Further observations on using the new iPad Pro. Which iPhone models will be able to use Apple Intelligence and why? An Apple leak provides answers. What is the regreSSHion vulnerability and how could it impact your Mac? And the number of features coming in macOS Sequoia that Intel Macs won’t support may surprise you.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Voice Over 0:00
This is the Intego Mac Podcast—the voice of Mac security—for Thursday, July 4, 2024.
This week’s Intego Mac podcast security headlines include: Further observations on using the new iPad Pro. Which iPhone models will be able to use Apple Intelligence and why? An Apple leak provides answers. What is the regreSSHion vulnerability and how could it impact your Mac? And the number of features coming in macOS Sequoia that Intel Macs won’t support may surprise you. Now, here are the hosts of the Intego Mac Podcast: veteran Mac journalist Kirk McElhearn, and Intego’s Chief Security Analyst, Josh Long.
Kirk McElhearn 0:48
Good morning, Josh. How are you today?
Josh Long 0:51
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:52
I’m doing fine. I guess I get to wish you a Happy Independence Day.
Josh Long 0:55
That’s right. Yeah, this episode is being recorded a day earlier, but being released on Independence Day. So yes, Happy Independence Day to all of our American listeners.
Kirk McElhearn 1:05
We wanted to start with an update on my iPad Pro, which I got, what, four, six weeks ago. And I just wanted to mention a few things that I’ve found really good about this. It’s bright, it’s really bright. We’re right in the first week of the Tour de France, which I watch religiously every year, and I’ve been sitting outside in the garden under the gazebo in the shade. Watching on my iPad with previous iPads, it was not bright enough to do that. And it’s much more versatile than I had expected. This new iPad, I think the display is just so wonderful. And I mentioned that when I first talked about it. The other thing is I bought the magic keyboard as ridiculously expensive as it is. I’m working on some writing stuff. And there’s something really interesting about the full screen single window use of an iPad that blocks everything else at nine, you can do that on a Mac or on a laptop, you can do full screen, but it’s not the same. I’m finding it a real pleasure to work on. Now. To be fair, I have the 11 inch iPad Pro, and it’s a little bit small. The keyboard is not that big, and I have large hands. But I wouldn’t want the 13 because it’s big and heavy. I’ve been reading books on the new iPad, because it’s lighter than the previous iPad Pro. I’m really enjoying this. Now. Again, it’s an expensive device, I wouldn’t recommend it to anyone who really doesn’t need the extra display and super fast M four processor. But if you are on the fence, I was upgrading from an M2 iPad Pro. So if you are on the fence, there are a lot of good reasons to get this new iPad.
Josh Long 2:40
Incidentally, my wife recently got the new M2 based iPad Air. And I asked her what she thinks about it. And she said, Well, it’s an iPad, like, it does all the things that I expected it to do.
Kirk McElhearn 2:53
You know it’s true. It’s these two different groups of people, people like you and me, who are looking more closely at things like the display and the speed and all of that and other people who just use it like most people do just to do the things they want to do. We have a couple of things to talk about related to AI but tangentially. The first is it, Phil? Sure. Remember Phil Schiller from Apple, we haven’t seen him on stage in a long time, I think he became a fellow or something like that. So he’s not really that active. He’s going to be on the open AI board as an observer. Now, I assume I don’t know how these board things work. I’ve watched succession. And I don’t recall there being observers. But I assume this means that you can sit on all the board meetings, but you can’t say anything. I can’t imagine Phil Show and not saying anything. But you certainly don’t have a vote in any decisions.
Josh Long 3:44
Phil Schiller is interesting, because he’s got a long history with Apple. He’s a former marketing guru at Apple. So this is a really cool thing, even though it’s an observational seat on the board. So he’s not contributing to the discussions. But he’s they’re finding out what open AI is talking about, and their board meetings with that. That’s really interesting to me. So obviously, this gives Apple some insights into what’s going on with, I guess you could argue an AI competitor in a sense. So that’s, it’s interesting from that perspective. And Kirk, you you were just saying before we started recording that, you know, maybe Apple might even be interested in buying open AI. And once they kind of are seeing what’s going on in these board meetings, maybe that will spark even more interest in Apple actually, potentially making a bid to buy the whole company. Now we know that Microsoft has a big investment in open AI. So I don’t know how that would play into the whole thing. But imagine that what could that happen? I suppose it could that Apple could maybe decide who wants to buy open AI?
