Apple releases a new Apple Pencil, which joins the Apple Pencil and the Apple Pencil in the company’s product line. If you think this is confusing, take a look at the current iPad models available. Apple needs to simplify. We also discuss the week’s security news.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.
Voice Over 0:00
This is the Intego Mac Podcast–the voice of Mac security–for Thursday, October 19 2023.
This week’s Intego Mac Podcast security headlines include: to prevent so called “typo squatting”, mobile Chrome browsers will soon be able to detect when an accidentally malformed URL points to an illegitimate website. Apple is facing a class action lawsuit over AirTag stalking. What about other companies who make tracking devices? And we discussed the ever increasing smorgasbord of devices Apple has been adding and keeping in its product lines. Now, here are the hosts of the Intego Mac podcast. Veteran Mac journalist, Kirk McElhearn. And Intego’s Chief Security Analyst. Josh Long.
Kirk McElhearn 0:49
Good morning, Josh, how are you today?
Josh Long 0:51
I’m doing well. How are you?
Kirk McElhearn 0:53
I’m doing just fine. We’ve just spent way too long before the show talking about some really interesting things that we’re going to discuss in the podcast, we’re particularly going to talk about the new Apple Pencil, which joins the existing lineup of the Apple Pencil and the Apple Pencil. And we’ll speculate on new iPads when we get to the second half of the show. First, we want to talk about how a French authority has leaked the iOS 17.1 launch date by October 24. At the latest. So we’re recording on the 18th. This will be next Tuesday, which Apple generally does the major updates on Tuesdays anyway, right. So it makes sense.
Josh Long 1:26
It could be any day of the week, Monday through Friday. But Tuesday would make sense. Generally tech companies prefer not to release things on a Monday because you know, it’s the beginning of the week, people are just getting back to the office. And it people don’t want to have to deal with some major update. And also Friday’s not ideal either, because it’s right at the end of the week. And people want to go home and enjoy their weekend.
Kirk McElhearn 1:49
And Monday’s could be holidays. And a lot of countries there are a lot of Monday holidays in the US. In the UK, there are other Monday holidays, every country tries to make their holidays, Fridays and Mondays when possible. So that leaves them three days a week. Now Wednesday being Hump Day is always a problem because you’re on the way up and on the way down. So you don’t want to do it. Thursday’s too close to Friday. I’m sure that they have focus group to this and surveyed people to find what the best day is mostly for IT manager not for people like you and me.
Josh Long 2:19
And in certain parts of the world. That least Thursday is Friday. Because if your weekend is Friday, Saturday, like for example in Israel, then Thursday is actually your Friday.
Kirk McElhearn 2:29
Right. I think we’re going to move on to the next topic because all of this calendar stuff is confusing me. Yeah, I found a story in The Verge this week. And you were all angry about this because you don’t like it. Chrome on iOS and Android will now detect URL typos. Now we’ve discussed typo squatting in the past, maybe a company would want to reserve A P L L E.com. Instead of A P P L E.com. You know what Apple actually owns a bunch of domains like that. But hackers might want to reserve domains where that fingers could make typos like Microsoft instead of microsoft.com. So Chrome on iOS and Android will detect these but you had a bad experience with this years ago. You’ve been traumatized by this right?
Josh Long 3:12
Many, many years ago, I was going to a university and I went to my university’s website, and some extension that I had installed, I think it was an ad blocker. And they had this new experimental feature where it was supposed to detect type of squatting. It was supposed to prevent you from visiting a URL that was similar to a known URL and its database. I went to my legitimate University website. And I got a little banner across the top of the screen saying Did you mean this website, which was a competing University? Now, that was many years ago, it was not a giant company like Google that was coming out with this feature. Maybe Google will do it better for Chrome on iOS and Android. Google is a very big company. They have giant databases, they have the entire web practically indexed. So if anyone can do this, well, it would be Google. I’m just I’m very skeptical. Because of that bad experience. I have ones.
Kirk McElhearn 4:21
Google also has a Safe Browsing database, which I’m pretty sure Apple Safari still uses to check known malicious urls. So they can probably combine the two. Now this is iOS and Android. I’m assuming that there’s going to be a Chrome extension that you’ll be able to use on the Mac as well.
Josh Long 4:37
That would be interesting. Yeah. Why would they watch this feature only on mobile? That seems odd because you can type Oh, that fingers Josh. I know but fingers but people type of things all the time on a when you’re typing on a physical keyboard on a laptop to I don’t see why they wouldn’t also add this feature to the desktop version of Chrome.
