The Mac Security Blog

Intego Mac Security Podcast

Glowtime, Apple Account, and Telegram – Intego Mac Podcast Episode 359

Posted on by

Apple announces the date of their September iPhone event. You should be aware that Apple ID is going to be called something different when Apple’s new operating systems arrive. Some changes are also coming to Apple Care, and we have the details. And as usual, there’s new Stealer malware to talk about this week.

  • Apple Event – It’s Glowtime
  • Apple Lays Off Around 100 Services Staff Across Apple Books and News
  • AppleCare+ just got an extension period for updating your plan — what you need to know
  • MP3Concept
  • Telegram messaging app CEO Durov arrested in France
  • Is Telegram really an encrypted messaging app?
  • Signal Is More Than Encrypted Messaging. Under Meredith Whittaker, It’s Out to Prove Surveillance Capitalism Wrong
  • Google Chrome browser patches 9th and 10th zero-days of 2024
  • Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
  • How to Install Apple Beta Software for macOS Sequoia, iOS 18, iPadOS 18, watchOS 11, and tvOS 11
  • How to update Chromium-based web browsers

    • If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.

    Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.

    Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.

    Transcript of Intego Mac Podcast episode 359

    Voice Over 0:00
    This is the Intego Mac podcast—the voice of Mac security—for Thursday, August 29 2024. This week’s Intego Mac podcast headlines include: Apple announces the date of their September iPhone event. You should be aware that Apple ID is going to be called something different when Apple’s new operating systems arrive. Some changes are also coming to Apple Care, and we have the details. And as usual, there’s new Stealer malware to talk about this week. Now here are the hosts of the Intego Mac podcast, veteran Mac journalist, Kirk McElhearn and Intego’s chief security analyst, Josh Long.

    Kirk McElhearn 0:45
    Good morning. Josh, how are you today?

    Josh Long 0:48
    I’m doing well. How are you, Kirk,

    Apple’s September iPhone Event slated for September 9, 2024

    Kirk McElhearn 0:50
    I am so excited, because in 10 days, on September 9, it’s glow time.

    Josh Long 0:57
    That’s right. Yeah, we’ve got the official announcement hit this week about when we’re getting our iPhone reveal Apple event, and we know it’s iPhones because, well, Apple always does that this time of the year, chances are we’ll probably also find out exactly what date we will get the new iOS and macOS releases. So that’s iOS 18, iPadOS 18, and also macOS Sequoia that are coming out this year. So pretty soon we’re gonna have dates on those.

    Kirk McElhearn 1:29
    It’s not just the iPhone, it’s also the Apple Watch, and there could be something else. So you were saying just before we started recording, you figured out right away what glow time? And I didn’t It’s glow time. What are they talking about? Oh, it’s showtime glowing like the Siri that glows around the screen and on the screen with Apple intelligence. I guess that’s what it is. People try to read too much into these things.

    Josh Long 1:52
    Or alternatively, it’s go time like all right, now’s the time?

    Kirk McElhearn 1:56
    Ah, see, I didn’t pick that up at all. Or maybe it’s slow time. Time’s going to slow down because it’s going to be a two hour Apple event. Oh my goodness. Anyway, it’s September 9, which is a Monday, and Apple doesn’t often do these on Monday. Some people have suggested it could be because there might be a presidential debate on Tuesday, and Apple wants to own the news cycle for 24 hours with all the free publicity they get. But as you said, it’s iOS and iPadOS and macOS and watchOS and HomepodOS and TVOS. And you were also saying you’re wondering if they’re going to mention the Vision Pro and Apple intelligence, because Apple hasn’t said anything about it. I’m actually curious about whether the Apple Watch or the HomePod will be involved in Apple intelligence, because could they work as a kind of intermediary, like if you ask something to your watch, it sends it off to your phone that does the processing, which then sends it back to you.

