Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Microsoft fixes unreachable Windows Server domain controllers

Bleeping Computer - 11 Červen, 2025 - 15:21
Microsoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures. [...]
Kategorie: Hacking & Security

Microsoft fixes Windows Server auth issues caused by April updates

Bleeping Computer - 11 Červen, 2025 - 14:34
Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates. [...]
Kategorie: Hacking & Security

Nvidia: ‘Sovereign AI’ will change digital work

Computerworld.com [Hacking News] - 11 Červen, 2025 - 14:05

Nvidia executives think sovereign AI has the potential to change digital work as generative AI (genAI) aligns with national priorities and local regulations.

“AI is rapidly becoming critical infrastructure, just like electricity and the internet,” Kari Briski, vice president of generative AI software for enterprise at Nvidia, said during a briefing ahead of this week’s GTC Paris developer event.

Countries need localized models reflecting unique cultural identities and that can understand the local language, work culture, regulations and strengths, Briski said.

While genAI agents can help customize language models, those models also need a localized distribution path for regional use, she said. With that in mind, Nvidia is partnering with a number of countries to shape their sovereign AI plans and working with local companies that have unique knowledge of their regions.

“These agents are our digital workforce,” Briski said. “And for those concerned about AI taking our jobs, these agents will not. But those who know how to use AI might.”

The company made a variety of announcements ahead of GTC Paris cloaked in the theme of sovereign AI. Many focused on industrial AI in Europe, which houses some of the world’s largest automotive, chemical and aerospace firms.

“For these industries, [large language models] will only go so far,” said Rev Lebaredian, vice president of Omniverse and simulation technology at Nvidia. “They need physical AI — AIs that can understand and interact with the physical world, fine-tuned for industrial applications.” 

Nvidia announced it is building the world’s first industrial AI cloud in Germany, where many industrial giants are located. The industrial AI cloud is built on the company’s RTX PRO and B200 GPUs.

It will “run every industrial manufacturing workload from every industrial software maker from accelerated design and engineering to factory digital twins to robotics training and simulation and AV development,” Lebaredian said.

The company also announced a partnership in France with Mistral to build out AI hardware and software infrastructure in France. Mistral is building a data center with 18,000 Grace Blackwell systems that’s expected to be operational in 2026.

While Nvidia’s rhetoric could help it sell GPUs, sovereign AI is a real consideration among countries hoping to gain a competitive advantage, and it will trickle down to office workers, analysts said. Specifically, sovereign AI is linked to reskilling local workforces in industries that are priorities for governments.

Country-specific models will be a backbone of knowledge on how companies can do business within borders, said Jim McGregor, principal analyst at Tirias Research. “Finance, health care and government are typical applications, but this could extend to companies with strict security requirements,” he said.

Nations are actively trying to gain an information advantage with sovereign AI strategies, said Jack Gold, principal analyst at J. Gold Associates. “Countries are seeing sovereign AI as infrastructure, just like weapons and power plants. Countries don’t want to be beholden to others — it’s strategic,” he said.

Sovereign AI comes in the form of localized models and AI infrastructures, and is designed to create jobs and upskill workers in AI to get used to the emerging work environments, Gold said.

Germany is prioritizing investments in AI technology to regain its industrial advantage, which will boost the local workforce, Gold said.

Specifically, Nvidia said the Mercedes-Benz CLA sedan with its Nvidia Drive autonomous driving AI software is now available in Europe. It also announced that Volvo Cars and JLR are also starting production for their next generation fleets built on the Nvidia Drive AI software stack.

The company also announced that Siemens is integrating Nvidia’s CUDA-X RTX and Omniverse libraries in its simulation software used to engineer products that include machines, engines and other equipment.

Kategorie: Hacking & Security

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

The Hacker News - 11 Červen, 2025 - 13:32
INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies from 26 countries to identify servers, map physical networks, and execute targeted takedowns. "These Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Why DNS Security Is Your First Defense Against Cyber Attacks?

The Hacker News - 11 Červen, 2025 - 13:25
In today’s cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked: the Domain Name System (DNS). As the starting point of nearly every online interaction, DNS is not only foundational - it’s increasingly a target. When left unsecured, it becomes a single point of [email protected]
Kategorie: Hacking & Security

What Microsoft hopes to get from its breakup with OpenAI

Computerworld.com [Hacking News] - 11 Červen, 2025 - 13:00

The once-tight bond between Microsoft and OpenAI has been fraying for well over a year — and it’s getting worse. The companies were at one point so close that OpenAI CEO Sam Altman called their relationship “the best bromance in tech.” 

But as in many romances, times change. Relationships sour. 

For at least six months, the two companies have been sniping at each other. At times, there’s been open warfare. Altman tried to convince more than 300 corporate executives around the world to switch their AI allegiance from Microsoft to OpenAI by telling them they’d be better off working directly with the people who built generative AI (genAI) technology rather than getting it secondhand via Copilot from Microsoft.

Microsoft CEO Satya Nadella dissed OpenAI, saying bluntly: “If OpenAI disappeared tomorrow…, we have all the IP rights and all the capability. We have the people, we have the compute, we have the data, we have everything. We are below them, above them, around them.”

Now, it’s time for the lawyering up. You can easily guess what the fight is over: What Microsoft will ultimately get for its $13 billion investment in OpenAI and what their relationship looks like in the long run.

The roots of the fight

The confusion about what Microsoft gets in return for its big OpenAI investment has its roots in the way the company was founded in 2015. It originally started as a nonprofit. Founders, including Altman, Elon Musk, and others, worried that if AI were allowed to be developed unchecked, it could become a threat to humanity. They funded the company out of their own pockets, and said the company’s purpose would be to ensure that AI would be “used in the way that is most likely to benefit humanity as a whole, unconstrained by a need to generate financial return.”

It’s easy to have high-minded goals like that when little or no money is at stake. But eventually reality intervened in the form of the hundreds of trillion dollars of potential AI profits. Altruism disappeared and the founders turned OpenAI into a “capped” for-profit company, with a nearly incomprehensible corporate structure. OpenAI opened itself up to investors. More confusing still, OpenAI was allowed to compete directly with its investors.

Along the way, Microsoft invested in the company and was granted the sole rights to use OpenAI technologies, which it used to build its Copilot AI tools. But it’s never been clear how Microsoft could cash in over the long run.  

Since then OpenAI has outlined a complicated plan for restructuring that would allow it to launch an IPO — and it looks as if that plan will eventually proceed. 

 That brings us to today.

The rubber meets the road

Before OpenAI can go public via an IPO, it needs to come to an agreement with Microsoft about what Microsoft’s investment will be worth. Both companies are very different today than when that investment was made. OpenAI is now a big and successful operation, valued at $300 billion, with arguably the most advanced AI capabilities in the world.

