Intego Mac Security Podcast

JokerSpy, Passkeys, Apple Security Updates, and New Private Browsing Features – Intego Mac Podcast Episode 297

Posted on by

JokerSpy malware targets Macs, Apple announces passkey support for Apple IDs, new private browsing features in Safari delete tracking information, and Apple releases a slew of security updates for current and older operating systems for all its devices.


Transcript of Intego Mac Podcast episode 297

Voice Over 0:00
This is the Intego Mac Podcast–the voice of Mac security–for Thursday, June 22 2023.

This week’s Intego Mac Podcast security headlines include: a preview of a new tracking removal feature that’s coming to safaris private browsing mode; JokerSpy malware — it’s a new hacking tool that targets macOS. India may compel Apple to allow third party app stores sooner than later. Pass keys are an improvement over passwords and Apple has added pass key support in its latest beta operating systems. And we have a quick look at the new security patches in Apple’s latest operating system updates. Now, here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s. Chief Security Analyst, Josh Long.

Kirk McElhearn 0:53
Good morning, Josh, how were you on this fine Summer Solstice day?

Josh Long 0:57
I’m doing well. How are you, Kirk?

Apple has posted updates to its operating systems.

Kirk McElhearn 0:58
I’m doing well. This is the longest day of the year. And we have breaking news. Just as we were about to start recording, Apple released all the updates.

Josh Long 1:07
That’s right. We don’t have all the details as of this moment in time, but Apple is right now releasing macOS 13.4.1, the latest version of macOS Ventura, as well as updates, presumably security updates, therefore, for the two previous macOS versions. Also, iOS 16 got an update to 16.5.1. Same for iPadOS and iOS 15.7.7 is also out, which is another indication that these contain security updates, because why else would Apple be releasing an update for iOS 15 at this point?

Kirk McElhearn 1:43
Well, in the Software Update on my iPhone, it says “This update provides important security fixes and is recommended for all users.” That’s the first sentence that’s not always the first sentence for these updates. It also fixes an issue that prevents charging with the Lightning to USB 3 camera adapter. So there’s one major fix that charging issue and I’ve heard of people having problem, but security updates. That’s the headline feature here. We’re not going to know enough about this before the end of the podcast. So that means you’ll have to tune in next week to find out what these security fixes are. But in the meantime, update all your stuff. It’s always advisable. Okay, we’re going to talk about Apple Safari private browsing, which has got some interesting changes.

Safari browser will gain additional tracker-removal feature in macOS Sonoma 14.

Josh Long 2:27
One of the new features that’s coming to Safari that’s going to be included with the next version of macOS Sonoma, that automatically removes tracking parameters in URLs. So what are tracking parameters? Sometimes you might notice that when you’re copying a link in a webpage, sometimes it’ll have a question mark, and then something equals something and then maybe even an ampersand and something equals something, all that junk that like comes at the end of a URL, that is usually optional, it usually is not required. So if you strip all that stuff off, you’re still able to access that page. Well, usually what that whole string is for is for tracking purposes, so that whatever site you’re visiting, can know where exactly you came from how you arrived at that page.

Kirk McElhearn 3:23
One man’s junk is another man’s data collection aggregation marketing profile tool to make more money.

Josh Long 3:31
Well, right. So exactly. So the new Safari, when you’re in private browsing mode, specifically, and you click a link that has this tracking stuff in the URL, it will automatically strip that out. So the site that you’re being led to won’t have that detail of where exactly you came from.

Kirk McElhearn 3:53
Is this the first browser that’s doing this sort of thing?

Josh Long 3:56
No, actually interesting that you ask that because Brave is already doing this. Well, sort of, they’re not doing this automatically. But when you right click on links in Brave, you get the option to “Copy Clean Link”, there’s two options, you can “Copy Link Address” or you can “Copy Clean Link”. And so it’s not exactly the same thing because it’s not stripping it as you’re clicking on the link. But if you want to copy it without all that tracking stuff, you have the option to do that currently in Brave.

JokerSpy malware targets macOS.

Kirk McElhearn 4:26
Okay, we have new malware, it’s called JokerSpy. Didn’t we have “Something Joker” not long ago?