    Josh Long 2:53
    Yeah, I think that’s actually a really good point. And in fact, Vision Pro might actually do the same thing, even though Vision Pro has an m2 chip, Apple intelligence features are going to be a little bit of a drain on the battery, and there’s already kind of battery life issues, arguably, with Vision Pro, unless you are next to an outlet and you just leave it plugged in all day long, which probably most people are not doing, I don’t know if you want to have an additional battery drain, and that is probably why Apple hasn’t said anything to date about whether we’re getting any Apple intelligence features on Vision Pro. But that’s actually a really good point. If you’ve got a new enough iPhone that it gets Apple intelligence, then what about all these other devices that are in that same ecosystem? What about your watch? Obviously, your watch is not going to run Apple intelligence itself, but maybe it can tie into your phone and tap into it that way. Great idea. Also about the HomePod. I also saw some speculation maybe a few weeks ago. Someone was talking about the idea of, you know, maybe this is time for Apple to update the HomePod too. Because, like, how are we supposed to get Apple intelligence features on this device that doesn’t have that the right kind of processor. So maybe Apple will do something like that. I’m very curious to see what Apple does. There’s definitely speculation that we’re going to get something related to Vision Pro. I don’t think we’re anywhere close to Apple announcing a new Vision Pro or anything like that. This is not the right time or event for that. This is the iPhone event and the Apple Watch event, okay?

    Layoffs at Apple in the Services department

    Kirk McElhearn 4:25
    Apple laid off about 100 people who work with Apple Books and Apple News. And this is kind of interesting, because we just had an apple earnings report recently. The services that Apple sells, subscription services, things they sell. It’s about 22% of Apple sales, which is huge. It’s an increase from, according to Macros, 10% a decade ago. And so these are services in Apple services department, right? Apple Books, they sell eBooks and they sell audio Books. And Apple News, which we talked about last week, about how bad it is with terrible ads, does have a Apple News Plus subscription? Yeah, it’s kind of interesting. I don’t know how many 100 employees represent for products like that, for services like that, you can’t expect that they need 1000s of people to run Apple Books, right?

    Josh Long 5:09
    Well, that’s a good point. And before we started recording, we were talking about Taboola and how Apple is now using them for ads. And so maybe these people were something to do with, like ads, and now they’re just offloading that to another company. Could be the other thing, by the way, this is purely coincidental, but kind of interesting timing. At least there was another services outage briefly for, I think, a few hours for a couple of Apple services, I think, yesterday, as of when we’re recording this. And it’s interesting that that happened to coincide, kind of with the announcement of Apple laying off some of its services employees.

    Apple ID to be renamed to Apple Account

    Kirk McElhearn 5:49
    And these outages affected Apple Books and Apple News, among others. It could have been a degruntled employee who turned off a server someplace, but you never know. You never know. So I think we mentioned a month or two ago that people had discovered in code of the new operating systems that Apple was going to use the words Apple Account instead of Apple ID. And I spotted this in an invoice that I got yesterday, well, an email receipt for my iCloud storage that it now says Apple Account, the previous one I had from the third of August for a movie I rented, said Apple ID. So Apple has made this change. Now, it’s not like it’s a big change, but the idea of an Apple ID will no longer exist. In some ways, it makes sense. You don’t have an email id, you have an email account, right? You don’t have an Amazon ID, you have an Amazon account. When Apple introduced this, this was pretty early on in terms of online commerce and bundling of services, which it did with iTunes and other services that they were producing back then. So you will notice the term Apple Account. The problem with this on a Mac is that there are multiple user accounts. Now I don’t think people will get confused by this, but your Apple Account is the one which I noticed this morning, signing into the beta of macOS Sequoia on my MacBook Air. I had to sign into Apple media services. This was in a dialog on the Mac. Now, if you look on the iPhone, you’ll notice it just says iTunes Store and app store or something like that. It doesn’t talk about media services, so I think they’re just rationalizing these terms. And in some ways, this could also, you know, most people don’t realize that Apple is present in countries around the world with hundreds of languages, and it kind of makes more sense to use the word account for something like this than to use ID.

    Josh Long 7:38
    I’ve always thought that Id sounds like, you know, identification card, right? Like you flash your ID card, like your student ID card, yeah, your student ID or whatever. So it feels kind of weird to think about when you like, I’m so used to the term Apple ID. It’s just kind of obvious to me. But now that I think about it, if I kind of take a step back from it and look at it from another perspective, I’m like, I actually kind of, I’m not really sure why they went with Apple ID in the first place. An Apple Account does seem to make more sense.

    Changes coming to Apple Care

    Kirk McElhearn 8:10
    There’s something else that I don’t know. If you’ve noticed I mentioned last week I’ve got a trial subscription to Apple News plus, and at the top right of the Apple News screen, there is a little circular logo with the Apple News icon, and around it, it says subscriber edition. And you also see that now when you look at your iCloud settings, if you have an iCloud Plus subscription, it is a subscriber edition. So it looks like they’re rolling this out among different services. I haven’t seen it in Apple Music. I haven’t seen it in Apple TV plus. Apple TV plus yet, but it’s a standardized icon that looks like they want to. It’s kind of like a badge to make it look like a check mark on Twitter or something right, to make it look better than a normal edition. One more bit of apple information. I think it was a year or year and a half ago, Apple started allowing people to extend their Apple Care Plus. So, for example, my m1 iMac that I promised I would keep for five years is now over three years old. I bought three years of Apple Care Plus, and I was able to extend it in June for another year. When I contacted Apple about this, they said you have 30 days from its expiration to renew it. They’ve extended that to 45 days now. 15 days isn’t a lot, but I guess it’s the time to remind people more and more, because 22% of Apple’s income comes from services, and Apple Care Plus is one of those services that makes a lot of money. So if you do have an Apple Care Plus plan on any of your devices and you want to extend it, you can do so, presumably, after 44 days you can extend it. And I don’t know if that means you get 44 days for free or whatever, but it might be a good idea to look at your device and see if it’s useful to extend it. If you have an iPhone and Apple Care Plus, from what I understand, no matter how old it. As long as you have Apple Care, plus, they’ll replace your battery when it gets below 80% battery health. So if you’re at the end of your two year period of Apple Care, plus, on your iPhone, it’s about 82% good idea to renew it to get a free battery replacement. I get AppleCare plus for my work computers, because I can’t afford to have them go wrong. I get them for my iPhone because iPhone carried around all the time. I don’t really buy it for anything else, but I like the idea that you’re able to extend it now. So someone who buys Apple Care Plus for an iPhone to have protection in case they drop it and break the screen. You can extend that for a third, maybe even a fourth year. If you want to keep the iPhone longer.

    Josh Long 10:41
    It’s probably not a not a bad idea if you’re the kind of person who wants to keep your device as long as possible, if you’re not trading in every year or every two years, even this could be a good option for you. Even if you have a device that doesn’t have a battery, like the iMac, for example, it might still be a good idea to renew it, just like insurance, to give you a little bit of extra time in case your device breaks during that next period.

    Kirk McElhearn 11:04
    And you can renew your Apple Care, plus on a monthly instead of an annual basis, if you’ve taken it out on a monthly basis, right? So when you buy a device, you can either pay up front for two years or three years, or you can pay monthly. It’s a little bit more to pay monthly, but when you get to the end, you can renew monthly. So maybe you want to keep your phone three or four months and then sell it. You’ll pay the Apple Care Plus for three or four months, and that’s a lot easier than getting refunded for your Apple Care that you haven’t used. You didn’t know that you can get refunded for unused Apple Care? Did you? If you have bought, say, an iPhone, and you’ve got two years AppleCare and you sell it after a year, you contact Apple, they’ll refund you the half of the Apple Care, minus a small fee, so you maybe get three quarters of what was left. So if you do add an additional year on a Mac or an iPhone and sell it after a few months, you can still get a refund on the Apple Care, or the Apple Care can transfer it to the new owner, because the applicant is linked to the device, not to the owner.

    Josh Long 12:03
    That’s what I was just gonna say, yeah, you can use that as a selling point if you’re gonna resell the device yourself on eBay or something.

    Kirk McElhearn 12:10
    Speaking of trading in, next week, we’ll discuss how you can trade in your iPhone and where you can get the best amount of money for it. Because if you have an iPhone, it’s the time to consider whether you want an iPhone 16 or not, you’re getting an iPhone 16, aren’t you? Josh.

    Josh Long 12:23
    I think I’m getting a 16 Pro, yeah, for the Apple Intelligence features. I’m not super happy about it.

    Kirk McElhearn 12:29
    You’re so excited about this.

    Josh Long 12:33
    Well, you know what? Because my 14 Pro is finally just going to be paid off, and now I’m going to start a new payment plan for a 16 Pro and also an Apple Watch Series 10 at the same time, because now my watch is so old that it’s not going to get watch OS updates anymore. So I’m like, Ah, man, like all this at once.

    Kirk McElhearn 12:49
    Okay, so next week, I’ll explain to you how to trade in your iPhone to get a lot of money for it. You won’t get much for Apple Watch, since it’s, you know, archaic. But this is what happens when the year comes around, when you update multiple devices, we’re going to take a break, and when we come back, when we come back, we’re going to talk about some malware with funny names that are hard to pronounce.

    Voice Over 13:07
    Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.

    What is CthulhuStealer and ToDoSwift?

    Kirk McElhearn 14:23
    Okay, we’ve got malware with funny names that are hard to pronounce this week. And the first one is, now, I always pronounce this Cthulhu, the HP Lovecraft thing. Josh says it’s Cthulhu.

    Josh Long 14:35
    Yeah. And Cthulhu, well, we were loose and we were looking this up, and apparently neither one of those is actually official HP Lovecraft pronunciation, but in any case, so this mythological creature, right? Okay, so that kind of looks like an octopus kind of thing. Anyway, CthulhuStealer is some malware that actually is kind of old. It was around in like February through April. This was a copycat of Amos the atomic MacOS stealer. But for whatever reason, some random company wrote a blog post about it, and it got picked up in some Apple News sites. And so if you happen to see some news about CthulhuStealer, just know that, yes, this is old Stealer malware, and we’ve actually been detecting this for quite some time already. So not something you need to worry about. If you did download it way back in February through April, it was disguising itself at the time as a Grand Theft Auto game or maybe some Adobe software. But again, it was a long time ago, so don’t worry too much about CthulhuStealer.

    Kirk McElhearn 15:42
    We were discussing before the show how that pretty much every episode we talk about a new steel or malware, and we don’t want people to get numb to think that, okay, another steel or malware. It’s like another flash player malware, and we’re not going to go into much detail about them in the future, unless they do something really interesting. Because that’s the malware today. It’s, it’s Stealers, is because that’s what malware is doing. It Stealers, but, but not every malware is steel where we have something that is either called according to Josh TodoSwift, or according to me, TodoSwift, and it’s like it the malware isn’t a PDF. That’s kind of interesting, right?

    Josh Long 16:20
    I think the proper pronunciation is probably TodoSwift. I don’t like the way that they capitalized this. So it’s T, O, D, O, Swift. It’s using the file name to do tasks. And so that’s where I think it’s it’s actually to do. But the way that they capitalize it is kind of weird. So anyway, TodoSwift is just some malware that disguises itself as a PDF. So if you’re not careful, you might think that this is a PDF document. You go to double click it. Well, it turns out it’s actually not a PDF. It’s actually a malicious app, and now it’s going to infect your system, and then we’ll launch a PDF for plausible deniability. So you’ll think that you just opened a PDF, and you don’t realize that you actually ran malware on your machine. This was put out by a threat actor known as blunaroth, which is associated with rust bucket. You might remember we talked about that and candy corn. These were other Mac malware examples that came out over the last couple of years. So the same threat actor is still making mac malware today, and it’s another one of these advanced persistent threat groups.

    Kirk McElhearn 17:29
    This reminds me of something from back in what 2004 mp3Concept, where it was malware that was disguised as an mp3 file. This sounds exactly the same thing, malware disguised as a PDF file. I believe that the mp3 concept, if you double clicked it, would launch iTunes and play some sort of music or not, but that would launch the Trojan horse. So this is pretty much the same thing. That’s what? 20 years old, the same type of technique.

    Josh Long 17:56
    Yeah, Trojan horses have actually been using like things like pasted icons or icons that look like a document or some other app, for as long as Mac malware has been around, it’s it’s relatively easy to put a custom icon that looks like anything you want, and so yeah, unfortunately, sometimes threat actors do exactly that, even still today.

    Kirk McElhearn 18:18
    But as you said, it opens an actual PDF for and I quote, plausible deniability.

    Josh Long 18:24
    Right? The whole, the whole idea is, right? If you’re double clicking on something that looks like a PDF and it doesn’t open a PDF, you might get a little worried, but if it does open a PDF, then you don’t even really think twice about it. You go, oh, okay, cool. That’s, that’s the thing that I double clicked on, and it never even crosses your mind that, like, Oh, my system might be infected. Now, what did I do?

    Telegram CEO detained by French government

    Kirk McElhearn 18:45
    Okay, if you’ve been following the news anywhere you’ve heard that the CEO of Telegram was arrested in France. Telegram is a messaging app that, you know, I always kind of thought it was an encrypted messaging app, but now I understand from reading an article an interview with Meredith Whitaker, the CEO of Signal, which is an encrypted messaging app, who said Telegram is a social media app that allows an individual to communicate with millions at once and doesn’t provide meaningful privacy or end to end encryption. And she points out that Signal is solely a private and secure communications app that has no social media features, so Telegram, that has kind of been selling itself as a messaging app, is really like Reddit. Is that all it is?

    Josh Long 19:27
    Well, I think this is important to point out, because I think a lot of people mistakenly think of Telegram as a secure messaging app, and it can be. But the thing is, it’s not by default. And if you want to send somebody an encrypted message over Telegram, first of all, there is only a one to one relationship, and you have to manually enable that into an encryption between the two users. So yes, you can technically use it for. Secure communications, but most people actually don’t, because either they assume that it’s encrypted by default, or they don’t care, or they’re using it for, like you said, kind of the social features. So WhatsApp has something kind of similar to this, where it’s kind of like a group community kind of chat thing. So like Reddit, well, I guess you could say that, yeah, but people use these communities for discussion of whatever they might be, local communities to discuss crime in your community, or they might be global communities to discuss, I don’t know whatever it might be Apple or memes or whatever you might be interested in, but

    Kirk McElhearn 20:37
    it seems like this person was arrested because the app is often used for criminal activities, and they refuse to do any sort of moderation to cut this out. It’s also used by military in some countries to communicate with each other.

    Josh Long 20:51
    Which is really surprising to me. I’m not, I don’t, I wouldn’t recommend that, but I guess you could use it that way if you really wanted to.

    Kirk McElhearn 21:01
    In any case, this is what we would call an unfolding affair, and we’ll have more information. The French haven’t filed any charges. As far as I know, there have been allegations that Telegram has not tried to stop criminality on the platform. And, you know, Facebook and Twitter and they’ve all been approached to stop this sort of thing, and they’ve given information about certain users to authorities in every country, regardless of what the CEOs of these companies say about free speech. This is not really trying to crack down on an encrypted messaging app, because it’s not an encrypted messaging app. Unlike Apple’s messages and iMessage service, which is encrypted end this is not encrypted, as you said, Josh, it you have to turn it on, and group chats are never encrypted. Okay? We release this on a Thursday. So I’m going to say that every week now, Thursday is restart your browser day. Tell me why, Josh.

    Be sure to regularly update your browser to receive updates

    Josh Long 21:53
    I’m not sure why Thursday, but I think it’s a good idea.

    Kirk McElhearn 21:56
    well, because this podcast is released on Thursdays, even if people aren’t listening to it on Thursday, it’s a good way for us to remember restart your browser on Thursday.

    Josh Long 22:04
    All right, sounds good. Okay. So yes, we had yet another series of patches that are really important that people need to make sure that they’ve installed. So Google released patches for its Chrome browser on August 21 like usual, there were a whole bunch of security updates. The important thing to know is that this time, there were actually two vulnerabilities included in that roundup that Google says exploits for those vulnerabilities exist in the wild. So this is the thing that Apple calls exploited vulnerabilities or used to call actively exploited, and it’s the same thing in this case, so you could call them zero day vulnerabilities. Now this means that you need to install patches urgently. Now, if you’re quitting your browser every single day, then chances are you probably already got this update and didn’t even know about it. If you leave your browser open for a week or more at a time, then you may not have gotten these patches installed already.

    Kirk McElhearn 23:01
    This is because Chromium browsers only install their updates when they’re relaunched. Unlike Apple Safari, which will install an update with the operating system updates, and it could either be general operating system update or just a security update, Chromium is different. Now, as Josh said, You can quit. I believe if you go into the about screen on any of these browsers, you’ll see if there’s an update available, I see this with zoom as well. If you go into about, you’ll see this as an update. Skype does this. A lot of things. Apple apps don’t do this, but you really should, every Thursday, put it in your calendar, restart your browser.

    Josh Long 23:34
    Right? For most apps going to about will do it. There are a couple of browsers that don’t do that. We’ll have details about that and the link in the show notes,

    Kirk McElhearn 23:42
    Okay, Microsoft had an August 2024, Patch Tuesday to fix nine zero days six exploited any relation between these vulnerabilities in the Chrome browser vulnerabilities, because, remember, Microsoft Edge is a Chromium based browser, right?

    Josh Long 23:57
    Actually, this was an entirely separate round of updates. So these came out on August 13, which is the second Tuesday of the month, which was Patch Tuesday. So it’s just worth mentioning. It’s a good thing to put on your calendar if you do have windows, or if you know somebody who has windows to who isn’t very tech savvy, to remind them to install updates on the second Tuesday of the month, because Microsoft has usually a lot of vulnerabilities they patch, including often some zero day vulnerability. So kind of important to make sure to patch those. But Microsoft did patch this vulnerability on Thursday last week. So so this is a separate update for Microsoft Edge.

    Kirk McElhearn 24:35
    Okay, just before we finish while we are recording on August 28 Apple has released. Apple has released another round of beta versions for the forthcoming operating systems. It’s very likely that these will be the last often the release candidate comes out a week to 10 days before it’s announced, maybe there’ll be another update before the ninth of September, when they present all of this. But we’re getting close to the point. Where we’re going to get all these exciting new operating systems. Now, I’m going to put a link in the show notes to an article about installing MacOS, Sequoia beta on your Mac if you want to try it now, it’s actually quite stable. It’s pretty easy. There’s not much danger to doing this, as long as you install it, as explained on a separate apfs volume the article, you understand why. But if you want to try out these new features, including some of the apple intelligence features. Now is your chance. I guess that’s enough for this week until next week. Josh, stay secure.

    Josh Long 25:27
    All right, stay secure.

    Voice Over 25:30
    Thanks for listening to the Intego Mac podcast. The voice of Mac security with your host, Kirk McElhearn and Josh long to get every weekly episode. Be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review, links to topics and information mentioned in the podcast can be found in the show notes for the [email protected] the Intego website is also where to find details on the full line of Intego security and utility software intego.com.

    About Kirk McElhearn

    Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →