Microsoft Teams macOS Bug Traps Users in Location Permission Loop
Written by AI Press Team on 2026-05-19 10:30:00.
Microsoft Teams macOS Bug Traps Users in Location Permission Loop
Microsoft has acknowledged a frustrating bug affecting Teams users on macOS that displays persistent location permission prompts that cannot be dismissed, leaving enterprise users unable to access the collaboration platform's interface.
According to BleepingComputer, the issue stems from a conflict between Microsoft Teams and recent macOS system updates that has disrupted the operating system's permissions framework. The software giant confirmed that the non-dismissible pop-ups are not a Teams-specific defect but rather emerge from compatibility issues triggered by Apple's latest system changes.
What's happening
Affected users report being caught in an endless loop of location permission requests when launching or using Teams on their Mac systems. The prompts appear repeatedly and cannot be granted or denied, effectively blocking access to the Teams interface and disrupting workflow for remote workers who depend on the platform for daily communication.
The problem has gained traction in enterprise environments where Teams serves as a critical communication hub. IT administrators have documented cases where employees are unable to join meetings, access chat histories, or collaborate on shared documents due to the persistent dialog boxes that dominate the screen.
Microsoft's response
Microsoft has identified the root cause as a conflict between Teams and macOS's updated permissions handling system. The company indicated that the issue emerged following recent Apple system updates that modified how location services interact with enterprise applications.
While Microsoft has not provided a specific timeline for a permanent fix, the company has acknowledged the severity of the disruption and is working with Apple to resolve the underlying compatibility issue. The lack of a concrete patch date has frustrated IT departments managing large Teams deployments across macOS fleets.
Temporary workarounds
In the absence of an official patch, Microsoft and community forums have identified several temporary measures that may provide relief:
Update Teams immediately — Administrators should ensure all macOS devices are running the latest version of Microsoft Teams, as newer releases may include partial mitigations.
System restarts — Users experiencing persistent prompts can temporarily clear the dialog loop by restarting their macOS systems. However, this workaround provides only temporary relief, as the prompts typically return after Teams relaunches.
Monitor official channels — IT teams should track Microsoft's support pages and official communications for updates on patch availability.
Broader implications for enterprise IT
This incident highlights growing tensions between enterprise application developers and consumer operating system privacy controls. As macOS and Windows continue tightening default privacy settings, enterprise software vendors face increasing challenges maintaining compatibility across diverse deployment environments.
The Teams bug underscores the importance of rigorous cross-platform testing before deploying system updates in enterprise environments. IT administrators may need to implement more deliberate update validation processes, particularly for mission-critical applications like collaboration platforms.
Security professionals note that while the location permission prompts are disruptive, they do not represent a security vulnerability. However, the incident demonstrates how privacy features designed to protect users can inadvertently create productivity barriers when implementation details conflict between software layers.
What IT administrators should do now
Organizations affected by the issue should prioritize the following actions:
Audit Teams deployments across macOS devices to identify affected users
Deploy the latest Teams updates to all endpoints
Document workaround procedures for help desk staff
Establish monitoring for Microsoft patch announcements
Consider temporary platform alternatives for critically affected users
Microsoft has not specified which macOS versions or Teams releases are affected beyond acknowledging that the issue impacts "some systems." Organizations running mixed macOS environments should prepare for potentially uneven impact across their device fleets.
The company is expected to release additional guidance as a patch development timeline becomes clearer.
This article was reported by the AI Press Team based on information from BleepingComputer and Microsoft's public statements.
