ADAM ENGST 16 September 2024
As promised, Apple has released the initial versions of all its 2024 operating systems. If you aren’t already running a beta of the X.1 releases that support Apple Intelligence (see “Examining Apple Intelligence,” 17 June 2024), you could consider upgrading. But should you? Let’s look at a few broad classes of users.
We’ll be writing about new features in all these operating systems, as will many other Apple-focused publications, websites, and bloggers. For now, though, these links should whet your appetite for what’s new:
I particularly recommend the PDF feature lists for Sequoia, iOS 18, and iPadOS 18 because they’re easier to scan than Apple’s otherwise lovely product pages. Plus, they may be more comprehensive, and I often most appreciate the little features that don’t merit mention on the product pages.
Finally, congratulations to our friends Jason Snell and Dan Moren of Six Colors on their site’s tenth anniversary. To celebrate, allow me to recommend their reviews of macOS 15 Sequoia, iOS 18, iPadOS 18, and Collections in Photos.
Charles Martin | Sep 07, 2024
A new malware thread allows attackers to gain remote admin access to your Mac.
A new malware threat targeting Macs can give attackers complete remote access to an infected machine. Here's how to protect against it.
The new threat is a remote access tool called HZ RAT. It has been adapted for Macs after having previously been seen taking over Windows PCs.
One known Trojan horse that installs HZ RAT is a maliciously modified version of OpenVPN Connect, a common VPN app. Its primary goal is data collection, according to a report from Intego's Joshua Long.
The malware allows remote attackers constant full administrator access, including the ability to install additional software. It can also be used to take screenshots and log keystrokes.
In particular, it can directly collect user information from Chinese social apps WeChat and DingTalk. The program's command-and-control servers appear to be located in China.
HZ RAT can also scrape non-password information from Google Password Manager, and monitor the user's use of other programs. The malware appears to be spreading through maliciously-modified downloads of OpenVPN Connect, though it could be included in other popular Mac installers from insecure download sites.
The usual advice against downloading software from unofficial download sites applies to this new attack.
Long, the Chief Security Analyst for Intego, has suggested that this new Trojan might additionally be distributed to Windows PCs through malicious Google Ads that appear at the top of search results. The company's VirusBarrier X9 utility has already been updated to protect against the threat.
"HZ RAT might also be distributed in more targeted, watering-hole style attacks, or through some other distribution method," Long noted. His standard advice to avoid risking infection is to always download new apps directly from the Mac App Store, or the original developer's own site.
ADAM ENGST 23 September 2024
I’m sorry to share that the release version of macOS 15 Sequoia has shipped with the excessive permissions prompts I wrote about in “Apple Reduces Excessive Sequoia Permission Requests, Shifts to Monthly” (19 August 2024). There is a workaround—keep reading—but whenever you trigger a feature in an app that requires screen recording permissions, which may have nothing to do with recording the screen, you’ll see a prompt like these.
These prompts are examples of poor user interface design in multiple ways:
They’re also problematic from a security standpoint for three reasons:
Speaking of circumventions, here’s a possible workaround. I say “possible” because it requires lightweight time travel, and Apple is guaranteed to release new versions of macOS that may change things. We know you can trigger the monthly permission prompt again by setting your clock forward a month. Once you approve that faux future prompt and return your Mac’s clock to the current time, you won’t be prompted again.
The workaround is to open System Settings > General > Date & Time, turn off the “Set time and date automatically” switch, set your Mac’s clock forward in time by multiple months, trigger and approve the prompt for each app that requires screen recording permissions, and then return the clock to the current time. Note that time traveling to the future like this will trigger upcoming calendar notifications and may cause other confusion—my Setapp subscription was temporarily deactivated—so be sure to turn “Set time and date automatically” back on as soon as you’re done. I restarted afterward to ensure that everything understood that I had returned to the present.
I could test this workaround only in the macOS 15.1 beta, but when I set the clock to 21 January 2025, triggered and approved the prompt in Zoom, set the clock back to 21 December 2024, and tested again, I wasn’t prompted. To confirm, I tried again, setting the clock to 21 February 2025 and verifying that macOS asked me to continue to allow Zoom’s screen recording permission.
After the initial publication of this article, I learned that developer Jordi Bruin has written Amnesia, an app that makes the process even easier. It’s additional evidence that people feel that Apple is overreaching.
I hope Apple comes to its senses and removes these monthly permissions prompts in macOS 15.1. That’s not just wishful thinking—I’m basing it on being surprised that Apple shipped macOS 15.0 with such egregious user interface errors and on the fact that macOS 15.1 beta 4 still shows an improperly capitalized “Continue To Allow” button rather than the “Allow For One Month” button in macOS 15.0. The two versions aren’t fully in sync, suggesting that Apple may still be working on this part of the code.