Microsoft has built itself into a $1 trillion+ company on the back of using OpenAI’s ChatGPT to underpin its Copilot AI tools, which are now embedded in every part of the company. In addition, Microsoft’s hosting of AI services appears to cement its lead as the world’s largest AI company. What they want from each other is now very different than when Microsoft made its original $13 billion investment.

These days, Microsoft is less interested in getting a big cash infusion from an IPO than in getting long-term access to OpenAI technologies that can help it maintain and expand its AI lead.

“Microsoft’s interests go beyond equity — it’s about return on investment, sustained AI infrastructure growth, and maintaining Copilot’s edge by anchoring it on OpenAI models,” said Neil Shah, vice president for research and partner at Counterpoint Research. “Microsoft would like to continue having a big slice of it, being one of the key initial supporters and investors.”

“If Microsoft trades equity for extended model access, it’s signaling a pragmatic pivot from ownership to operational leverage,” said Abhivyakti Sengar, practice director at Everest Group. “This would give Microsoft continued dominance across enterprise applications without the burden of influencing OpenAI’s increasingly complex governance structure.”

As to what OpenAI wants from any agreement, that’s a little less clear, in part because it claims to be pursuing two seemingly contradictory goals: Making sure AI is developed ethically, while making as much profit as possible. 

It’s also possible that its reorganization for an IPO might not pass muster with regulators. So, it’s in the company’s interest to come to a friendly deal with Microsoft, which would make it more likely regulators will approve the new structure.

This means that Microsoft is more likely than not to get what it wants from OpenAI — long-term access to the company’s most valuable technologies, which are worth far more to the company than cash. If that happens, it’s hard to imagine anyone toppling Microsoft as the world’s most valuable AI company.

Kategorie: Hacking & Security

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

The Hacker News - 11 Červen, 2025 - 12:28
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface," the U.S. Cybersecurity and Infrastructure Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How to Build a Lean Security Model: 5 Lessons from River Island

The Hacker News - 11 Červen, 2025 - 12:00
In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highly effective. River Island, one of the UK’s leading fashion retailers, offers a powerful [email protected]
Kategorie: Hacking & Security

4 essential facts about Android 16’s Advanced Protection security supermode

Computerworld.com [Hacking News] - 11 Červen, 2025 - 11:45

Well, I’ll be: Android 16 is officially here! (Or it’s available for device-makers to roll out as they see fit, at least. Choose your own adventure.) And the timing of the software’s arrival isn’t the only unusual thing about Google’s latest addition to its ever-expanding lineup of Android versions.

Android 16 sets the stage for the platform’s most dramatic reinvention in ages — with a whole new look and design language, a whole new system for multitasking, and a whole new way to use your phone as a computer (quite literally).

But, in a befuddling twist, most of the more substantial advances won’t actually be present in this initial Android 16 rollout. Rather, they’re being developed as part of a future update that’ll land within either an upcoming quarterly release or potentially even the Android 17 release scheduled for this fall. (More confusing yet, some of those elements are already visible for folks enrolled in Google’s Android beta program, which is currently focused on the next quarterly update but sometimes includes features for future versions, too — head spinning yet?)

On the surface, this initial Android 16 update isn’t exactly astonishing. But aside from all of its foundational work for the more exciting changes to come, this new software sports a slew of significant security enhancements that may not jump out and wow you but will absolutely make a meaningful difference in the ever-important area of personal and professional data protection.

Perhaps most significant is a new all-encompassing Android security supermode called Advanced Protection. It’s a simple, single-switch setup that brings all of the most secure Android-operating-system-level options onto your device in an instant.

I’ve been experimenting with Android 16’s Advanced Protection system for a while now on my own personal Pixel phone. Here’s everything you need to know about the new setup, what exactly it does, and how it fits into the broader Android security picture.

[Psst: Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Tips, insights, and tons of tasty treats await!]

Android 16 Advanced Protection fact #1: A single switch does a lot

The main thing to know about Advanced Protection in Android 16 is that it is, quite literally, just one switch within a new area of your system settings.

In Google’s standard Android interface, as seen on Pixels, it’s an added section within the main Security & Privacy settings section. Once you tap that section, you see just that single toggle — along with a bunch of supplementary text and explainers:

The Android 16 Advanced Security control panel, as seen on a Google Pixel phone.

JR Raphael, Foundry

All there is to activating it and opting in is tapping that toggle once to flip it into the on position. Doesn’t get much easier than that.

Android 16 Advanced Protection fact #2: The same bundle is available a la carte

While Advanced Protection is an important addition, all it’s actually doing is making it easy to activate a bunch of advisable Android security settings in one fell swoop.

Specifically, Advanced Protection enables:

  • Extra theft protection — via Theft Detection Lock and Offline Device Lock, a pair of Android security additions that came into the mix for most Android devices last fall. They use your phone sensors to look for indications of a device having fallen into the wrong hands and then automatically lock the thing if and when any such scenario arises.
  • Enhanced app protection — with Android’s Google Play Protect on-demand scanning system in place, alongside a more locked-down approach to app installations that allows downloads only from the official Play Store (and any other preloaded app stores on your device) as well as a feature called Memory Tagging Extension that makes it less likely for an app to be able to corrupt your device’s memory in the unlikely event that it were to be in a position to do so.
  • Smarter web protection — with live scanning for browser-based threats, forcing of the more secure HTTPS encrypted web standard, and additional protections around Javascript processing within Chrome.
  • Advanced calling and messaging protection — with real-time scanning and warnings about likely scams and spam within Google Messages, detection of and warnings about unsafe links that could be connected to phishing attempts in incoming texts, and a trio of spam detection, scam detection, and call screening systems for incoming calls in the Google Phone app.
  • Heightened network protection — with your phone actively rejecting any less secure 2G-level network connections that may come along over time.

Notably, all of those features could also be activated individually, via various options scattered across the Android system settings and the associated core Google Android apps. The main advantage of Advanced Protection is really just simplification and having it all happen via that one single switch instead of having to seek out (and know about!) each individual option on your own, one by one, each and every time you set up a new device.

Android 16 Advanced Protection fact #3: There’s more to come

Moving forward, it seems Google’s goal is to keep Advanced Protection updated with all of the latest Android security features that come into the mix over time — meaning that once you activate it, you don’t have to keep thinking about manually activating any new options as they arrive and can instead just know that Advanced Protection will handle it for you.

