We discuss what’s new in the latest Apple operating system updates, including security patches and our favorite features. We talk about a change to Apple ID that everyone needs to know about. And we take a special look at the Passwords app, which many users may start seeing for the first time.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Voice Over 0:00
This is the Intego Mac podcast—the voice of Mac security—for Thursday, September 19, 2024. This week’s Intego Mac podcast headlines include: what’s new in the latest Apple operating system updates, including security patches and our favorite features. We need to talk about a change to Apple ID that everyone needs to know about. And we take a special look at the Passwords app, which many users may start seeing for the first time. Now, here are the hosts of the Intego Mac Podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s. Chief Security Analyst, Josh Long.
Kirk McElhearn 0:43
Good morning. Josh, how are you today?
Josh Long 0:46
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:47
I’m doing okay. How much money did you spend last Friday?
Josh Long 0:52
Um, I spent enough to buy an iPhone 16 Pro with 256 gigs, obviously. Because why would you get any less than that?
Kirk McElhearn 1:00
Because you don’t need it. My current iPhone 14 Pro has 128 and it’s still got about 40 gigs left, but that’s because I don’t put a lot of stuff on. It’s just way I am. I ordered the Pro Max and we were talking before we started recording that you don’t like to have to reach up so much with your thumb on the Pro Max. So you take the smaller Pro size. Me… It’s kind of a question of my eyes getting worse with age, and I like to have a little bit more on the display. And I’m kind of the idea of an Apple phablet is really kind of interesting. Remember when they used to talk about “phablets”, back in the day? 10 years ago, it was a big thing in Android, and Apple didn’t have anything like that. And I’m embracing the Apple phablet.
Josh Long 1:41
Yeah, phablet stood for it was kind of a hybrid phone tablet, right? So it’s kind of a portmanteau of those two words, but I, I don’t know it’s one of those things that for some people, it’s great, and for the use cases that you described, especially like if, if you feel like you need it for vision reasons. Okay, yeah, I totally get that. See, I’m the kind of person who I never wanted, like a mini phone. Like I wasn’t like the kind of person who ran out to get, like the iPhone 13 Mini or anything like that, which, by the way, did not apparently sell very well because Apple’s well, not making mini phones anymore, so that kind of tells you all you need to know there, but there was a definitely a niche market for it, but I’ve always been the kind of person who just wants, like, a standard size phone, and the standard size has been getting bigger and bigger. It’s been creeping up over time, like I had an iPhone four back in the day, and you could very easily hold it in one hand and reach my I could reach my thumb from one corner to the other. And now it’s very difficult to do that. I can’t comfortably do that holding my current iPhone 14 Pro, and then the 16 Pro is a little bit bigger, I believe, so it’s going to be just a tiny bit harder for me to do that. And I don’t know, I’m I don’t want to move to the max. I’m not going to go to the extreme, but at the same time, I still like a little bit smaller model to put in my pocket. It just fits better.
Kirk McElhearn 3:15
Well, one thing has changed. It’s not just that the screen is bigger and the entire iPhone is bigger, but the aspect ratio has gotten taller over the years, so even if they took an iPhone four and made it bigger, it wouldn’t be as tall as the current iPhone 16. We’ll know in so recording this on Wednesday. People will be listening on Thursday. Should get this Friday morning. For me, I don’t know what time you usually get yours. Deliveries here are often late morning, so I’ll have time to set up my iPhone and my watch on Friday, as will you, and next week, we’ll be able to talk about these wonderfully exciting new devices. Public service announcement, the term Apple ID has been changed to Apple Account. Apple started doing this in the betas of the current operating systems back in June or July, and they have made the change officially on the Apple website. So if you used to go to the Apple ID website, which was Apple id.Apple.com, this will redirect to account.Apple.com, with a little banner on top explaining same great Apple Account, just a new name.
Josh Long 4:18
Right now, if you still have an older operating system. I guess you may still see the term Apple ID, especially in places like the System Settings app, but everywhere else, in any Apple website and any future Apple products, you’re gonna see Apple Account now.