To keep this constructive, I’ll reiterate and add to my suggestion that Apple should be smarter about asking the user to continue granting permissions for various actions. First, a “Continue to Allow” prompt could appear a small but random number of days after an app was initially granted screen recording permissions. That would cause the user to think about the permissions while the app installation was still fresh and allow them to revoke permissions or delete the app if it was no longer needed. In the hypothetical scenario where a malicious recording app has been installed by a domestic abuser with admin access, a randomly scheduled second prompt would be harder to conceal or intercept.
Second, if macOS knew how often individual apps were launched, it could present the dialog only for apps that are used infrequently. I use CleanShot X most workdays, so asking me to continue to allow it to record the screen is counterproductive. However, when I look through the other apps in System Settings > Privacy & Security > Screen & System Audio Recording, I also see GlanceGuest, which I believe I had to install while reporting a bug in QuickBooks Online to Intuit support. Since that was an unusual installation, I wouldn’t be offended to be asked again if it came up in the future. (Regardless, I’ve rescinded that permission for now.)
I continue to encourage you to tell Apple what you think. The best approach may be to use Apple’s Feedback page for your Mac. If you’re testing a beta of macOS 15.1, use Feedback Assistant to file a bug against these unnecessary prompts.
Charles Martin | Sep 01, 2024
Counterfeiters are fooling YouTubers with fake Apple Watch Ultras with cameras in the crown.
Videos claiming that the Apple Watch Ultra has a hidden camera in it have recently appeared on social media sites, particularly TikTok. Counterfeit Apple products are nothing new, but knock-off manufacturers generally try to get as close as possible to copying the hardware.
One of the sure giveaways that you might have bought a counterfeit Apple Watch is the presence of a Google Play Store icon, a sign that the watch is actually running Android. The other giveaway, of course, is a camera — located in the digital crown.
Not all counterfeit Apple Watches have a hidden camera in the crown, but the lack of watchOS as the operating system is a reliable indicator that the watch isn't a genuine Apple product. If the "Apple Watch Ultra" is being sold as new for a notable discount compared to the usual retail price, that's another red flag that it isn't genuine.
Authentic Apple Watches run watchOS, and do not have cameras as of September 1, 2024. A plethora of teardown videos of real Apple Watch Ultras have made this clear.
Many of the Chinese sites advertising the fake Apple Watch Ultra actually list Android v8.1 — from 2017 — as the operating system on board. This is why they have the Google Play Store as a prominent icon.
Some of the videos have claimed that they received their fake Apple Watch Ultras from resellers hosted on Amazon. Others ordered from popular Chinese e-commerce sites like AliExpress.
As always, the safest route for buying a genuine Apple Watch Ultra or any other Apple product is directly from Apple's website, or from any well-known Apple-authorized reseller. When buying an Apple Watch Ultra through Amazon, it's best to order it directly from Amazon itself — an authorized Apple reseller — rather than a reseller hosted on Amazon.
GLENN FLEISHMAN 20 September 2024
Apple has tightened how children in Family Sharing groups are protected against viewing or sending media that an on-device algorithm detects contains nudity. Starting in iOS 18, iPadOS 18, macOS 15 Sequoia, and watchOS 11, children under 13 will have to enter the Screen Time password to proceed past a warning. Children aged 13 to 17 with Communication Safety enabled for their accounts in Family Sharing will continue to receive just a warning. This new requirement creates a new kind of parent or guardian conversation with children over what a family’s adults think is appropriate to send and receive.
When Apple first announced plans to add several features to improve the safety and well-being of children using its operating systems and services, there was a backlash from child-safety and LGBTQIA+ advocates and electronic privacy organizations. As first described, several important groups felt Apple’s plans could expose some children to greater harm and break the company’s promise of privacy to its customers (see “FAQ about Apple’s Expanded Protections for Children,” 7 August 2021).
Apple quickly backpedaled from its initial plans (see “Apple Explains Pullback from CSAM Photo-Scanning,” 6 September 2023). Over the next three years, the company rolled out only one significant change: Communication Safety (see “Apple Releases iOS 15.2, iPadOS 15.2, macOS 12.1 Monterey, watchOS 8.3, and tvOS 15.2,” 13 December 2021). Available only within Family Sharing, it could be enabled for children aged 17 or younger. Communication Safety uses on-device analysis of images and video to detect what appears to be nudity in incoming and outgoing communications. If detected, a warning is displayed to all children; children under 13 receive additional suggestions to consult a parent, guardian, or trusted adult. Kids can dismiss these warnings.
Communication Safety first appeared only for images in Messages in iOS 15.2, iPadOS 15.2, macOS 12.1, and watchOS 9. In iOS 17, iPadOS 17, macOS 13 Sonoma, and watchOS 10, Apple added the capability to detect video in other communication channels—depending on your device—including AirDrop, Contact Posters, video, and FaceTime video messages.
In its initial proposal in 2021, Apple planned to offer parents of children under 13 an option to receive a notification if their child sent or received sensitive images, then labeled with the more charged term of images of a “sexual nature.” When Communication Safety rolled out, Apple consistently referred to “nudity” or “naked photos or videos.” This wording change removed a value judgment on the activities, as nudity can be sexual, nonsexual, or hard to define. (Some people interpret every naked picture of an adult as sexual, while others rely on context to determine whether an image has a sexual subject matter or sexualizing intent.)
Because an algorithm does this recognition, there’s a chance for false positives. For instance, a scene of children in a pool could be marked as “nudity” even if all the kids were wearing suits. Or a video that contained—or seemed to contain—exposed skin might have no nudity at all. The algorithm is proprietary and hidden, so it would require significant effort to probe its accuracy from the outside.
Starting in the operating system versions released last week (see “When Should You Upgrade to Apple’s 2024 OS Releases,” 16 September 2024), children under 13 will no longer receive just a warning. They will also have to enter the Screen Time passcode for their account. It’s an interesting decision on Apple’s part: Screen Time isn’t mandatory for children’s accounts, though Apple encourages it. A parent might create a guessable passcode or provide it to their offspring, with the child knowing that a parent has some visibility into what they do through Screen Time reports. (It’s not clear to me if parents will otherwise be informed when the Screen Time password is used for this bypass; I believe not.)
This requirement for the Screen Time password changes the equation on Apple’s original plan. Where in 2021, Apple proposed that a child’s device would rat them out, demonstrating a lack of trust by Apple and the parent, however justified, this new approach requires consultation. Either an under-13 will be deterred—“Oh, I shouldn’t do that!”—or they will need to talk with the adult with the Screen Time passcode, a scenario made plausible when the image or video is falsely marked as containing nudity or in cultures or households that have different attitudes on non-sexualized nudity.
Starting with iOS 17, iPadOS 17, macOS 13 Sonoma, and watchOS 10, Communication Safety is enabled by default for all Family Sharing accounts for people under 17. The Family Sharing Owner or an account set as Parent/Guardian can toggle the setting in iOS and iPadOS in Settings > Family > Child Name > Screen Time > Communication Safety or in macOS via System Settings > Screen Time > Family Member > Child Name > Communication Safety.
Overall, this change seems reasonable in that it provides another check for children under 13 without making things more difficult or uncomfortable for older teenagers. It also keeps control in the hands of parents without turning Apple into a morality or policy enforcer.
Charles Martin | Aug 31, 2024
The US Trade Representative object to Canada's unilateral Digital Services Tax.
Canada's new Digital Services tax could cost iPhone maker Apple billions, but the US says the fees are discriminating against American tech companies — and is pushing for a delay.
Canada first proposed the legislation in 2021 as an interim measure, following a statement from the G20 allowing for international digital service tax (DST) reform. The G20 countries have been working together to create a multilateral tax on profits made by global tech companies through services, but progress has been slow.
Canada and other countries want to be able to impose taxes on profits made from online marketplace services, advertising services, social media services, and revenue made from selling user data. To qualify under the Canadian law, a tech company would have to have made $750 million or more in qualifying revenue per year, of which at least $20 million would have come directly from Canadian users.
The US objects to the interim DST from the Canadian government on the grounds that it discriminates against US-based companies. Nearly all of the biggest global tech players — including Apple, Microsoft, Google, Amazon, and Meta among others — are based in the US.
The Biden administration has noted that, if passed, such an interim tax structure may violate the rules of the North American Free Trade Agreement. It has requested trade dispute settlement consultations with Canada.
If US Trade Representative Katherine Tai cannot reach an agreement to resolve US concerns about the Canadian tax within 75 days of the consultations, she could request a settlement panel under the US-Mexico-Canada Agreement (USMCA). The dispute might conceivably lead to retaliatory US tariffs on imports from Canada.
The US has previously prepared tariffs on seven other countries that have already passed digital service tax legislation — Austria, Britain, France, India, Italy, Spain and Turkey — but these have been suspended pending the outcome of global negotiations on a worldwide distributed DST agreement.
Tai has said that the US "opposes unilateral digital service taxes that discriminate against US companies. As we pursue these consultations, we will continue to support the Department of the Treasury in the OECD/G20 global tax negotiations to bring a comprehensive solution to the challenge of DSTs."
If successful in negotiations, Canada's DST legislation could take effect later this year, and amounts owed by tech companies would be backdated to January 1, 2022. The Canadian legislation is seen by some as a negotiating tactic to spur progress on the global G20 tax reform proposals affecting digital services.