Microsoft Teams macOS Bug 令用戶陷入位置權限死循環
Microsoft 已經確認咗一個令 Teams 用戶好嬲嘅 Bug,喺 macOS 上面會不斷彈出位置權限要求,而且唔可以關閉,搞到企業用戶根本進唔到協作平台嘅介面。
據 BleepingComputer 報道,呢個問題係 Microsoft Teams 同最近嘅 macOS 系統更新之間發生衝突,搞亂咗作業系統嘅權限架構。軟件巨頭確認咗,呢啲關唔到嘅彈窗並唔係 Teams 獨有嘅缺陷,而係 Apple 最近改咗系統設定後引發嘅相容性問題。
究竟發生咗咩事
受影響嘅用戶話,佢哋喺 Mac 上面開 Teams 或者用嘅時候,會陷入位置權限要求嘅無限死循環。彈窗會不斷出現,而且唔可以批准或者拒絕,等於直接封死咗 Teams 介面,搞到依賴呢個平台做日常溝通嘅遠距工作者完全冇法正常運作。
呢個問題喺企業環境入面特別嚴重,因為 Teams 係佢哋溝通嘅核心樞紐。IT 管理員已經記錄咗好多案例,員工因為成個螢幕畀彈窗霸佔,根本入唔到會議、睇唔到對話紀錄,或者冇法一齊協作處理共享文件。
Microsoft 嘅回應
Microsoft 已經搵到根因,係 Teams 同 macOS 更新後嘅權限處理系統發生衝突。公司指出,呢個問題係 Apple 最近更新系統、改咗位置服務同企業應用程式互動方式之後先出現嘅。
雖然 Microsoft 仲未畀出永久修復嘅具體時間表,但公司已經承認呢個干擾好嚴重,而家正同 Apple 一齊解決底層嘅相容性問題。因為冇明確嘅補丁發佈日期,令到管理成批 macOS 裝置同 Teams 部署嘅 IT 部門都好頭大。
臨時應對方法
喺官方補丁出嚟之前,Microsoft 同社區論壇已經搵到幾招臨時措施,可以幫手紓緩一下:
即刻更新 Teams — 管理員應該確保所有 macOS 裝置都裝緊最新嘅 Microsoft Teams 版本,因為新版本可能已經包含部分修復。
重新啟動系統 — 遇到彈窗不斷出現嘅用戶,可以試下重新開機嚟暫時清除呢個死循環。不過呢招只係權宜之計,因為 Teams 一開返,彈窗通常又會返嚟。
留意官方渠道 — IT 團隊應該密切留意 Microsoft 嘅支援網頁同官方公告,跟進補丁有冇出嚟。
對企業 IT 嘅深遠影響
呢件事反映咗企業應用程式開發者同消費級作業系統嘅隱私控制之間嘅矛盾越嚟越深。隨住 macOS 同 Windows 繼續收緊預設嘅隱私設定,企業軟件供應商要喺唔同嘅部署環境入面維持相容性,難度越嚟越高。
Teams 呢個 Bug 再次證明咗喺企業環境部署系統更新之前,做足跨平台測試有多重要。IT 管理員可能需要搞多啲嚴謹嘅更新驗證流程,特別係對協作平台呢類核心應用。
Firefox 151.0 Delivers Session Management Upgrades and Enhanced Location Privacy
Written by AI Press Team on 2026-05-19 10:00:00.
Mozilla has released Firefox 151.0, introducing privacy enhancements and usability improvements to its browser platform. The update brings native private browsing session management, strengthened fingerprinting defenses, and granular location controls for VPN users.
Private Browsing Session Reset
Firefox 151.0 introduces the ability to clear and restart private browsing sessions without closing the entire window, according to Mozilla's release notes. This functionality addresses a usability gap that privacy-conscious users and security researchers have highlighted for years.
Previously, users seeking to purge browsing data mid-session needed to close all private windows and reopen them. The new implementation allows users to reset their private browsing state while maintaining their workflow, particularly valuable for shared computers or situations where multiple users access the same browser instance.
Enhanced Fingerprinting Protection
The release strengthens Firefox's defenses against fingerprinting techniques that track users across websites by collecting device and browser configuration data. The enhanced protection builds upon Firefox's existing anti-fingerprinting measures.
Fingerprinting protection has become a key differentiator between Firefox and Chromium-based browsers. While many competitors focus primarily on cookie management, Mozilla's approach targets the underlying mechanisms that enable cross-site identification without relying on traditional tracking cookies.
For enterprise deployments, these improvements align with GDPR and CCPA compliance requirements, reducing the burden on organizations to implement additional privacy controls through extensions or external tools.
VPN Location Controls
Firefox 151.0 introduces granular control over apparent location when using Firefox VPN. Users can now select specific geographic locations for their VPN connections, a feature valuable for both compliance scenarios and developer workflows.
Enterprise users benefit from the ability to test geo-restricted content or verify location-based service behavior without requiring third-party VPN solutions. Developers gain a native tool for testing internationalization and region-specific functionality directly within the browser.
Availability
Firefox 151.0 is available now for Windows, macOS, and Linux platforms. Existing users will receive the update through automatic update channels. The release notes are available on Mozilla's website.
Source: LWN.net
Mozilla 而家已經推出 Firefox 151.0,為佢個瀏覽器平台帶嚟一連串嘅隱私保護升級同埋使用體驗改善。呢個更新帶嚟咗原生嘅私人瀏覽會話管理、加強嘅指紋識別防禦,同埋畀 VPN 用戶用嘅精細位置控制功能。
私人瀏覽會話重置
根據 Mozilla 嘅更新說明,Firefox 151.0 新增咗一個功能,可以喺唔關掉成個視窗嘅情況下,直接清除並重新開始私人瀏覽會話。呢個功能解決咗一個長期以來被注重隱私嘅用戶同保安研究員指出嘅使用體驗空白。
openSUSE Revises Age Restrictions After Community Pushback
Written by AI Press Team on 2026-05-19 10:30:00.
The openSUSE project has modified its website terms of service following swift community criticism over age restrictions that would have barred contributors under 16 from participating. The incident highlights ongoing tensions between regulatory compliance and the open-source community's tradition of age-blind meritocracy.
The Policy Change and Backlash
According to LWN.net, openSUSE recently updated its terms of site to require users to be "at least 16 years of age or the age of majority" in their jurisdiction. The change quickly drew objections from Linux community members who noted that many prominent contributors began their open-source journeys well before reaching 16.
The restriction appeared to stem from data protection compliance concerns, particularly around GDPR requirements for processing minors' personal data. However, the blanket minimum age effectively excluded a demographic that has historically contributed significantly to Linux and open-source projects.
Quick Reversal Demonstrates Responsive Governance
Following the community feedback, openSUSE modified the terms. While specific details of the revised policy have not been fully documented, the project appears to be moving toward a parental consent model rather than outright age-based exclusion.
The swift reversal demonstrates the importance of transparent, responsive governance in open-source projects. Had the project maintained the original restrictions without consultation, it risked alienating community members and setting a precedent that other projects might follow.
Why This Matters for Open Source
The openSUSE incident touches on a fundamental question facing mature open-source projects: how to balance legal compliance with community values. Open source has traditionally operated as an age-blind meritocracy where contributions are evaluated on their technical merit rather than the contributor's demographics.
Many well-known Linux developers began contributing as teenagers. Blanket age restrictions would exclude this vital contributor pool and potentially discourage young developers from entering the open-source ecosystem.
At the same time, projects operating in the EU and other jurisdictions with strict data protection laws must comply with regulations governing minors' data. The challenge lies in implementing compliance measures that don't erect unnecessary barriers to participation.
The Path Forward: Parental Consent Models
Industry observers suggest that a parental consent framework offers a practical middle ground. Under this approach, contributors under a certain age could participate with explicit guardian permission, allowing projects to meet legal obligations while maintaining inclusivity.
However, this approach raises its own questions. Projects would need to establish processes for verifying parental consent without creating administrative burdens that discourage participation. They must also determine which specific data collection practices trigger age restrictions under various jurisdictions' laws.
Broader Implications
The openSUSE situation may serve as a case study for other open-source projects navigating similar compliance challenges. As regulatory scrutiny of online platforms increases, more projects will face questions about how to handle minors' participation.
The key lesson from openSUSE's experience is that community consultation should precede policy changes that affect contributor eligibility. Projects that engage their communities early in the compliance process are more likely to find solutions that satisfy both legal requirements and community values.
For now, the openSUSE project has demonstrated that responsive governance can resolve tensions between regulatory compliance and open-source inclusivity. The broader community will be watching to see how the revised terms are implemented and whether other projects adopt similar approaches.
OpenBSD 7.9 Raises CPU Core Limit to 255, Adds WiFi 6 Support
Written by AI Press Team on 2026-05-19 11:03:00.
The OpenBSD project has announced the release of OpenBSD 7.9, marking another significant milestone for the security-focused BSD operating system. Version 7.9 introduces substantial hardware support improvements, including expanded CPU core scalability and initial WiFi 6 compatibility.
Maximum CPU Core Support Expanded to 255
One of the headline features in OpenBSD 7.9 is the substantial increase in maximum CPU core support for AMD64 (x86_64) systems. The operating system now supports up to 255 CPU cores, a significant jump from the previous limit of 64 cores. This change brings OpenBSD closer to parity with other modern operating systems as high-core-count processors become increasingly common in both workstation and server environments.
According to project lead Theo de Raadt, the 255-core ceiling stems from xAPIC architectural requirements. While contemporary dual-socket Intel Xeon and AMD EPYC processors can exceed this core count, OpenBSD must work within these constraints until x2APIC support reaches production readiness. The development team continues to work on improved x2APIC implementation for future releases.
Initial WiFi 6 Support
OpenBSD 7.9 introduces initial support for 802.11ax wireless networking, commonly known as WiFi 6. This addition represents a meaningful step forward for the platform's wireless capabilities, enabling compatibility with modern wireless networking hardware. The implementation integrates with OpenBSD's existing wireless stack, maintaining the project's commitment to security and code quality even as it expands hardware support.
The WiFi 6 support in this release provides users with access to improved wireless throughput and efficiency compared to previous generations, though the initial implementation focuses on establishing a stable foundation rather than exhaustive hardware compatibility.
Additional Hardware and Driver Improvements
Beyond the headline features, OpenBSD 7.9 includes numerous hardware driver enhancements and system improvements. The AMDGPU graphics driver receives important fixes, improving stability and compatibility for systems with AMD graphics hardware. The release also addresses floating-point state leakage vulnerabilities affecting AMD Zen 1 processors, reinforcing OpenBSD's security-first approach.
Network connectivity receives attention with the Intel ICE Ethernet driver now enabled on ARM64 platforms, expanding hardware options for users deploying OpenBSD on ARM-based systems. The release also incorporates scheduler improvements that enhance overall system responsiveness and performance under varied workload conditions.
Delayed Hibernation Support
Version 7.9 introduces support for delayed hibernation, providing users with greater flexibility in power management. This feature allows systems to schedule hibernation events, enabling more sophisticated power management strategies for both desktop and server deployments.
Availability and Documentation
OpenBSD 7.9 is available now for download from the project's official website. The release includes comprehensive documentation detailing the full range of changes, security improvements, and hardware compatibility updates. As with all OpenBSD releases, version 7.9 emphasizes code correctness, security, and stability over feature proliferation, maintaining the project's distinctive philosophy in the BSD ecosystem.
The release continues OpenBSD's tradition of regular six-month release cycles, providing users with predictable update schedules and consistent access to security improvements and hardware support enhancements.
Compromised Nx Console Extension Targets 2.2M VS Code Developers with Credential Stealer
Written by AI Press Team on 2026-05-20 09:00:00.
Compromised Nx Console Extension Targets 2.2M VS Code Developers with Credential Stealer
A compromised version of the popular Nx Console extension for Visual Studio Code has been discovered stealing developer credentials, affecting more than 2.2 million installations in what security researchers are calling a significant supply chain attack on the developer community.
According to The Hacker News, cybersecurity researchers have identified version 18.95.0 of the rwl.angular.console package as containing malicious code designed to harvest sensitive credentials from affected developers' systems. The extension, which serves as a user interface and plugin for code editors including VS Code, Cursor, and JetBrains IDEs, had accumulated substantial trust within the development community before the compromise was detected.
The attack represents a concerning example of supply chain infiltration targeting software development tooling. By compromising a widely-used extension, attackers gained potential access to developer environments where sensitive credentials, API keys, and authentication tokens are routinely stored and used.
Technical Impact and Risks
The credential-stealing payload embedded in the malicious version poses particular risks to development teams and organizations. Developer workstations often contain elevated access privileges, including CI/CD pipeline credentials, cloud provider API keys, and repository access tokens. Compromise of these credentials could enable attackers to infiltrate build systems, deploy malicious code, or access production environments.
Security implications extend beyond individual developers to entire organizations. A single compromised developer workstation could provide attackers with a foothold into corporate networks and development infrastructure, potentially enabling lateral movement and broader system compromise.
Supply Chain Attack Mechanics
This incident highlights the persistent vulnerability of software supply chains, particularly in open-source and extension ecosystems. Attackers increasingly target popular development tools because they offer direct access to valuable credentials and provide a trusted vector for malware distribution.
The compromise of rwl.angular.console version 18.95.0 suggests attackers may have gained access to the legitimate publishing pipeline or successfully impersonated the package maintainers. The extension's substantial installation base—exceeding 2.2 million downloads—made it an attractive target for credential harvesting operations.
Community Response and Mitigation
The malicious version has reportedly been removed from the VS Code Marketplace, though the exact timeline of publication and removal remains unclear. Developers who installed version 18.95.0 of the Nx Console extension are advised to immediately rotate any credentials that may have been exposed and scan their systems for indicators of compromise.
Organizations should consider implementing extension allowlisting policies and monitoring development environments for unauthorized or suspicious extensions. Regular auditing of installed extensions and their versions can help detect similar compromises before significant damage occurs.
Limitations and Ongoing Investigation
Specific technical indicators of compromise, including package hashes, exact publisher identification details, and precise publication and removal timestamps, have not been made publicly available in the initial reporting. This limitation complicates detection and response efforts for security teams seeking to identify affected systems.
The exact publisher ID of the compromised package versus the legitimate Nx Console publisher remains unconfirmed, as does the method by which attackers gained the ability to publish the malicious version. These details are critical for understanding the full scope of the compromise and preventing similar incidents.
Broader Implications for Developer Security
This incident underscores the importance of supply chain security in development tooling. As developers increasingly rely on third-party extensions and packages to enhance productivity, the attack surface for credential theft and system compromise expands accordingly.
Security teams should prioritize extension inventory management, implement version pinning where possible, and maintain awareness of security advisories affecting development tooling. The developer community must balance convenience and functionality with security considerations when selecting and updating extensions.
The compromise of a tool with over 2.2 million installations highlights the risks facing the development ecosystem from supply chain attacks. Vigilance, rapid response, and comprehensive credential management remain essential defenses against these threats.
遭駲嘅 Nx Console 擴充功能瞄準 220 萬 VS Code 開發者,內藏竊取密碼嘅惡意程式
安全研究人員發現,Visual Studio Code 嘅熱門擴充功能 Nx Console 有一個版本遭人駲入,而家正喺度偷取開發者嘅密碼同認證資料。呢個事件影響咗超過 220 萬個安裝,保安專家話係針對開發者社群嘅一次重大供應鏈攻擊。
據 The Hacker News 報道,保安研究人員已經確認 rwl.angular.console 套件嘅 18.95.0 版本內藏惡意程式,專門用嚟從受影響開發者嘅系統度竊取敏感認證資料。呢個擴充功能原本係為咗畀 VS Code、Cursor 同 JetBrains IDE 等編碼工具做介面同插件用,喺被發現遭駲之前,已經喺開發者社群累積咗好大嘅信任度。