Kirk McElhearn 4:34
Okay, so we have new operating systems. Are we excited?
Josh Long 4:38
Well, there’s a lot to say from the security perspective, right? We did get a bunch of new features, too, and so, yeah, I mean, you know, some of the features are nice, there’s not really a whole lot yet.
Kirk McElhearn 4:51
We did get a bunch of new features, but Apple’s been advertising some features that we don’t have yet and that we won’t get for at least a month, if not more, right?
Josh Long 4:58
Yeah. That that kind of bothers me a little bit. So we’ve, we’ve talked before about Apple Intelligence and how most users just won’t get it, at least iPhone users, especially because you have to have a 15 Pro or Pro Max or newer iPhone in order to get all the Apple Intelligence features. But beyond that, oh, and by the way, of course, if you’re still on an Intel Mac, also no Apple Intelligence features for you. However, the other thing that’s important to recognize here is that we don’t get them. Even if you have a new enough device to support Apple Intelligence, you’re not getting any Apple Intelligence features yet. The first wave it’s and it’s going to roll out in waves. Is next month. We assume that in October, we’re going to get the point one release that’s going to contain the first wave of Apple Intelligence features. And then at some point after that, we’ll get some more and some more after that, and we might still be getting features into next spring and possibly beyond that. You know, we’ll have to wait and see, but we know that some of these features that Apple is announcing and even showing in advertisements that they’re currently airing, we don’t have these features yet, which is kind of weird and a little feels a little disingenuous to me.
Kirk McElhearn 6:17
The fact that they’re advertising the new iPhone based on these features, and people will get the iPhone and not get these features. This kind of smells like a class action suit, if you think about it.
Josh Long 6:26
Yeah. Well, I mean, to be fair again, some of these features are coming next month, and maybe I haven’t looked closely at these ads, maybe there’s a little tiny footnote that says these, some of these features are coming soon, but you know, it’s still these are the main features of their advertising for these phones, and it’s kind of weird that they’re not ready to go at launch.
Kirk McElhearn 6:45
It’s almost as though Apple Intelligence is an operating system and it’s grafted onto the other operating systems, and it’ll be its own unit of stuff as it goes forward. And we’re getting the first iteration of it now, and we’ll get more, as you say, over time. One thing you can see, I’m running macOS Sequoia 15.1 on my iMac right now, and so that’s the version that will get Apple Intelligence. If I go to settings, general storage, and I click on macOS, it tells me that Apple Intelligence takes up 4.91 gigabytes. It’s treating it as though it’s an application or something, whereas, and this is out of a total of 22.46 gigabytes for macOS, so it’s treating it separately, I guess, as a way to say, if you want to save space and you don’t use Apple Intelligence, you can turn it off, and maybe this will delete it.
Josh Long 7:38
Could be. I’m not sure yet, so I haven’t really I’ve tried using the beta, but I’ve tried using it in UTM, which is a virtualization app, so it lets you run an operating system within your operating system, and unfortunately, Apple Intelligence doesn’t work with that. Even the latest beta of macOS Sequoia still does not let you sign into your Apple Account within the beta operating system with if it’s inside of a virtual machine. So in other words, the only way for me to test these features is if I were to install it in a separate apfs container. Now we’re getting really technical here, but this is a different way to install the operating system, where I could dual boot if I wanted to. So I could have the regular macOS Sequoia on one side and the beta 15.1 on the other side if I wanted to reboot into that. I haven’t really been interested enough to do that or to replace my main operating system with it, so I haven’t really gotten to play around with the any of the new features, even in beta on macOS yet.
Kirk McElhearn 8:47
Okay, so new operating systems mean security updates, lots of security updates, more than 70 CVEs, which is Common Vulnerabilities and Exposures, a way of classifying vulnerabilities, 35 additional recognitions, and going back to previous operating systems, because they did issue updates for macOS Sonoma and macOS Ventura, we’ve got 33 and 40 CVS. Obviously, the iOS and iPadOS contain a whole lot of CVEs. They also released an update for the iOS and iPadOS 17.7 operating systems, which, as Josh is going to explain, is a little bit problematic. The way that Apple is offering to provide security updates for this older operating system, given Apple’s experience in this area, we’ll see what happens.