Kirk McElhearn 4:57
Well, I’m sure it’s coming. Sooner or later. Okay, so zero-day vulnerabilities are really important. We discussed them many times, if a zero-day vulnerability comes out in an important app, you really need to update and we’re always warning people update now because this app is dangerous. Last week, apparently Signal the messaging app responded to, quote, vague viral reports alleging a Signal zero-day vulnerability. And was it really the vulnerability that didn’t exist?
Josh Long 5:24
Well, yeah, there was rumors going around claiming that there was some big deal and Signal had a zero-day. And so everyone was all in a panic about this, the statement that the company came out with said that after responsible investigation, they say, I don’t know what irresponsible investigation would have been exactly. But they say after a responsible investigation, we have no evidence that suggests this vulnerability is real, nor has any additional information been shared via our official reporting channels. And they said, we also checked with people across the US government since copy paste reporting claimed the US government was a source for this. And they say that those we spoke with have no information suggesting that this is a valid claim. We take reports very seriously, et cetera, et cetera. So basically, Signal is saying-
Kirk McElhearn 6:15
“the security of our users is the most important thing for us,” which for Signal, it’s true, because they are an encrypted messaging service.
Josh Long 6:22
Right, right. But I don’t have any reason to doubt Signal’s statement about this. If they were aware of a vulnerability, obviously, they would, would fix it. So just the fact that somebody started a rumor about this. It’s IF Signal of saying we have zero intelligence about this, and the US government has zero intelligence about this where you know, that was supposedly the original source or one of the sources for this? I don’t I don’t think that there’s actually an issue. And if there is, we’ll find out about it, I’m sure soon enough, and Signal will fix the issue. So I don’t really have any concerns over this.
Kirk McElhearn 7:01
Okay, we’ve been talking about AirTags since they were first released. And we highlighted the negative aspects of AirTags how they can be used by stalkers and abusers. Apparently, there was a class action lawsuit among a number of people who have been stalked by ex partners using AirTags, it was initially brought by two women, and well, there were some lawyers out there trying to get more people to join the class. We know that this is a problem. And Apple very quickly, in the months after the AirTag was released, they made changes and they’ve kept iterating. On the way this works in the way people were warned, yes, this can be a problem. But the question is, is this worthy of a class action lawsuit?
Josh Long 7:41
Well, that’s a really good question. And I think a related question is, why are other tracking device companies not part of this lawsuit? Well, I think we know the real reason why Apple is being singled out is that Apple has more money than any other company on Earth. There are other companies, of course, that make tracking devices, tile is probably the most well known of these, and they’ve been around a lot longer than AirTags. Actually. Maybe it’s just because like, I follow Apple news, but I’ve never heard of the lawsuit against tile, maybe that maybe there has been one I don’t know. I don’t also don’t hear about anything that tile is doing in particular to try to reduce its usability for stocking purposes. Maybe this is an apple ecosystem thing. And we’re just blind to like other stories about things like this, but it does seem like apples being unfairly picked on especially considering that they have been making changes to the AirTag to reduce the risk of being used by stalkers.
Kirk McElhearn 8:47
Okay, we have a story on bleeping computer, which is a reminder of one of the things that everyone should do when they get a new device when they get it and has admin as a password. They’re talking about IT administrators are using 10s of 1000s of weak passwords, to protect access to portals leaving the door open to cyber attacks on enterprise networks. I’m not talking about individual devices, they’re talking about the gateway into a corporate network. And out of 1.8 million administrator credentials analyzed over 40,000 entries were admin showing the default password was used by so many people. Now, we do need to point out that admin does not mean administrator as you think it’s actually Latin for change this password now, but a lot of people aren’t doing that although 40,000 out of 1.8 million. It’s not that much is it?
Josh Long 9:32
Well, okay, but just the fact that like 10s, of 1000s of portals, whatever exactly, that means it could it could be a number of things. They’re not really very specific about that. Maybe it means for example, a WordPress instance somebody spun up WordPress on a server and left the default password right, something like that. But these are potential footholds then into a corporate network. So if you have have a company that has a WordPress blog, and you’re self hosting that blog within your own company network. Now somebody has a foothold into that server.
Kirk McElhearn 10:11
The article lists a total of 20 passwords that they’ve discovered that are unsafe. And these selected same things will usually see 123456 or 12345, or the even less safe 1234. But how about 123? I mean, administrators using passwords like that. It’s a little bit you know, dangerous route as a password admin one that’s it, you add a digit to the end of admin, and then you’re 10 times safer.
Josh Long 10:36
Right, right. Oh, and I noticed that password is not in this list but password with a capital P is in this list. Right? That’s number five on their list as if the case sensitivity will fall hackers. Yes, definitely. All you all you need is a capital P. And it’s completely hacker proof. Of course, we’re joking.
Kirk McElhearn 10:54
Okay, quick story. Not too much to say about this. But UK users of illicit streaming services are warned of risk of fraud, or police visit. Now, if you’re not in the UK, you may not realize that people have gone to jail for not paying the TV license. Here. The kind of streaming service they’re talking about isn’t really Netflix, like using someone’s Netflix password. It’s the kind where you sign up and pay five pounds a month to get access to all of the Premier League football games or something like that. It’s the Russian streaming services way back in the day, there was mp3 dot ru, I think it was that had I don’t know a million mp3 is and you paid five bucks a month. That’s the kind of talking about. The thing is, there aren’t very many providers for Fortson. It’s very expensive. So people who don’t have a lot of money, they may be tempted to instead of paying 1000 bucks a year to watch the football to pay, you know, five pounds a month. And they’re actually talking about potentially police visiting them. I can’t really see that happening. But it is a threat. Since the TV license is already a very clear threat to people. They’re trying to kind of let people know of what the risk is. Now, we’re going to link to an article in The Guardian. And they’re showing an advertisement in an underground station, illegal streams let criminals in. And one of the main things we’re talking about is how people have given credentials and credit cards to these companies who’ve then taken advantage of them and stolen their money.
Josh Long 12:18
Not only that, but we’ve also seen in the past that some of these sites with basically obviously illegal content, like where they’re giving stuff away for free or at a significant discount versus the normal method of getting those streams or that content, whatever it might be. We’ve seen these kinds of sites used for disturbing malware, including Mac malware. A few years ago, Intego discovered some malware called Crescent core that was being distributed through a website that claimed to offer free issues of DC comics that you would be able to get these digital downloads of the latest Batman comic or whatever it was. The problem was that what you actually got instead was Mac malware if you happen to be visiting that site from a Mac. So this is a real issue. You cannot trust any site that claims to offer something basically, if it seems like it’s too good to be true, it probably is. There’s a catch, definitely.
Kirk McElhearn 13:19
Okay, we’re gonna take a break. When we come back, we’re going to talk about the new Apple Pencil and we’re going to talk about the new Apple iPads that we haven’t gotten yet.
Voice Over 13:27
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X 9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple silicon Macs. Download the free trial of Mac Premium Bundle X 9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the Special Discount Link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 14:43
So we’re recording on Wednesday the 18th and on Tuesday the 17th. Apple announced the new Apple Pencil which joins the lineup which includes the Apple Pencil and the Apple Pencil. If that’s confusing, wait till you look at the compatibility what the different devices are compatible with. I’m going to link to that Apple’s press release on the Apple newsroom website where they talk about this is how they announce products. They give information more for the press, they give some images and everything, you’ll see that there’s a little table at the bottom showing the features of the three different Apple Pencils. So they’re calling them Apple Pencil first generation, Apple Pencil second generation and Apple Pencil USB-C, which is the new one, you’ll see that the latest Apple Pencil is a much less expensive one. The second generation retails for $129, the new one $79. But it doesn’t include features like pressure sensitivity, which you would want to use if you’re an artist and you want to make different thicknesses on when you’re using brushes. It doesn’t include wireless pairing and charging, and it doesn’t include double tap to change tools for a $50 difference that’s actually features that most people don’t need. It seems like Apple’s really targeting the education market with this because they’re selling it to educational institutions for $10 less. But the biggest problem here is what is all of this, why three Apple Pencils, why three prices with a different range of features? Why this weird compatibility, that one of the models is compatible with these devices and other with those devices. It’s really confusing and they’re selling all three and they’re selling all three and that really gets me Why couldn’t they have made the second one compatible with everything the first one was compatible with? And the third one compatible with everything or nothing? I don’t know. What do you think Josh? Do you use it? You don’t even use an Apple Pencil do you?
Josh Long 16:28
Well, Apple Pencil of course is Apple won’t call it a stylus. When Steve Jobs famously introduced the iPhone. One of the things that he said on stage was, how are you going to interact with this? A stylus, right? No, nobody wants a stylus. “Yuck”, he actually said yuck.