Kirk McElhearn 4:51
Or maybe Phil is just there as a sort of disciplinarian was it a couple of months ago that they suddenly fired the founder and CEO Sam Altman and then brought him back. And when something like that happens with a big company, it’s not good. It shows that they’re not really doing things very efficiently. And maybe Apple wants to make sure that the company doesn’t do something like that, again, because they are investing a lot. Apparently, they’re not paying open AI and opening, I was not paying Apple, but they’re investing a lot in using the open AI brand. And they don’t want to get basically screwed because open AI is bored does something dumb?
Josh Long 5:25
Yeah, that’s a good point, it would be pretty awkward if open aI had another sudden shake up and reversal kind of thing going on again, after Apple has already announced that open AI is partnering and kind of integrated with the OS as an optional feature, but But it’s there now as part of Apple operating systems as of September. So when these new operating systems come out.
Kirk McElhearn 5:49
Okay, we have a leak about the forthcoming iPhone 16 models. Now in the past, Apple has released two normal models and two Pro models of the iPhone. And the two normal ones were cheaper, and the pro ones were more expensive. And the pro ones generally had a faster chip, more RAM, better camera, things like that. Now we see that what Apple did last year with the iPhone 15 models is they released, the faster chip and the eight gigabytes of RAM on the Pro models and the non pro model will not be able to run Apple Intelligence features because well, combination of chip and RAM. So there’s a rumor Well, a week that confirms that all four iPhone 16 models will have the same A 18 Chip. Presumably they’ll also have at least eight gigabytes of RAM because that seems to be what’s needed to run Apple Intelligence, it’s going to be a lot more difficult for Apple to differentiate these models. Now I don’t think many people paid attention to what Chip was in an iPhone before. It’s like, oh, I’m buying the Pro model because it’s got the A 17 and not the a 16. And, you know, we don’t even know what megahertz they run out or anything. And Apple’s never really talked about RAM and iPhones. But now they’re putting them on the same plane so they can all run Apple Intelligence. So how are they going to differentiate them better cameras in the Pro models, maybe a different material like it’s currently titanium and the other ones are just plain stainless steel, but they’re making them a lot more similar than in the past because of the need for the resources to run Apple Intelligence features.
Josh Long 7:22
Right, this is one of the things that we feel is really weird about Apple Intelligence is that it will not run on the current iPhone 15. Right. So if you buy the current base, iPhone 15 model or iPhone 15 Plus as well, all the way up through when Apple presumably will stop selling them at this time that the start selling iPhone 16 You’ll be able to get iOS 18 on it. But you can’t get any Apple Intelligence features because those are currently only reserved for the current Pro and Pro Max models. And then any future models of iPhone that Apple releases. So you could buy a brand new, although year old at that point model of iPhone 15 and not be able to get any Apple Intelligence features, which is very awkward, right? It’s It’s not common for Apple to not give users of existing products from like only a year earlier, access to all the latest features in the new operating systems. And so I think maybe what was going on here is that Apple’s trying to avoid that by just saying okay, well, we could technically just put in last year as a 17 from the Pro models into the 16. But then what about a year from now when we decide that? Well, we probably should make 18 the baseline for these new Apple AI features.
Kirk McElhearn 8:48
That’s what I was thinking that part of this decision is to prevent the same problem happening next year, when they’ve got new AI models that need more resources.
Josh Long 8:57
Right. And so maybe what Apple could do to differentiate is maybe they’ll start including 16 gigs of ram in the higher end pro pro Max models. It’s not been something that they’ve really put up front and let us know how many gigs of RAM. And so it’s just not something that Apple talks about. Maybe there will be some differentiations behind the scenes like that, that will be better for the Pro models and will just be kind of the baseline for the regular models.
Kirk McElhearn 9:27
I hope we don’t get billed to order iPhone models where we know you can choose how much storage you want. But if they also want to choose how much RAM in a combination with storage, that would just be too complicated. I think Apple does not want to do that already. Having multiple storage quantities means that they have, you know, three versions of the pro three versus the pro Max in each of the colors and that’s an awful lot of SK use so, but I do think that they’re planning ahead for next year, where new features will need a more powerful processor and they don’t Want to make the same mistake? Because it’s a mistake? It makes me wonder. I know they’re selling 10s of millions of phones every year, could they save $1 on each one by not having included the A 17 processor in the iPhone 15, non Pro, which out of all the phones, let’s say half of the phones they sell, it’s $20 million. They’ve got a 39% profit margin. Is that enough of a saving? I mean, maybe it’s more than $1 the difference in the chip, but it also seems to me there’s an economy of scale that the latest processor, it’s going to cost less because they’re making more I obviously, you know, this is big business supply chain stuff that none of us know anything about. But it seems like differentiating models by processor has kind of gotten them stuck in a corner this year. And maybe they won’t be doing that in the future. But then again, what will the differentiator be? Will the camera differentiator be enough for people to go for the Pro? Do people really care if the iPhone is made of titanium? I mean, you know, they do a good presentation, but you put your case on it. And it doesn’t really matter what it’s made of.
