Archive for Apple

« Older Entries
Newer Entries »

Review: Apple M2 Pro Mac mini

Posted in Products with tags on April 15, 2024 by itnerd

There’s a bit of a story behind this Mac mini that I’ve been using for about two weeks now. Which is that I was planning on replacing a rather large PC that I had been using for the online cycling platform Zwift for some time with something a lot smaller and more efficient. But I was planning to hold out for the M3 Mac mini models that are sure to appear seeing as the M2 models have been out for over a year (Exactly 454 days as of the day that this review was posted). But what forced my hand was the fact that my 16″ MacBook Pro started to have keyboard issues. Again. Since I can’t afford to be without a computer as I have a business to run, this forced my hand into buying this Mac mini. Since I knew that it was possible that this could be replaced at any time by something faster, I went the route of buying it from the Apple Refurbished Store. That saved me $260 CDN and as I described here and it’s still eligible for AppleCare which I did buy as well. So once I had it in my hands, I transferred my data and applications to it from my MacBook Pro, took the MacBook Pro in for repair at The Apple Store and carried on running my business. Then when I got the MacBook Pro back (And for the record The Apple Store replaced a top case which includes the keyboard and battery along with a trackpad and got it back to me ten calendar days later), I moved my data back the MacBook Pro and factory reset the Mac mini so that I could repurpose it as my Zwift computer.

With the backstory out of the way, let’s start this review by describing which Mac mini I got:

  • M2 Pro processor with a 10-Core CPU (6 performance cores and 4 efficiency cores) and a 16-Core GPU
  • 16 GB RAM
  • 512 GB Storage
  • 16-core Neural Engine
  • Four Thunderbolt 4 ports
  • Two USB-A ports
  • HDMI 2.1 port
  • Gigabit Ethernet
  • Headphone jack
  • WiFi 6E
  • Bluetooth 5.3

This is one of the higher end models as the Mac mini starts at $799 CDN. But for that price you get an M2 processor with 8GB of RAM and 256 GB of storage. To be frank, Apple’s base models are pretty useless because 8GB of RAM isn’t nearly enough for most people, and 256 GB of storage is slower than their higher tiers of storage on top of not being enough storage for most people. Which is why I skipped the base model (And you should too). Plus I wanted a more powerful processor for Zwift. Which is why I went to the M2 Pro and not the M2. I should also note that Apple has another version of this M2 Pro model that comes with 2 extra CPU cores and 3 extra GPU cores for $379 CDN more. But I didn’t see that on the refurbished store. Which is why I went with this one instead. Here’s a look at the Mac mini:

It’s a pretty small and light computer as the general design of the computer hasn’t changed since they introduced them in 2005. You could easily pop it into a backpack and take it with you if you wanted to and have space left over. It’s also a bit of a fingerprint magnet as you can see. That’s a side effect of the recycled aluminum that they use for the chassis. Though as you will see, the back end of the computer is just as much of a fingerprint magnet:

Here you see the gigabit ethernet jack, 4 Thunderbolt ports, the HDMI port, the two USB-A ports, and the oddly placed headphone jack which in my opinion should be on the front as it’s not all that accessible. Though you could also make an argument that it’s fine on the back because you’ll need to plug in a quality set of speakers into it as the built in speaker isn’t all that good to be frank. It has a decent sized vent, though in the two weeks that I’ve been using it, I’ve never felt any significant amounts air hot air coming out of it, nor have I heard the fans spin up. It’s been silent. I guess that also means that I clearly don’t push the computer hard enough. Speaking of pushing, this Mac mini moves very easily on your desk. As it slides about when you try to plug literally anything into it if you don’t hold it steady. It could use some rubber feet on the bottom to stop that from happening because if you plug a lot of stuff into this Mac, that will be something that will annoy you very quickly.