Already, a small handful of specific still-in-the-works features is confirmed to be bundled into Advanced Protection as each of the new options becomes available (supposedly sometime “later this year,” in the typically vague Google vernacular):

  • Inactivity Reboot: An incoming option that’ll automatically restart your device anytime it remains locked for 72 consecutive hours — thus suggesting you aren’t actively using it for one reason or another — and re-encrypting all your data so it’ll be accessible only after a full password or pattern unlock.
  • Intrusion Logging: A privacy-minded feature that securely stores logs of sensitive system actions in the cloud, encrypted and connected solely to your Google account, so you could seek out answers if something suspicious were ever to happen on your device.
  • USB Protection: Setting your phone’s USB port to allow only charging by default instead of active data transfers — to prevent anyone from being able to physically plug a drive into the device and transfer files off the phone without your knowledge (unlikely as that may be to occur).
  • Disable Auto-Reconnect to Insecure Networks: Exactly as its name suggests, your phone won’t ever automatically reconnect to a network that isn’t secure, even if you manually ask to connect to such a network once.
Android 16 Advanced Protection fact #4: All of this is still only part of the picture

While Advanced Protection makes it much easier to enable all the most advisable Android security settings, even that is just one piece of an optimal Android security puzzle.

First and foremost, you might’ve noticed that the name of this program feels familiar. (If so, good job! Go get yourself a cookie and/or slushie treat, preferably chocolate chip and blue, respectively.) That’s because Google also offers an all-around account-protecting program called Advanced Protection.

That program is a bit more intense in what it does, and — unlike this new Android-specific equivalent — by design isn’t intended for everyone. It requires you to rely on physical security keys anytime you sign into your Google account, for instance, and it severely limits the ways in which third-party apps can connect to your account — steps that are smart for people in higher-profile or more at-risk positions but may be overly restrictive for other, more ordinary Android-owning animals.

But the two programs are very much meant to be complementary, and if it both make sense for you to be using, they very much go hand in hand in their forms of heightened protection — for your Android device and your Google account, respectively.

Either way, though, there are steps you should absolutely be taking to ensure the security of your Google account — and similarly, there’s a sprawling series of steps and best-practice reminders you should be revisiting regularly specific to Android security.

These steps go above and beyond what even Advanced Protection can do for you, and they’re important to assess and consider once annually, at a minimum.

My 18-step Android security checkup is a one-stop, regularly evolving checklist where you can see exactly what you should be focusing on at any given moment in the Android arena. Bookmark it, set yourself a reminder, and revisit it once a year.

And remember: Android security is far less scary than it’s frequently made out to be, but it’s also an area that requires a healthy pinch of common sense and careful thinking. Luckily, it doesn’t take a ton of effort to keep yourself protected. It just takes the teensiest sliver of effort and awareness.

Stay connected to all the most important incoming info with my free Android Intelligence newsletter — three new things to know and try in your inbox every Friday.

Kategorie: Hacking & Security

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

The Hacker News - 11 Červen, 2025 - 09:46
Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This includes 26 remote code execution flaws, 17 information disclosure flaws, and 14 privilege escalation Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Smazali jste složku inetpub? Microsoft vydal skript, který ji znovu vytvoří. Jde o bezpečnost

Zive.cz - bezpečnost - 11 Červen, 2025 - 08:45
**V dubnu se v systémových úložištích Windows vytvořila složka inetpub. **Je důležitá pro zabezpečení, neměli byste ji odstranit. **Pokud jste ji odstranili, spusťte skript, který Microsoft vydal.
Kategorie: Hacking & Security

After AI setbacks, Meta turns to Scale AI and ‘superintelligence’ research

Computerworld.com [Hacking News] - 11 Červen, 2025 - 03:54

Meta has recently lost some traction in the AI space, notably halting a major model rollout last month, but the social media company is looking to turn that around with a new $15 billion investment in Scale AI.

The Mark Zuckerberg-led company has reportedly inked a deal to acquire a large minority stake in the startup, which offers data labeling and model evaluation services for industry leaders including OpenAI, Google, and Microsoft.

According to reports, the $14.8 billion investment would give Meta a 49% stake in Scale AI.

This move comes as Meta is also strategically forming a new research lab to pursue “superintelligence,” with Scale AI founder and CEO Alexandr Wang reportedly being tapped to join that initiative.

“Somewhat ironically in the era of AI, Scale AI excels at human-in-the-loop labeling of data,” said Hyoun Park, CEO and chief analyst at Amalgam Insights. “Meta sees this ability to train models and access human curated training data at massive scale as a necessary capability for Meta’s models to keep up with the extremely competitive world of LLMs.”

What Scale AI can bring to Meta

Reports have described Zuckerberg’s frustration with Meta’s AI progress as its competitors, OpenAI, Anthropic and others, continue to innovate and pull ahead. Notably, in May, the company delayed the launch of its new flagship model, Behemoth, purportedly due to internal concerns about its performance capabilities compared to competitors.

“Meta’s models have struggled to keep up with OpenAI and Anthropic in terms of alignment and polish,” said Wyatt Mayham, lead AI consultant at Northwest AI Consulting. Also, he noted, its Llama family of models “haven’t gained much enterprise traction due to weaker instruction tuning and less reliable output quality.”

Mayham pointed out that Scale AI’s “crown jewel” isn’t just labeled data; it’s high-quality enterprise grade human feedback pipelines. Scale would give Meta a fast track path to improve reinforcement learning from human feedback (RLHF) and model steering at scale. The company could dramatically tighten gaps with instruction tuning and output quality by upgrading alignment and task-following performance.

“If this acquisition does indeed go through, it signals that Meta is serious about continued data dominance,” said Mayham.

However, enterprise customers should be both “cautious and curious,” he said.

If Meta owns both the model and the feedback infrastructure, it raises important questions: Who controls alignment priorities? Will fine tuning pipelines be vertically integrated or open? Enterprise teams should watch for lock-in risk if Meta starts to offer end-to-end AI services that compete with open ecosystems, Mayham advised.

And, he said, if enterprises are evaluating which model to bet on long term, this move reinforces the trend that alignment and control are differentiators; not just raw model size. “Whoever owns the human feedback loop owns the intelligence layer.”

‘Superintelligence’ requires a whole new infrastructure

Zuckerberg seems to be going all-in on the development of “superintelligence” — AI systems that exceed human cognitive capabilities. This hypothetical type of AI is the next step above artificial general intelligence (AGI), AI that can match human cognitive abilities. AGI is also still in its hypothetical stages, with experts varying widely on what exactly it could look like, or if it’s even achievable at all.

Behind the hype of AGI is a more “basic threshold of competence” that users are expecting from AI, said Amalgam’s Park. Hallucinations, when AI makes stuff up or outright lies, are actually demonstrations of each LLM’s world view, he noted.

Models need better training and grounding to be more closely aligned to “our worldview, the view of reality and common sense,” said Park. “This investment by Meta is fundamentally focused on providing more human context, metadata, and assumptions into Meta’s next set of models.”