Josh Long 9:32
All right, I’ll start with that last point, just to make sure that I don’t forget to get back to that. So going back a few years, I think this started when iOS 15 came out, Apple said, in fact, they announced on their website, and continued to leave this up on their website for an entire year until iOS 16 came out. They said that if you stayed on iOS 14, that it would continue to get secure. Updates for a period of time. And that sounded really great. The only thing is that period of time actually was 36 days. So and Apple continued to make this claim for an entire year, when they really only continued to release iOS 14 updates for 36 days after iOS 15 came out. Very awkward, very weird, but Apple’s still kind of been doing the same thing ever since then, where they release the new point. Oh, and then they also release a patch for the previous one. The other thing that’s really awkward about this is that if you haven’t updated yet this week, now, these updates just came out on Monday, and so if you haven’t gotten a push notification about these updates yet, and you go into your settings in general and check for software updates, the thing that you’ll notice first is that if on your iPhone, for example, it’ll prompt you to upgrade to iOS 17.7 and then there’s a section below that, that says, also available, and that’s where you can go if you want to get iOS 18.0 this is very awkward, because it means that Apple’s encouraging people to upgrade to a minor update just to get, I Guess, really, some security updates. But if they’re doing that, then why not go all the way to eight point 18.0 because again, the difference is pretty significant here. IOS 18.0 has 33 named or numbered vulnerabilities. These are CVEs like Kirk was just talking about, plus there’s 20 or more additional recognitions, I say or more, because they kind of list a number of researchers together. So it doesn’t it’s not really clear how many separate other issues were fixed that don’t get a CVE number, because it may be that multiple researchers work together and reported something to Apple. So we know that there are at least 20 additional recognitions. So you could count that as like 53 or more vulnerabilities that got patched in iOS 18. Now with 17.7 there’s 16 CVEs and zero additional recognitions. So let’s see 53, or 16. Which do I want to go with? I would rather have the one that has all the patches. Why wouldn’t I want that? It’s kind of weird that Apple’s like encouraging people to go to a less secure operating system rather than just installing the main new update. Like, what is even the point of still offering a 17.7 just tell people to go to 18. I would understand if 17 were only available for a subset of the number of iPhones that can upgrade to iOS 18, but literally, every single iPhone model that could get iOS 17 can upgrade to 18. So why even have a 17.7 right?
Kirk McElhearn 12:59
The compatibility lists match, and it’s interesting. On Twitter, you pointed out, I think Apple had tweeted something about iOS 18 is out. Check your iPhones compatibility. And you tweeted, they’re actually all compatible. If they were compatible with iOS 17, they’re all compatible with iOS 18. We speculated when they did this, was it iOS 14 and 15? We speculated that they did this for the enterprise market, where businesses might not want to update all their iPhones and have the option to remain on an older operating system for compatibility with software, multi device management tools, etc. But if that were the case, they would have done it every year.
Josh Long 13:37
Yeah. And I always felt like, even though we said that that was a possibility. I always felt like that was kind of a flimsy bit of logic. Like most mobile device management solutions are going to add Day Zero support, at least any good ones, right? The ones that are available for Apple products. Apple does release betas months in advance of releasing the new operating system. So it’s really easy. Well, I shouldn’t say it’s really easy, but I would say any developer that’s focused on Apple has the opportunity, and if they have a large enough team that they can reasonably make those changes in the couple of months that Apple gives people between beta release and main operating system release, it’s it’s pretty possible for most developers to be have day one support for a new operating system, including for mobile device management solutions. And really, to be fair, there’s not that much under the hood that changes, most of the time, from one iOS version to the next in terms of, like, app compatibility, like, most likely your apps for iOS, 14 are probably going to run on 1517, are probably going to run on 18, etc.
Kirk McElhearn 14:51
Okay, we’re going to take a break. When we come back, we’ll talk a little bit more about these security updates, and then Josh is going to rant about his Apple Watch Series 5.
Voice Over 15:02
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 16:18
Okay, we mentioned that all the iPhones that could run iOS 17 can run iOS 18, but not all Macs that could run macOS Sonoma can update to macOS Sequoia.
Josh Long 16:28
That’s right, almost all, but not all. There were two Mac models that got dropped from being able to upgrade to macOS Sequoia, and that was the 2018 and 2019, MacBook Air. So if you have either one of those models, you’re currently stuck with macOS Sonoma. So that would be a scenario where it would make sense for you to upgrade to macOS Sonoma 14.7 because you have no option to upgrade to macOS Sequoia, aka macOS 15.0 it’s only those two models. So everything else that could run an earlier version of macOS Sonoma, any version of macOS Sonoma, you can upgrade to macOS Sequoia, except for those two models. So that’s a good thing again. Kirk mentioned this before, that there are more than 70 CVEs patched in macOS Sequoia. So as of the current count, it looks like 79 CVEs Now very often, Apple will go and revise that report later, and they’ll add some additional things that, oh yeah, we also patched this. We didn’t want to say anything about it yet because maybe for whatever reason, it wasn’t patched across all the operating systems, and so they were kind of holding on to some information. But as as of right now, it looks like 79 CVEs and 35 plus additional recognitions. So that’s a pretty big number. That puts us well over 110 and maybe somewhere beyond that even that’s a lot of patches all in macOS Sequoia, so there’s a lot of security updates. It’s really important, I would say, to upgrade to macOS Sequoia if you can, as long as you don’t have one of those two models of MacBook Air. One other really nice thing that I wanted to point out here this this came as a real, really big surprise. So I had just recently updated our article on the Mac security blog about how you can upgrade to macOS Sonoma or even Sequoia on an older Mac that Apple doesn’t support for the latest operating system. And even as of just a few days ago, really as of Friday, it looked like we weren’t going to get an updated version of OpenCore legacy patcher. This is the app that lets you install the latest version of macOS on much older hardware. It looks like the new version of that wasn’t going to come until winter, they were saying. And then they surprised everyone and released open core legacy patcher, 2.0 point oh on Saturday, two days before the new macOS Sequoia just came out, and it includes support for all Macs that it was compatible with, from my 2007 mid 2007 iMac, which has to have a CPU upgrade, which mine, of course, does all the way to everything up to and including the Macs that were cut off from macOS Sonoma. So the only two models that are not yet supported for opencore legacy patcher are, unfortunately, those two models of MacBook Air. So right now you really are stuck with macOS Sonoma. You cannot even with a third party patcher. As of right now, you can’t upgrade to macOS Sequoia. No matter what you do, you’re just out of luck.
Kirk McElhearn 19:54
Okay, so you currently have an Apple Watch Series 5, and you’ve ordered an Apple Watch Series 10, but you are in purgatory. Because the Apple Watch Series 5 cannot run watchOS 11 and get security updates, so you are at risk on your wrist until you get your new Apple Watch on Friday.
Josh Long 20:13
That’s right, yeah, this is not the biggest deal in the world, but you know, I care about these sort of things.
Kirk McElhearn 20:20
Well, it’s a whole four days that you’re stuck without security updates. That’s four days that, you know, that’s more than half a week. Josh.
Josh Long 20:28
By the way, none of these operating systems as of right now, looking at the release notes for these, Apple doesn’t say that any of these vulnerabilities, these 100 plus vulnerabilities, even in Sequoia, none of these were exploited in the wild. Apple hasn’t, hasn’t said that about any of these vulnerabilities. So at least from that perspective, I’m not super worried that someone’s gonna hack my watch in the next couple of days before I get the new model in the mail. So it’s, it’s not the end of the world from that perspective, but it is a little bit frustrating that Apple didn’t release a watch OS 10 update. So unfortunately, my watch happens to be one of the models that got cut off this year. I think, if I’m not mistaken, there was a Series 4, Series 5, and also the SE first gen. All three of those Apple Watches got cut off this year from being able to upgrade to watch OS 11. So if you have one of those models, make sure that you either get a new watch. If you care about security updates on your wrist. Some people don’t. I don’t know. I feel like if I’m going to run with one of these devices that gets iMessages and other things, I would really rather have a device that’s fully patched. So I prefer to keep all of my devices up to date if I can. So that’s why, for me, it’s important to upgrade. And so I am getting a Series 10 this week.
Kirk McElhearn 21:50
Okay, we wanted to take a close look at the new Passwords app in the operating systems, in iOS 18, iPad, os 18 and macOS Sequoia, because this new app has put passwords in front of people. Our producer Doug was saying that after he updated his phone, there was the Passwords app icon on his home screen. Now most people probably didn’t even know or didn’t pay attention to the fact that there was password stored in the Settings app on the Mac this goes back a long way to an app called Keychain Access. It’s been around since the late 1980s it’s actually quite old, but bringing this app forward to highlight the importance of passwords is really quite a big deal. Now, when you look at the Passwords app, it’s not that different from the way it looked last year inside the settings, but the difference here is it’s a standalone app, and it’s going to make people realize how much more important passwords are than they might think. If you listen to this podcast, you know passwords are important. You know you don’t put a password 123456, we’ve always recommended password managers and Apple’s Passwords app and password managers what they’re calling iCloud passwords and keychain. There’s a fine Passwords app if you’re in the Apple ecosystem. If not, then you have problems, right? If you’re using, let’s say, a Mac and an Android phone, that’s different, and you might need another password manager. But what’s really important is that you get into the habit of using the Passwords app to generate new passwords, checking the Passwords app for anything that may have a security warning, because the Passwords app looks at credentials, so username and password combinations that have been leaked in data breaches, and it can tell you if it’s been in the data breach, give you a link to go to a website and change the password. And all of this syncs through iCloud to all of your devices. Now, it doesn’t go on the Apple Watch yet, and kind of surprised that Apple doesn’t have an option for some sort of Passwords app on the Apple Watch. And I’ll tell you why, because when you need a two factor authentication code to log into a website, it would be really good if you could get it on your watch. I do this with one password for certain websites, but iPhone, iPad, Mac, all your passwords synced, secure, encrypted, it comes up with passwords you could never come up with. And, I mean, everyone should use it.
Josh Long 24:10
Yeah, I think it’s great if you haven’t been using a password manager already, and you’ve just been, unfortunately, maybe reusing the same password across like, multiple websites. This is a great alternative, like, really, it’s it’s a lot better than not using a password manager at all. For sure, you’re going to have access to it, not only on all of your, you know, iPhone, iPad and Mac devices, but you can also even get the equivalent of this app. It’s not called passwords, but you do get an iCloud app on Windows, even that will allow you to see all of the passwords that you’ve saved to your iCloud passwords. So this is this is good. It’s a really nice thing. I would love to see an Android app. I don’t know whether Apples have. Going to do that just because, you know, Apple doesn’t really like Android. They do have a move to iPhone app available for Android, and they and a couple of other apps, but, you know, Apple, for the most part, I think probably wants to avoid putting a password manager on Android, just because I’m sure that Apple feels like Android is more vulnerable, more susceptible to malware, and so maybe we just avoid putting our password manager over there.
Kirk McElhearn 25:27
It’s also worth pointing out that a number of web browsers can store passwords, can sync them across devices, Chrome and Edge do this. I think Firefox does it also. Apple has a couple of browser extensions for Chrome and Edge, specifically for Windows users. But when I was doing some research for updating this article, the reviews of these extensions are not very positive, so I wouldn’t depend on using this in Chrome or edge, if these are the browsers you use, however, you can copy your username and password from iCloud for Windows, paste it into Chrome or edge, which will then sync to other Chrome or edge. I mean, it gets a little bit confusing like that. I’m sure you can trust Chrome and edge to also encrypt the passwords and sync them, you know, safely. I wouldn’t worry too much about that. But it doesn’t look like these extensions are ideal.
Josh Long 26:15
By the way. Just our usual reminder about extensions, we wrote an article not too long ago about how Chrome extensions, and when we say Chrome, we’re really talking about all chromium based browsers. So that includes Edge and Brave and Vivaldi and Opera and others. You should be careful about using extensions. I would say it’s really important to make sure that if you are going to use extensions, they come from a developer you know you can trust, because there have been a lot of problems with not only malicious extensions getting into the official stores, but also in some cases, some of the extensions that are there have known vulnerabilities that have been sitting there for years, and a lot of extensions just rarely get updates. And so that’s kind of problematic, too. So if you are going to use an extension, yeah, I would say Apple’s one of the extensions you could trust. But be very careful about installing any other extensions. If you haven’t reviewed what extensions you have installed in your browser for a while, it’s a it’s a good idea to go in there and take a look and at what you’ve got installed and probably disable most of them, if you’re not really using them actively.
Kirk McElhearn 27:22
Okay, there’s an interesting bug that was reported today iOS 18 bug and Messages caused repeated app crash. Fix can require data loss. Every once in a while, there’s something in Messages where if you type certain characters, it crashes the app. I don’t know why. This is specific to Messages. In this case, the problem occurs when someone shares an Apple watch face. So if you’re in the Watch app on your phone, there’s a Share button for an Apple watch face, and you can share a face with someone which will allow them to use a face you’ve designed. So the particular colors, the particular complications, etc, if someone shares a watch face with you in Messages and you respond to them, then apparently everything crashes. And the only way to resolve this, if you’re lucky, is to delete the conversation. But apparently, if you have Messages in iCloud turned on, this might not even be possible. I don’t know what to think about this sort of thing. They’ve got to test this. They must have tested this before it was released. Although, you know, I’ve been involved in testing software, and there are so many little things that can happen that Do you have a list of every single thing you have to test and every button you have to tap and everything you have to try? But why does this happen in Messages? I don’t want to say often, but we’ve had several cases where particular characters or character combinations can crash Messages?
Josh Long 28:41
Well, there’s a lot of different things that Messages has to be able to process right now. There is a solution for all of this. You could make sure that you never really have hardly any of these kind of problems. You know how to do that.
Kirk McElhearn 28:53
Don’t use Messages?
Josh Long 28:56
Well, you can’t really avoid that (Use an Android phone?) No, no, no. So I’ll give you a hint. My device doesn’t have this particular vulnerability. Why is my device different?
Kirk McElhearn 29:08
Because you’re using Lockdown Mode (Exactly.) which turns off previews in Messages.
Josh Long 29:13
That’s right. So if somebody were to send me a watch face, I just wouldn’t get it. It would just show up as like a generic document icon and and I wouldn’t be able to see it at all the same thing if somebody sends me a PDF. Now, this does get really annoying, which is why I think most people probably don’t want to use lockdown mode. But if you really, really want that extra layer of security, and you don’t mind the annoyances that come along with it, lockdown mode is pretty nice. I’m just saying.
Kirk McElhearn 29:39
Okay, that’s enough for this week. Next week, next week, we’re going to be able to talk about our new iPhones and Apple watches. I think we’ve ordered the same Apple Watch Model, and the difference in the iPhone is that you got the small one and I got the phablet. Until next week. Josh, stay secure.
Josh Long 29:52
All right, stay secure.
Voice Over 29:55
Thanks for listening to the Intego Mac podcast. The voice of Mac security with your host, Kirk McElhearn and Josh long to get every weekly episode. Be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review, links to topics and information mentioned in the podcast can be found in the show notes for the episode@podcast.intego.com the Intego website is also where to find details on the full line of Intego security and utility software intego.com.