Now, another one of the reasons why I was sitting on the sidelines for the M3 models of the Mac mini is that on paper, the M2 processors really don’t have that much of a performance gain over the M1 processors. Though as you will also see, that’s an overly simplistic view of what the M2 is capable of. Let me illustrate that with some Geekbench tests. I’ll start with using my M1 MacBook Pro with these specs as a point of comparison:

  • M1 Pro with 10-core CPU (8 performance cores and 2 efficiency cores), 16-core GPU, 16-core Neural Engine
  • 1TB storage
  • 32GB of RAM

As you can see they have the same amount of CPU and GPU cores, along with the same number of cores for the neural engine. Thus this is as fair of a comparison that you could possibly get. Let’s start with what the scores are for the M1 Pro CPU cores in my MacBook Pro:

And now, let’s look at the M2 Pro In my Mac mini:

The single core score is a bit higher. But the multi-core score is basically the same. Thus there’s no difference right? Well, not so fast. At first glance these scores would suggest that Apple didn’t spend a whole lot of time to make the CPU faster. But keep in mind that the M1 Pro has 8 performance cores and 2 efficiency cores. And the M2 Pro has 6 performance cores and 4 efficiency cores. That suggests to me that Apple made this M2 Pro more efficient by swapping two performance cores for two efficiency cores, and then tweaking all the cores to allow the CPU to put out the same level of compute power as the M1 Pro. Or to use a car analogy, Apple basically went from using a V6 engine that puts out 300 HP to a turbocharged 4 cylinder engine that consumes less gas and puts out 300 HP. Apple likely did this to save on power consumption for portable computer use without sacrificing speed. It also explains why the Mac mini did not “feel” any faster than my MacBook Pro when I used it to run my business.

Now let’s look at the Metal score. That’s important as Zwift uses Apple’s Metal graphics API to render graphics on the screen. Again, let’s start with the M1 Pro GPU in my MacBook Pro:

Now over to the M2 Pro in the Mac mini:

Now there’s a bit more of a difference. Clearly Apple invested some time to make the graphics a bit faster in the M2 Pro.

So if you take the GPU and CPU scores into account, and also take into account that there was no M1 Pro version of the Mac mini, that would suggest that this would be an upgrade path for someone with an M1 Mac mini who wants a faster Mac mini. Or this would be the computer to pick if you are coming to the Mac mini from a PC for example, and you wanted a small desktop computer that has healthy amounts of compute power. While at the same time not spending Mac Studio kind of money.

But the real question is, how does this run Zwift as that was the point of the whole exercise? Well, let me get something out of the way. Zwift on the Mac platform limits the level of detail of the graphics that the game displays for reasons that I don’t understand to what they term as “high” graphics detail which is their second highest tier of graphics quality (“Ultra” is the highest that you can go on the PC side of the fence which is visually sharper than “high”, but you have to look for the differences between the two. And you need some serious hardware to run Zwift at that level. As in an RTX 3090 for example). But they do let you run it at up to 4K resolution. So what I did was some frame rate tests at 4K and my results are as follows:

  • The maximum frame rate that I recorded was 121 FPS
  • The average frame rates were between 87 and 101 FPS based on recording the average frame rate over 10 different one hour rides.

In terms of what “high” graphics quality looks like on Zwift at 4K, here’s a couple of quick video clips where I set a couple of PR’s in a couple of sprint segments while I was doing a training session:

The graphic quality is good and there’s nothing to complain about here. But you have to wonder what you would get if you could unlock the “ultra” setting on a Mac. I say that because I was monitoring CPU and GPU performance and there was headroom to spare on both fronts. Which means that Zwift can look better than it does now if they chose to take advantage of the hardware on offer to the application. As for how that compares to the PC that I was replacing? Well, first of all, you can find the specs for the PC in question here, but average frame rates tended be between 59 – 66 FPS. And I’ve never recorded anything past 67 FPS as a maximum frame rate. All of that was on the “ultra” setting at 4K. If I throttled it back to “high” I likely would have gotten better frame rates. But I think you see the point here. Which is this tiny computer has enough power to run whatever you need, in my case Zwift, without breaking a sweat. And it can do it better than some PCs.

One final observation is that WiFi on this computer is faster than the WiFi that’s part of the M1 Pro chip. How Much faster? How about 150 Mbps upstream and downstream in testing on my WiFi network? That’s not a trivial amount. And keep in mind that I have WiFi 6 here in my condo. That means that you get a bit of an upgrade in terms of WiFi performance that you may actually notice depending on what WiFi hardware you own and what you’re doing. For example you won’t notice this streaming Netflix. But I tripped over this speed difference by doing a Time Machine backup and noticing that the backups went somewhat faster versus a Time Machine backup on my MacBook Pro with the M1 Pro. I attribute this speed increase in part to the fact that the M2 Pro’s WiFi support can do up to 2400 Mbps which is twice what the M1 Pro can do. And clearly that speed increase isn’t just a WiFi 6E thing.

Gripes? The only gripes that I have are the usual ones that I have about Apple computers. They are not cheap (Though to be fair, you could make an argument that the Mac mini has the performance of a 14″ or 16″ M2 Pro MacBook Pro at a lower price point). You can’t upgrade them after the purchase which forces you to perhaps buy more computer than you need in order to increase the longevity of said computer. And the base models suck performance wise which means nobody should ever buy them. Other than that, there’s really nothing negative that I have to say.

Let’s get down the price. This specific Mac mini variant is $1699 CDN. Though I paid $1439 via the Apple Refurbished Store, which is how I would suggest that you acquire one of these computers if you have a use case for it. I say that because I fully expect it to be replaced with an M3 model or even an M4 model at any time over the next few months. One thing to keep in mind is that the Mac mini doesn’t come with a keyboard or mouse, and you’ll need to source a monitor as well. So you’ll have to factor that into the purchase price if you don’t have a spare monitor, keyboard and mouse lying around. Having said all of that, this is a good way to get a desktop Mac and it’s worth a look if this Mac fits your needs. Just skip the base model.

2 Comments »

Apple Posts A Document On Apple Threat Notifications…. Why You Should Read It And Why You LIKELY Shouldn’t Worry

Posted in Commentary with tags on April 11, 2024 by itnerd

From the “this doesn’t happen every day” department comes this document that Apple posted yesterday. In short, this covers what Apple threat notifications are and why you’d get one:

Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.

So let me point out a couple of things. For the overwhelming majority of people who are reading this post, you will likely never get a threat notification because you’re likely not the target of a “mercenary spyware attack”. The targets for these sorts of attacks are typically politicians, journalists, and human rights activists for example. And the threat actors are typically governments who want to gather intelligence to ultimately silence those in the target group that I just named. But even given that fact, this article also goes into detail about what you need to do if you actually get a threat notification. And how to reduce the chance that you could be pwned by “mercenary spyware attacks” from people like the infamous NSO Group. Thus this is worth your time to at least read once or twice for reasons that I will get to in a moment.

Now if you’re still paranoid about this after everything that you’ve read so far, let me see if I can reassure you. Ted Miracco, CEO, Approov has some additional advice:

   “While Apple devices are believed to feature strong security measures and privacy features, there are certainly gaps.

   “Apple users can often develop a false sense of security, because the default settings on iOS are seemingly designed for user experience and convenience, and are not sufficient to guard against the most sophisticated attacks, such as mercenary spyware or state-sponsored cyber espionage. This reality is parallel to that of Android devices, where default settings also aim to balance security with user convenience, and so fall far short against highly targeted and well-funded attacks. Attackers have moved on from broad, clumsy attacks to highly targeted and sophisticated ones, and they’re deeply skilled, highly organized and well funded.

   “The key point here is not to single out one platform over another but to highlight the broader industry challenge. The existence of features like Lockdown Mode and Advanced Data Protection for iCloud on Apple devices underscores the company’s awareness of these sophisticated threats, and a commitment to offering tools that users can employ to enhance their security. However, these tools often require manual activation and a deeper understanding of the potential threats, leading to a gap in security for users who do not adjust beyond the default settings.

   “For Apple users, one of the most significant steps you can take to protect your data is enabling Advanced Data Protection for iCloud. This feature significantly enhances the security by using end-to-end encryption for a broader range of data types. We strongly urge users who might be at higher risk due to their profession or visibility, to also enable Lockdown Mode on their Apple devices. Lockdown Mode is a comprehensive shield designed to prevent the most advanced digital threats by limiting the attack surface that spyware exploits. 

   “Mobile users aren’t alone in this exposure.  App developers are similarly at risk from Apple and Android mobile devices, where sideloading allows their apps to be subject to cloning and other IP theft – security and fiscal issues that current app store structures perpetuate.”

Again, I want to stress that for the overwhelming majority of people who are reading this post, you will likely never get a threat notification. Largely because you will never be targeted by threat actors in this way. But the advice that is given in this post is a great way to reduce your attack surface so that you are safe from this or any sort of threat.

Leave a comment »

Sunbird AKA Nothing Chats Appears to Be Back From The Dead…. Why?

Posted in Commentary with tags on April 7, 2024 by itnerd

You might remember that Nothing who makes some interesting phones came out with an iMessage on Android app called Nothing Chats late last year. That was really an app that was made by company called Sunbird and it was pulled very quickly after launch when it was discovered that it was a security nightmare. Then Sunbird itself was shut down, likely because of the bad press.

Today it seems that Sunbird has risen from the grave:

Sunbird Messaging today announced the relaunch of its beta app. The relaunch is the culmination of comprehensive enhancements to Sunbird’s backend infrastructure following an exhaustive evaluation, a process detailed in a recent update on the company’s website, which can be found here.

And they also take a few shots at Apple over their shutdown of another iMessage on Android app:

Apple’s decision in December to shut down a different unified messaging app brought to light security and privacy concerns stemming from their unauthorized access to iMessage. The app shut down by Apple was reverse engineering the iMessage protocol to disguise itself as a genuine iMessage client, a method that significantly differs from Sunbird’s approach. Instead, Sunbird’s platform provides a bridge between Android and Apple users, enabling secure communication within Apple’s ecosystem.

Beyond differentiating itself from a technical standpoint, Sunbird also addresses broader social and regulatory challenges. The app helps resolve antitrust scrutiny faced by tech giants, creating an inclusive ecosystem that welcomes millions of Android users to the Apple network in a safe and secure way. This expansion not only benefits consumers by breaking down communication barriers but also supports Apple in demonstrating its commitment to interoperability and competition.

In case you’re wondering, that app that they are referring to is Beeper. Here’s a link to catch up on that drama. But in any case, Sunbird put out a technical explanation of what happened with their app and how they fixed it. If you have some time to kill, you can read that here. And the Sunbird app is only available to those on their waitlist which if you really must join it, can be found here. But frankly it’s not worth your time to join this waitlist. I say that because every iMessage on Android solution has been a dumpster fire that Apple shuts down shortly after its launched. And quite honestly, if you’re an Android user, and you really want to use iMessage, my advice to you is to bite the bullet and buy an iPhone. Because even though the US Justice Department is suing Apple for anti trust reasons, buying an iPhone is the only way you’re going to get iMessage. Besides, every single one of these iMessage on Android apps is a security risk to some degree or another. Do you really want to be part of that?

Leave a comment »

You Can Now Submit A Claim In The Canadian “Batterygate” Settlement

Posted in Commentary with tags on April 6, 2024 by itnerd

You can now submit a claim for the Canadian iPhone Power Management Class Action Settlement, if you owned or purchased the following iPhones:

  • iPhone 6
  • iPhone 6 Plus
  • iPhone 6s
  • iPhone 6s Plus
  • iPhone SE
  • iPhone 7
  • iPhone 7 Plus

Running iOS 10.2.1 or later (for iPhone 6, 6 Plus, 6s, 6s Plus, or SE) and/or iOS 11.2 or later (for iPhone 7 or 7 Plus) installed or downloaded, before December 21, 2017. According to the website:

The Claim Form requires each Class Member to provide, among other things, the Class Member’s name, mailing address, iPhone serial number and a declaration under oath by the Class Member stating that (i) their iPhone 6, 6 Plus, 6s, 6s Plus, or SE iPhone ran iOS version 10.2.1 or later (for iPhone 6, 6 Plus, 6s, 6s Plus, and SE) or iOS version 11.2 or later (for iPhone 7 and 7 Plus) before December 21, 2017, and (ii) they experienced diminished performance on that device after the relevant iOS version was installed or downloaded.

If that’s you, you need to visit smartphoneperformancesettlement.ca, click on “submit a claim”, then fill out the information. A confirmation email will be sent to you once it has been submitted. You have until September 2, 2024 to submit a claim. And if you are deemed eligible, you could receive compensation ranging from $17.50 to $150.

Apple denies any wrongdoing as part of this settlement.

Leave a comment »

So There’s An “Unfixable” Bug In Apple Silicon… What Does That Mean For You?

Posted in Commentary with tags on March 26, 2024 by itnerd

Last week ARS Technica published a report of an “unfixable” bug in Apple M series processors. While I do encourage you to read the report, I’ll give you the TL:DR here:

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.

Here’s the translation:  The threat allows someone to extract security keys from these chips, breaking encryption as a result. And it can’t be fixed because doing so will make these insanely fast processors slower. In short, this is really bad. But to be fair, and before those who don’t like Macs and instead support PCs and Windows all the things chime in, Intel and AMD have had their share of similar issues. This one and this one come to mind. While there are mitigations that Apple could take such as trying to shuffle encryption tasks away from the performance cores of M series processors to the efficiency cores of said processors, like I said earlier, this flaw is basically not patchable. It also means that much like when Intel and AMD had issues like these, researchers and threat actors will start poking around M series processors to see if they can find any other flaws.

So, what can you as a Mac user do to protect yourself? Well, other than keeping your software up to date, not much really. Everything that I have read on this doesn’t point to any proof of concept code or any easy to execute attack. So this isn’t a today problem for Mac users at the moment. But that doesn’t mean it won’t become a problem later. Thus you might want to just keep an eye on this to see if new information pops up about this.

Leave a comment »

Someone Is Targeting Apple iCloud Users With A High Effort Attack To Take Over Apple iCloud Accounts

Posted in Commentary with tags on March 25, 2024 by itnerd

A series of targeted attacks designed to hijack iCloud accounts by doing something that causes the user’s device to be inundated with One Time Password requests is apparently making the rounds. The key word is targeted as at the moment it appears that only specific individuals are being targeted with this attack.

The attack goes something like this:

  • You are flooded by password change requests on your various iDevices. The logic by the threat actors is that if they send enough requests, the target might eventually click yes either by accident or because you want to make the prompts stop.
  • If that doesn’t work, the target will get a phone call from “Apple Support” which isn’t really Apple Support. But they will spoof the actual Apple Tech Support number to pretend to be Apple Support.
  • “Apple Support” will then use open source intelligence to present you with information that they are trying to “validate” and then proceed to talk you into accepting a One Time Password request or giving them the One Time Password code. If you do that you’ll have your Apple iCloud account taken over.

One person who was targeted by this attack posted his experience on Twitter. I encourage you to click below to read the whole episode:

To be clear. Apple would never behave in this manner. They would never call you, nor would they ever ask you to hand over a One Time Password code. Or put another way, you should never give anyone that code. EVER. Thus every Apple user needs to be on guard for this attack as today it might be a highly targeted attack. But in the future it could broaden out to anyone which makes it highly dangerous. In the meantime, I wonder what if anything that Apple could do about it. They can’t do anything about a spoofed number, but the attack vector has to be something that perhaps they can do something about.

Leave a comment »

Apple Released Some Updates Last Week Without Telling You What Security Issues They Fix…. Why?

Posted in Commentary with tags on March 24, 2024 by itnerd

On Thursday, Apple released a bunch of updates. Specifically:

  • iOS 17.4.1 and iPadOS 17.4.1
  • iOS 16.7.7 and iPadOS 16.7.7
  • visionOS 1.1.1

And if you look at what the update said, you saw this:

Okay. So this has bug fixes and security updates with the word “important” in this description. That’s interesting. I wonder what the security updates are. Let’s look at Apple’s Security Updates Page to find out:

Under those updates, it says “Details coming soon”. Now Apple has done this before, but this isn’t an everyday occurrence. Thus it’s captured a lot of attention. And it’s resulted in a bunch of emails hitting my inbox asking why Apple wouldn’t release the details of what security issues they’ve fixed in this update. In my mind, there are three reasons why that hasn’t happened:

  • You’ll note that there are no watchOS or macOS updates. One thing that Apple might be doing is that they are waiting for those updates to ship so that whatever security issues that these updates fix aren’t then instantly exploited.
  • Another reason is that Apple wants a critical mass of people to install these updates so that when they release the details it won’t be instantly exploited because it’s that serious.
  • All of the above.

Now in my years of covering tech, I’ve only seen Apple do something like this a handful of times. Thus you need to take this seriously and install the updates for iOS and visionOS ASAP. And then if there are watchOS and macOS updates that ship in the next week. You should install those too. Clearly whatever security issue(s) that these updates fix are serious enough for Apple to take this route. And I’ll also point out that it is entirely possible that Apple may go weeks before releasing the information about whatever these updates fix. But that shouldn’t stop you from going ahead and updating all the things. Security these days should be your top priority so the fact that Apple isn’t speaking to this in public just yet shouldn’t stop you from staying as secure as possible.

UPDATE: It turns out my first thought was the correct one. Apple released macOS 14.4.1 on Monday and the security releases page got updated just after that.

1 Comment »

US Justice Department Sues Apple Accusing It Of Having A Monopoly

Posted in Commentary with tags on March 21, 2024 by itnerd

This has been coming for a while, and I am sure that Apple has been preparing for this day. Which is the day that Apple gets sued by the US Justice Department. Here’s what they’re being sued for:

  • Blocking Innovative Super Apps. Apple has disrupted the growth of apps with broad functionality that would make it easier for consumers to switch between competing smartphone platforms.
  • Suppressing Mobile Cloud Streaming Services. Apple has blocked the development of cloud-streaming apps and services that would allow consumers to enjoy high-quality video games and other cloud-based applications without having to pay for expensive smartphone hardware.
  • Excluding Cross-Platform Messaging Apps. Apple has made the quality of cross-platform messaging worse, less innovative, and less secure for users so that its customers have to keep buying iPhones.
  • Diminishing the Functionality of Non-Apple Smartwatches. Apple has limited the functionality of third-party smartwatches so that users who purchase the Apple Watch face substantial out-of-pocket costs if they do not keep buying iPhones.
  • Limiting Third Party Digital Wallets. Apple has prevented third-party apps from offering tap-to-pay functionality, inhibiting the creation of cross-platform third-party digital wallets.

The thing is that while I am not a lawyer, some of this stuff seems suspect to me. While other stuff on this list is typical Apple. The actual lawsuit that you can read here is 88 pages long. So this will take a while to unpack. In the meantime, I have a comment from Ted Miracco, CEO, Approov:

 “The new DOJ Antitrust lawsuit against Apple alleges that Apple has crossed the line to anti-competitive behavior, locking customers and developers into the iPhone and locking competitors out. The DOJ  states that as a result Apple is now stalling the advancement of the smartphone marketplace – “smothering innovation” according to Lisa Monaco – Dep. Attorney General.

    “Specifically, Apple’s efforts to bundle security with the AppStore marketplace has stifled competition in cybersecurity for mobile apps. This practice reinforces their claims that only Apple can provide security and perpetuates and reinforces the monopoly.

    “Further, this DOJ action is part of a global effort to roll back anti-competitive monopolies on  a global basis. 

    “The Department of Justice, EU and UK are all pursuing antitrust actions against Apple and are all also highlighting that for Apple to think that they alone can provide security for the mobile ecosystem is unrealistic.

    “An important element of the DOJ action is the balance between Apple’s role in setting security standards and the rights of developers to choose independent, potentially more flexible and cost-effective security and payments solutions. 

    “Apple’s stance has drawn scrutiny because developers need more freedom in selecting security and payment solutions that adhere to reputable security standards such as those set by the OWASP Foundation, without being subject to Apple’s “heavy taxes.” Independent security and payments vendors can offer robust protection against a range of threats, aligning with external standards and allowing developers to bypass platform-imposed fees, like Apple’s controversial core technology fee (CTF). The European Commission’s fine and the broader implications of the Digital Markets Act underscore the importance of allowing developers the freedom to implement independent security that can meet or exceed recognized standards.

    “Impacts on Consumers: Apple users may have a false sense of security when it comes to malware and other cyberattacks. The high number of zero-days patched by Apple over the last year is substantial, and indicates that Apple users are attractive targets for advanced threat actors. Because Apple devices are often used by high-profile business users, government officials, and celebrities, the Apple ecosystem is an especially tempting target for attackers interested in stealing sensitive data or disrupting the operations or specific organizations.  It is important for all mobile users to recognize that Apple devices have been targeted by malware and other cyberattacks in the past, and they will continue to be targeted and exploited in the future, as none of these devices or applications is truly hack proof today.”

It will be interesting to see how this plays out as I easily see this fight going on for years and ending up at the Supreme Court. I don’t know who is going to win this fight, but it will be one hell of a fight that you should get your popcorn ready for.

2 Comments »

Mac Users Should Upgrade GarageBand ASAP To Fix A Security Issue

Posted in Commentary with tags on March 17, 2024 by itnerd

If you use a Mac, chances are that you have a copy of GarageBand on it. Whether you use it or not isn’t the point. But if you have it, and you’re running macOS Ventura or Sonoma, you should make sure that you it is updated to 10.4.11 ASAP. Why? It fixes a security issue according to this:

The quickest way to confirm that you have 10.4.11 is to go to the App Store and click on Update to see if it’s been updated. If not, search for GarageBand, and click on Update.

Leave a comment »

Apple’s Plan To Deal With Massimo Is To Win On Appeal Or Let The Clock Run Out

Posted in Commentary with tags on March 13, 2024 by itnerd

I have to admit that when I heard about this, my first thought that Apple was being super crafty here. What I mean by “this” is this report is this one by MacRumors where they talk about how Apple got around the pulse oximetry ban that came about via the patent lawsuit that Masimo brought against Apple:

The original January 12 order from CBP that allowed Apple to bring Apple Watch models with a disabled sensor in the United States was published recently (via ip fray), and it gives some insight into how Apple disabled pulse oximetry. While some of the order is redacted, Apple implemented a fix that turns off pulse oximetry when an Apple Watch is paired to an iPhone. Blood oxygen sensing becomes inaccessible to the user, and opening the blood oxygen app gives a warning that the feature is not available. Apple said that it hardcoded each Apple Watch at the factory with new software.

As part of the process to get approval to sell ‌Apple Watch Series 9‌ and Ultra 2 models without pulse oximetry enabled, Apple had to provide the code disabling the feature and test devices to Masimo. Masimo didn’t want Apple to have such an easy fix, so it paired the “redesigned” Apple Watches with a jailbroken ‌iPhone‌ running an older version of iOS, and was able to get pulse oximetry working.

Masimo tried to argue that activating pulse oximetry through a jailbroken phone meant Apple had not effectively removed the feature and the devices should not be allowed to be imported in to the U.S. Masimo also tried to say that jailbreaking is “permissible, common, and readily known,” but Masimo’s arguments were unsuccessful. The Exclusion Order Enforcement Branch of the U.S. Customs and Border Patrol ultimately decided that disabling pulse oximetry in the ‌Apple Watch Series 9‌ and Ultra 2 was enough to avoid infringing on Masimo patents, allowing those models to be offered for sale at Apple retail stores in the U.S.

Because Masimo was able to get blood oxygen sensing working using software on a jailbroken ‌iPhone‌, Apple too would be able to reactivate the blood oxygen sensor in the models where it has been disabled through a software update. When no longer subject to an import ban, Apple will be able to reintroduce blood oxygen sensing for ‌Apple Watch Series 9‌ and ‌Apple Watch Ultra 2‌ users who are not able to access the feature.

As noted by ip fray, the patents that Apple was found to have infringed on expire in August of 2028, which means that Apple will be able to re-enable pulse oximetry in affected models at that time. Apple filed an appeal with the United States International Trade Commission to attempt to get the ruling overturned, so if the appeal is successful, Apple could be able to re-add blood oxygen sensing sooner.

That’s pretty crafty by Apple seeing as they have no interest in coming to a settlement with Masimo. Likely because everyone and every company that Apple has “Sherlocked” over the years would come out of the woodwork to get paid as well. So that makes letting the clock run out or winning on appeal the best options for the folks at Apple Park. Let’s see how well that works out for them.

Leave a comment »

« Older Entries
Newer Entries »