A new type of infrastructure and focus on security and bias is vital as the industry journeys towards AGI, agreed Jimmie Lee, founder and CEO at JLEE.com.

“With the expectation that this superintelligence will far surpass human intelligence, we need to ensure that this new ‘consciousness’ understands the human context,” he said. “Our humanity, the summation of our mindsets, experiences, dreams, and desires, factors into the thousands of decisions we make daily.”

Tomorrow’s AI infrastructure

This potential investment by Meta indicates a shift from a sole focus on LLM development to a more comprehensive strategy centered on the “critical need” for evolved data infrastructure, said Lee.

“As AI and agentic AI continue to develop and grow, the future limiter is not innovation, application, or talent; it will be infrastructure,” he contended. “Currently, modern technologies are outpacing the growth of the very infrastructure that they require to operate.”

For enterprise users, Lee noted, this means deeper integrations and enriched LLMs and data engines that can be more “hyper-specialized and domain-specific,” thus allowing for richer platforms that better support builders. “This results in less infrastructure, greater simplicity, and improved tools and technologies to build on,” he said.

Ultimately, Meta seems to be re-shifting its strategy, Lee noted: It’s going back to its roots of making large bets to try to drive innovation, rather than merely responding to market demands and increasing market share.

Park agreed: “Zuckerberg knows that AI is the biggest battle in tech and intends to do everything he can to make Meta one of the global giants in artificial intelligence.”

Kategorie: Hacking & Security

DanaBot malware operators exposed via C2 bug added in 2022

Bleeping Computer - 10 Červen, 2025 - 23:46
A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. [...]
Kategorie: Hacking & Security

Android versions: A living history from 1.0 to 16

Computerworld.com [Hacking News] - 10 Červen, 2025 - 23:20

What a long, strange trip it’s been.

From its inaugural release to today, Android has transformed visually, conceptually and functionally — time and time again. Google’s mobile operating system may have started out scrappy, but holy moly, has it ever evolved.

Here’s a fast-paced tour of Android version highlights from the platform’s birth to present. (Feel free to skip ahead if you just want to see what’s new in the most recent Android 15 update and the still-under-development Android 16 release.)

[ Download our editors’ PDF Android business smartphones enterprise buyer’s guide today! ]

Android versions 1.0 to 1.1: The early days

Android made its official public debut in 2008 with Android 1.0 — a release so ancient it didn’t even have a cute codename.

Things were pretty basic back then, but the software did include a suite of early Google apps like Gmail, Maps, Calendar, and YouTube, all of which were integrated into the operating system — a stark contrast to the more easily updatable standalone-app model employed today.

width="700" height="358" sizes="(max-width: 700px) 100vw, 700px">

The Android 1.0 home screen and its rudimentary web browser (not yet called Chrome).

T-Mobile

Android version 1.5: Cupcake

With early 2009’s Android 1.5 Cupcake release, the tradition of Android version names was born. Cupcake introduced numerous refinements to the Android interface, including the first on-screen keyboard — something that’d be necessary as phones moved away from the once-ubiquitous physical keyboard model.

Cupcake also brought about the framework for third-party app widgets, which would quickly turn into one of Android’s most distinguishing elements, and it provided the platform’s first-ever option for video recording.

width="700" height="480" sizes="(max-width: 700px) 100vw, 700px">

Cupcake was all about the widgets.

Android Police Android version 1.6: Donut

Android 1.6, Donut, rolled into the world in the fall of 2009. Donut filled in some important holes in Android’s center, including the ability for the OS to operate on a variety of different screen sizes and resolutions — a factor that’d be critical in the years to come. It also added support for CDMA networks like Verizon, which would play a key role in Android’s imminent explosion.

width="720" height="491" sizes="(max-width: 720px) 100vw, 720px">

Android’s universal search box made its first appearance in Android 1.6.

Google

Android versions 2.0 to 2.1: Eclair

Keeping up the breakneck release pace of Android’s early years, Android 2.0, Eclair, emerged just six weeks after Donut; its “point-one” update, also called Eclair, came out a couple months later. Eclair was the first Android release to enter mainstream consciousness thanks to the original Motorola Droid phone and the massive Verizon-led marketing campaign surrounding it.

Verizon’s “iDon’t” ad for the Droid.

The release’s most transformative element was the addition of voice-guided turn-by-turn navigation and real-time traffic info — something previously unheard of (and still essentially unmatched) in the smartphone world. Navigation aside, Eclair brought live wallpapers to Android as well as the platform’s first speech-to-text function. And it made waves for injecting the once-iOS-exclusive pinch-to-zoom capability into Android — a move often seen as the spark that ignited Apple’s long-lasting “thermonuclear war” against Google.

width="700" height="494" sizes="(max-width: 700px) 100vw, 700px">

The first versions of turn-by-turn navigation and speech-to-text, in Eclair.

Google

Android version 2.2: Froyo

Just four months after Android 2.1 arrived, Google served up Android 2.2, Froyo, which revolved largely around under-the-hood performance improvements.

Froyo did deliver some important front-facing features, though, including the addition of the now-standard dock at the bottom of the home screen as well as the first incarnation of Voice Actions, which allowed you to perform basic functions like getting directions and making notes by tapping an icon and then speaking a command.

width="700" height="532" sizes="(max-width: 700px) 100vw, 700px">

Google’s first real attempt at voice control, in Froyo.

Google

Notably, Froyo also brought support for Flash to Android’s web browser — an option that was significant both because of the widespread use of Flash at the time and because of Apple’s adamant stance against supporting it on its own mobile devices. Apple would eventually win, of course, and Flash would become far less common. But back when it was still everywhere, being able to access the full web without any black holes was a genuine advantage only Android could offer.

Android version 2.3: Gingerbread

Android’s first true visual identity started coming into focus with 2010’s Gingerbread release. Bright green had long been the color of Android’s robot mascot, and with Gingerbread, it became an integral part of the operating system’s appearance. Black and green seeped all over the UI as Android started its slow march toward distinctive design.

width="700" height="400" sizes="(max-width: 700px) 100vw, 700px">

It was easy being green back in the Gingerbread days.

JR Raphael / IDG

Android 3.0 to 3.2: Honeycomb

2011’s Honeycomb period was a weird time for Android. Android 3.0 came into the world as a tablet-only release to accompany the launch of the Motorola Xoom, and through the subsequent 3.1 and 3.2 updates, it remained a tablet-exclusive (and closed-source) entity.

Under the guidance of newly arrived design chief Matias Duarte, Honeycomb introduced a dramatically reimagined UI for Android. It had a space-like “holographic” design that traded the platform’s trademark green for blue and placed an emphasis on making the most of a tablet’s screen space.

width="700" height="638" sizes="(max-width: 700px) 100vw, 700px">

Honeycomb: When Android got a case of the holographic blues.

JR Raphael / IDG

While the concept of a tablet-specific interface didn’t last long, many of Honeycomb’s ideas laid the groundwork for the Android we know today. The software was the first to use on-screen buttons for Android’s main navigational commands; it marked the beginning of the end for the permanent overflow-menu button; and it introduced the concept of a card-like UI with its take on the Recent Apps list.

Android version 4.0: Ice Cream Sandwich

With Honeycomb acting as the bridge from old to new, Ice Cream Sandwich — also released in 2011 — served as the platform’s official entry into the era of modern design. The release refined the visual concepts introduced with Honeycomb and reunited tablets and phones with a single, unified UI vision.

ICS dropped much of Honeycomb’s “holographic” appearance but kept its use of blue as a system-wide highlight. And it carried over core system elements like on-screen buttons and a card-like appearance for app-switching.

width="700" height="533" sizes="(max-width: 700px) 100vw, 700px">

The ICS home screen and app-switching interface.

JR Raphael / IDG

Android 4.0 also made swiping a more integral method of getting around the operating system, with the then-revolutionary-feeling ability to swipe away things like notifications and recent apps. And it started the slow process of bringing a standardized design framework — known as “Holo” — all throughout the OS and into Android’s app ecosystem.

Android versions 4.1 to 4.3: Jelly Bean

Spread across three impactful Android versions, 2012 and 2013’s Jelly Bean releases took ICS’s fresh foundation and made meaningful strides in fine-tuning and building upon it. The releases added plenty of poise and polish into the operating system and went a long way in making Android more inviting for the average user.

Visuals aside, Jelly Bean brought about our first taste of Google Now — the spectacular predictive-intelligence utility that’s sadly since devolved into a glorified news feed. It gave us expandable and interactive notifications, an expanded voice search system, and a more advanced system for displaying search results in general, with a focus on card-based results that attempted to answer questions directly.

Multiuser support also came into play, albeit on tablets only at this point, and an early version of Android’s Quick Settings panel made its first appearance. Jelly Bean ushered in a heavily hyped system for placing widgets on your lock screen, too — one that, like so many Android features over the years, quietly disappeared a couple years later.

width="700" height="533" sizes="(max-width: 700px) 100vw, 700px">

Jelly Bean’s Quick Settings panel and short-lived lock screen widget feature.

JR Raphael / IDG

Android version 4.4: KitKat

Late-2013’s KitKat release marked the end of Android’s dark era, as the blacks of Gingerbread and the blues of Honeycomb finally made their way out of the operating system. Lighter backgrounds and more neutral highlights took their places, with a transparent status bar and white icons giving the OS a more contemporary appearance.

Android 4.4 also saw the first version of “OK, Google” support — but in KitKat, the hands-free activation prompt worked only when your screen was already on and you were either at your home screen or inside the Google app.

The release was Google’s first foray into claiming a full panel of the home screen for its services, too — at least, for users of its own Nexus phones and those who chose to download its first-ever standalone launcher.

width="700" height="579" sizes="(max-width: 700px) 100vw, 700px">

The lightened KitKat home screen and its dedicated Google Now panel.

JR Raphael / IDG

Android versions 5.0 and 5.1: Lollipop

Google essentially reinvented Android — again — with its Android 5.0 Lollipop release in the fall of 2014. Lollipop launched the still-present-today Material Design standard, which brought a whole new look that extended across all of Android, its apps and even other Google products.

The card-based concept that had been scattered throughout Android became a core UI pattern — one that would guide the appearance of everything from notifications, which now showed up on the lock screen for at-a-glance access, to the Recent Apps list, which took on an unabashedly card-based appearance.

width="700" height="578" sizes="(max-width: 700px) 100vw, 700px">

Lollipop and the onset of Material Design.

JR Raphael / IDG

Lollipop introduced a slew of new features into Android, including truly hands-free voice control via the “OK, Google” command, support for multiple users on phones and a priority mode for better notification management. It changed so much, unfortunately, that it also introduced a bunch of troubling bugs, many of which wouldn’t be fully ironed out until the following year’s 5.1 release.

Android version 6.0: Marshmallow

In the grand scheme of things, 2015’s Marshmallow was a fairly minor Android release — one that seemed more like a 0.1-level update than anything deserving of a full number bump. But it started the trend of Google releasing one major Android version per year and that version always receiving its own whole number.

Marshmallow’s most attention-grabbing element was a screen-search feature called Now On Tap — something that, as I said at the time, had tons of potential that wasn’t fully tapped. Google never quite perfected the system and ended up quietly retiring its brand and moving it out of the forefront the following year.

width="700" height="605" sizes="(max-width: 700px) 100vw, 700px">

Marshmallow and the almost-brilliance of Google Now on Tap.

JR Raphael / IDG

Android 6.0 did introduce some stuff with lasting impact, though, including more granular app permissions, support for fingerprint readers, and support for USB-C.

Android versions 7.0 and 7.1: Nougat

Google’s 2016 Android Nougat releases provided Android with a native split-screen mode, a new bundled-by-app system for organizing notifications, and a Data Saver feature. Nougat added some smaller but still significant features, too, like an Alt-Tab-like shortcut for snapping between apps.

width="700" height="460" sizes="(max-width: 700px) 100vw, 700px">

Android 7.0 Nougat and its new native split-screen mode.

JR Raphael / IDG

Perhaps most pivotal among Nougat’s enhancements, however, was the launch of the Google Assistant — which came alongside the announcement of Google’s first fully self-made phone, the Pixel, about two months after Nougat’s debut. The Assistant would go on to become a critical component of Android and most other Google products and is arguably the company’s foremost effort today.

Android version 8.0 and 8.1: Oreo

Android Oreo added a variety of niceties to the platform, including a native picture-in-picture mode, a notification snoozing option, and notification channels that offer fine control over how apps can alert you.

width="700" height="613" sizes="(max-width: 700px) 100vw, 700px">

Oreo adds several significant features to the operating system, including a new picture-in-picture mode.

JR Raphael / IDG

The 2017 release also included some noteworthy elements that furthered Google’s goal of aligning Android and Chrome OS and improving the experience of using Android apps on Chromebooks, and it was the first Android version to feature Project Treble — an ambitious effort to create a modular base for Android’s code with the hope of making it easier for device-makers to provide timely software updates.

Android version 9: Pie

The freshly baked scent of Android Pie, a.k.a. Android 9, wafted into the Android ecosystem in August of 2018. Pie’s most transformative change was its hybrid gesture/button navigation system, which traded Android’s traditional Back, Home, and Overview keys for a large, multifunctional Home button and a small Back button that appeared alongside it as needed.

Android 9 introduced a new gesture-driven system for getting around phones, with an elongated Home button and a small Back button that appears as needed.

JR Raphael / IDG

Pie included some noteworthy productivity features, too, such as a universal suggested-reply system for messaging notifications, a new dashboard of Digital Wellbeing controls, and more intelligent systems for power and screen brightness management. And, of course, there was no shortage of smaller but still-significant advancements hidden throughout Pie’s filling, including a smarter way to handle Wi-Fi hotspots, a welcome twist to Android’s Battery Saver mode, and a variety of privacy and security enhancements.

Android version 10

Google released Android 10 — the first Android version to shed its letter and be known simply by a number, with no dessert-themed moniker attached — in September of 2019. Most noticeably, the software brought about a totally reimagined interface for Android gestures, this time doing away with the tappable Back button altogether and relying on a completely swipe-driven approach to system navigation.

Android 10 packed plenty of other quietly important improvements, including an updated permissions system with more granular control over location data along with a new system-wide dark theme, a new distraction-limiting Focus Mode, and a new on-demand live captioning system for any actively playing media.

Android 10’s new privacy permissions model adds some much-needed nuance into the realm of location data.

JR Raphael / IDG

Android version 11

Android 11, launched at the start of September 2020, was a pretty substantial Android update both under the hood and on the surface. The version’s most significant changes revolve around privacy: The update built upon the expanded permissions system introduced in Android 10 and added in the option to grant apps location, camera, and microphone permissions only on a limited, single-use basis.

Android 11 also made it more difficult for apps to request the ability to detect your location in the background, and it introduced a feature that automatically revokes permissions from any apps you haven’t opened lately. On the interface level, Android 11 included a refined approach to conversation-related notifications along with a new streamlined media player, a new Notification History section, a native screen-recording feature, and a system-level menu of connected-device controls.

Android 11’s new media player appears as part of the system Quick Settings panel, while the new connected-device control screen comes up whenever you press and hold your phone’s physical power button.

JR Raphael / IDG

Android version 12

Google officially launched the final version of Android 12 in October 2021, alongside the launch of its Pixel 6 and Pixel 6 Pro phones.

In a twist from the previous several Android versions, the most significant progressions with Android 12 were mostly on the surface. Android 12 featured the biggest reimagining of Android’s interface since 2014’s Android 5.0 (Lollipop) version, with an updated design standard known as Material You — which revolves around the idea of you customizing the appearance of your device with dynamically generated themes based on your current wallpaper colors. Those themes automatically change anytime your wallpaper changes, and they extend throughout the entire operating system interface and even into the interfaces of apps that support the standard.

Android 12 ushered in a whole new look and feel for the operating system, with an emphasis on simple color customization.

Google

Surface-level elements aside, Android 12 brought a (long overdue) renewed focus to Android’s widget system along with a host of important foundational enhancements in the areas of performance, security, and privacy. The update provided more powerful and accessible controls over how different apps are using your data and how much information you allow apps to access, for instance, and it included a new isolated section of the operating system that allows AI features to operate entirely on a device, without any potential for network access or data exposure.

Android version 13

Android 13, launched in August 2022, was simultaneously one of the most ambitious updates in Android history and one of the most subtle version changes to date.

On tablets and foldable phones, Android 13 introduced a slew of significant interface updates and additions aimed at improving the large-screen Android experience — including an enhanced split-screen mode for multitasking and a ChromeOS-like taskbar for easy app access from anywhere.

The new Android-13-introduced taskbar, as seen on a Google Pixel Fold phone.

Google

On regular phones, Android 13 brought about far less noticeable changes — mostly just some enhancements to the system clipboard interface, a new native QR code scanning function within the Android Quick Settings area, and a smattering of under-the-hood improvements.

Android version 14

Following a full eight months of out-in-the-open refinement, Google’s 14th Android version landed at the start of October 2023, in the midst of the company’s Pixel 8 and Pixel 8 Pro launch event.

Like the version before it, Android 14 didn’t look like much on the surface. That’s in part because of the trend of Google moving more and more toward a development cycle that revolves around smaller ongoing updates to individual system-level elements year-round — something that’s actually a significant advantage for Android users, even if it does have an awkward effect on people’s perception of progress.

But despite the subtle nature of its first impression, Android 14 delivered a fair amount of noteworthy new goodies. The software introduced a new system for dragging and dropping text between apps, for instance, as well as a number of new improvements to privacy and security — including a new settings-integrated dashboard for managing health and fitness data and a more info-rich and context-requiring system for seeing exactly why apps want access to your location. And it brought about a new set of native customization options for the Android lock screen.

Android 14 includes options for completely changing the appearance of the lock screen as well as for customizing which shortcuts show up on it.

JR Raphael / IDG

Android version 15

Google technically released Android 15 in September 2024, but in an unusual twist, that was only the launch of the software’s raw source code. The new Android version didn’t show up even on the company’s own Pixel devices until just over a month later, in mid-October.

With Google increasingly offering Android enhancements outside of the formal operating system context, some of the more interesting updates in recent months are not connected directly to Android 15 itself. For instance, the Android Circle to Search system and new theft protection features have shown up throughout 2024 for devices running even older Android versions.

As for Android 15 itself, though, the update introduces a number of noteworthy new features — including a system-level Private Space option that lets you keep sensitive apps out of sight and accessible only with authentication. The software also further enhances the multitasking systems introduced in Android 13 with the new option to keep the large-screen-exclusive Android taskbar present at all times and the new ability to launch specific pairs of apps together into a side-by-side split-screen with a single tap.

Once you set up Android 15’s new Private Space feature, certain apps appear in a special protected — and optionally hidden — area of your app drawer.

JR Raphael / IDG

Beyond that, Android 15 includes a redesigned system volume panel, a new option to automatically reenable a device’s Bluetooth radio a day after it’s been disabled, and a Pixel-specific Adaptive Vibration feature that intelligently adjusts a phone’s vibration intensity based on the environment.

Adaptive Vibration and a redesigned volume panel provide welcome upgrades to the Android audio experience.

JR Raphael / IDG

Add in a new charging-time connected-device-control screen saver, a space-saving app archiving option for infrequently used apps, and a long-under-development predictive back visual that lets you see a peek at where you’re headed before you get there — and this small-seeming update is actually shaping up to be a pretty hefty update progression.

Android version 16

In a marked change from recent Android upgrade cycles, Google decided to go with two new Android versions per year as of 2025 — starting with Android 16 in the spring and then following that with another release in the fall. (It’s not entirely clear yet if the second annual update will get its own full number or act as an extension of the Android 16 moniker, but Google says it’ll be a “major” release.)

True to that promise, Android 16 catapulted into the world in early June, just before the start of summer. Somewhat confusingly, while Google has shown off or in some cases been quietly developing a slew of new features that add up to create Android’s most dramatic reinvention in ages — including a bold new design language, a smart new system for multitasking, and an ambitious desktop mode that lets you plug your phone into a monitor and use it like a computer — most of those elements aren’t included in the initial Android 16 release and will instead show up later this year.

Aside from serving as a foundation for those advances, Android 16 marks the start of Live Updates — a new type of notification designed to support persistent, ongoing alerts, similar to what Apple does with iOS’s Live Activities.

Android 16’s Live Updates system makes it easier to keep tabs on persistent, ongoing alerts such as those from delivery apps — at least, once all of those apps begin to support it.

Google

It also adds in a more advanced standard of hearing aid support that should make a meaningful difference for anyone relying on such devices. And, perhaps most significantly, it debuts a new Advanced Protection security supermode that provides a simple new single-switch way to activate a whole slew of advisable Android security settings in one fell swoop.

The Android 16 Advanced Security control panel, as seen on a Google Pixel phone.

JR Raphael, Foundry

Combined with a sprawling series of other new security strengtheners, that makes protection seem like the true centerpiece of Android 16 — for now, at least, before the rest of Google’s still-bubbling-beneath-the-surface surprises arrive.

This article was originally published in November 2017 and most recently updated in June 2025.

Kategorie: Hacking & Security

ConnectWise rotating code signing certificates over security concerns

Bleeping Computer - 10 Červen, 2025 - 23:17
ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. [...]
Kategorie: Hacking & Security

Is genAI a gateway drug to runaway costs?

Computerworld.com [Hacking News] - 10 Červen, 2025 - 22:39

As much as enterprise IT executives complain today about the sky-high cost of generative AI (genAI) model access, some fear those costs will skyrocket in the next couple of years. 

Why? The theory is that the large language model (LLM) makers will wait until their code has become such an integral part of the enterprise environment that unraveling it and starting over with a different model will be cost-prohibitive. Once that happens, genAI firms will pretty much have their customers over an LLM barrel.

Manuel Kistner, the CEO of software development group New Gravity, recently wrote on LinkedIn about those potential genAI price hikes.

“Remember when Uber rides cost $3 across town? When they threw promo codes at us like confetti? Venture capital was bleeding money to get us addicted to convenience. Then the subsidies stopped. That $3 ride became $25, then $100. We were hooked, so we paid. AI is following the exact same playbook, and the signs are everywhere,” Kistner wrote. “Look at enterprise software pricing. Salesforce charges $300/user/month. Adobe Creative Suite went from $50/month to $600/year per license. These companies price based on value delivered, not development costs.”

New, improved — and pricey

Others echo the point. Dev Nag, the CEO of QueryPal, said recent IT industry history suggests that any technology that is sufficiently different — and delivering materially better value — can obliterate pricing expectations.

“When Netscape tried to charge for browsing, Microsoft answered with a free Internet Explorer and the price of web navigation never recovered,” Nag said. “Chrome later cemented the zero-dollar norm. Let’s Encrypt vaporized the certificate market so completely that 300-dollar SSL fees are now folklore. Skype wrecked international-calling tariffs by moving minutes onto IP, flipping the surplus to consumers in a single release cycle. Smartphones then did the same to point-and-shoot cameras, slicing shipments from 109 million units in 2010 to under 2 million in 2023, while photo taking surged. Each case shows that once a digital good can be cloned at near-zero marginal cost, the lion’s share of value sticks to users.”

Aaron Cohen, an AI consultant, offered his own examples. “Think about Amazon. Is shipping for free and not making a profit still happening?  No, they changed certain practices,” Cohen said. “Expect different pricing models. Like Uber, expect surge pricing for AI.”

Cohen argued that this problem is almost certainly going to get worse. “As the models get better, the dependency will get worse and the prices will eventually be, well, they are going to be stuck with a very large bill,” he said. 

The sad reality is that there are two mostly unrelated issues going on here, both of which could deliver even more stratospheric genAI price issues for very different reasons. 

The old vendor lock-in game

The first issue is good, old-fashioned vendor lock-in. GenAI companies are pushing these models globally, urging every business unit to use it in a variety of ways. Let’s say an enterprise has mainly invested in a language model from just one company, say, maybe AWS, Google or OpenAI. Imagine how disruptive and expensive it would be to reverse that decision in two years if prices rise. (And since most companies are already using multiple models, doesn’t that make tossing everything overboard if prices jump even more complicated?)

The second issue is value pricing, where model makers start to charge based on the value delivered. 

Some have argued that any big price increase won’t happen — at least not to an overly painful extent — because of the large number of genAI competitors. That might be true now, but it won’t be true forever. GenAI consolidation is inevitable. Still, even consolidation will likely leave a good handful of viable players.

But the competition factor only influences the second issue, the value pricing one. It does nothing to help a company that went almost all-in on one model maker.

The vendor lock-in is more than end users relying on a model and the code being deeply embedded in your systems. Your team will have by then spent a massive amount of money fine-tuning those models and feeding it your company-specific data.

That combination is likely to mean vendor lock-in. But there are steps companies can take now to reduce the chance that any one genAI firm could soon hold you hostage for whatever price hike they feel like imposing.

“It’s similar to what the old mainframe timeshare model was in that they are renting not owning. [IT is] literally stuck paying token charges in perpetuity. It’s absolutely insane,” said Stephen Klein, CEO of Curiouser.AI. “It would be just as easy to implement an agnostic, multi-LLM model or, even better, open source [option] that (IT) can own. The problem is that open source is kind of like buying furniture from Ikea. It needs assembly and fine tuning.”

Klein’s point is valid, but enterprises are already doing a lot of assembly and fine tuning. That is a big part of what is going to create the lock-in problem.

Could competition keep prices in check?

Not everyone fears big price hikes. Take James Villarrubia, for example. Until May 30, Villarrubia was a head of NASA digital innovation and AI, serving as a presidential innovation fellow for a NASA unit called the Convergent Aeronautics Solutions Project

Villarrubia said he doesn’t see any upcoming pricing changes as being materially different from what IT experienced in the past. “This does not strike me as any different than the panic we saw during early cloud migration,” Villarrubia said, when feared price hikes never materialized. 

One reason he’s sanguine about pricing involves the way many genAI vendors have been interacting with each others’ systems.

Enterprises have been “designing their systems to be linked to tools in the lightest way possible,” Villarrubia said. GenAI vendors “were all so desperate to get in on OpenAI business that they were using an OpenAI-flavored API. That made swapping way cheaper.”

Also, Villarrubia argued, the extensive fine-tuning that enterprises are doing will also not likely lock them into any one model. Most are “going straight to a core model” such as Meta’s LLama 4, Villarrubia said. 

“I see the [customized] fine tuning tasks significantly dropped from where it was a year ago,” he said — mostly because Meta made Llama more open, basically telling IT to use it to do model fine-tuning.

“I don’t see a deep monopolistic play yet,” Villarrubia said. “The vendor lock-in is not the thing I see driving up costs. When the new models come out, that is when prices will increase.”

Even then, he doubts price hikes will be unreasonably large because model makers will very much want to encourage upgrades.  “It simplifies their architecture,” Villarrubia said.

Some have suggested trying to negotiate longer-term contracts — such as five-year agreements — to avoid exposure to unlimited price hikes. But Villarrubia questions whether that makes business sense.

“A five-year contract seems insane for products that haven’t been on the market for five years yet,” he said. 

Kategorie: Hacking & Security

New Secure Boot flaw lets attackers install bootkit malware, patch now

Bleeping Computer - 10 Červen, 2025 - 22:02
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. [...]
Kategorie: Hacking & Security

WWDC: What we know so far about Apple’s Liquid Glass UI

Computerworld.com [Hacking News] - 10 Červen, 2025 - 20:51

At WWDC 2025, Apple changed how we interact with our devices with the introduction of a new user interface it calls Liquid Glass. Apple CEO Tim Cook described it this way: “Expressive. Delightful. But still instantly familiar.”

First appearances matter, and what Apple has tried to achieve with Liquid Glass is to bring together the optical quality of glass and the fluidity of liquid to emphasize transparency and lighting when using your devices. It’s a move away from the flat UI we’ve become accustomed to and is supported by tweaks across the operating systems. That means elements that were rectangular, such as tool bars in apps, have been redesigned with rounded corners.

[ Related: Apple WWDC 2025: News and analysis ]

Apple is also maximizing content displayed on-screen through translucent tool bars with groups of dynamic controls to allow for easier navigation across apps.

Apple’s design teams were given rare permission to break cover following the introduction. One Apple Human Interface designer explained that the work was the product of an army of designers and engineers, explaining: “We’re designing it to bend and shape light while feeling like an elastic, flexible material that can dynamically shape shift, to make apps feel fluid and organic.”

What people are saying about Liquid Glass

While reality-distorting Apple critics seem to want to compare Apple’s design to Microsoft Vista’s failed attempt to emulate Mac OS X’s Aqua interface, more serious insight is emerging from across the industry, with the consensus quite positive. 

Anastasiia Satarenko, senior design researcher at technological R&D center MacPaw, told me: “The ‘Liquid Glass’ concept combines fluidity and dynamic motion to present a subtle beauty that mimics water; when static, it may be a bit unassuming, but it really shines when it’s in motion.”

Satarenko also noted: “They’re working to build off of the Vision Pro/visionOS and incorporate it into all their products to finally reconnect the user interface again. This decision makes total sense, and it was just a matter of time before they implemented it. Also, this update makes it simpler to incorporate any apps into the Vision Pro, as the software will already be designed for it.”

Morgan Stanley analyst Erik Woodring put it this way in a statement to Computerworld: “Apple’s broad OS redesign across platforms simplifies the UI and makes for a more unified experience…, which enhances the ecosystem experience. Overall, these enhancements remind us of old WWDC’s and highlight Apple’s innate attention to detail.”

Apple

Despite the plaudits, there have been criticisms around readability, particularly when the UI is set to its most translucent mode.

“It’s hard to read sometimes,” said designer Allan Yu, “I think because they’ve set it to be a little too transparent.” Apple will almost certainly address these criticisms before it arrives in final form on various operating systems. (It’s currently only available in early developer betas.) To my eyes, Liquid Glass is a particular problem in Control Center; Apple may need to make everything underneath the controls more opaque.

Apple So just what is Liquid Glass?

It is important to stress that Liquid Glass will be deployed across all Apple devices, from Macs, iPhones, and iPads, to Apple TV and even Apple Watch. In use, the new interface elements are both translucent and dynamic, giving you the impression that your device is made of liquid, not metal and glass. It delivers a graphics-rich environment made possible by the power of Apple Silicon, which has the power to run it.

Like glass, you’ll find the color of interface elements is informed by the content it surrounds or sits above. Apple calls some of this “lensing” — the ability to dynamically bend and shape light to reflect what you’re working with. “Liquid Glass objects materialize in and out by gradually modulating the light bending and lensing, ensuring a graceful transition that preserves the optical integrity of the material,” Apple said in a statement.

You’ll see interesting specular highlights and on-screen physics in action; some elements seem to bounce, others like to reflect light, and all these interactions are rendered in real time.

The new UI also makes demands of the elements used most — buttons, switches, text, media controls, as well as tab bars and sidebars — all have been tweaked for the new design paradigm. In part, this means all those elements become concentric, with the rounded corners of Apple’s hardware and app windows.

Controls are somewhat nested; they sit on a functional layer above the apps and morph into other controls as you seek them. They are also grouped within the interface; in one example, the Apple Music volume slider pops up above the content browser.

Also, when you scroll, you’ll find tab bars and sidebars work differently; tab bars shrink so they get out of the way of the content, while sidebars have been designed to feel more contextual to the content you’re viewing.

To get a sense of how this all fits together, Apple took pains to show how the time clock now fluidly adapts itself to fit behind the subject of a photo if you use an image as a wallpaper on your iPhone’s Home screen. Apple has done detailed work here — even the San Francisco typeface now dynamically scales the weight, height, and width of each character to fit the scene.

What about developers?

As you’d expect, Apple put together extensive information to help developers deploy Liquid Glass in their apps and created new APIs for use in SwiftUI, UIKit and AppKit. And while some developers will likely lag behind as they always do, most will be able to relatively easily refresh the design of their apps for the new UI.

Apple

One new tool is Icon Composer, a tool with which to create Liquid Glass icons that render in the different looks the UI supports – light, dark, tinted, and clear.

Making sure apps properly support the subtle nesting within the new UI is a task in itself. Apple’s guidelines advise developers to think about a clear hierarchy of interface elements in order to make it easy for users to get to the element they require. Apple is also pushing developers to craft their apps to better reflect the rounded corners on its hardware and software and to rigorously adhere to the new platform conventions.

While it will take time for Apple users and developers to become fully accustomed to using Liquid Glass, the interface is quite beautiful, and lends itself for use across all manner of hardware and software devices. That makes it an appropriate change as Apple prepares for another decade of product design.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Kategorie: Hacking & Security

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps

The Hacker News - 10 Červen, 2025 - 20:29
Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager (AEM). Of the 254 flaws, 225 reside in AEM, impacting AEM Cloud Service (CS) as well as all versions prior to and including 6.5.22. The issues have been resolved in AEM Cloud Service Release 2025.5 and version 6.5.23. "Successful Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

The Hacker News - 10 Červen, 2025 - 20:04
Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. "Low-code platforms such as Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah