Search results for: iOS

Never underestimate an operating system update from any mobile phone manufacturer. This week, Apple issued iOS 18.5 which provides enhancements to the user experience, but also fixes bugs and flaws.

This update fixes over 30 security bugs. The sooner you update to the new version, the better from a security standpoint. The security flaws that the patch responds to includes known and unknown vulnerabilities and zero-days that may or may not be exploited in the wild.

If you haven’t updated to iOS 18.5, plug your phone in now and install it as soon as possible. Not only for the enhancements, but most importantly, for the bug fixes. If you don’t have your phone set to automatic installation, you may wish to add that feature in your setting, as that is a good way to stay on top of new releases in a timely manner.

We have noted before how important it is to update the operating system (OS) on your mobile phone as soon as you receive notice from the manufacturer. This week, Apple issued an update to the iOS that is considered urgent.

Apple released two patches this week to address two security vulnerabilities in iPhones, including to protect against Pegasus spyware and WebKit, which is related to how Safari is displayed on screens.

The first patch aims to prohibit a zero-click exploit that launches code in iMessage that allows spyware to be deployed and used against users. This vulnerability is concerning because it does not require the user to open a link for the malicious code to be deployed and have access to the mobile device.

The second patch is designed to fix a vulnerability discovered by a security researcher, which allows threat actors to use malicious web content to exploit iPhones and iPads.

Message today: UPDATE YOUR iPHONE OPERATING SYSTEM ASAP. To do so, plug in your phone, go to Settings, click on General, then click on Software Settings and download iOS 14.8.

If you are on top of updating your iPhone patches when a new operating system is released by Apple, you probably updated your iOS to version 14.5 when Apple released it last week. However, even if you did update last week, it is important to update again this week to iOS 14.5.1, which Apple released on Monday. If you didn’t upload 14.5 last week, that’s even more reason to update to 14.5.1 now.

iOS 14.5.1 specifically addresses security vulnerabilities that Apple has stated could give hackers the ability to execute arbitrary code on user’s phones. Apple says that because it is aware that the vulnerabilities are being exploited by hackers, it issued the patch. It is urging users to update to 14.5.1 as soon as possible to avoid becoming a victim.

It is always important to update software when a manufacturer releases a new version, so any vulnerabilities can be patched. That is the most important part of updating the software, even though you might also get some new features. Updating to iOS 14.5.1 is easy. Plug in your phone, go to settings, then to the General tab, then to the software update tab and select download and install. The same can be done for your iPad. I updated mine last night, and you may wish to consider doing the same.

Apple has pushed an update to iOS 11.2 to its users. Users should consider pushing any updates that are recommended by the manufacturer, as there is usually a reason behind the update, and many times it is to fix a vulnerability. This is true with the most recent update to iOS 11.2.

A vulnerability in HomeKit was recently discovered that allows unauthorized individuals (i.e., hackers) to control IoT capabilities, such as smart locks, garage door openers, lights, thermostats and plugs through the HomeKit platform. This means that when you are able to remotely activate the security system in your residence or open and close your garage door with your smartphone, a vulnerability allows an unauthorized person to be able to do that remotely. This is an obvious concern for personal safety.

The vulnerability is reported to only affect the HomeKit framework, not all IoT smart products. Apple has fixed the vulnerability in the most recent update to iOS 11.2, but it is only fixed if the update to iOS 11.2 is pushed by the consumer. So if you use the HomeKit framework, be aware of the vulnerability and consider accepting the fix.

Earlier this year, an affiliate of the hedge fund Standard General LP assumed more than 1,700 RadioShack® store leases in an auction sale in the electronics retailer’s bankruptcy. Standard General reportedly plans to partner with Sprint® to open stores within more than 1,400 of these RadioShack locations. Sprint branded mobile devices, including Boost® and Virgin Mobile®, will be sold by Sprint employees in the Sprint stores within the RadioShack stores. The storefronts and promotional materials will bear the Sprint brand, but the locations will also carry some other historical RadioShack products, services and accessories.

In addition to its store leases, RadioShack’s assets included its name and other IP assets, as well as a substantial amount of personal information collected from millions of consumers prior to the bankruptcy. This personal information includes names, addresses, telephone numbers, email addresses, and records of purchased items. In a second bankruptcy court auction, which was approved by the bankruptcy court on May 29, Standard General paid $26.2 million for these assets.

Yesterday, the bankruptcy court approved the sale over the objections of several parties, including the Federal Trade Commission (FTC) and third party manufacturers Apple and AT&T who sold products to the bankrupt retailers. The approval also came after RadioShack successfully negotiated a settlement with several state attorneys general to limit the buyer Standard General’s access to (i) RadioShack customer email to the last two years, and (ii) other RadioShack customer information to only 7 of 170 fields of data collected by RadioShack.

The FTC’s objection was made to the court-appointed consumer privacy ombudsman in the RadioShack bankruptcy. Specifically, the FTC’s letter alleged the sale of personal information constitutes a deceptive practice because in its privacy policy, RadioShack promised never to share the customer’s personal information with third parties. In its letter to the RadioShack ombudsman, the FTC requested that the Toysmart case precedent be followed to (i) prohibit the sale of personal customer information as a standalone asset; (ii) restrict any sale of such information only to a third party who is in the same business as RadioShack, and who agrees to be bound by and follow the terms of RadioShack’s privacy policies as to the acquired information and (iii) to obtain affirmative consent from consumers for any material changes to the applicable privacy policy. Alternatively, the FTC stated that the debtor could seek its customers’ affirmative consent to the transfer of data, and the information could be purged if customers did not grant consent.

In addition to the objections by the FTC and state attorneys, the RadioShack bankruptcy court heard but rejected separate objections by wireless carrier AT&T and device maker Apple. The companies claimed that they, and not RadioShack, owned and therefore controlled the personal consumer information collected from sales of their respective products at RadioShack. In the case of AT&T, if a consumer purchased an AT&T product at RadioShack, AT&T claimed ownership of that consumer’s personal information (not simply the transaction information) and wanted it withheld from the sale to Standard General. Similarly, in Apple’s motion, Apple claimed its reseller agreement with RadioShack provided that it owned all information it collected from its end users, including their identity. As such, Apple claimed ownership of the personal information related to any purchase of an Apple product at RadioShack and requested it be withheld from any sale. AT&T and Apple both expressed concern about protecting consumers’ privacy in their motions. Neither address whether RadioShack’s privacy policy adequately disclosed to RadioShack consumers that their personal information collected as part of the purchase of certain products at RadioShack would be owned and controlled by third party manufacturers, such as AT&T or Apple. Additionally, the fact that Sprint, a competitor of Apple and AT&T, is partnering with the potential acquirer of the personal information was likely a factor in Apple and AT&T challenging the transfer.

RadioShack claimed segregating this customer information was not done initially and therefore would be difficult if not impossible to do now. The RadioShack court ultimately approved the sale, and ruled against the FTC, AT&T, Apple and RadioShack customers.

See In re RadioShack Case No. 15-10197 (BLS).

Uncertainty will hang over the upcoming bankruptcy auction of RadioShack’s intellectual property, franchise infrastructure, and customer data pending resolution of an ongoing struggle between RadioShack and several states’ attorneys general concerning the proposed sale of customer data. As previously reported, RadioShack plans to auction personally identifiable information (PII) collected from more than 70 million customers. The State of Texas (joined formally or informally by 35 other states) objected to the  sale citing several of RadioShack’s own privacy policies which prohibited the sale of PII. RadioShack withdrew the PII from its prior auction, but has scheduled a new auction which would include PII.

In light of the prohibitions in RadioShack’s privacy policies, Texas has argued that the sale of PII runs afoul of section 363(b)(1)(B)(ii) of the Bankruptcy Code because it “would violate applicable non-bankruptcy law” and Texas’s Deceptive Trade Practices Act. Broadcasting a clear signal that it will continue to press its objection to the sale of PII, Texas unsuccessfully asked that the bankruptcy court require bidders to allocate their proposed purchase price for the PII so that judicial disapproval of the transfer of PII will not necessarily unravel the totality of a bid for RadioShack’s other assets.

The bankruptcy court’s order establishing bid and sale procedures indicates that RadioShack will engage in post-auction mediation with Texas and any successful bidder for the PII (if the bidder is willing to mediate). The order also sets dates for depositions concerning the sale of PII telegraphing that the fight over the issue will continue should mediation fail. Objections to the sale of PII are likely to be heard at the bankruptcy court’s May 20, 2015, hearing to consider and approve a sale to the high bidder, so stay tuned.

ShinyHunters continues to wreak havoc against well-known brands; most recently, Wynn Resorts. Wynn Resorts has confirmed that “an unauthorized third party acquired certain employee data.” It is believed that the threat actor was ShinyHunters. Fortunately for Wynn, the incident is not affecting its operations, and its resorts remain fully functional.

ShinyHunters announced it was the culprit on its leak site on February 20, 2026. It alleges that it stole more than 800,000 records, including Social Security numbers. Wynn was removed from the site four days later, and reported that “the unauthorized third party has stated that the stolen data has been deleted.”

Wynn has confirmed that it will be offering credit monitoring and identity protection services to affected employees.

Wynn is not alone in being a target of ShinyHunters. It is reported that over 100 organizations have been successfully attacked through vishing attacks and compromised single sign on credentials by ShinyHunters.

The techniques used by ShinyHunters and other threat actors using vishing campaigns are relevant and provide strong current scenarios to warn employees through education and training, and to use for cybersecurity tabletop exercises.

If you are among the one billion individuals who own an Android device running on Android 12, or a previous iteration of the operating system, now is the time to consider upgrading your device. According to Forbes, this represents approximately 40% of all Android devices in the market.

Google has issued a warning that any Android device running the Android 12 operating system or older are no longer supported with patches or updates for vulnerabilities. This means that any Android 12 or older is at risk of compromise through spyware or malware attacks. The newest software patch is version 16. If your Android phone is not running version 16, it is out of date.

Whatever device you own, it is critical to update to the newest software to protect against known vulnerabilities. As pointed out before, as soon as your device manufacturer issues a patch, it is critical to apply the patch as soon as possible as the patch is designed to mitigate critical vulnerabilities. To read our previous posts about iOS software updates, click here.

Patch, patch, patch. If your device doesn’t support the newest patch, it’s time to invest in a new one.

Artificial intelligence (AI) makes it easy to create, remix, and distribute content at scale, and that speed is a significant part of its value. It is also where intellectual property (IP) risk can creep in. That risk is not limited to the end user generating an AI output. It can also extend to the companies that build the tool, host it, integrate it into other products, or deploy it for customers.

A useful legal reference point is MGM Studios Inc. v. Grokster, Ltd., 545 U.S. 913 (2005), a seminal case on secondary liability. Grokster distributed peer-to-peer software with lawful uses, but the case turned on whether the company encouraged infringement. The Supreme Court focused on inducement, finding that even if a product can be used for legal purposes, a company can still face secondary liability if its messaging, product choices, or business model appear designed to drive impermissible infringement.

That idea carries over to AI models today, which can be general purpose, but disputes often turn on what the product is steering users to do. Then, once credible warning signs appear, attention shifts to how the company responds.

If you are assessing how an AI secondary liability claim might be framed, consider these questions.

  • What are we encouraging, even indirectly? Marketing copy, tutorials, example prompts, and default workflows can read like a “how-to” guide. If templates aim for near replicas of branded characters, a plaintiff may argue the product is being sold with infringement in mind.
  • Can we tell a strong lawful-use story? “Substantial non-infringing use” matters most when it is real and central to the product. A tool used primarily for internal drafting, meeting summaries, and transforming a company’s own materials is easier to defend than a tool whose primary intended workflow is rewriting paywalled articles.
  • What do we know, and when did we know it? Credible notices, repeated complaints, and internal metrics that point to obvious infringement patterns can make a lack of knowledge argument hard to sustain. After a certain point, inaction can start to be perceived as a decision in itself.
  • How much control do we have, and are we monetizing the risk? If you can supervise use through accounts, moderation, or termination rights, and you profit directly from high-volume usage, claimants may argue you had both the ability to intervene and a financial incentive not to.

To maintain the most defensible posture, companies should maintain documented, repeatable governance across the AI lifecycle, including training data traceability, policies for customer fine-tuning on third party content, monitoring for output patterns that suggest replication, and a clear process for handling repeat users who push high-risk requests. Product features, contract language, and marketing materials should also be aligned so your claims about the tool match what it actually does. The goal is to be able to show that you anticipated foreseeable risks, made reasonable design and operational choices to mitigate them, and improved based on what you observed in production.

While the disruptive potential of generative AI in legal services dominates headlines, the real story lies with the individuals making that transformation possible. For in-house legal teams and law firms facing rapid shifts in regulation and technology, upskilling has evolved from a competitive advantage into the foundation of any successful AI strategy.

Technology Isn’t the Barrier, Preparation Is

With the rapid integration of generative AI into the legal field, one pattern has become clear: the real determinant of progress isn’t the technology itself, but whether teams are genuinely equipped and empowered to use it.

Some of the most inventive and impactful GenAI applications have emerged not just from data scientists or IT specialists, but from legal analysts, project managers, client-facing teams, and graphic designers. Increasingly, lawyers in law firms are also pioneering new uses for GenAI, developing advanced research workflows, streamlining case management, and automating aspects of due diligence.This demonstrates that innovation can originate from any corner of the organization.

These experiences have reinforced an important lesson: generative AI is not a substitute for expertise, it’s an amplifier. However, that amplification is only possible when you give equal priority to developing the people at your organization as you do to advancing your technology.

Why Legal Ops Must Lead the Charge

Many in the legal field understand that GenAI has the potential to boost productivity, streamline routine work, and speed up decision-making. Yet, it’s common to see upskilling pushed off to IT or postponed until after new tools are in place, which can be a misstep that can undermine long-term success.

Legal operations teams and law firm lawyers are particularly well-suited to lead GenAI adoption thanks to their cross-functional insight and ownership of key processes. Law firm lawyers from associates to partners are uniquely positioned to integrate AI into daily practice, given their deep understanding of client needs, matter management, and legal research. Their direct involvement in client services makes upskilling pivotal for both innovation and competitive differentiation. For upskilling to truly make an impact, it must be embedded in the team’s daily workflows, communication, and problem-solving, not treated as an afterthought.

Who Should Be Upskilled First?

It’s easy to assume that GenAI training should target the most technically oriented roles, but true value emerges from those who are deeply familiar with core business challenges, not just the technology itself.

Within legal departments and practice groups, consider prioritizing:

  • Legal operations professionals: They serve as vital connectors among legal, compliance, and business teams.
  • In-house counsel: Particularly those engaged in contracts, litigation strategies, or regulatory matters.
  • Law firm attorneys: Lawyers at all levels, including associates, counsel, and partners, can drive meaningful improvements in client service, litigation preparation, document review, and negotiations by harnessing GenAI capabilities.
  • Business stakeholders: Individuals who work closely with legal and can readily identify areas where automation could make a difference.

Ultimately, focus on team members who grasp the intricacies of your processes and pain points, and who have the curiosity to explore new solutions.

What Legal Professionals Need to Learn

Upskilling for GenAI doesn’t mean transforming lawyers into coders; it’s about equipping them with new ways to communicate and analyze information. Legal teams should concentrate on four foundational areas:

  • Prompt engineering: Learning to design precise, targeted prompts is a practical skill that significantly improves the relevance and accuracy of GenAI-generated results.
  • Responsible AI usage: Teams must know how to use GenAI within ethical, legal, and compliance frameworks, addressing issues like confidentiality, bias, and transparency.
  • Domain-contextual analysis: Exercising legal and business judgment when interpreting GenAI outputs is what distinguishes valuable insights from potential missteps.
  • Leveraging AI: For law firm lawyers, gaining confidence in leveraging GenAI for research, drafting, and advisory roles is especially critical. This includes understanding both the capabilities and current limitations of AI-powered legal tools specific to their practice areas.

Building proficiency in these areas enables legal professionals to adapt quickly and remain effective as technology continues to evolve.

Best Practices for Sustainable Upskilling

Change fatigue is a genuine challenge. To overcome it, training should prioritize ongoing, structured support rather than isolated, one-off sessions.

Consider these best practices:

  • Begin with guided pilots: Let teams test GenAI tools within real workflows, enabling safe experimentation and quick identification of value.
  • Customize by role: Different positions require distinct learning approaches, analysts benefit from scenario-based practice, while leadership may need governance and risk-focused sessions.
  • Practice based: For law firm lawyers, practice area-based workshops and real case simulations can enable more relevant, hands-on learning.
  • Highlight early successes: Sharing quick wins builds enthusiasm and demonstrates the practical relevance of GenAI initiatives.
  • Encourage experimentation: Recognize that not every trial will be a success. Frame upskilling as a continuous process, fostering an environment where learning and innovation are ongoing.

People Drive Progress—Not Tools

The results speak for themselves: teams that invest in upskilling are more productive, more engaged, and more likely to remain with the organization. When employees are encouraged to collaborate with AI, rather than worry about being replaced, they become enthusiastic participants in shaping what’s next.

As legal workloads and complexity continue to grow, GenAI provides an unparalleled set of tools for driving innovation. Yet, real transformation happens because of people, not just technology. The organizations that view talent development as a strategic priority will be the ones to shape the future of the legal profession.

The legal profession, both in law firms and in-house, stands at an inflection point: the degree to which lawyers are enabled and empowered to use generative AI will directly influence client value, firm culture, and long-term relevance.

Generative AI isn’t here to eliminate jobs, it’s here to redefine how work gets done. But to unlock its full potential, your team, from legal operations to law firm partners, must be empowered to lead the charge.