Josh Long 4:32
Yes, I think you’re thinking about SysJoker, which we wrote up last January, not this year, but the previous year 2022. We had an article on the Mac security blog about some malware that was cross platform that was called SysJoker, we’ve got a different “Joker” now. This is JokerSpy. So some researchers recently uncovered a set of malicious artifacts that’s supposedly part of a sophisticated toolkit targeting macOS systems. Some of this is generic Python-based backdoors that’s cross platform. They’re designed to target Windows, Linux and macOS, and to being called JokerSpy. The most important thing to mention about this is if you’re using Intego Virus Barrier, you are already protected from this malware. So not something you need to worry about. But this is a potential problem if you’re not using antivirus software, or if your antivirus software is not up to date yet, so make sure that you update and you’ll be protected from JokerSpy malware.

India may require Apple to allow third party app stores.

Kirk McElhearn 5:37
We have been talking about side loading and third party app stores on the iPhone and the iPad for a while. And it looks like Apple may be forced to allow third party app stores in India.

Josh Long 5:48
Right. And this is not a for sure thing yet. But the Competition Commission of India has been investigating Apple since September 2021. And they started looking into Apple for this reason in response to a complaint from a nonprofit called Together We Fight Society. According to the Economic Times of India, that investigation is still ongoing, but it’s looking like it’s in its final stages. So what may happen here, it’s possible that because of similar EU legislation that is going to take effect early next year, maybe India is going to try to piggyback on that and say, Well, since you’re going to have to start allowing third party app stores in the EU, we’re going to accept that here too. And we’re going to require it by law. So we’ll see if that actually happens. But it’s starting to look like India may be yet another jurisdiction where you may be able to get third party app stores assuming that of course that Apple doesn’t roll them out globally.

Kirk McElhearn 6:51
It’s like dominoes. And Apple knows that it’s like dominoes. And if a big country or bloc of countries, like the EU decides that they’re going to need third party app stores, it’s going to happen around the world. They can’t not do it. And I think whether it’s going to happen this year or next year, it won’t be long.

Josh Long 7:08
Yeah, it’s certainly something that Apple I think is pushing back on, right, they don’t want to allow third party app stores because of you know, user security and privacy. Like we don’t want all these potentially malicious apps to get onto your devices. But the reality is that it also really affects Apple’s bottom line because they make a ton of money off in app purchases, which they will no longer be able to do for any apps purchased outside of the Apple ecosystem.

Apple makes Pass Keys available in latest operating system betas.

Kirk McElhearn 7:36
We’ve been talking about pass keys in recent months. This is an improvement over passwords, and I’ll link in the show notes to an article we have on the Intego Mac Security blog explaining what they are and how they work. Apple has just added pass key support to the beta versions of iOS 17, iPadOS 17 and macOS Sonoma that you can use with your Apple ID and with iCloud logins. Now, we’re gonna link to an article on Six Colors by Dan Moren. And Dan’s been testing this, I haven’t looked at this yet, with my betas, it looks like the normal pass key implementation. But he points out that the pass key doesn’t seem to sync between devices. And that each device, you have to create a new one. And now I’ve seen this with my testing with other sites with past keys on eBay, for instance, I don’t know how many times I’ve set up a new pass key on a different device it never recognize them. But that could be just the back end. That’s not syncing them correctly yet. So what this means is that instead of a username and password, you will go to sign in someplace with your Apple ID or icloud.com, or Apple support page. And you’ll use Face ID or Touch ID to authenticate. If you don’t have Touch ID on a Mac, you can get a QR code that you can scan with your iPhone. And this is kind of a Rube Goldberg, isn’t it you want to sign in on your Mac, and you use your iPhone to authenticate. But is it that different from two factor authentication, which Apple uses where you sign in on one device and authenticate on another to prove that you really want to sign in.

Josh Long 9:07
If this all sounds really confusing, don’t worry, you’ll still be able to sign in with your passwords pretty much everywhere. Pass keys are still a new thing and they’re still starting to roll out. And a lot of … in fact, most websites and services still don’t use pass keys yet. But this will now be an option for certain things like sign in to iCloud, for example.

iOS 17 will make it easier to securely manage new passcode creation.

