Software Bugs Monthly Digest – November 2022
Software development is a complex process. It is almost impossible to avoid mistakes along the way. Some of them are critical, others can be easily fixed. In our November bug digest, we featured both of these types. Let’s see who was caught by our bug radar this month.?
iPhone's first glitches appear a month after release
We are kicking off our monthly bug digest with Apple. Just a week after the new iPhone 14 Pro was released, some owners reported that their phone camera started shaking when they used TikTok, Instagram, and Snapchat. Users shared some videos of this defect, followed by audible grinding sounds. However, if you use the built-in camera, it works perfectly.
Apple were fast with a response. They reported that the problem was caused by the software issue, not third-party applications. Company representatives promised the issue would be fixed the next week after the first accident happened. However, Apple did not explain exactly what caused the error and why some users encountered this problem while others did not.
Let's hope that it was the only glitch in the new iPhone and that all users will be satisfied with their gadgets. This situation is a wake-up call for all mobile developers out there – remember to test your phones/apps on real devices to ensure they work well when connected with third-party software.?
Oculus founder claims he made a VR headset that actually kills you if you die in a game
Palmer Luckey, the virtual reality firm Oculus’ founder, claims he created a headset that kills you in real life if you die in a game. He says that the inspiration behind this “special-featured” gadget came from Sword Art Online. This is the Japanese anime in which players are trapped in an online role-playing game where death in the game means death in the real world because of the killer “NerveGear” headset they wear.
“The idea of tying your real life to your virtual avatar has always fascinated me – you instantly raise the stakes to the maximum level and force people to fundamentally rethink how they interact with the virtual world and the players inside it,” Luckey wrote in his recent blog post.
Fortunately, the headset has not been tested yet. Even Luckey says he lacks the courage to check if the headset works correctly (we believe you, Palmer). He also cautioned that his new system isn’t perfect and a “huge variety of failures could occur and kill the user at the wrong time”.?
We hope that no one will ever test if this gadget works as planned. Maybe the next Oculus device will be less dangerous, for example, a headset that turns all your in-game assets into real-life stuff. Luckey, if you read this, contact us, our QA engineers will be happy to test this feature!?
A researcher received a $70,000 bounty for an Android lock screen bypass bug
Let's move on to some good news from Google. For privately reporting an accidental Android lock screen bypass bug, Google has paid a security researcher $70,000. Nice one!
The lock screen bypass bug is referred to as a local escalation of privilege bug. It enables unauthorized access to unlock Google Pixel phones without having the passcode while the device is still in the user’s hand.
The bug was detected by David Schütz, a researcher based in Hungary. He found that anyone with direct access to a Google Pixel phone could switch in their own SIM card and enter the device’s pre-programmed recovery code to get around the lock screen security measures of the Android operating system.
Google reacted fast – they rewarded David with a $70,000 bounty and provided a security update that ultimately resolved the Android lock screen bypass bug.?
Everyone makes mistakes, even such pros as Google. But it is great they have resolved the issue pretty quickly. Another reminder to test the app thoroughly before its release.??
The stolen data of 5.4 million Twitter users have been leaked online
Another month, another data leak. This time, Twitter makes the news. According to? bleepingcomputer.com, over 5.4 million Twitter user records containing non-public information were stolen and shared for free on a hacker forum.
The story began a year ago. The hacker detected a vulnerability in Twitter API that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID. He used this issue to steal user data. On November 24th this year, the 5.4 million Twitter records were shared for free on a hacking forum.
These records contain either a private email address or phone number and public scraped data, including the account's Twitter ID, name, screen name, verified status, location, URL, description, follower count, account creation date, friends count, favorites count, statuses count, and profile image URLs.?
As this data can be potentially used for phishing attacks to gain access to login credentials, it is essential to scrutinize any email that claims to come from Twitter. So if you receive a letter saying your account was suspended or there are login issues, and it prompts you to login on to a non-Twitter domain, ignore the email and delete it as this is likely a malicious attempt.??
Let’s wrap up
We hope you enjoyed QATestLab's monthly bug digest. It was loaded with some critical bugs – some led to the loss of user data, while others had a happy end. Which lesson can be drawn from these stories? It is essential to start testing software products as soon as possible while defects are still easy to fix without severe consequences.?
If you need any QA assistance, we will be happy to help. Get in touch with us and let our experienced team take a look at your software. You can rely on us to identify the most important issues and make sure your product does not make it to any bug digests.