched the NSPredicate vulnerabilities Trellix found in its macOS 13.2 and iOS 16.3 software updates, which were released in January. Apple has also issued CVEs for the vulnerabilities that were discovered: CVE-2023-23530 and CVE-2023-23531. Since Apple addressed these vulnerabilities, it has also released newer versions of macOS and iOS. These included security fixes for a bug that was being exploited on people's devices.
TechCrunch explores its severity: While Trellix has seen no evidence to suggest that these vulnerabilities have been actively exploited, the cybersecurity company tells TechCrunch that its research shows that iOS and macOS are "not inherently more secure" than other operating systems....

Will Strafach, a security researcher and founder of the Guardian firewall app, described the vulnerabilities as "pretty clever," but warned that there is little the average user can do about these threats, "besides staying vigilant about installing security updates." And iOS and macOS security researcher Wojciech ReguÅa told TechCrunch that while the vulnerabilities could be significant, in the absence of exploits, more details are needed to determine how big this attack surface is.

Jamf's Michael Covington said that Apple's code-signing measures were "never intended to be a silver bullet or a lone solution" for protecting device data. "The vulnerabilities, though noteworthy, show how layered defenses are so critical to maintaining good security posture," Covington said.

Phoronix reports: While Ubuntu Linux hasn't provided Flatpak support out-of-the-box due to their preference of using their own Snap app packaging/distribution format, Ubuntu flavors/spins have to this point been able to pre-install Flatpak support if they desired. However, for the 23.04 "Lunar Lobster" cycle and moving forward, Ubuntu flavors will no longer be permitted to install Flatpak packages by default.

Flatpak support for Ubuntu and its flavors will remain available in the Ubuntu archive so those wanting to install Flatpak support can easily do so post-install.

This change going into effect with the 23.04 cycle is making it so no Ubuntu flavors will have Flatpak support installed by default / out-of-the-box: they are supposed to center around Debian packages and Snaps for their out-of-the-box packaging support to align with Ubuntu.
From the blog OMG Ubuntu: Ubuntu developers have agreed to stop shipping Flatpak, preinstalled Flatpak apps, and any plugins needed to install Flatpak apps through a GUI software tool in the default package set across all eight of Ubuntu's official flavors, as of the upcoming Ubuntu 23.04 release.

Ubuntu says the decision will 'improve the out-of-the-box Ubuntu experience' for new users by making it clearer about what an "Ubuntu experience" is....

As far as Ubuntu is concerned, only deb and snap software is intrinsic to the 'Ubuntu experience', and that experience now needs to be offered everywhere. Flavor leads (apparently) agree, and have all agreed to mirror regular Ubuntu by not offering Flatpak features in their default install for future releases....

Flatpak will not be uninstalled or removed when user makes the upgrade to Ubuntu 23.04 from a version where Flatpak is already present.