Josh Long 11:06
It’s also going to be interesting to see how this affects the pricing of the different models too, right? Is this going to make the base models more expensive, it would be kind of awkward for Apple to have like nearly the same phone but to charge the same kind of difference in pricing for the Pro models like they have in the past.
Kirk McElhearn 11:24
Okay, so macOS Sequoia is coming out in the fall, in addition to iOS 18 and iPadOS 18. And MacRumors has had a really interesting article listing all of the MacOS Sequoia features that Intel Macs will not support. I mean, this is quite a list. It’s Apple Intelligence. So it’s a group of features. And it’s live audio transcription. And that’s it. To be fair, live audio transcription is actually part of Apple Intelligence, or it’s using the same kind of processes in the background. And Apple says it’s limited to machines running Apple silicon. So I think it’s really good that Apple is still supporting Intel Macs that, you know, go back. 2020 is when the first M1 Mac came out. So we’re going back, you know, four years more, but they’re going back four years and more. I believe there’s a 2017 iMac, they can still run macOS Sequoia. So there is a longevity. on macOS that’s not quite the same in iOS, being able to get all of the normal features without Apple Intelligence is pretty good for Macs that are more than five years old. Whereas with the phone, if your phone is more than one year old, you won’t get, you know…
Josh Long 12:28
Right. Yeah, this is actually something that it’s it’s nice to see that Apple is still releasing the latest macOS versions for Intel Macs, right? I mean, at this point, you know, we started getting M1 Max rolling out in 2020. And here we are close to the end of 2024. I think it’s a nice thing that Apple is still supporting actually, several models of Intel Macs at this point, that may change next year may change a couple years from now, but obviously at some point, Apple’s going to cut off those Intel Macs are getting the latest Apple operating system.
Kirk McElhearn 13:04
One new feature that was discovered in macOS Sequoia is a new HDMI passthrough feature that enables a Mac to send an unaltered Dolby Atmos signal to a connected AV receiver or soundbar. That might not sound exciting. But in the past, if you wanted to stream video on say, a Mac mini and connect it to an AV receiver or to a soundbar or something, the audio would be somehow altered, you wouldn’t get the full audio and now the HDMI pass through means that you will get the full audio. This has something to do with the kind of copy protection you get with HDMI as well. I know in the past, there were often problems connecting a Mac to a TV if it didn’t have the same version of I forget what it’s called the HDMI copy protection thing. And your cable wasn’t compatible. You wouldn’t get the right video or all the features whatever got TVs are complicated. There are so many things you need to know now to be able to play from one device onto a TV used to be simple, you move the rabbit ears until you can get a signal when you’d watch TV.
Josh Long 14:05
Yeah, well this all has to do with copy protection stuff, right? That’s the entire reason why this all got so complicated because everyone wants to protect their intellectual property and their copyrights and everything. So but hey, this is a cool new feature if you’re the kind of person who is going to connect a Mac to these other systems that use HDMI.
Kirk McElhearn 14:28
Okay, we’re going to take a break when we come back we’re going to talk more about Intel Max, but this time about a CPU vulnerability.
Voice Over 14:37
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 15:52
“Indirector”. That’s the name of the new Intel CPU vulnerability that can expose sensitive data. How many of these we had in recent years?
Josh Long 16:00
I’ve lost count. I don’t know we had we started out with Specter and Meltdown (Specter and Meltdown.) Yeah, those were the first those were the first ones. And then we’ve had I don’t know countless others, there’s been Spoiler, there’s been Spectre v2. And I don’t know, there’s a whole bunch of other ones at this point. This is just the latest in a series of very similar vulnerabilities. This is quite a bit like Spectre and the other vulnerabilities remember, we talked about like branch prediction. And these processors are all designed to be as efficient as possible. And so one of the ways that they do that is by trying to predict what is going to happen next. And so what these processors are capable of doing is kind of doing both of those things in parallel. And then just discarding the thing that it didn’t end up needing to use. Problem is with that sometimes that thing that should be discarded isn’t and that can be a potential problem. So this is yet another one of these specter like vulnerabilities, there are some ways that you can mitigate these. So first of all, we should talk about what is Apple going to do about this? I know nothing. That’s very likely. Yeah, honestly, at this point, we’re talking about like, Mac’s that, again, were originally released in like 2019 or earlier. So these are very old Mac models. And frankly, unless these vulnerabilities are known to be exploited in the wild, and maybe Apple will do something about it. But unless we know of real world attacks, I don’t think Apple is even going to touch this with a 10 foot pole, right? This is so yesteryear, right? Like Apple doesn’t care about Intel Macs anymore.
Kirk McElhearn 17:41
Just before the break, we talked about how much they care about Intel Macs, that there’s only two main features that Intel Macs aren’t getting in macOS Sequoia, and how great it is that they’re supporting IMAX back to I think 2017. And yet they don’t care about Intel Max, come on, Josh.
Josh Long 17:57
Well, it’s one of those things like I feel like one of the big reasons why Sequoia didn’t drop too many hardware models, and really an iOS 18 didn’t drop any models, we only lost a couple of models of iPad. And I think this is all because I think Apple feels a little bit guilty that like so many devices are not getting Apple Intelligence, that they’re kind of just like, we’re gonna mostly support all the same stuff that we supported last year. But in any case, yeah, Intel Macs are on their way out is slowly it’s going to take a couple of years.
Kirk McElhearn 18:35
Remember that M series Mac’s have a minimum of eight gigabytes of RAM. Unlike iPhones, we mentioned earlier in the show that the iPhone 15 non Pro has six gigabytes of RAM and the Pro has eight gigabytes of RAM. And that is definitely a differentiator, the minimum on M1 Max has always been eight gigabytes.
Josh Long 18:55
By the way, I don’t know if we’ve mentioned this for a while if you are really paranoid and concerned that someone might exploit a vulnerability like Spectre, then you can run an app called CPU center. And you can disable a feature called hyper threading. And basically, you’ll only be using the physical processor cores in your machine and not using kind of these simulated cores. Because it’ll slow down certain things on your Mac, but it’s not going to be that noticeable. So if you’re really paranoid, and you really want to do something else to mitigate these vulnerabilities, this type of vulnerability, you can do that it I don’t think most people really need to worry about these type of vulnerabilities
Kirk McElhearn 19:36
And coming from you who tend to worry about everything. That’s pretty reassuring. So there is another vulnerability that does impact Mac’s and it’s called “regreSSHion”. I liked the way they did that. So SSH, which is something we use to communicate securely between multiple network devices. So it’s regress-SSHION. regreSSHion. Explain this to me, Josh.
Josh Long 19:58
SSH stands For a secure shell, you open up your Terminal, you’ve got a shell, a place where you can type in commands on your own computer. It’s like the operating system for Terminal. Yeah, it’s you can use SSH to log into another Mac, just like you were sitting at that Mac using the Terminal on that Mac, right. So this is actually a feature that’s built into macOS called remote login is what Apple calls it. And the System Settings app, if you have that enabled, you are potentially vulnerable to attacks against this regreSSHion vulnerability. It’s called regreSSHion, by the way, because this is an older OpenSSH vulnerability that has now come back because some developers made a mistake. And the same old vulnerability is new again, on newer versions of OpenSSH.
Kirk McElhearn 20:50
So if you have remote login enabled on your Mac, could someone access your Mac over the internet with this vulnerability, or is this only on a local network.
Josh Long 20:58
That’s an important distinction to make. So this is a vulnerability that could be exploited probably mostly just on your local network, you would have to do some work to enable the ability for someone on the public Internet to connect to your Mac, basically, you’d have to open up a port in your firewall, and do port forwarding and most people are not going to do that.
Kirk McElhearn 21:21
Port forwarding, I often see that so I have a router from my ISP. And there’s always a port forwarding tab and the thing, and I think people do this when they’re playing certain games, right?
Josh Long 21:30
Yeah, that’s one thing that people use this for. I actually once upon a time, I actually had SSH login set up for my own Mac at home, so that I could access it from my work computer when I’m at the office. Right? And well, I obviously I don’t do that anymore. Good.
Kirk McElhearn 21:49
Because you were just presenting a new attack surface to our listeners, if you were still doing that.
Josh Long 21:54
Yeah, I’m not gonna do that. But you probably don’t need to worry too much about this. But I really do hope that Apple patches this vulnerability sooner rather than later, because there are Mac’s that people are using as servers. And you don’t want to have something like this exposed to the internet. Obviously, that’s a really big problem at this point. Now, this patch just came out this week. And you know, Apple hasn’t released any operating system patches this week. Maybe Apple will patch this in the very next macOS Sonoma update, we will see. But we also know that Apple unfortunately, it has a history of not being very quick to patch a lot of vulnerabilities and open source components of the operating system, as we’ve noted recently.
Kirk McElhearn 22:37
Okay, so we saw a scary headline on Ars Technica, 3 million iOS and macOS apps were exposed to potent supply chain attacks 3 million apps for that many apps for iOS and macOS, I guess for iOS, there are a lot of apps. But all of these apps were exposed to potent supply chain attacks. That sounds a bit overblown to me.
Josh Long 22:58
Well get this headline though, this one comes from the Register almost every Apple device vulnerable to CocoaPods, supply chain attack, oh, my gosh, almost every Apple device, what are we going to do? And they say in this hard way.
Kirk McElhearn 23:11
So this is a breakfast cereal that has a vulnerability.
Josh Long 23:15
That actually does sound like a breakfast cereal, that’s true. CocoaPods is actually a code repositories. It’s kind of like GitHub, that kind of thing where where people can put code that other developers can use in their apps. And so apps from companies like as the Register points out, Meta, Apple, Microsoft, TikTok, and Amazon, and many other big companies that you’ve heard of have used software that they got from this CocoaPods repository. And so the way that they phrase this in the Register is, has been found to use vulnerable pods. And they say it is conceivable that 1000s to millions of apps have been exposed to exploitation by the vulnerability. Okay, so here’s what’s really going on here. As best I understand it, looking at this, these articles about what happened here is, it’s more that there was a kind of login related vulnerability. And so in theory, somebody could have figured this vulnerability out, by the way, apparently, this vulnerability had been in place for like 10 years, and nobody had discovered it. If somebody had known about this vulnerability and exploited it, they could have tricked a developer into basically giving an attacker access to their developer account, basically, like through a phishing link. And then somebody could have uploaded malicious code into one of these repositories. This is all hypothetical. That’s the really important thing about all this. We don’t know that any bad guys use this. So yes, these headlines are way overblown. At this point. We don’t have any reason to believe that any of these repositories were actually infected with malicious code or anything like that.
Kirk McElhearn 25:00
But as the Ars Technica article says, absence of evidence is not evidence of absence.
Josh Long 25:07
Yep. Well, that’s true. So it’s entirely possible. And here’s what we should say to developers. If you have used CocoaPods, maybe go back and do a full source code audit, like verify all the source code commits, verify everything that you’re using, that comes from CocoaPods. That’s really all there is to it. for end users, there’s not really anything that we can do other than to hope that our developers are double checking that all their source code that they’re using is just fine.
Kirk McElhearn 25:39
This sort of thing is, I don’t want to say it’s clickbait because it’s not a lie, right? It’s true. But saying 3 million apps, almost every Apple device, it kind of says to end users, you have a problem, whereas you can’t do anything. And I guess it’s somewhat similar to the Intel CPU vulnerability, right? There’s a problem that you can’t really do anything about, although with your CPU setup, you can change it. But this sort of thing isn’t very helpful for anyone is it?
Josh Long 26:09
Well, it’s one of those things like, it’s good to be aware of what vulnerabilities are out there, right. And in some cases, you may be able to mitigate that vulnerability like with CPU center, like we were talking about. In this case, though, it’s one of those things that like, I guess it’s good to know. But it’s probably going to cause more panic and concern. The important thing about getting the word out about this kind of stuff, and publishing articles about it is just so the developers are aware of so they can then audit the source code that they’re using. That’s the important thing here.
Kirk McElhearn 26:41
Okay, one last quick story for the holidays. Because It’s vacation season or holiday season, as people in the UK would say, The Guardian has an article. And when I first saw it, I thought it was someone from Washington, it says WA man set up fake free Wi Fi and Australian airports, and on flights to steal people’s data Police allege, actually WA is Western Australia because the Guardian has an Australian edition. Essentially, he set up bogus, evil twin Wi Fi networks. And if you were at an airport, and you saw oh, here’s a free Wi-Fi network, I’ll go on that network. And it wasn’t encrypted, and they can get your data. So this is your annual reminder from Uncle Kirk and Uncle Josh, don’t use free Wi-Fi in public places because it’s dangerous.
Josh Long 27:22
And if you are really in need of using public Wi Fi, what you can do is you can use a VPN, for example Intego Privacy Protection, which is available for Mac and Windows. If you enable a VPN, then you if somebody has something malicious going on on that open Wi Fi network, it will at least create an encrypted tunnel between your computer and the VPN provider. And then from there, it’s just like you’re accessing the internet in a normal safe place like at home.
Kirk McElhearn 27:54
Okay, that’s enough for this week. Until next week, Josh, stay secure.
Josh Long
All right, stay secure.
Voice Over 28:01
Thanks for listening to the Intego Mac Podcast, the voice of Mac security, with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software: intego.com.