Kirk McElhearn 9:28
Okay, let’s talk about passcodes. Here’s a new feature in iOS 17 that it took us a few minutes to figure out the point of this feature. If you want to change your iPhone’s passcode in iOS 17 or iPadOS 17 or later, you’ll be able to use the previous passcode for 72 hours. Now, this is kind of weird, because it’s suggesting that you’re changing your passcode but you forget it right afterwards? Well, I don’t…do people…does that happen to people? Maybe it does. So we tried to think of where this would be useful. What’s important to know now is if you do change your passcode, your previous passcode is still going to be usable for 72 hours. So there may be cases where you change your passcode. And you don’t want that previous passcode to be usable.

Josh Long 10:14
Right, right. So I think the really the new feature is primarily for people who might change the password and forget it, right. If you’re a forgetful person, maybe you put in your new passcode, you have to enter it twice, but maybe you still forgot it sometime in that first few days. You have the option to still be able to use your old password for that period of time unless you turn it off. So we were thinking about this before the show, like what would be a scenario where you would want to make sure that you turn it off? There is a new button in the interface. So when you go to Face ID and passcode starting with iOS 17. Again, it’s in beta right now. And it will be released to everybody in the fall. When you go to Face ID and passcode, you now have a new button that shows up there that says “Expire previous passcode now”. If you have just changed your passcode. And in fine print underneath that it says “For the next 72 hours, your previous passcode can be used to reset your new passcode if you forget it.” But if you tap on that button, “Expire previous passcode now”, it will forcibly stop allowing the old passcode to work. So a scenario where this might be really useful. What if you’re in a bar and you are afraid that somebody has shoulder surfed you right? they maybe were looking over your shoulder, they might have seen you type in your passcode. And you want to make sure that there’s no way that if somebody grabs your phone from you and runs off, that they’re going to be able to log into your device. So what you could do in that scenario is you could go to a corner where there’s no security camera watching you or there’s nobody looking over your shoulder. And then you change your passcode. And you now have to also hit the “Expire previous passcode now” button to make sure that somebody grabbing your phone from you can’t put in your old passcode

Kirk McElhearn 12:03
Right. And so today on iOS 16 If I change my passcode, it’s changed, and no one can use the old passcode. But now if you want to make that change on a timely manner, you have to remember to turn it off. When you enter your new passcode, there is kind of fine print dialog that says for the next 72 hours, you can use your previous passcode to reset your new passcode if you forget it. So if you do need to change in a hurry, then go to that “Expire previous passcode now” to get rid of the previous one. It’s a little bit confusing. My guess is that Apple support must have a lot of problems with people changing their passcode and forgetting it. I can’t imagine that something that important, I would forget right? I would put it on a post it and stick it on my desk or you know something, that’s…find some way to remember it. But this is obviously something that Apple’s support has flagged as a really big problem.

Josh Long 12:54
100% Yeah, this has to be something where Apple’s only putting this in there because they’re getting people calling them and saying, Hey, I reset my password. And then Apple doesn’t currently have a good solution for this. And so this would be the way that Apple can handle this going forward. To me it feels like a bit of a step backwards in the sense that now you’ve got to go through an extra step. So if you feel like somebody may be adversarial toward you and may have your passcode now you have to know that there’s this extra step that you got to do and that that feels like a step backwards to me.

Kirk McElhearn 13:29
Okay, let’s take a break. When we come back, we’ll talk about some more news. And you know what, we’re gonna have some more information about those security updates that were released just a few minutes ago.

Voice Over 13:39
Protecting Your Online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Indigos Mac premium bundle X nine includes virus barrier, the world’s best mac anti malware protection, net barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important file safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Ventura, and the latest Apple silicon Max, download the free trial of Mac premium bundle X nine from intego.com. Today, when you’re ready to buy Intego mag podcast listeners can get a special discount by using the link in this episode show [email protected] That’s podcast.intego.com and click on this episode to find the Special Discount Link exclusively for Indigo Mac podcast listeners Intego world class production and utility software for Mac users made by the Mac security experts.

What was patched in Apple latest operating system updates?

Kirk McElhearn 14:55
Okay as I said before the break we got some breaking news about these latest security updates and Josh’s looking all excited here because they even updated WatchOS 8. And we have been telling people don’t buy an Apple Watch Series Three, because it will never get security updates. And we have been proven wrong. Josh, tell us about this.

Josh Long 15:13
It’s been 10 months since the last WatchOS 8 update, and Apple was still selling Apple Watch Series 3 until just a few months ago. Now Apple finally released a WatchOS 8 security update that is compatible with Apple Watch Series 3. However, this is really weird because they only patched one actively exploited vulnerability. They have not gone back and patched any other previous vulnerabilities including an actively exploited vulnerability that was patched with WatchOS 9.0, which indicates that this was a vulnerability that existed in WatchOS 8. And apparently, at least according to these release notes, Apple still has not patched that actively exploited vulnerability. But they decided to just patch this one that they’re patching for all the operating systems today.

Kirk McElhearn 16:06
Now, my Devil’s advocacy–and I asked you during the break–is: Are you sure that this vulnerability affected WatchOS 8?

Josh Long 16:15
Yes. And so here’s how we can be certain of that. I’ve never seen Apple do something like this where they release a point 0 of an operating system, and list some vulnerability as being fixed in that operating system unless it existed in a previous public released operating system. So in other words, they’re not saying well, this vulnerability existed in the betas and so we’re patching it. They’re saying this vulnerability existed in all previous versions, or at least the main major previous version of the operating system. So if WatchOS 9.0 lists a vulnerability as being fixed, then that must necessarily mean at least based on all evidence available, that that must have been a vulnerability that existed in WatchOS 8.

Kirk McElhearn 17:02
When I look at the release notes for security updates for WatchOS 9, there’s not one vulnerability, there’s a couple of dozen.

Josh Long 17:09
Not only in WatchOS 9.0, were there dozens of updates, but also ever since then, all the WatchOS 9 updates that have come out between then and now. None of those have been made available now to WatchOS 8 except for this one vulnerability. So basically, it’s still absolutely the case that if you have an Apple Watch Series 3, it’s not secure. They patched one vulnerability. Yes, it was an actively exploited one. But there’s still known actively exploited and many dozens of other vulnerabilities that are still not patched for WatchOS 8.

Kirk McElhearn 17:45
Okay, so they’ve also updated macOS Big Sur, Monterey and Ventura. We know that they usually go back to the previous operating system, but rarely back two versions. They’ve updated iOS 16 and iPadOS 16 and iOS 15 and iPadOS 15.

Josh Long 18:02
Most of the time, if it’s an actively exploited vulnerability, like this new one was; there were actually two vulnerabilities that they patched for some of the operating systems watch OS only got the kernel patch. But what’s really interesting here is that note the details, okay? So Apple says that the impact is an app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Now that might remind you of something we talked about last week, which was that Kaspersky was saying that they knew that some of their employees had phones that had apparently been hacked by some APT, right. They had some APT malware that had gotten on their iPhones. (What’s an APT again?) “Advanced persistent threat.” (Thank you.) So basically, some nation state attacker hacked into some iPhones of supposedly the FSB, according to the report that the FSB, the Russian FSB, released, which (What’s the FSB again?)

Kirk McElhearn 19:08
(I don’t remember what that stands for.) It’s whatever came after the KGB. You know what the KGB is. So what that means, and they were the ones that were saying that Apple was hacking into their devices, right?

Josh Long 19:19
Right. Who knows whether you can really believe anything that the FSB is claiming, right? But then Kaspersky released a separate independent report talking about we did find this on our devices. So I do trust that Kaspersky was telling the truth, especially now that we have corroborating evidence from this new series of patches that we were getting from Apple. They do in fact credit Kaspersky researchers for reporting this vulnerability. So seems like that was legit. There really was advanced persistent threat malware on iOS that apparently had been used against certain targets in Russia.

Kirk McElhearn 19:55
Okay, you pointed out that Apple says that this issue may have been actively exploited against versions of iOS released before iOS 15.7. This just means that 15.0 or 15.3, may have been vulnerable. But if you did all of your updates plus this final security update, it’s just out, you should be protected. No one’s going to be running some odd 15.1. Right?

Josh Long 20:17
Well, yeah, hopefully not. The thing is, though, that based on my own anecdotal experiences with helping other people update their iOS devices, yeah, I have noticed that it’s really unfortunately, very common for devices to stay on older versions of iOS, way after new versions have been released, sometimes even major versions behind. So you may still have a device running iOS 15. If you haven’t checked for updates recently, you may not have the latest version of 16, even if your device is compatible with it. Right. Good reminder that if you have not checked for updates manually on your devices, on any of your Apple devices, make sure that they are running the latest updates that just came out June 21.

Kirk McElhearn 21:03
Okay, and this being the longest day of the year, you have extra time in order to update all your devices, right?

Josh Long 21:08
I guess so just a little bit of extra time. Yes.

Google selling off its domain registration interests, perhaps to Squarespace

Kirk McElhearn 21:11
So back to other news. You may recall if you’re a regular podcast listener, that we talked about these new domains that Google is selling the dot zip and the dot mov. For some reason, Google Domain decided to shut down and they’re selling all of their domain registration activity to Squarespace. Now, this isn’t entirely completed yet. Google has a support document that says that Squarespace announced its intent to purchase domain registrations. And once regulatory approvals are obtained, and the transaction closes, et cetera, et cetera. But it’s interesting that Google is shutting down their domain registration, which actually was probably a pretty big business for them, but on the other hand, didn’t make much money. And Squarespace? Selling it to Squarespace. When I mentioned this to Josh before the show, he was looked at me quizzically and said, Squarespace. Why would they want to do this?

Josh Long 22:02
Yeah, it does seem a bit odd. I’m aware of what Squarespace is they kind of advertise themselves as a platform for easily building websites.

Kirk McElhearn 22:10
which is true, it is easy to build a website on Squarespace. And you can reserve a domain with them when you build a website. But I never knew that they were the domain registrar. In that case.

Josh Long 22:19
I wasn’t really aware of that either. So the timing on this, I think, is what’s most interesting, because Google just got in kind of big trouble from the security industry anyway, for releasing these dot zip and dot mov domains publicly, which we just talked about recently on the show. Now, just like weeks later, they’re just like, yeah, we’re just gonna sell off our domain business like that seems very odd timing.

Kirk McElhearn 22:45
So if you have a domain registered with Google, you will be contacted if Squarespace takes over and buys it out. For now, we don’t know when or if that’s going to happen.

This nonsensical cryptographic theft method sounds like a hoax.

Kirk McElhearn 22:50
This is going to be our silly story of the week. And we’ve seen a number of these recently that are just silly and make no sense. So this is an article in Ars Technica by a writer who seems to know his stuff, and he’s talking about some researchers who say that, ready for this hackers can steal cryptographic keys by video recording power LEDs 60 feet away. And this is a head scratcher, right? Video Recording LEDs. Now the first thing I’m thinking immediately is, if this recording at 30 frames per second, how much data can you get? How does this work? And the LEDs are 60 feet away. And so there’s interference from other things. And maybe it’s a light that we don’t see. Maybe it’s like infrared or ultraviolet light that we don’t see. But it just seems silly. Josh, does this make any sense at all?

Josh Long 23:43
No, it doesn’t. (Okay, thank you.) The only reason that we’re even talking about this is because like, we just had that Hot Pixels thing that we talked about a couple of weeks ago. (Yeah.) And we were just like this is completely preposterous, like, how is it that there are researchers who are actually tying their names to this research and saying, Yes, we discovered this thing. And you know, you can check CPU temperatures and see what’s on people’s screens. Like, what? That doesn’t make any sense. And well, this doesn’t make any sense either. And yet, here we go with another one of these stories where people are making these really outrageous claims and I just can’t see any way that this could realistically be possible. So just like we said, with Hot Pixels, if you see any headlines telling you that someone can steal cryptographic keys, using video recording power LEDs from 60 feet away, and don’t worry about it, this is not even if you could pull off this kind of attack there’s no chance of this ever happening to you.

Kirk McElhearn 24:42
Listen, I’m convinced when I read this, that this is possible because the intensity brightness of the devices power LED correlates with its power consumption due to the fact that many devices the power LED is connected directly to the power line of the electrical circuit which lacks effective means that is filters or voltage stabilizers of decoupling the correlation. Doesn’t that sound impressive? (Oh, yes.) The correlation then remember, this is the power LED. This is an LED lights, the power LED on a device, you know, the little blue LED on a hard drive or something. I’m sorry. It’s silly. I mean, I’m going to nominate this for the Ig Nobel award. If you don’t know what the Ig Nobel award is, I shall link in the show notes.

Amazon agrees to pay fines for two security and privacy violation issues.

Kirk McElhearn 25:20
Let’s talk about Amazon being fined a pittance $31 million for privacy violations. What’s $31 million we’re trying to figure this out. Like two minutes of selling Kindle books.

Josh Long 25:35
Yeah, probably not much more than that. Amazon has agreed to pay two separate fines. One of them is $25 million. And the other is $5.8 million. The first one, the larger sum is over allegations that Amazon violated child privacy laws, including the Child Online Privacy Protection Act, by allowing their Alexa voice assistant to record and collect children’s voices and store their personal information. Well, I don’t know what Amazon could do to like, filter that out and make sure they’re not handling children’s voices.

Kirk McElhearn 26:12
Does that mean when you’ve got an Alexa speaker on and the microphone listening that they have to turn it off? Every time a child talks in the background?

Josh Long 26:20
I think it’s more that they were collecting and storing some of these recordings that happened to be children’s voices. I think that’s where the issue was.

Kirk McElhearn 26:28
Right. So they have to know how old the children are. And they do this how by using the cameras in the Echo Dots?

Josh Long 26:34
Well see the most, most of these Amazon Alexa powered devices don’t have a camera, right? They don’t know, the ages of everybody in the room. Like how are they supposed to know that?

Kirk McElhearn 26:45
You think they don’t have cameras?

Josh Long 26:49
Well, okay, let’s just say that they wanted to make sure that they weren’t in violation of this law, right? How would they do that the only thing that they could realistically do is to try to make a determination based on the way that voice sounds, whether it might be a child’s voice and then choose to treat that voice prints differently.

Kirk McElhearn 27:12
So child, we’re talking under 13, right? How can they distinguish a 12 year and 11 month old child from a 13 year and one month old child, there’s no way that this can be reliable. The only way you could do this, and this would be plausible is when you get an Alexa device, each member of the family has to talk into the device and they take a voiceprint. But then what do you do when you have kids coming over to play with the other kids and or when you have your neighbor’s kids or your nieces and nephews? There’s no way you can enforce this kind of thing.

Josh Long 27:43
Yeah, I don’t know how Amazon would properly comply with this. Okay, so the other fine, the only $5.8 million fine, was related to something we talked about a while back on the podcast. Remember that Amazon acquired the doorbell and physical security product company Ring back in 2018. And there were some issues that Ring had around that time, where employees and even contractors may have been able to see private videos of a user through their Ring video devices. That was problematic. There were also some security vulnerabilities that made it possible, potentially for threat actors to steal information. And so Amazon agreed to pay a $5.8 million fine for that Ring stuff that happened way back when.

Kirk McElhearn 28:32
Yeah, that’s a lot more serious, where that they had videos that they shouldn’t have had, and they were sharing them on the company’s internal Slack or whatever. And I mean, I don’t know why people record videos of themselves in their homes. But, you know.

Josh Long 28:45
Again, the disturbing part about this, I would say one of the disturbing things, obviously, nobody likes to be spied on or have their data collected in any illegal or inappropriate way. But the other thing is, obviously, what is Amazon going to learn from this? Amazon is such a big company that a total of $31 million for two different fines like this means absolutely nothing to Amazon. And if that’s all they’re gonna get fined, there’s going to be no changes on Amazon’s end.

Kirk McElhearn 29:15
One of the things that are doing in the European Union, and I’m not sure how they can enforce this is that for serious privacy violations, they’re going to potentially fine companies 10% of their global turnover. I don’t know how they’re going to enforce it. But that’s a big fine. Just a little aside. There was something in the news a couple of weeks ago that someone in Finland got a speeding fine, and it was like 130,000 euros because in some countries in Scandinavia, when you get fined, it’s a percentage of your salary. It’s not a fixed fine, so richer people pay higher fines.

Josh Long 29:46
Wow, that’s, that’s a big fine.

Kirk McElhearn 29:50
Okay, that’s enough for this week. Update All your apple things and until next week, Josh, stay secure.

Josh Long 29:55
All right, stay secure.

Voice Over 29:58
Thanks for listening to the Intego Mac podcast, the voice of Mac security, with your hosts Kirk McElhearn, and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode podcast.intego.com The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.


If you like the Intego Mac Podcast podcast, be sure to rate and review it on Apple Podcasts.

Intego Mac Podcast

Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →