The IT Nerd

Apple is expected to release their latest OS which is macOS Sonoma on Tuesday. Before we go on, here’s a list of what macOS Sonoma will run on:

• iMac 2019 and later
• Mac Pro 2019 and later
• iMac Pro 2017
• Mac Studio 2022 and later
• MacBook Air 2018 and later
• Mac mini 2018 and later
• MacBook Pro 2018 and later

You should note that some features won’t work on Intel Macs. Which I am sure is a way of “encouraging” you to replace your Intel Mac with an Apple Silicon Mac. And if your Mac isn’t on this list, you’re out of luck. But assuming that it is, here’s some tips on what you might want to do before you pull that trigger and upgrade. And a couple reasons why you shouldn’t.

1. Don’t Upgrade… At least not yet. : The reason why you shouldn’t upgrade is that Apple’s initial releases tend to be buggy. But they get better after they release an update or two. So you may want to wait until at least the .1 update hits the streets before making the jump. Or better yet, wait until the .2 release to be extra safe.
2. If you Must Upgrade, Make A Backup: Needless to say, making a backup of your current setup is vital before upgrading. That way you have a way to go back to where you were if things don’t work out. There’s plenty of backup solutions out there from Apple’s own Time Machine to third party utilities such as Carbon Copy Cloner that can be used for this purpose.
3. Upgrade Your Software BEFORE You Upgrade: You should ensure that all your application software is up to date before you pull the trigger on upgrading. Ditto for the current version of macOS that you’re using. That will reduce the risk that something might go sideways during the upgrade.
4. Run Disk Utility BEFORE You Upgrade: The last thing I would do is boot of the Recovery Partition and run Disk Utility to verify the volume that you plan to install the upgrade on. It likely wouldn’t hurt to do a permission repair as well.

At this point you should be good to go. Key word being SHOULD. Upgrading an operating system isn’t a trivial process. But if you take these steps beforehand, you should reduce the risk of any issues. Or you can take my first suggestion which is to wait for a bit before upgrading. Then follow the rest of my advice.

On Sunday, Apple CEO Tim Cook did a wide ranging interview on CBS Sunday Morning. But I want to focus on what he said about Apple being on Twitter. As everyone knows, Twitter is a cesspool of hate since Elon Musk took over. But Apple who touts itself as a company that wants to always do what’s right is still advertising on Twitter despite the fact that Twitter is a cesspool of hate. When asked about that, here’s what he said:

When asked if Apple should continue to advertise on Twitter, Cook replied, “It’s something that we ask ourselves. Generally, my view is Twitter’s an important property. I like the concept that it’s there for discourse and there as a town square. There’s also some things about it I don’t like!”

“There’s discourse, and then there’s antisemitism,” said Dickerson. 

“Yeah, which is abhorrent. Just point blank, there is no place for it.” 

“So, is this something you’re constantly evaluating?” 

“It’s something we constantly ask ourselves,” Cook said. 

This to me is not only a major fail by Cook specifically and Apple in general, it is unacceptable. By advertising on Twitter, Apple is effectively in bed with racists of all stripes, not to mention anti-trans, anti-LGTBQ, and other scumbags that are now thriving on Elon Musk run Twitter. You’d think that Apple would want to distance themselves from this. But clearly Cook and Apple are too busy asking themselves about their relationship with Twitter. Apple can’t have it both ways. They need to make a choice. Do they stand with the types on Twitter who part of the cesspool of hate, or they stand for what’s right? And if Apple makes the wrong choice, I believe that we the public need to make a choice. Do we stand with Apple who apparently is fine being on a platform with bigots and other scumbags, or do we stand for what’s right and make our buying decisions based on that?

Your move Apple.

At 1PM EST on Monday, Apple will release iOS 17. As long as you have a supported device, it will bring you new features and improvements to your iDevice experience. If you want to see a full feature set, click here.

Speaking of supported devices, here’s what iOS 17 will run on

• iPhone 14
• iPhone 14 Plus
• iPhone 14 Pro
• iPhone 14 Pro Max
• iPhone 13
• iPhone 13 mini
• iPhone 13 Pro
• iPhone 13 Pro Max
• iPhone 12
• iPhone 12 Pro
• iPhone 12 Pro Max
• iPhone 12 Mini
• iPhone 11
• iPhone 11 Pro
• iPhone 11 Pro Max
• iPhone XS
• iPhone XS Max
• iPhone XR
• iPhone SE (Second Generation Or Later)

If your phone isn’t on this list, then it’s not supported. And the following phones will come with iOS 17 out of the box:

• iPhone 15
• iPhone 15 Plus
• iPhone 15 Pro
• iPhone 15 Pro Max

If you are wondering why there are no iPads on the list, that’s because Apple has spun off the iPads into a separate OS called iPadOS which is due out at the same time. But this advice applies to iPads as well.

Now, since this is a major upgrade there is always a chance, no matter how remote that something can go sideways. To make sure that you’re not caught out by something unexpected, here’s what you can do:

1. Update your Apps: Make sure that all your apps are up to date before upgrading by opening the App Store app and seeing if any updates are required. This is important because it is possible that the changes that Apple has made on areas like privacy and performance could break an app that you rely on. Thus I find that it is always a good idea to check for updates and install them before a new version of iOS hits the streets.

2. Dump any uneeded photos, videos or apps: iOS updates tend to need a fair amount of free space to allow for a successful installation. Thus if you have anything less than 5GB of free space, consider deleting unused apps or photos/videos. In terms of the photos and videos you want to keep, you can move them to the cloud or a computer so that they’re safely stored without taking up space on your iPhone. I personally use iCloud myself, but Google Photos is another option.

3. Backup your iDevice: If you value the data on your iDevice, backing it up is a must. You have two options for backing up your iDevice: iCloud or iTunes. Follow this guide to backing up your iPhone using iCloud or iTunes.

At this point you should be good to go to upgrade to iOS 17. Key word being SHOULD. Upgrading an operating system isn’t a trivial process. But if you take these steps beforehand, you should reduce the risk of any issues that you might encounter.

One other thing before I go, you may want to consider not upgrading to iOS 17 and instead wait for iOS 17.1 to hit the streets before you upgrade as that’s likely to have additional bug fixes and also fix issues that hit the streets when iOS 17 comes out. I’ll be upgrading tomorrow and I will let you know how it goes.

Earlier this week, Apple released updates to watchOS, iOS, and macOS. It was weird because I was expecting Apple to be releasing nothing as new versions of those operating systems are inbound in the next couple of weeks. However looking at the security information gave us the first hint that Apple might have been forced to release this as the words “Apple is aware of a report that this issue may have been actively exploited” were used in the security information. And now we know the reason why they were released. These updates patch flaws that were used by the infamous Pegasus spyware that is sold by the equally infamous NSO Group:

Citizen Lab, an internet watchdog group that investigates government malware, published a short blog post explaining that last week they found a zero-click vulnerability — meaning that the hackers’ target doesn’t have to tap or click anything, such as an attachment — used to target victims with malware. The researchers said the vulnerability was used as part of an exploit chain designed to deliver NSO Group’s malware, known as Pegasus.

“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab wrote.

Once they found the vulnerability, the researchers reported it to Apple, which released a patch on Thursday, thanking Citizen Lab for reporting them.

Based on what Citizen Lab wrote in the blog post, and the fact that Apple also patched another vulnerability and attributed its finding to the company itself, it appears Apple may have found the second vulnerability while investigating the first.

Ken Westin, Field CISO, Panther Labs had this comment:

“While this exploit initially appears to have been utilized by the NSO Group with their Pegasus spyware, the vulnerability has been identified, and differences between the software versions have been documented. This suggests that exploits targeting this vulnerability are likely to become more widespread and may extend beyond commercial spyware use.

The initial exploit employed by the NSO Group for their Pegasus spyware may have been somewhat targeted. However, the NSO Group has not been transparent about the targets of these exploits. In many cases, they have claimed a lack of visibility regarding their use. Regrettably, this software has been used to target innocent individuals, including journalists and dissidents, by authoritarian regimes. While Pegasus exhibits some level of targeting in its usage, the primary concern now, with the patch being published, is the identification of the vulnerability. As a result, it is likely that exploits will become more widespread.”

While Pegasus is a highly targeted form of spyware, that should not stop you from immediately updating your Apple Watch, iPad, iPhone, or MacBook ASAP to make sure that you are secure as possible. The reason being is that other threat actors might try to leverage this flaw agains those who have not updated.

From the “what the actual hell” department comes this story from 404 Media where a flaw in the New York City transit system fares system allows anyone to track anyone if they know the credit card and the expiry date.

In the mid-afternoon one Saturday earlier this month, the target got on the New York subway. I knew what station they entered the subway at and at what specific time. They then entered another station a few hours later. If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live. I would also know what specific time this person may go to the subway each day. 

During all this monitoring, I wasn’t anywhere near the rider. I didn’t even need to see them with my own eyes. Instead, I was sitting inside an apartment, following their movements through a feature on a Metropolitan Transportation Authority (MTA) website, which runs the New York City subway system.

With their consent, I had entered the rider’s credit card information—data that is often easy to buy from criminal marketplaces, or which might be trivial for an abusive partner to obtain—and punched that into the MTA site for OMNY, the subway’s contactless payments system. After a few seconds, the site churned out the rider’s travel history for the past 7 days, no other verification required.

That’s bad to say the least. But what makes this worse is that Apple Pay which is supposed to be immune from this sort of attack is affected by this:

404 Media found that MTA’s trip history feature still works even when the user pays with Apple Pay. Apple told 404 Media it does not store or have access to the used card numbers, and does not provide these to merchants, including transit systems. Apple did not respond when asked to clarify how the MTA website feature works when a rider uses Apple Pay.

This is unacceptable because Apple advertises Apple Pay as being safer to use than your credit card because Apple is supposed to provide a one time and unique representation of your credit card to the merchant. And through some magic on the back end, it’s supposed to reconcile everything to your actual card. In short, the merchant should not have access to your actual card number. But in this case they clearly do. So is Apple lying about how Apple Pay works? That sounds harsh, but it’s a question that one must ask based on the facts above. And it would be in Apple’s interest to answer those questions quickly and transparently.

For while now, a suggestion that has gained a lot of traction in the Greater Toronto Area and beyond is to hide an AirTag in your car. That way if your car gets stolen, it can be tracked and recovered. Now this suggestion comes from the fact that where I live in the Greater Toronto Area, car theft has become an epidemic. But as is usually the case, the bad guys are one step ahead of the good guys. Here’s an example of this:

On Sunday morning, Becca Hislop was with her boyfriend, out and about in Vancouver near Science World, when her car was stolen.Fortunately, she had an active Apple AirTag in the car, which showed the car was moving through Vancouver and even caught in downtown traffic.

The next day, Hislop followed the tracker all the way to a winery in Kelowna. But when she arrived, it turned out the AirTag had been moved into an Evo Car Share vehicle.

So, I see four possibilities as to how this happened:

• The thief had an iPhone and was able to use it to find the AirTag and place it in the car share vehicle.
• The thief searched the car by hand to find the AirTag and place it in the car share vehicle.
• The thief used the unwanted tracker feature that is rolling out to Android phones now to find the AirTag and place it in the car share vehicle.
• The thief had the AirTag “chirp” which alerted them to its presence.

That basically means that car thieves are now on the lookout for AirTags and are actively getting rid of them so that they can carry out car thefts without getting caught. Thus making AirTags useless as a means to track and recover stolen cars.

What’s my advice? Well, using AirTags for this use case were likely never envisioned by Apple. Thus I would look for a more professional solution such as the GPS tracking system LoJack to protect your car. You can also consider installing an ignition kill switch to keep your vehicle from starting. A visible steering wheel lock to make your car harder to steal and create a visual deterrent for thieves. Finally, an onboard diagnostic port block, either physical or electronic, to keep thieves from reprogramming a car’s fob and disabling the security system.

Besides that, here are some free tips that may help:

• When parking, turn your wheels toward the curb to make it harder to tow away. 
• If you have a rear-wheel-drive car, back into your spot.
• If you have a front-wheel-drive car, park facing forward.

If your vehicle has keyless ignition, there are some additional steps you can take to make it harder to steal. 

• Don’t keep your fob key near your front door or near a window. Better yet, keep your fob in a signal-blocking pouch that’s lined with material to block your fob from emitting a signal to your vehicle. That will prevent it from being intercepted and potentially reprogrammed by would-be thieves.
• Avoid the walk-away lock. You know the one. You’ve parked your vehicle, you’re walking away and you press the lock button from a distance. Because when you use that feature, the signal can be intercepted and used by thieves to steal your car.

Finally, park your car in a garage. Car theft is a crime of opportunity where a car parked outside is easier to steal versus one in a garage. That’s because now the thief has to break into the garage to get the car. And 99% of thieves aren’t going to do that and instead move on to an easier target.

Car theft isn’t going away. And AirTags are not the solution to this. But there are some options that are free or available that can help to protect what is likely your second most expensive possession.

You might recall that Apple got into a lot of trouble with the original BatteryGate situation a few years ago. To summarize that situation, Apple got into deep trouble when it was discovered that the performance of iPhones would nosedive when the batteries inside them degraded to the point where they couldn’t sustain the performance levels that users were used to. And Apple did not tell anyone this was the case. Apple since has done a lot to make this clear to users, and they not only allowed users to get their batteries replaced cheaply for a limited time, but they also allowed users to see the health of their battery and offered free replacements if you had AppleCare and the battery health dropped below 80% in the first two years. But, by the time that Apple did all that, it cost them hundreds of millions of dollars and a lot of scrutiny from governments around the world. Which of course wasn’t good for Apple.

History may be repeating itself as there are now reports that the battery health in the iPhone 14 models is dropping faster than previous iPhone models. Here’s a few posts from some prominent creators who are seeing this:

This is now starting to hit the media with media outlets such as The Verge and The Wall Street Journal running stories on this topic. Several iPhone 14 series owners have taken to other places like Reddit to report deteriorating battery capacity on their handsets. 

For giggles I checked the battery health on my iPhone 14 Pro. you can do the same thing by going to Settings –> Battery –> Battery Health & Charging. In my case I got this:

To me that doesn’t seem so bad. But I am missing some context here. Apple doesn’t tell you how many charge cycles that your phone has. By that I mean how many times the battery in my phone has been discharged and charged. I decided to use a utility called Coconut Battery to get that information:

The figure I was looking for was the cycle count. In my case the phone has been discharged and charged 273 times as I type this. And I tend to use wireless charging most of the time which introduces heat to the equation. And heat is the number one enemy of lithium ion batteries when it comes to their longevity. So having 94% battery health (or 95.3% according to Coconut Battery) seems somewhat reasonable to me after just under a year of usage. And to add further context to this, my previous iPhone 12 Pro was at 89% battery health by the time it was a year old. So the iPhone 14 Pro is an improvement for me. But clearly others are having a different experience with their iPhone 14’s.

So is this BatteryGate 2.0? Or put another way, is there an issue with the batteries inside the iPhone 14 models? Perhaps there’s a software issue with iOS 16? I think it’s too early to tell what the issue is and where it lies to be honest. I am sure that when these reports started to surface, Apple started to look at the data that it has access to to figure out if there’s an issue as I am sure that they don’t want a BatteryGate 2.0 situation. Whether we get an answer from Apple directly is an open question as they are not the most communicative company around.

In the meantime, Apple has some tips on how to keep your battery health in the best possible place. That might be worth looking at, along with this document which details how batteries work in relation to iDevices. But let me throw this out there in terms of what I would do if I were you. I would keep an eye on your battery health, but you should not obsess over it. If you have AppleCare, and the battery drops below 80% within two years, Apple will replace the battery for free. (By the way, that’s a great incentive to get AppleCare as it makes this situation a non-issue.)

In the meantime, there needs to be better understanding as to why iPhone 14 models seem to have batteries that degrade faster than previous models in some cases. Having that understanding will help to put this issue to bed. Thus I call on Apple to be as open as it can when it comes to this issue. If they have information on this, they should be as transparent as possible and share it. Otherwise users of iPhone 14’s will just assume that Apple has something to hide and do what they did the last time BatteryGate was a thing. Which is get angry, and sue. And governments will once again assume that Apple has something to hide, investigate, and take corrective action against Apple.

For the rest of us, maybe we should relax and see what comes of this. Maybe there’s something here. Maybe this is a nothing burger. Who knows? But let’s get some facts first to figure out what side of the fence this falls on.

Earlier today I brought you a story about Apple releasing a Rapid Security Response update that fixed an in the wild vulnerability. But at the same time broke access to a number of websites. Which forced Apple to pull the Rapid Security Response. Now a support document says that a new version of this Rapid Security Response is inbound to fix the stuff that Apple broke.

Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly.

• Rapid Security Response iOS 16.5.1 (a) and iPadOS 16.5.1 (a)
• Rapid Security Response macOS 13.4.1 (a)

Rapid Security Responses iOS 16.5.1 (b), iPadOS 16.5.1 (b), and macOS 13.4.1 (b) will be available soon to address this issue.

The question is, what does soon mean? Again, the whole idea of a Rapid Security Response is that this is a means for Apple to quickly fix a vulnerability that is in the wild and is being actively exploited. That means that Apple logically needs to fix this quickly as they’ve now tipped their hand as to what the fix is. Potentially giving threat actors the chance to alter how they exploit the vulnerability. In short, Apple is in a race against time here. And Apple needs to win this race or potentially users of Apple products could lose.

Yesterday, Apple released a Rapid Security Response to address a vulnerability that was in the wild. But it appears that it didn’t go through enough QA before being released as reports started to flood in that Facebook, Instagram, WhatsApp, Zoom, and other websites started giving a warning about not being supported on the Safari browser following the Rapid Security Response updates. Apple was clearly listening to those reports as they pulled the update.

If you’re on iOS you can remove the update to temporarily fix this issue by doing the following:

• Go to Settings
• General
• About
• Tap on iOS Version
• Tap on Remove Security Update
• Enter your passcode

Your device will then reboot after a couple of minutes and the Rapid Security Response update will be gone.

On macOS do the following:

• Go to the Apple logo and select System Settings
• Click General
• Click About
• Under “macOS,” click the info button (the encircled “i”) next to the OS version.
• In the “Last Security Response,” section, click the Remove & Restart button.
• Click Remove Response and Restart in the confirmation prompt and enter your password.

Your Mac will then restart after a couple of minutes and the Rapid Security Response update will be gone.

Apple will likely fix this issue quickly and re-release it as it does address an in the wild vulnerability. Or put another way, it fixes an issue that is actively being exploited. So don’t be surprised if at 1PM EST today another Rapid Security Response appears on your Mac and iPhone.

Apple released the new MacBook Air with a 15″ screen at Apple’s World Wide Developer Conference this week. And as far as I am concerned, this is is the portable Mac to get for most people. You might be surprised by that statement, but here’s why I say that:

• Users finally get the option for a larger screen for a decent price: In the past, you would have to go to a MacBook Pro if you wanted a larger screen. Those days are now over. You can now get that larger screen and save some cash in the process.
• Most people don’t need the performance of the MacBook Pro: If you’re not editing videos for a living, or editing photos for a living, you don’t need a MacBook Pro. I say that because most people check their email, type out documents, and maybe do a Zoom call or two. None of that requires a MacBook Pro. Thus you should look at this MacBook Air instead.
• You’re not giving up portability: The weight of the 15″ MacBook Air is only slightly heavier at 3.3 pounds than the 13″ MacBook Air which is 2.7 pounds. That’s not enough of a difference that most will notice in a backpack. Thus you get a bigger screen without having to lug around a heavy laptop. That’s a total win.
• You get the same 18 hour battery life as the 13″ MacBook Air: A lot of people are switching to Mac because of battery life that destroys anything on the Intel/Windows side of the fence. But sometimes you lose battery life when you move to a bigger screen. That’s not the case here. You still get battery life that lasts you all day, which makes having to hunt for an AC outlet almost a thing of the past.
• There’s a lot of value here: Unlike the 13″ MacBook Air base model, you get a lot of value in the 15″ because it comes with the following in the box of the base model 15″ without having to upgrade to get these items:
  • 35W Dual USB-C Port Compact Power Adapter
  • 8-Core CPU
  • 10-Core GPU

That means that once you upgrade the SSD to 512 GB and upgrade to 16GB of RAM to maximize the performance, you are getting a very fast computer that will perform the way you want it. On top of that, you will get a power adapter that allows you to charge the MacBook Air and say an iPhone which is handy if you’re on the go.

Thus if my clients come to me asking about a portable Mac, and they’re not a power user, the MacBook Air 15″ will be the one I recommend to them. And I would recommend it to those of you who have a similar use case as well. Apple has managed to come out with a notebook that is the best notebook for most people. And it’s one that you should consider if you’re in the market for a notebook.