Apple released yesterday iOS version 12.2 that, like never before, includes fixes for a considerable number of security-related issues, including some that are downright disturbing.
In total, the company fixed 51 security flaws. Probably the scariest security bug, at first glance, is CVE-2019-8566, a vulnerability in Apple’s ReplayKit. Used by various iOS apps, this is a component for recording and streaming audio and video feeds from a device.
Apple said a bug that existed in this component would have allowed malicious applications to access microphones without indication to the user, and surreptitiously record or stream nearby conversations.
“An API issue existed in the handling of microphone data. This issue was addressed with improved validation,” Apple said.
Code execution via SMS links
Another major issue fixed in this release is the one affecting iOS GeoServices, the component responsible for working with geo-location data.
Apple said that it patched a bug reported by an anonymous researcher who discovered out a way to execute code on iOS devices by sending links in SMS messages. If the user clicked these malformed links, then the attacker would have been able to run malicious code on the device.
The vulnerability (CVE-2019-8553) was attributed to a memory handling issue and patched in iOS 12.2. Memory handling bugs aren’t a problem for Apple alone, and Microsoft said earlier this year that nearly 70 percent of all security bugs it patches on a yearly basis are memory handling related issues.
WebKit bugs galore
But the GeoServices SMS link bug wasn’t the only memory-related bug fixed in iOS 12.2. Similar memory corruption issues that could also lead to code execution with elevated privileges were also fixed in the IOKit SCSI and Power Management components.
WebKit, which is the heart of the Safari browser, also suffered from similar memory corruption issues that could lead to malicious code execution.
Apple fixed not one, but 13 of these bugs –CVE-2019-8535, CVE-2019-6201, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8536, CVE-2019-8544, CVE-2019-7285, CVE-2019-8556, and CVE-2019-8506.
WebKit was, by far, the component that received the most security fixes overall. Besides code execution vulnerabilities, Apple also fixed a universal cross-site scripting (XSS) flaw that impacted the WebKit engine and worked on any website (CVE-2019-8551), along with a dangerous sandbox escape issue (CVE-2019-8562) that could have allowed malicious code to escape from the browser process and run on the underlying OS.
In addition, Denis Markov of Resonance Software found that malicious websites may also be able to access a user’s microphone without a visual indicator being shown (CVE-2019-6222).
KeySteal zero-day receives a fix
These are just a summary of the most dangerous security bugs fixed in iOS and its components. Some bugs, like the Safari and WebKit issues, also impact other Apple products where they are also embedded.
Besides security fixes for iOS, Apple also released security updates for other products, such as macOS, tvOS, Safari, Xcode, iTunes and iCloud for Windows.
The release of iOS 12.2 at Apple’s glitzy event yesterday may have caught everybody’s eye because of the release of the Apple News Plus and Apple Card services, but users would be doing themselves a bigger favor if they update to get the iOS 12.2 security patches instead.
In addition, updating macOS to the latest 10.14.4 release will also patch the KeySteal zero-day that became public at the start of February 2019, and which can allow malicious threat actors to steal passwords from the macOS Keychain.
More vulnerability reports:
Tracking Klarna’s plunging valuation – TechCrunch
Welcome to The Interchange! If you received this in your inbox, thank you for signing up and your vote of confidence. If you’re reading this as a post on our site, sign up here so you can receive it directly in the future. Every week, I’ll take a look at the hottest fintech news of the previous week. This will include everything from funding rounds to trends to an analysis of a particular space to hot takes on a particular company or phenomenon. There’s a lot of fintech news out there and it’s my job to stay on top of it — and make sense of it — so you can stay in the know. — Mary Ann
A humbling time for Klarna
Welp, I had a whole other topic planned for my intro today and then the Klarna news hit.
In case you missed it, on July 1, the Wall Street Journal reported that the Swedish buy now, pay later behemoth and upstart bank is reportedly raising $650 million at a $6.5 billion valuation, giving new meaning to the phrase “down round.” The news was shocking, to say the least. Why, you ask? Well, in June of 2021, Klarna was valued at $45.6 billion after closing on a $639 million round of funding — making it the highest-valued private fintech in Europe at that time.
When Klarna confirmed that raise on June 10, 2021, CEO and founder Sebastian Siemiatkowski sat down with me (via Zoom) in an exclusive interview, detailing why he was so excited about the company’s “explosive growth” in the U.S. and how it planned to use its new capital in part to continue to grow there and globally. He also said that an IPO was still in its sights “but not anytime soon.” The company then had 18 million users in the U.S.
Fast-forward to 2022. As of February, Klarna had 23 million monthly active users in the U.S. and 147 million globally. It reported 32% higher revenue of $1.42 billion for 2021.
By May, Klarna had laid off 10% of its workforce, or 700 people.
As TC’s Romain Dillet reported, the company didn’t name a single reason for the layoffs. Instead, Siemiatkowski listed different macro and geopolitical factors that led to the decision.
“When we set our business plans for 2022 in the autumn of last year, it was a very different world than the one we are in today,” he said. “Since then, we have seen a tragic and unnecessary war in Ukraine unfold, a shift in consumer sentiment, a steep increase in inflation, a highly volatile stock market and a likely recession.”
Now the company could be slashing its valuation by an astounding 1/7 to $6.5 billion. Notably, Klarna has not confirmed this, but, startlingly, the projection for the company’s alleged latest funding round and new valuation has steadily declined in recent weeks. The Wall Street Journal reported on June 16 that Klarna was considering raising capital at a valuation of around $15 billion. Even that new figure represented both a dramatic decline from Klarna’s mid-2021 valuation of more than $45 billion and the $30 billion figure it was reported to be targeting earlier this year, as our own Alex Wilhelm noted here. So from $45 billion to $30 billion to $15 billion to $6.5 billion. It’s hard to imagine it going even more downhill from here.
It’s also important to note, though, that Klarna is not the only BNPL provider that has seen a decline in valuation. As another tech enthusiast tweeted on Friday, competitor Affirm’s stock is also down significantly. On July 1 alone, shares were down 5% to $17.13 at the time of my writing this at about 2:30 p.m. CT, giving Affirm a market cap of $4.9 billion. That’s down from a 52-week-high of $176.65. Ouch.
Speaking of valuations, Alex examined how after financial technology startups saw their fortunes rise during the venture capital boom in 2021, they’re now suffering from a slump of a similar scale. The damage, he wrote, is not unidimensional. Instead, pain around the fintech sphere is varied and multifactorial.
The layoffs in fintech continue. Amount, a company that reached unicorn status last year, recently laid off 18% of its workforce. The exact number of how many people were affected is not known, but when TechCrunch reported on its last raise in May of 2021, the company said that it had 400 employees. If that is still the case, then about 72 people were let go. Amount was spun out of Avant — an online lender that has raised over $600 million in equity — in January of 2020 to provide enterprise software built specifically for the banking industry. It partners with banks and financial institutions to “rapidly digitize their financial infrastructure and compete in the retail lending and buy now, pay later sectors,” CEO Adam Hughes told TechCrunch last year.
The Federal Trade Commission is suing Walmart for sitting by while scammers bilked customers out of more than $197 million, the agency alleged in a statement. It’s seeking a court order that would force Walmart to give money back to customers, on top of civil fines. In a brief response, Walmart described the lawsuit as both “factually flawed and legally baseless.” Money transfer scams are widespread, and they can involve everything from promises to share an inheritance to lies about a family emergency. They happen just about everywhere, from Zelle, Venmo and Cash App to crypto ATMs and popular dating apps. In this case, the FTC alleges that Walmart “turned a blind eye to fraud” that went down inside its stores.
Robinhood made headlines three times over the past week. First, Taylor looked at how the stock trading and investing app was blindsided by the surge in interest from the first big “meme stock” after Redditors and other retail investors rallied around $GME and sent its price into the stratosphere. Jacqueline Melnik then addressed the rumors that FTX is looking to acquire Robinhood in this piece. And then Alex broke down for us why a crypto exchange might want to buy Robinhood in the first place.
According to the International Monetary Fund (IMF), less than 2% of financial institutions’ CEOs are women, and for executive board members the figure is less than 20%. Why does this matter? Apart from the obvious lack of opportunities for talented women, there are broader implications for business resilience as well as economic policy at national and international levels. Read more at Fintech Futures.
Cash App last week launched Round Ups, allowing customers to invest their spare change into a stock of their choice or bitcoin every time they use their Cash Card. Cash App said the product would allow Cash Card users “to seamlessly accumulate bitcoin and stock investments through everyday purchases.”
If you haven’t heard yet, there is a fintech conference on the water coming to San Diego, California, on August 10. Fintech Fest 1.0 is bridging together leaders from Brex, Encore Bank, Mastercard, Checkout.com, Figment, Sift and many others for business meetings and discussions on the largest boat on the West Coast. You can get 40% off ticket prices this week only.
Speaking of discounts, be sure to take advantage of this amazing deal. TechCrunch+ is having an Independence Day sale! Save 50% on an annual subscription here. More information here. And the two-for-one ticket to TechCrunch Disrupt sale will expire on July 5.
Funding and M&A
Seen on TechCrunch
Drive now, pay later: Startups make EVs more accessible by putting off the biggest bill
A look into how Conversion Capital plans to back early-stage fintech startups out of its new 6x larger fund
HomeLister wants to make selling your home more of a DIY affair, and cheaper
Brazilian motorcycle rental startup Mottu revs up with $40M to help more Latin Americans become couriers
Here’s Carta’s response to venture becoming more global
Sava, a spend management platform for African businesses, gets $2M pre-seed backing
GoCardless goes after Plaid with Nordigen buy
Knox Financial to expand loan products with $50M in funding
Zilch draws $50M more funding to buck BNPL industry woes
That’s it for this week. For our readers in the U.S., I really hope you’re enjoying the long weekend and Happy Independence Day. And to all of you, have a wonderful week ahead. To borrow from my dear friend and colleague Natasha, you can support me by forwarding this newsletter to a friend or following me on Twitter. Xoxo, Mary Ann
Equity crowdfunding appears immune to market volatility, on track for its best year yet – TechCrunch
Equity crowdfunding — or community raises, as the fundraising platforms involved prefer to call it — has grown steadily over the last few years. Regulations governing the process continue to evolve in the market’s favor, and 2022’s venture funding pullback may be the final piece needed to quiet the fundraising strategy’s naysayers for good.
This year looks poised to be monumental for equity crowdfunding, which entails raising capital through specific filings with the U.S. Securities and Exchange Commission, including Reg CF and Reg A, from a mix of investors that don’t have to be accredited.
Over the past few years, equity crowdfunding has shed much of the stigma that used to imply that only companies that weren’t good enough for VC raised this way. Some traditional VCs have even scouted on the platforms or encouraged their portfolio companies to pursue the process. But with the fundraising climate now showing cloudy skies, equity crowdfunding is getting ready for a field day.
TechCrunch+ is having an Independence Day sale! Save 50% on an annual subscription here. (More on TechCrunch+ here if you need it!)
More than $215 million was invested in startups on equity crowdfunding platforms this year through the end of May, according to the Arora Project, a Republic-owned platform that curates crowdfunding initiatives and tracks data, up from around $200 million in the same period last year. Crowdfunding campaigns raised a total of $502 million in 2021.
While that isn’t too big of a leap, industry players are encouraged by the growth and see scope for more improvement later in the year, as crowdfunding typically sees an uptick around the fourth quarter.
The 2022 McLaren GT is a fresh take on a classic recipe – TechCrunch
There’s a reason the term “daily driver sports car” exists. It’s because typically, purpose-built performance cars suffer from an inherent lack of usability: they’re loud, uncomfortable and they require pristine driving conditions. What’s more, they’re often bereft of the accessories we’ve grown used to, and when they’re included, they’re usually subpar.
These might sound like small concessions for the chance to drive a top-tier performance vehicle, but try spending upwards of $200,000 on a car that makes you miserable half the time. Thanks to improvements in technology and manufacturing, the line between sport and luxury is blurrier than ever.
Making fun cars more accessible is a good thing, but they should at least feel different from your daily commuter. Few modern sports cars distinguish themselves like this better than ones from McLaren Automotive, so much so that I was slightly worried that its latest vehicle, the McLaren GT, would lose those particular characteristics as a consequence of making the car more accommodating. While some rough edges have been smoothed out, for better or for worse, the luxury overhaul has been a bit overstated, yet the characteristic McLaren charm remains.
Nuts and Bolts
The McLaren GT is a mid-engine rear-wheel drive two-seater that acts as McLaren Automotive’s entry level model. It’s powered by a 4.0-liter twin-turbo V8, a variant of the motor found in other models across the lineup fitted with smaller turbochargers. This iteration drops the total power output, but delivers power lower in the rev band, making peak power more accessible sooner. It generates 612 horsepower and 465 pound-feet of torque which is routed to the rear wheels by way of a seven-speed dual-clutch transmission.
With the help of launch control, the McLaren GT can sprint from 0 to 60 in 3.1 seconds and can top out at 203 mph.
As with all McLaren cars, the GT is built on a carbon fiber chassis that contributes to its light 3,384-pound curb weight. It’s also fitted with electro-hydraulic steering, which goes a long way in delivering its distinct driving feel. It all rides on an adaptive damping system and 20-inch front wheels and 21-inch rears.
As a GT, this McLaren is meant for extended drives and thus its defining feature is the 14.8 cubic feet of storage space that sits behind the driver and on top of the mid-mounted engine.
It also features an active dynamics panel that allows drivers to customize the car’s behavior, a 1,200-watt Bowers & Wilkins sound system and the latest iteration of McLaren’s bespoke infotainment system. This is the heart of the McLaren GT’s user interface and sits in a 7-inch touchscreen in the center of the dash. Along with entertainment functions, it pairs with mobile devices via Bluetooth, gives access to a handful of car settings like ambient lighting and features HERE-powered satellite navigation.
This screen is supported by a 12.3-inch digital gauge cluster behind the steering wheel. Some of the above info is pushed to that screen such as turn-by-turn directions, though its main function is providing immediate car behavior information. The typical speedometer and tachometer are of course present, but there are also tire pressure displays and other status indicators. This screen reconfigures itself depending on drive mode to better position more vital info while in a track or dynamic setting.
The big mission statement for the McLaren GT is that it’s a better balance between the driving dynamics that McLarens are known for and creature comforts. Every sports car maker tackles this particular dish with its own recipe and for its part, McLaren Automotive goes heavy on performance and light on user-friendliness. The McLaren GT is meant to be its most approachable car yet, but thankfully, the extra dollop of refinement doesn’t overpower the distinct McLaren umami underneath.
Sliding under the dihedral doors and into the GT reveals a very performance-oriented cockpit. Two ergonomic seats are divided by a very small armrest and the sparse cabin is dominated by a leather-and-steel steering wheel flanked by two wheel-mounted paddle shifters. Behind this is the aforementioned 12.3-inch digital gauge cluster that can be accessed by one of the few stalks protruding from the steering column. The 7-inch touchscreen sits above the active dynamics panel and drive select buttons while the Bowers & Wilkins speakers stare at you from the doors like a hawk’s eye.
All of this is the first indication that the McLaren GT isn’t going to stray too far from its sports car roots: this cabin is nearly identical to the one in the 570S. Naturally, there are minor differences, including additional sound baffling. But one could go from car to car and be hard-pressed to spot them.
The next is the sensation of how purpose-built the car feels. All of the luxurious touches can’t hide the fact that you’re sitting in the carbon fiber monocell of a race-ready vehicle.
The McLaren GT doesn’t do quiet. Once the twin-turbo V8 fires up, it’s your soundtrack throughout the drive, Bowers & Wilkins be damned. From here on out, the McLaren GT demands the driver to be laser focused on the act of driving, as none of the half-minded lollygagging we’re used to doing in daily traffic will fly. The steering feedback is ample, the brakes require a very heavy foot and the haunches of the athletic-looking sports car obscures much of the rearward visibility.
When allowed to gallop, the GT is enthusiastic with its acceleration and the sensation between all the systems working to keep the McLaren on course is palpable. Its electro-hydraulic steering communicates the road’s surface conditions fluidly, and its heft gives drivers something substantial to embrace. This system combo feels more responsive to the fully-electronic power steering that we’re used to, it’s meatier and heavier, but mechanically so, not with just pre-programmed motorized resistance. Same goes for the suspension and active dampers, as it’s easy to feel every bit of the McLaren GT doing its job.
How it executes its task is also determined by the active dynamics settings. Two knobs for handling and power each have three settings, Normal, Sport and Track. Normal is the most docile settings, keeping the car’s ride as comfortable as it can be with all of the usual drive assists on, and with the engine at its most tame. Sport causes the car’s overall handling to be a touch more aggressive and relaxes some of the stability control, and it also heightens the throttle response, as well as the transmission’s affinity for lower gears. Track is the McLaren’s most aggressive setting: Handling? Rigid. Traction control? Off. Engine and transmission? Unrestrained.
One of the most wonderful attributes of the McLaren GT and indeed one that it shares with its super sibling the 570S, there is very little in the way of electronic hand-holding. This lack of a computerized safety net demands a higher application of driver skill and thus it makes crisp maneuvers very rewarding, just as it makes slip-ups nerve-wracking. Think of the experience as somewhere between a Lotus Evora and the Audi R8 V10.
Living La Vida Macca
As exciting as it is to live life on the razor’s edge with the McLaren GT, the bits in-between succumb to the usual supercar user-unfriendliness. A series of parking sensors and a backup camera make positioning the precious GT around much easier, as is a push-button nose-raising feature, which is a huge relief.
This eases some of the usual daily sports car frustrations, but the true heart of the GT’s problems lay with the in-car interface.
For as good as the car is mechanically, its in-house developed operating system is a particularly glaring weak point. McLaren knows this. Frankly, it used to be worse.
The 10-core-processor-powered “Infotainment system II” is faster and more responsive than the units found in previous McLaren vehicles. Familiar swipes and pinch-and-zoom functions make using the touchpad easy, though finding the desired menu is another matter. More often than not, it will require a passenger-side co-pilot to give it the necessary attention or for the driver to pull off the road to sort things out. This could be something as simple as trying to select a music input source, but its most frustrating when it comes to navigation.
Despite the upgrade, the built-in system still feels far less intuitive and limited by current standards. Punch in the address and if it finds it, there are limited routes to choose from, if any alternatives. Deviate from the route and it will stubbornly insist that you find your way back long before it decides to re-route itself. There were also instances of inaccurate road data pushed our way, directing us to turn on roads that weren’t there, or sometimes not recognizing ones that were.
As the GT is not Apple CarPlay or Android Auto compatible, drivers are out of luck when it comes to alternative navigation systems like Google Maps or Waze. Indeed, the heavily-bezeled touchscreen’s size and orientation mirrors that of a smartphone, and there were many times we wished we could simply suction-cup our own phone over it just to find our way back home.
This doesn’t bode well for a car meant for long car journeys, nor does the 14.8 cubic feet of storage space function as intended. The extra room that sits atop the engine means whatever is laid across it is subject to a great deal of heat. It’s great for a couple pairs of skis but not so great for cargo such as electronics.
The McLaren GT is a true sports car and none of its down-tuning or soft appointments take away from that. In fact, it’s arguable that they don’t go far enough to substantially differentiate this car from others in the lineup or to live up to its Grand Tourer moniker. That’s certainly the case when it comes to its tech.
McLaren could’ve kept everything mechanically identical to its sibling cars and the GT could have set itself apart with a more robust, user-friendly road-trip oriented interface, easier to maps, bigger screens to facilitate easier access and 360-degree parking cameras, and more modern mobile device compatibility, just to name a few features we wished it had. As it stands, the $205,000 McLaren GT is a true entry-level sports car that sticks to the classics.
It delivers on the full experience, but in terms of tech, it’s a lateral step.
Tracking Klarna’s plunging valuation – TechCrunch
Welcome to The Interchange! If you received this in your inbox, thank you for signing up and your vote of...
How To Set Your Thermostat To Save Money This Summer
Choosing the right thermostat and fine-tuning its settings could save you money on your energy bill during the summer months.
Equity crowdfunding appears immune to market volatility, on track for its best year yet – TechCrunch
Equity crowdfunding — or community raises, as the fundraising platforms involved prefer to call it — has grown steadily over...
The 2022 McLaren GT is a fresh take on a classic recipe – TechCrunch
There’s a reason the term “daily driver sports car” exists. It’s because typically, purpose-built performance cars suffer from an inherent...
How do painkillers kill pain? It’s about meeting the pain where it’s at
Enlarge / A variety of pain-relieving drugs are available both over the counter and by prescription. Without the ability to...
Social2 years ago
CrashPlan for Small Business Review
Social3 months ago
Web.com website builder review
Gadgets4 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile4 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Cars4 years ago
What’s the best cloud storage for you?
Social4 years ago
iPhone XS priciest yet in South Korea
Security4 years ago
Google latest cloud to be Australian government certified
Social4 years ago
Apple’s new iPad Pro aims to keep enterprise momentum