Kirk McElhearn 16:45
I remember back in the day when I was using a Palm Pilot, I would buy like a bag of five styli because you tend to lose them because they were really small.
Josh Long 16:53
I also use a couple of similar devices. I had a Palm Tungsten E, I think was the model that I had. And I also had a Hhandspring Visor back in the day, which was a third party competitor to Palm. I also had a Windows what was it Windows Mobile, I think it was called at the time PDA, I had to think of what they were called for a second their
Kirk McElhearn 17:16
PDA. Remember the PDA? That was interesting. Anyway, one of the main reasons we want to talk about this is that the Apple product line has become so complicated, that you have three Apple Pencils, you have five different iPads, right, you’ve got the iPad, you’ve got the iPad Mini, the iPad Air, the iPad Pro, 11 inch and 12.9 inch. Remember, you can’t just say iPad Pro because they have different processors.
Josh Long 17:40
And not only that, but just the regular iPad, Apple currently sells the 10th Gen, and also the ninth Gen at the same time.
Kirk McElhearn 17:47
And don’t forget that the first generation Apple Pencil was compatible with the iPad Pro 9.7 inch, the iPad Pro 10.5 inch and the iPad Pro 12.9 inch. Couldn’t it be like iPad Pro mini mini and Max or something? It’s like, it’s gotten so confusing. I find it annoying enough that they name things with the generation number, which I guess it kind of makes sense to us to people doing support, right. But no one else knows what generation their iPad is.
Josh Long 18:17
You almost need to go to an Apple Store and talk to an Apple Genius to find out what Apple Pencil you need for your particular iPad and your particular use case. It’s kind of ridiculous.
Kirk McElhearn 18:30
Well, on top of that, if you want to know which generation your iPad is, you won’t find it on the iPad. I looked on my iPad Pro this morning, because I wasn’t sure when I bought it. And when I looked at About This iPad, it just says iPad Pro. When I go to the Apple support site, it just says iPad Pro it doesn’t even list the generation there. So you have to go to the Apple page where it says how do I find out which model it is. And you have to look for the little model number on the back engraved on the back if it’s there, or you can look inside in the about where it gives it a precise model number m 2659 slash a something like that, whatever. But the problem is that Apple is selling so many different devices now that it’s confusing. You mentioned earlier before the show when we were talking that you’ve got the iPhone 15 and 14 and 13 and SE and you just don’t have one iPhone bottle anymore, not to mention the basic and the Pro and the large and the small.
Josh Long 19:24
Another Steve Jobs keynote that I recall very vividly was when he said look, we’re simplifying our product lines. Here’s here’s a grid. It’s got four squares on it. You’ve got consumer portable, pro portable, you’ve got consumer desktop pro desktop. Period. That’s it. And this was a big change for Apple and something that really the company needed because the product lines were getting really convoluted and complex. And we’re kind of It feels like we’re getting to that place again without Apple, where there’s just so many variations of the same product that it’s not easy to figure out what I need, my parents are looking to get a new iPad. And so I told them, Well, you don’t want the mini because I know you want a bigger screen. But you also don’t want the pro because you don’t really need the Pro features. So I guess that means you either need an iPad or an iPad Air. And I told them, you know, off the top of my head, I don’t even remember what the differences are between the iPad and the iPad anymore, because when the air first came out is supposed to be thinner and lighter. And now the regular iPad is also kind of thin and light too.
Kirk McElhearn 20:34
If you look at the Mac product line, remember consumer laptop, pro laptop, etc. You’ve got two laptops, and I can accept that MacBook Air MacBook Pro. But you’ve got four desktop Macs now, the iMac, the Mac mini, the MAC studio and the Mac Pro. When you think about the desktop, where fewer people are buying the computers, it seems more confusing to have multiple dividing. Remember back in the day when Apple developers would laugh at Android developers who had to deal with so many different screen sizes for their apps right? Now, if you look just at the iPad wine that I mentioned earlier, right for compatibility, you’ve got a 9.7 or 10.5, a 12.9. You’ve got the mini which I think is 8.5. You got the plain iPad, which is who knows how many inches it is.
Josh Long 21:19
This is all like ridiculously complex. We didn’t even mention here that there were a lot of people who were thinking that we were going to get a new iPad this week. And well, it hasn’t materialized instead, Apple just released a pencil like what why
Kirk McElhearn 21:36
Bu shi. They released a new iPad model in China with an e sim.
Josh Long 21:41
Okay, but it’s not a new iPad. It’s just like an existing iPad that has e sim support.
Kirk McElhearn 21:48
Okay, so we were looking because your parents had an iPad, we were looking at a lot of the iPads are about a year old, there were a number of iPads released in October 22. The iPad mini is a year and a half old. So that’s due for a refresh. And I actually use the iPad Mini more than my iPad Pro anymore. So I want to say I’m excited for it. But on the other hand, there probably won’t be any features worth upgrading. So what’s even the point anymore with all these different iPad models?
Josh Long 22:13
Well, I mean, you could make the same argument about the iPhone two, like what’s the one thing that like is really significant from one model to the next. Like, if you’re upgrading across many generations, you’re gonna get a lot of new hardware features. But if you’re just going from like, say the 14 Pro to the 15 Pro, it’s not that big of an upgrade necessarily. And it’s kind of the same thing with you know, Mac’s are kind of the same way and iPads are kind of the same way too. So the one thing that we know will get is we’ll get a newer processor. That’s that’s important. And the the other thing, obviously, we’re gonna get USB-C. The iPads have had USB-C for a while. It’s really only if I’m not mistaken, I think only the ninth Gen iPad. That’s the only one that Apple currently sells that it’s lightning that doesn’t have USB-C.
Kirk McElhearn 23:06
The only other device that I can see being updated this year is the AirPods Max. Now the original AirPods Max came out in December 2020. So that’s getting on three years. And it’s a Christmas product, right? That this is the kind you buy as a gift for someone or for yourself. I want to see the AirPods Max is long in the teeth because Apples Beat subsidiary they have the Beat Studio Pro, which has some more advanced technology than the AirPods Max. And I kind of wonder since Apple’s updated AirPods, regular AirPods several times why they haven’t updated the AirPods Max, maybe they don’t sell enough. But if they’re going to update it, I would expect it in November or December to be out for the Christmas season.
Josh Long 23:45
I think that’s a really interesting point because the equivalent Beats model is superior technologically like why would you spend more money to get the inferior technology from the Apple brand when you could spend less money and get the better newer technology from Beats? That’s practically the same thing.
Kirk McElhearn 24:06
It’s funny you asked that Josh because I am preparing some articles about Apple’s AirPods and Beats headphones and comparing the two and there were a lot of reasons to choose the AirPods Max over the Beats Studio Pro even with the $200 difference, but I wouldn’t recommend buying the AirPods Max now. It’s a three year old product and we’re certainly going to get an update soon.
Josh Long 24:25
Right. By the way. One more interesting point on this. If Apple doesn’t release an iPad this calendar year 2023. This will be the first calendar year ever that Apple has not released a new iPad since the original iPad was introduced in 2010. That would be kind of surprising. So I really hope you know that we’re gonna get a new iPad mostly for my parents sake, but I don’t really I don’t really care personally, I’m not going to be buying a new one. But that would be kind of shocking, right? I mean, we’ve got the holiday season coming up. We got black Friday coming up like come on. Apple like this is the perfect time to be releasing some new products.
Kirk McElhearn 25:04
Yeah, but on the other hand is nothing wrong with the existing products. And maybe finally, people are going to realize, well, I don’t have to buy a new one. Of course, the problem is someone like you, you want to get your parents a new iPad, but you’re telling them not to buy one because you know, there’s gonna be an upgrade. And maybe it’s going to be March or April or June next year, and your parents are going to be on this really old iPad, and it’s your fault.
Josh Long 25:25
Maybe so yeah, I’m concerned about that too, because like, I want them to get the latest model when it comes out. They tend to use their devices for a very long time. And so I want to make sure they’re gonna get the most life out of it, they’re gonna get the latest iOS updates for as long as possible.
Kirk McElhearn 25:44
One thing that I think might happen, there are some Apple Music features that were announced in the new operating system, but that aren’t out yet. So this could be Apple having a music related events for the air pods max for the new Apple Music features, and maybe some Apple Music features that they haven’t announced yet. Things like collaborative playlists and a couple of other features like that. So that could be an opportunity for Apple to do a short event around music. And of course, while the iPad, people can listen to music with the iPad, so maybe they’ll put all that together. All right, Josh, that’s enough for this week. Until next week, stay secure.
Josh Long 26:17
All right, stay secure.
Voice Over 26:21
Thanks for listening to the Intego Mac podcast, the voice of Mac security with your host, Kirk McElhearn, and Josh Long. To get every weekly episode, be sure to follow us on Apple podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.