Apple has disabled Advanced Data Protection in the UK. Will other countries insist on similar measures? New Apple Intelligence features have arrived, and if they aren’t your thing, we have a remedy. Beware of new malware disguised as an update to your favorite browser. And the Chrome browser will be dropping support for a bunch of ad blockers.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Voice Over 0:00
This is the Intego Mac podcast—the voice of Mac security—for Thursday, February 27 2025. This week’s Intego Mac Podcast security headlines include: Apple has disabled Advanced Data Protection in the UK. Will other countries insist on similar measures? New Apple Intelligence features have arrived, and if they aren’t your thing, we have a remedy. Beware of new malware disguised as an update to your favorite browser. And the Chrome browser will be dropping support for a bunch of ad blockers. Now here are the hosts of the Intego Mac podcast. Veteran Mac journalist Kirk McElhearn and Intego’s chief security analyst, Josh Long.
Kirk McElhearn 0:49
Good morning. Josh, how are you today?
Josh Long 0:53
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:56
I’m doing okay. You know, last week we had a new iPhone to talk about. It was just announced before we started recording. And today, we actually don’t have anything new to talk about. So we’re going to look at a couple of new features that Apple’s announced for older iPhones. When Apple Intelligence came out, it was only available for the iPhone 15 Pro models and the iPhone 16, and yet, there was one missing feature. It was Visual Intelligence. So in the iPhone 16, you press the camera control button, which is the one on the right that you press accidentally. If you have an iPhone 16 and activate the camera, and the iPhone 15 Pro doesn’t have that button, so they’re going to map the action button, or at least give you the option to map the action button to Visual Intelligence.
Josh Long 1:36
Well, then you can choose to continue to use that action button for something else.
Kirk McElhearn 1:41
So this is all getting confusing. There’s too many buttons on the iPhone, and they all do different things. And what if you’ve already used the action button for something else.
Josh Long 1:46
But now you just have the option, or will soon have the option. We think this is probably coming in iOS 18.4 for the iPhone 15 Pro sometime around April is likely when Apple is going to introduce this feature for the iPhone 15 Pro, specifically so if you have any of the 16 models, including it looks like the 16 e when as soon as you buy it, you already have this Visual Intelligence functionality through that side button on the right. And now, with the iPhone 15 Pro starting, we think in April, you’ll be able to set that up with the action button that’s on the left, like where the toggle switch used to be to turn on silent mode.
Kirk McElhearn 2:29
Don’t you miss how we would get new features once a year, instead of these new features with every dot release. It’s getting confusing to keep up with all of this, especially if you’ve been paying attention to Apple’s marketing, saying you’re going to get all these great features on your phone. And for instance, you didn’t think you were going to get Visual Intelligence on the 15 Pro, which can do other Apple Intelligence things. This really feels like a mess.
Josh Long 2:52
It is a little bit messy. And you know, for the most part, these features that are sort of dripping out over the course of a year are all related to Apple Intelligence. So it’s one of those things where I feel like Apple wasn’t quite ready. They made some assumptions about what they could include and made some rough ideas on the timeline, and figured, well, we can roll this stuff out sometime over the next year before the next Worldwide Developers Conference. So let’s just pre announce, like, all the things that we’re gonna release that are related to Apple Intelligence over the coming year. And it was an awkward way to do it, just because we’re not used to that. We’re used to, hey, we’ve got all these new features that are coming in, the new operating system that’s coming in September, and maybe one or two of them kind of gets put off to October, November time frame. But usually we get almost everything right off the bat, and we didn’t this time, and that does feel strange.
Kirk McElhearn 3:52
So the dot four betas, so 18.4 and 15.4 came out early this week, and they’re gonna have a bunch of other new features, Apple news plus food. This is kind of interesting because, well, I don’t think a lot of people use Apple news plus, but they’re adding a food section which includes recipes which would actually be useful, but I’m not paying 14 pounds a month to get Apple news plus, because it’s garbage. Another new feature is going to be a new ambient music button in control center, and this is like you’ll be able to quickly listen to a selection of songs from four different categories, sleep, chill, productivity and well being. That sounds exciting. Apple Intelligence will be available in more languages, and that’s probably the biggest thing that Apple’s doing. Most of the work they’re doing is getting all of this optimized for various languages, and this is going to be including French, German, Italian, Portuguese, Spanish, Japanese, Korean, Chinese and English for Singapore and India. These are big markets here, France, Germany, Italy, Spain, etc. If you remember when we talked months ago about image playground, how sort of boring it was, and we said. That there were initially going to be three different styles, and one of them they had removed. So the styles they have are animation and illustration, and there’s another one which is a sketch drawing style, and they never released it and didn’t say anything about it, but it’s now in the dot four betas. There’s going to be some new emoji in the dot four releases as well.
Josh Long 5:20
Yeah, that’s honestly, it’s so funny to talk about new emojis coming in Apple operating system releases, because especially on the iPhone, that’s actually a thing that people upgrade their iPhones specifically for, because somebody will send them one of the new emojis and it’ll just show up as a square, you know, a non character, and so people will be like, what is that? Oh, you didn’t upgrade, upgrade to the latest iOS yet. Yeah, I just sent you a new emoji. Oh, well, I guess they need to upgrade then. So it’s one of those things that actually gets people to upgrade, which can be kind of a good thing, because a lot of times people tend to hang back on older iOS versions and not update to the latest version, which means they’re not getting security updates. So I kind of wish that they put new emojis out in just about every iOS release, because maybe people would actually patch their devices more often.
Kirk McElhearn 6:13
That’s really a good point. Carrot and stick right? You put the carrot so they can, you know, no, it’s, it’s Spoonful of Sugar makes the medicine code down. That’s what it is. You give them something sweet in order to do something that they need to do. All right, we want to briefly talk about Apple Intelligence and how to turn it off because, I mean, as we have it on on our devices, because we test it, but actually, I don’t use it very much. I know Josh doesn’t use it. I haven’t used image playground and Genmoji since. Well, I used them to write an article about them. So we have an article on the Intego Mac security blog entitled How to turn off Apple Intelligence on your iPhone, iPad or Mac. We won’t go into the details, but you can turn off Apple Intelligence overall. You can turn off some features individually, such as summarizing message preview. I message and notification summaries, you can turn off ChatGPT integration, and this will do two things. One is it won’t get Apple Intelligence in your face, and the second is you’ll save some storage. It’s anywhere from three to six gigabytes, depending on the device. When you first turn Apple Intelligence on, it has to download this. And if you turn it off. I’m pretty sure it just deletes all of this worth pointing out that you may have turned it off before, but with the dot three upgrade, it may have turned it back on. It looks like it’s on by default, but maybe not for everyone.
Josh Long 7:34
By the way, Apple Intelligence has not been available on vision OS on Apple Vision pro yet, but this is also one of the things that’s coming in the point four release. So this would be vision OS 2.4 which is now out in beta. Eventually, we’ll need to update this article to how to turn it off for your Vision Pro, if you choose to do so.
Kirk McElhearn 7:53
I can’t tell you how to do that. I don’t have a Vision Pro to you, Josh.
Josh Long 7:57
Well, it’ll be pretty much the same process. You’ll go through the same steps to…
Kirk McElhearn 8:01
Yeah, I think so, as you can tell, we’re not real fans of Apple Intelligence or the Vision Pro or Genmoji. So let’s move on to the next story, and this is actually quite an important story, Apple has pulled iCloud end to end encryption in the UK. Now this is not all encryption. Your iMessages are still end to end encrypted. What this is, is the Advanced Data Protection feature. We talked about that two weeks ago, that there were rumors of this happening, and Apple came out and announced that they were disabling the feature for anyone in the UK. Now, this Advanced Data Protection essentially encrypts your backup with end to end encryption. So as it is, if you don’t turn on advanced data protection, and I bet 98% of people don’t turn it on, Apple can access your backups if they are requested with the right papers from a judge or a police force or whatever they can get into the content in your iCloud backup. They still can’t access your I messages, but there are other things that they can access, I believe right?
Josh Long 9:00
Right and specifically so what happens now is, if you try to enable advanced data protection and you’re in the UK, the settings app will now tell you, Apple can no longer offer advanced data protection ADP in the United Kingdom to new users. So if you had already opted in before this change went into place, at least for some period of time, you’ll be able to keep it enabled. We don’t know exactly whether Apple is going to shut that off at some point, or if they can completely turn this off for people who already had it enabled. But as Kirk mentioned, this is not something that the vast majority of people already have on first of all, if you have any older devices that are on an older operating system, it won’t let you turn on advanced data protection, because you won’t be able to access that data on your older devices. So you have to unregister your older devices or remove your Apple account from those devices or Apple ID. As it would be called, on older devices, before you can even enable this functionality in the first place. So most people don’t even have advanced data protection turned on. And right now in the UK, you can no longer turn it on.
Kirk McElhearn 10:12
So it looks like something like this is happening to Sweden, and the people behind signal, the encrypted messaging app, are saying that they will pull out of Sweden if Sweden requires an end to end encryption back door, which may happen as soon as March 2026, and this would be this would apply to all messaging apps, signal, WhatsApp, iMessage and others. So Apple. We haven’t heard anything about Apple with regard to this, but this is a bit disturbing, and it suggests that the fact that they got Apple to turn off the feature in the UK. Well, it could mean that other countries are going to try and get features like this turned off.
Josh Long 10:48
Yeah, this is definitely concerning, and something that we should keep a close eye on, because this could potentially affect other countries as well. According to rumors, one of the things that the UK demanded was that Apple give the UK government access to everybody’s data, and so that would imply that advanced data protection would have to be turned off globally. Now it evidently, Apple’s not willing to go that far just yet, but you know, we’ll have to see what ultimately happens because of that, that would be pretty strange and very concerning if Apple were to turn off advanced data protection for the entire world and not allow anybody to opt into that just because one particular government said we want access to everybody’s data.
Kirk McElhearn 11:36
Well, if Sweden wants access to I messages, wouldn’t that be the same? So, I mean, I can send I messages to people in Sweden, they can send I messages to me. So if Sweden wants a backdoor into iMessage, wouldn’t that affect my messages? And therefore they would have to turn it off worldwide.
Josh Long 11:55
It would probably depend on this specific because of how exactly they’re implementing iMessage encryption, you know, I suppose there are probably ways that they could do that. So only messages that are being sent to or from users in Sweden. But it starts to get really complicated once you enable these, you know, start poking holes in the system to make it less secure for certain people.
Kirk McElhearn 12:18
So what if you’re Swedish, but you’re not in Sweden. In other words, you have your phone set to the region of Sweden, but you’re outside Sweden, either temporarily or permanently. This is this, this sort of thing is very hard to manage according to borders, because there were no borders on the internet, right?
Josh Long 12:34
As a matter of fact, it’s kind of funny that you mentioned that, because some people have found that there is kind of a workaround, potentially for some people in the UK, because if they happen to give an address that is outside of the UK, they might still be able to opt in to advanced data protection. So there’s a lot of challenges here, and it’s not quite so easy for Apple to just say, oh, okay, well, flip a switch, and now it affects everybody in the country. It doesn’t quite work that way.
Kirk McElhearn 13:04
Okay, we’re gonna take a break. When we come back, we’re gonna talk about new malware and scams and some other news.
Voice Over 13:13
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 14:23
Okay, we have new malware. This one has a normal name, frigid Steeler. That’s not as bad as like, hairy badger or whatever the other recent one was. What is this? This is fake browser updates.
Josh Long 14:34
Yeah, this one either masquerades as a chrome update or Safari update. So depending on which browser you’re using, it’ll pretend to be an update for that browser. You click on the update notification, and it downloads a disk image, mounts it on your desktop, and it’s got the logo of your browser. It looks exactly like the Google Chrome or Apple Safari browser. But when you open this app, it will prompt you for your password. Now this is where it starts to look like a lot of the other Steeler malware that we’ve seen in the past, where it puts up a an apple script dialog box that says System Preferences at the top, and it says application needs your permission to update files. Please enter your password, and you can choose to type in your password here, even though it doesn’t quite look like a normal password dialog box. And if you do well, you’re actually just giving your administrator password to the malware, which will now use that against you. And of course, do all kinds of nasty things, like exfiltrate your key chain and do other things on your system that it will send off to the bad guys. So it’s stealer malware, very similar to other Steelers that we’ve seen in the past. This time, it’s just masquerading as a Chrome or Safari update.
Kirk McElhearn 15:51
But Safari doesn’t get updated like that. And in fact, before we started recording, I think the words you used were Safari is crap. When I was saying that I use Safari and you use brave because it doesn’t issue updates like this, so if anyone out there uses Safari, you simply don’t get Safari updates in any other way than to the system setting software update preferences usually rolled into a general operating system update.
Josh Long 16:19
For context, I’m totally fine with other people using Safari. I prefer not to use Safari specifically because Apple tends to take a little bit longer to patch vulnerabilities. You’ll notice that any chromium based browser and also Firefox, they release updates on a pretty regular basis, and with Safari updates, you really only only get them whenever Apple updates the operating system, which sometimes is like six weeks, sometimes longer than that. So that’s one of the reasons why I’m a little uncomfortable using Safari as my main browser. It just doesn’t get patched as often as the others do.
Kirk McElhearn 16:54
Okay, it’s time for our regular scam watch segment. We should get a theme song for scam watch because there are so many scams now that this is almost weekly. There’s an interesting new PayPal email scam, and I haven’t gotten this one, where you get an email saying that you’ve added a new address, and then you have to, if you didn’t make this change, let us know right away, right? And so you click that, and that’s where you get scammed. The scam that I got recently was, well, actually, there’s two of them. One came from something called Payoneer, which I’ve never heard of, but talked about a PayPal invoice for an iPhone for, I think, $1,399 which I guess makes sense. So an interesting one that I got was a Microsoft subscription purchase confirmation, and this was telling me that was 689 point 89 USD didn’t have $1 sign. That’s a good sign that it’s a scam, and it told me to click this and pay now my invoice would be ready in the Microsoft 365 Admin Center. At the same time, I got another email saying, Get started with your new Power BI premium per user subscription. So it was sending two emails, one telling me that I had a new feature, and one telling me I had to pay for the new feature. Of course, both of them had the phone number to call. If you did not authorize this transaction, please call this number to request a refund. This is similar to all the other scams we’ve been seeing. This was issued from a Microsoft address. So yet another platform that’s being manipulated to send scam emails to Payoneer came from a Payoneer address, which I’d never heard of, but it’s like a PayPal Venmo thing. Be really careful about these scams. If you see anything like this, the most telltale thing is when it tells you, if you didn’t make this payment, call this number because they’re already saying, Well, why you didn’t make the payment? A normal invoice would say, well, you’re being billed for this, and that’s it. It wouldn’t tell you to call a number if you didn’t make a payment.
Josh Long 18:53
And usually that message is in sort of a description field. So for example, in the Payoneer email that you got. It says description, and then there’s a paragraph that says, Your iPhone 16 pro Max order is processed via PayPal. Contact PayPal at and it gives a phone number for assistance or Payoneer to track your order. Thank you. So it gives this phone number in the in the Description field, meaning that this is something that the scammer put in there, that this is not like in the the footer, the legitimate footer that you know, comes along with all of these emails. This is in the description that the scammer has put in for this particular thing that they’re trying to get you to supposedly pay for.
Kirk McElhearn 19:43
Okay, we have an interesting vulnerability that doesn’t affect many people. It’s an X point in parallels desktop that can give root access on Macs. Now, the reason I say not many people use it is because this is to virtualize an operating system which could be Windows or Linux or an other version of Mac and a. I Josh is going to explain to me why that this flaw stems from a lack of code signature verification in parallel desktop from MAC. I thought like code signature verification was something that, like absolutely had to happen when the whole point of code signatures, it’s like a certificate, right?
Josh Long 20:17
So it was exploiting what’s called a race condition. So it checks to see whether some particular installer component is signed by Apple. And so if you swap it out at just the right time, then you can put some malicious thing in place of the legitimate Apple Mac OS installer. So this is not something that can easily be exploited in a lot of different scenarios, you would have to be specifically trying to exploit this particular vulnerability in this particular way. It’s not something like you said. It’s not something that will affect a lot of people. But what’s interesting about this is that parallels desktop is fairly popular software, at least it used to be. A lot of people who want to run Windows on a Mac, would use parallels desktop. This vulnerability was supposed to have been patched a long time ago, many, many months ago, and evidently they still haven’t fully fixed this vulnerability. And so some researchers have decided to publish the details of how this can be exploited to sort of push parallels to release our legitimate patch that fully patches this problem.
Kirk McElhearn 21:25
Okay, so the reason Josh said that Safari is crap earlier is because we were talking about Chrome. Chrome is disabling a certain number of ad blockers because they’ve changed. What is it the framework that they use for extensions?
Josh Long 21:37
Yeah, exactly. So Chrome and other chromium based browsers have long used an extension format called Manifest v2 and now they’re forcing all of the extension developers to move to manifest v3 the supposed reason for this is because of security and privacy, and so they don’t want extension developers to have quite as much access as they do to certain things, and so they’re limiting the functionality of extensions for your security and privacy. The only problem with that is that ad blockers use some of the technology that’s built into manifest v2 that they will no longer have access to in manifest v3 so some users are reporting that, for example, if they’re using U block origin, which is a browser extension that I’ve recommended in the past that allows you to block advertisements from a very reputable developer, they are not allowed to continue to use manifest v2 if you’re using Chrome. Now, this is not something that every Chrome user has started to experience yet. It seems like this is sort of rolling out gradually over a several month period, but some people are reporting that they already can’t use u block origin in the latest version of Chrome.
Kirk McElhearn 22:59
We’ll link to a Reddit post, which is where you block origin actually does their support, which talks about this, and it has a couple of updates. Some people can’t use it anymore. Some still can. There are some workarounds, but frankly, at best, you’ll be able to use this until June or July, so you should maybe just move to something else, or maybe move to Safari. Not everyone thinks Safari is crap.
Josh Long 23:21
Okay, so, yeah, a couple of alternatives. One, you can continue to use uBlock Origin in Firefox. It will still support all the functionality that uBlock Origin has always had. So you can use Firefox with uBlock Origin if you wish. Another option is if you want to use a chromium based browser. Brave actually has a lot of this functionality built in with its shields, so you don’t really need a third party extension like you block origin if you’re using the brave browser on your Mac. And of course, as Kirk would like to point out, you can use Safari with something like one blocker, which does require a paid subscription, but that could be an option for you, too, if you prefer to use Safari.
Kirk McElhearn 24:03
I use One Blocker, and the subscription is for Mac and iPhone and iPad, so I find it quite economical. Google is changing the way they do two factor authentication, according to a Forbes article, for billions of users, because there are billions of users that have Google accounts, and they’re not going to use SMS codes anymore. They’re going to use QR codes. I’m trying to figure out how this works, like if you’re trying to log into something on your phone, how do you scan the QR code?
Josh Long 24:32
Well, QR codes are just one option. So if you already have some other secure method of authentication set up, so you might be using the Google Authenticator app. So you can get two factor authentication codes through the Google Authenticator app. That’s fine, too. Another option is pass keys. There’s also Google prompts. So if you have the Google, any of the Google suite of apps installed on another device, you can get a essentially a put. Notification that goes to those apps that you can use to authorize your login on something else.
Kirk McElhearn 25:06
But what if you only have one device?
Josh Long 25:08
If you only have one device, then probably the best solution, in that case is, is to use your Google Authenticator app. So my recommendation…
Kirk McElhearn 25:16
What if you’re not using the Google Authenticator app? Well, then this is billions of users, Josh, this is not people like you and me and the people listening to this podcast.
Josh Long 25:25
Yeah, then you set this up, right? So basically, take this as as a heads up that SMS based authentic authentication is, first of all, it’s not safe, and the reason for that is it’s better than having no second factor. However, the problem is that through various exploits such as sim swap attacks, somebody could potentially get access to those codes that you could get over an SMS message. So remember, SMS, there’s zero security. There’s no encryption whatsoever, so anybody who works at your ISP, anybody who’s anywhere in between where that message is originating and your device can potentially intercept that, right? And that’s a problem, and that’s why Google is trying to get away from SMS based codes.
Kirk McElhearn 26:17
I understand all that, but what if you just have one phone, you’ve lost your phone, you’re starting to set up a new one. You have to print out the QR code. I think this is going to be problems again. We’re talking about billions of users. I want to make a bet with you. If this causes problems in a year, you have to use Safari for a month. How about that? And if it doesn’t cause problems, I don’t have to do anything.
Josh Long 26:37
I’d really rather not use Safari. So I’m not gonna take that bet.
Kirk McElhearn 26:42
Okay, last very brief, Amazon today announced the new Alexa Amazon. I think it was a year ago that they talked about Alexa’s AI powered version. It’s called Alexa plus. And here’s what’s really interesting. It’s $20 a month, but it’s free if you have Amazon Prime Now our producer, Doug said, before we started recording, doesn’t everyone have Amazon Prime? And I’m like, not everyone has Amazon Prime. I can’t imagine anyone who doesn’t have Amazon Prime wanting to pay Amazon 20 bucks a month for Alexa, plus, we’ll see what happens when, when I looked this just happened before we started recording. Amazon had a launch event. It looks like the same sort of stuff that everyone has been touting for AI that has never come true.
Josh Long 27:30
Yeah, some of the features they announced include things like ordering groceries for you. I thought that Amazon, Alexa, could already do that to some degree, if it was available on Amazon, but you can send invites to your friends. Oh, wow, just what I’ve always wanted to ask my voice assistant to do. They can also memorize personal details, like your diet and movie preferences. People are gonna pay 20 bucks a month for this? I don’t think so. Like maybe if you already have an Amazon Prime subscription. You might use some of this functionality, but I can’t imagine anybody paying for this.
Kirk McElhearn 28:06
Okay, before we go, I just want to mention a mini series on Netflix that came out last week, because it’s called Zero Day. And when I started watching it, I texted Josh to say, hey, zero day, you’re gonna like this. It’s got Robert De Niro. I kind of enjoyed it. It’s full of the kind of things you get in cyber thrillers that are wrong or exaggerated, etc, but it’s quite interesting. So if you want to see something about a zero day cyber attack and how it’s dealt with in the United States by an ex president, because Robert De Niro plays an ex president, it’s on Netflix now.
Josh Long 28:38
Or if you like to read, you can read a book called zero day by Mark racinovic, which has no relation to the series whatsoever, but already had this basic plot. So if you like to read, I would recommend reading the book instead of this TV show that may or may not be loosely based on the book.
Kirk McElhearn 28:54
Okay, until next week. Josh, stay secure.
Josh Long 28:58
All right. Stay secure.
Voice Over 29:00
Thanks for listening to the Intego Mac podcast. The voice of Mac security with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
