MacInTouch Amazon link...

Apple security and privacy

Channels
Apple, Security
As another poster noted: the additional protection offered by the T2 chip with Storage Media vs. FileVault 2 appears minimal.

You may get some benefit re: the speed with which the data can be encrypted, potential protection of the RAM contents, etc. but the T2 chip isn’t a game changer re: hard drive content protection.

The Secure Enclave inside it does allow for faster unlocks/purchases/etc. via the biometric sensor. Reduce barriers between impulse purchases and your wallet where possible!

The unwillingness of Apple to offer removable storage media or RAM across most of its lineup has nothing to do with the T2 chip, however. The T2 chip simply makes it even more likely that some day the hackintosh community will be shut out. Simply too many assets are flowing in the direction of walling off the ecosystem.
 


Ric Ford

MacInTouch
You may get some benefit re: the speed with which the data can be encrypted, potential protection of the RAM contents, etc. but the T2 chip isn’t a game changer re: hard drive content protection.
Actually, the ability to instantly secure an entire drive or change its password is a game-changer, I think, so that you don't have to wait hours upon hours to complete encryption/decryption, leaving files unprotected in the long interim.
Apple said:
Apple T2 Security Chip Overview [PDF]
... Internal volume encryption on a Mac with the T2 chip is implemented by constructing and managing a hierarchy of keys (see Figure 2), and builds on the hardware encryption technologies built into the chip. This hierarchy of keys is designed to simultaneously achieve four goals:
  • Require the user’s password for decryption.
  • Protect the system from a brute-force attack directly against storage media removed from Mac.
  • Provide a swift and secure method for wiping content via deletion of necessary cryptographic material.
  • Enable users to change their password (and in turn the cryptographic keys used to protect their files) without requiring re-encryption of the entire volume.
On the other hand, being prevented from booting other operating systems (e.g. Linux) on a Mac, being subject to Apple's whims and ability to instantly disable your computer, being unable to boot from Target Disk Mode, and being charged outrageous prices for non-upgradable storage... not so great.
 


Agreed. The coupling of T2 <-> SSD means:
  1. You need a backup of the data for recovery, in the case anything fails.
  2. That backup will not be protected by the T2 chip, therefore making this coupling moot in the end.
1. You should always be making backups on external media. Data recovery services don't always recover anything, and they're very expensive.

No matter how reliable storage media might be, it can still fail and it can still fail in a way that nothing is recoverable. Especially if you encrypt the file system (which should be done on any portable device like a laptop). And even if data recovery is possible, that won't protect you against loss due to data corruption (whether due to malware or simple user error).

2. Nobody in their right mind would want their external backup tied to a single computer (e.g. via a T2), because that would make it impossible to restore it to a new computer, should the first be lost, stolen, destroyed or otherwise become unusable.

But (as was already mentioned), that shouldn't matter. The T2's encryption is designed to keep SSD modules from being separated from their computer. This is very important for computers that could be lost or stolen (like laptops). But you will probably be storing your backups in a more secure manner, and your users will not likely be traveling with them.

You may still want to encrypt your backups (especially if they are going to be transported/stored off-site), but there are plenty of application-level solutions for that. Some examples include backing up to a FileVault volume, backing up to an encrypted disk image and using backup software that does its own encryption.
 


It should be remembered that, when you empty the Trash on a computer equipped with an SSD, Garbage Collection will ([some time] thereafter) zero out the data in the now-unallocated blocks in order to make room for new data. If the system also has Trim enabled, it will happen sooner and more efficiently. Translation: your data is gone for good.
 


Ric Ford

MacInTouch
But you will probably be storing your backups in a more secure manner, and your users will not likely be traveling with them.
I'd think you'd want to have backups while travelling, too, for all the usual reasons. And backups at home or in the office are, of course, also subject to theft.
You may still want to encrypt your backups (especially if they are going to be transported/stored off-site), but there are plenty of application-level solutions for that. Some examples include backing up to a FileVault volume, backing up to an encrypted disk image and using backup software that does its own encryption.
But this is the issue, isn't it? If FileVault is adequately secure, we don't need the added problems of T2, and if FileVault is not secure, then we've got a very big problem that T2 doesn't solve.
 


Actually, the ability to instantly secure an entire drive or change its password is a game-changer, I think, so that you don't have to wait hours upon hours to complete encryption/decryption, leaving files unprotected in the long interim.
if I recall correctly, the time it takes to encrypt an empty 40TB RAID volume is relatively short. But if you fill your drive up with a lot of stuff first and only then enable encryption, it can take hours / days.

Hence, I prefer formatting a new backup with encryption right from inside Disk Utility. It's one of the format options (i.e. Mac OS Extended, Journaled and Encypted) and it takes little time. Disk Utility even evaluates your password strength and gives you the option to add a hint and save the password in the keychain, so the drive can be auto-mounted.

By the way, what happens if the T2 chip is damaged? Can the contents of the secure enclave be replicated on a separate computer and the drive content imaged, or is the data permanently encrypted? For a FileVault-protected drive to be recovered, just the hard drive has to work... and it allows pretty seamless cloning / hard drive replacement for eligible (non-T2?) computers.

I'm particularly not a fan of only Apple-authorized repair shops being able to greenlight repairs so the T2 chip doesn't brick the computer. Similarly, not being able to boot into Linux cuts off one of the classic ways in which "vintage" Apple hardware could be re-purposed ("vintage" as defined by Apple, not the end-user).
 


Ric Ford

MacInTouch
if I recall correctly, the time it takes to encrypt an empty 40TB RAID volume is relatively short. But if you fill your drive up with a lot of stuff first and only then enable encryption, it can take hours / days. Hence, I prefer formatting a new backup with encryption right from inside Disk Utility. It's one of the format options (i.e. Mac OS Extended, Journaled and Encypted) and it takes little time.
Exactly. Unfortunately, Apple makes this more problematic for migration than it should be, as I've documented previously, and which Bombich (of Carbon Copy Cloner) recommends against. However, with a T2-based Mac, the internal drive encryption/decryption/password changes are far faster than for non-T2 FileVault volumes.
 


It should be remembered that, when you empty the Trash on a computer equipped with an SSD, Garbage Collection will ([some time] thereafter) zero out the data in the now-unallocated blocks in order to make room for new data. If the system also has Trim enabled, it will happen sooner and more efficiently. Translation: your data is gone for good.
If you have Trim enabled, then those files will become garbage (and subject to collection at some point in the future) as soon as you empty the trash.

If you don't use Trim, then the drive doesn't know that those files' blocks are no longer in use. The drive won't declare them garbage until the (corresponding logical) blocks are overwritten by something else. Only then will garbage collection be able to do something.

(While it might theoretically be possible for a garbage collection algorithm to have intimate knowledge of a file system, so it can immediately mark blocks as garbage without Trim and without waiting for an overwrite, I doubt any production drive would do so, since it would be incompatible with any other kind of file system.)
I'd think you'd want to have backups while travelling, too, for all the usual reasons. And backups at home or in the office are, of course, also subject to theft. But this is the issue, isn't it? If FileVault is adequately secure, we don't need the added problems of T2, and if FileVault is not secure, then we've got a very big problem that T2 doesn't solve.
Really? You'd travel with your backups? Where they could get lost or stolen along with your laptop?

Yes, someone could break into your home or office, but that's much less likely than someone running away with your bag while you're at Starbucks or in an airport.

And since you don't need them to be attached 24/7, you can lock them in a secure location (like a file cabinet or a safe) when you're not actually making backups.

As for the T2, its purpose is different from FileVault. The T2 prevents the flash chips from being accessed by a different computer, but does nothing about access by software on that computer. If you don't also enable FileVault, then anyone can boot that Mac (maybe into recovery mode) and access all your data.

It's a different solution because it's trying to solve a different problem.
By the way, what happens if the T2 chip is damaged? Can the contents of the secure enclave be replicated on a separate computer and the drive content imaged, or is the data permanently encrypted?
If the T2 gets damaged, the bonded flash chips are as good as dead. If there is any possible way to recover the data, then it would undermine the entire reason for its existence.

It has always been critically important that you make backups. The T2's encryption strengthens the argument, but it really doesn't change this fact in any meaningful way. All storage devices will eventually die, and recovery isn't always possible, whether or not there is a T2 chip involved.
 


Ric Ford

MacInTouch
Really? You'd travel with your backups? Where they could get lost or stolen along with your laptop?
And you'd work on the road without backing up, so if your laptop is stolen or breaks, you lose all your work and your ability to work until you return home (if you have an old backup there)? Do you ever travel with a computer that doesn't have a T2 system? Is everything then at risk?
 


There is a middle ground.

I travel with a burner laptop and two 2.5” spinners for image storage. It helps avoid the issue of trying to effect multi-gigabyte transfers to the cloud in remote locations and it also allows relatively quick data transfers.

During the day, I take one drive into the field with me, leaving the other behind at the hotel. In the evening, I process the files and then store identical copies on both drives.

Granted, an overnight robbery would expose both drives to theft, but there is only so much paranoia that I want to entertain while vacationing. If you travel to more exciting places than I do, you may want a cloud-based backup.

The burner laptop and phone are a simple way to limit potential data breaches, should those assets get seized, stolen, whatever. Nothing you don’t expressly need for a trip should be on those assets. It’s also a much smaller loss should they break.
 


If you don't use TRIM, then the drive doesn't know that those files' blocks are no longer in use. The drive won't declare them garbage until the (corresponding logical) blocks are overwritten by something else. Only then will garbage collection be able to do something.
David, your description of the difference between Trim and "garbage collection" is clear, and one of the best I've read. What isn't clear is what you mean by logical blocks being overwritten triggering garbage collection in the absence of Trim.

It is my understanding that opening a file is just a read operation. But that if the file is edited and saved back to an SSD, the drive controller may write the new save to a different memory location and "know" to mark the prior location for collection. Is that what you mean?

It remains my understanding that, in the absence of Trim, deleting a file in a computer's OS does not mark the file's memory location on an SSD as available to clean. We certainly wouldn't want the SSD controller removing files just because they haven't been (e.g.) accessed in months. I have a couple of Android devices with Google programs that offer to do just that, to improve performance and open space, and it's actually scary.

Actually, the ability to instantly secure an entire drive or change its password is a game-changer, I think, so that you don't have to wait hours upon hours to complete encryption/decryption, leaving files unprotected in the long interim.
Whether setting up a new Linux system with LUKS encryption or formatting an external drive with ext4 and LUKS encryption, the process is all but instantaneous. It's been a while, but I frequently used Disk Utility to create encrypted partitions and DMGs both on my Mac's internal and external drives. Again, plenty fast.

What wasn't fast was the old FileVault on spinning HDDs. I'm not sure if that was before AES-NI was built into Intel chips, but it was so slow, I didn't do it but did store data in those encrypted partitions and DMGs.

Changing passwords? I'd never thought about it, but sites on the Internet say it is possible to change passwords on Mac volumes, DMGs, and in Linux on LUKs.

And you'd work on the road without backing up . . .
My wife's corporate laptop was continuously backing up over the company's VPN, and since she was handling sensitive data, hopefully securely.

That's the model of Google Drive, One Drive, and iCloud. When Chromebooks first came to market, Google ran ads saying users could lose them in a river without worry, because their data was "safe Google Drive." Safe, perhaps, if the connection to get it there did its job and was itself safe, and you don't mind your data being readable by your cloud provider.

Both portable SSDs and large-capacity, fast thumb drives offer a way to back up securely when away from home, without the Cloud.

There is a middle ground. I travel with a burner laptop and two 2.5” spinners for image storage.
Unstated in this thread is the matter of crossing a border and the border guard demanding access to your equipment, including encrypted files.
 


Unstated in this thread is the matter of crossing a border and the border guard demanding access to your equipment, including encrypted files.
Hence the use of the word "seized." If neither the laptop nor the phone have any useful information on them for border guards to swim through, then you’ve minimized your exposure.

Sure, some folk have asserted their untested constitutional 4th Amendment rights and await their day in court. In the meantime, DHS gets to revoke their global entry / clear / whatever credentials, “interviews” them every time for multiple hours when they try to enter or leave the country, and so on. Some due process that is.

This is where the cloud (if properly encrypted) can make a significant difference. 1Password tried to justify its subscription model on this feature alone, i.e. the ability to delete the password vault before travel, being able to hand over a “clean” phone for customs inspectors, and only reloading the passwords as needed at the destination. They do emphasize not lying to inspectors, however.

I also don’t consider my snaps that interesting.
 


Ric Ford

MacInTouch
Here's a description of some issues involved with Apple's T2 security/storage processor:
CrystalIDEA said:
Fan control on Apple computers equipped with T2 chip on Windows (via Boot Camp)

... The introduction of the new T2 security chip makes it currently impossible for [our] app to work under Windows (iMac Pro and MacBook Pro 2018). ... It seems that the T2 chip blocks access to SMC under Windows, while SMC is essential to get sensors values and fans info.

We confirmed the problem themselves on both iMac Pro and MacBook Pro 2018. Unfortunately, we believe it won’t be solved in the future, though there’s a GitHub issue.

PS. There’s another restriction of the T2 chip not related to the app: it’s currently not possible to install any 3rdParty operating system except Windows 10 on Apple computers equipped with T2 chip (earlier some enthusiasts installed Linux). The T2 chip makes it impossible to see the internal drive, Apple generously did an exception only for Windows 10 (but only if you install it via Boot Camp).
 


Ric Ford

MacInTouch
Apple has an unpatched security hole in today's iOS 13.1 release, but the company promises to provide a fix at some unspecified point in the future.
Apple Support said:
https://support.apple.com/en-us/HT210613
An upcoming software update will fix an issue that impacts third-party keyboard apps. ... Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven't approved this access.
 


Ric Ford

MacInTouch
Just a heads-up: While setting up an iPad with iPadOS, I got tricked by Apple into enabling 2FA for an Apple ID I had not wanted to convert to 2FA — part of a long, repetitive, convoluted, laborious, confusing process involving multiple Apple devices I happen to own and all kinds of authentication hoops and ladders....

It does appear that an Apple email following the conversion offers some means of reverting within a limited amount of time.

P.S. It's actually even worse. It appears that some devices are set up with 2FA while others are not, despite sharing a single Apple ID. I thought 2FA was a property of an Apple ID, not a device. Is it a property of combinations of the two? Talk about confusing...
 


Ric Ford

MacInTouch
Here are some more things iPadOS installation did without notification or permission:
  • turned on Bluetooth (previously off)
  • turned on Siri Suggestions for Safari (previously off)
  • turned on iCloud sync for Shortcuts (not previously installed)
  • turned on "Show Apple Music"
  • forced two-factor authentication
  • enabled "Significant Locations" tracking
  • tried to force updates to other devices — "your devices need upgrading"...
  • uses AI to analyze personal photos (and other personal information)
#privacy #security
 



Here are some more things iPadOS installation did without notification or permission:
  • turned on Bluetooth (previously off)
  • turned on Siri Suggestions for Safari (previously off)
  • turned on iCloud sync for Shortcuts (not previously installed)
  • turned on "Show Apple Music"
  • forced two-factor authentication
  • enabled "Significant Locations" tracking
  • tried to force updates to other devices — "your devices need upgrading"...
  • uses AI to analyze personal photos (and other personal information)
#privacy #security
I don't know what I find most disconcerting; did they do this on purpose or by accident? The fact that they flipped all those bits on your device, but not on mine, or that previous installs have flipped many bits on my devices but not on others. WTF?
 


I thought 2FA was a property of an Apple ID, not a device.
2FA protects your Apple ID and once you use it to allow use of your Apple ID on that device, it becomes "trusted" and can then be used by subsequent requests to authenticate any future 2FA needs.
 


Here are some more things iPadOS installation did without notification or permission:
  • turned on Bluetooth (previously off)
  • turned on Siri Suggestions for Safari (previously off)
  • turned on iCloud sync for Shortcuts (not previously installed)
  • turned on "Show Apple Music"
  • forced two-factor authentication
  • enabled "Significant Locations" tracking
  • tried to force updates to other devices — "your devices need upgrading"...
  • uses AI to analyze personal photos (and other personal information)
#privacy #security
For what it's worth, 13.1 did not turn on Bluetooth on my 11-inch iPad Pro, nor did it force TFA on a secondary Apple ID (my primary already has it).

I didn't receive any messaging that my iPhone also needed updating, but maybe that's because it was already at 13.0.

But as Will Blume points out, who knows what criteria determine which way the bits flip? Does Apple document such things, even internally?
 


I don't know what I find most disconcerting; did they do this on purpose or by accident? The fact that they flipped all those bits on your device, but not on mine, or that previous installs have flipped many bits on my devices but not on others. WTF?
I suspect (based on no facts, but an idea of how software is often developed) that there's some kind of audit of configuration files and any files determined to be corrupt were replaced with factory-default config files.

Of course, this then begs the question about what could have corrupted them or what the nature of the corruption actually is. I can think of lots of possibilities, including:
  1. File not readable
  2. File is syntactically invalid
  3. Parameter set to illegal value (was a feature removed?)
  4. Parameter set to unsupported value (enabled an undocumented feature?)
  5. Illegal parameter found (deleted feature?)
  6. Unsupported parameter found (undocumented feature?)
If I was writing the updater, I'd replace the file (after generating a warning and making a backup copy of the original) for cases 1 and 2. I'd probably revert the specific parameter to a default (and generate a warning and backup) for cases 3 and 5. I'd probably do nothing (but maybe issue a warning) for cases 4 and 6.

FWIW, when Linux packages get updated and a configuration file is different from the default, one of the following is usually done:
  • Put the default file, with a new name (e.g. foo_config.rpmnew) in the directory with the existing file
  • Rename the original file (e.g. foo_config.rpmsave), replacing it with the new default
  • Ask the user what to do - keep the original, keep the new one, or provide a means to manually edit it so the changes can be incorporated.
Of course, none of this should ever actually be an issue on a system like iOS where there is no way to manually edit the configuration files....
 


Ric Ford

MacInTouch
Same here, Ric. I had it turned off and, after updating to iOS 13.1, it was turned back on.
Not here - this time... Apple updates having been flipping Preferences back to their preferences for so long, I have a habit of just running through them all after updates just in case.
Me, too. Apple Cash, Game Center and a new thing called "Allow Payments on Mac." Turned them all off.
Here are some more things iPadOS installation did without notification or permission...
I suspect (based on no facts, but an idea of how software is often developed) that there's some kind of audit of configuration files and any files determined to be corrupt were replaced with factory-default config files. Of course, this then begs the question about what could have corrupted them or what the nature of the corruption actually is.
I should have been more clear. I started by clean-installing iOS 12 on an iPad 6 (General > Reset > Erase all content and settings), then went through all settings and configured them as much as possible for privacy and security, then installed iOS 13.1 and rechecked preferences (after jumping through a great many hoops , e.g. for 2FA). I may have missed some detail somewhere but it seems pretty clear that Apple’s changing some (but not all) settings behind our backs.
 


Ric Ford

MacInTouch
Glenn Fleishman tries to explain confusing Apple security behavior:
TidBITS said:
Why Apple Asks for Your Passcode or Password with a New Login (and Why It’s Safe)
If you’ve set up or restored an Apple device recently and have two-factor authentication enabled on your Apple ID, you may have seen a message during configuration that defies your understanding of how Apple maintains device privacy and account security.

The message reads something like, “Enter Mac Password. Enter the password you use to unlock the Mac ‘name here’. This password protects your Apple ID, saved passwords, and other data stored in iCloud. Your password is encrypted and cannot be read by Apple.” The prompt might instead ask for your iPhone or iPad passcode.

Doesn’t this seem contradictory, confusing, and just plain wrong? Why would Apple ask for the password or passcode for one of your other devices? Could it be some sort of scam? What exactly is going on here?
 


Ric Ford

MacInTouch
Here's important information from Apple about iCloud and encryption, noting that 2FA is a prerequisite for end-to-end-encryption:
Apple Support said:
iCloud security overview
... For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.

In some cases, your iCloud data may be stored using third-party partners’ servers—such as Amazon Web Services or Google Cloud Platform—but these partners don’t have the keys to decrypt your data stored on their servers.

End-to-end encryption requires that you have two-factor authentication turned on for your Apple ID. Keeping your software up-to-date and using two-factor authentication are the most important things that you can do to maintain the security of your devices and data.
 


I should have been more clear. I started by clean-installing iOS 12 on an iPad 6 (General > Reset > Erase all content and settings), ... then installed iOS 13.1...
I may be mistaken, I thought once a new major version was released, that that was the only version available for an iOS device, provided the newest version supported said device. I'd be happy to be mistaken as I missed the 12.4.1 update on a couple iOS 12 devices.
 


Ric Ford

MacInTouch
I may be mistaken, I thought once a new major version was released, that that was the only version available for an iOS device, provided the newest version supported said device. I'd be happy to be mistaken as I missed the 12.4.1 update on a couple iOS 12 devices.
When a new iOS release enters Apple distribution, the previous version remains valid for a short period of time until Apple suddenly stops "signing" it.

Another question is: how does Apple's reset procedure determine which iOS release you get when more than one is currently being signed? (Another question is how this works for devices that are incompatible with the latest iOS/iPadOS.)

In addition to all that, there are some extra features/options that may be available via something like iMazing.

 


Ric Ford

MacInTouch
Apple issued another big batch of critical security updates today, as well as some descriptions of its previous patches.

I don't see a security update for Apple Watch users who want to stay with watchOS 5 in order to avoid watchOS 6's requirement of updating the linked iPhone to iOS 13.

Name and information linkAvailable forRelease date
macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 SierramacOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.626 Sep 2019
watchOS 5.3.2Apple Watch Series 1 and Apple Watch Series 226 Sep 2019
iOS 12.4.2iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPad touch 6th generation26 Sep 2019
iOS 13.1 and iPadOS 13.1iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation24 Sep 2019
Safari 13.0.1macOS Mojave 10.14.6 and macOS High Sierra 10.13.624 Sep 2019
Apple TV Software 7.4
This update has no published CVE entries.
Apple TV (3rd generation)24 Sep 2019
tvOS 13Apple TV 4K and Apple TV HD24 Sep 2019
Xcode 11.0macOS Mojave 10.14.4 and later20 Sep 2019
watchOS 6Apple Watch Series 3 and later
Apple Watch Series 1 and 2 will support watchOS 6 later this year.
19 Sep 2019
 


And Apple Cash was turned on.
I didn't see any more problems this morning on MacInTouch so I did the iOS 12 to IOS 13.1 update. I went through most of the Settings, and it turned on a long list of things I didn't want on.

I don't use Siri or iCloud at all, and I would love to know how to make IOS stop asking me to sign in, which it has been doing for months.

Here is a partial list, mostly trying to push/draw me further into Apple's maze or quagmire or whatever it is. Gotta give Apple credit for being inconsistent. I think they put in different changes for different devices just to keep people guessing.

iPhone 7
  • Turned on Bluetooth
  • Turned on iCloud Drive for Shortcuts, Number, Pages
  • Turned on Apple Cash, and worse, turned on "Allow Access When Locked"
  • Turned on Auto-Play Message Effects and Video Previews in Accessibility
  • Turned on Siri Suggestions for Messages, Find My, Mail, Phone, Safari, Shortcuts
  • Safari turned on "Ask" for camera and microphone and location when I had set them to Deny.
  • Switched from Document Storage to iCloud for Number and Pages and Shortcuts
iPad Air 2 from iOS 12 to 13.1 turned on:
  • AirDrop
  • BlueTooth
  • Notifications for iTunes Store
  • Turned on Apple Cash
  • in Accessibility, turned on Auto-Play Message Effects and Video Previews
  • in Siri and Search
    • Find My and Shortcuts turned on Learn from this App, Show in Search, Suggest Shortcuts
    • turned on Show Siri Suggestions in Find My, Mail, Messages, Reminders, Safari, Tips
  • Reminders turned on Today Notification
  • Maps turned on Weather Conditions
  • Safari turned on "Ask" for Camera, Microphone, Location
  • Shortcuts turned on iCloud Sync and Sync Shortcut Order
I did the iOS 12.4.2 update for iPhone 6 Plus, and the only thing it turned on was iCloud for Numbers. I still had to wade through all the Settings.
 


Ric Ford

MacInTouch
When a new iOS release enters Apple distribution, the previous version remains valid for a short period of time until Apple suddenly stops "signing" it.
But, now we're in a nasty situation with Apple security updates:

If you have an iPhone running iOS 12.4.1, you need a security update today to patch a serious vulnerability, and that patch is included in iOS 12.4.2, but Apple won't let you choose that update. Instead, to get this critical security patch, you have to update to iOS 13.1. iOS 12.4.2 is only available for older Apple devices that can't run iOS 13.

Jumping iOS 12 to iOS 13 is a major change that, obviously, not everyone wants to do immediately, but they can't get the security fix unless they do.

And it looks like the Apple Watch security update also forces an update to watchOS 6 and thus iOS 13 (for newer devices).
 


But, now we're in a nasty situation with Apple security updates:
If you have an iPhone running iOS 12.4.1, you need a security update to patch a serious vulnerability, and that patch is included in iOS 12.4.2, but Apple won't let you choose that update! Instead, to get this critical security patch, you have to update to iOS 13.1.
So I can update my iPhone 5s to 12.4.2 (and I will) but have to update my iPhone SE to 13.1 (which I won't... yet).
 


Ric Ford

MacInTouch
2015 MacBook Pro 15", running macOS Sierra, after the second Security Update 2019-004 Sierra (SecUpd2019-004Sierra.dmg, created Jul 29, 2019, 9:00 PM)
Model Identifier: MacBookPro11,4​
Boot ROM Version: 194.0.0.0.0​
SMC Version (system): 2.29f24​
System Version: macOS 10.12.6 (16G2128)​
Kernel Version: Darwin 16.7.0​
2015 MacBook Pro 15" after Security Update 2019-005 Sierra:
Model Identifier: MacBookPro11,4​
Boot ROM Version: 194.0.0.0.0​
SMC Version (system): 2.29f24​
System Version: macOS 10.12.6 (16G2136)​
Kernel Version: Darwin 16.7.0​
 


Running macOS 10.14.6 with "automatic updates" and "automatic downloads" turned off:

Due to yesterday’s security update release, I just got a notification in the top right today saying something along the lines of "A new update is available. Click Restart to install" with two options "Restart" and "Later". (So ‘Restart isn't actually restart, it's download + restart? right?)

Clicking "Later" offered various options, so I chose "Remind me tomorrow." Immediately, a new notification appears stating "Automatic updates have been turned ON" with two options "OK" and "Turn Off".

So ‘Remind me tomorrow’ is not actually remind me, but switch something on I never asked for and install an update automatically at some point in the future which, I guess, might not be tomrorow, but, maybe, an hour later while I'm in the middle of working?

[expletives deleted]
 


Running macOS 10.14.6 with "automatic updates" and "automatic downloads" turned off:

Due to yesterday’s security update release, I just got a notification in the top right today saying something along the lines of "A new update is available. Click Restart to install" with two options "Restart" and "Later". (So ‘Restart isn't actually restart, it's download + restart? right?)

Clicking "Later" offered various options, so I chose "Remind me tomorrow." Immediately, a new notification appears stating "Automatic updates have been turned ON" with two options "OK" and "Turn Off".

So ‘Remind me tomorrow’ is not actually remind me, but switch something on I never asked for and install an update automatically at some point in the future which, I guess, might not be tomrorow, but, maybe, an hour later while I'm in the middle of working?

[expletives deleted]
Could the Mac somehow have misread what you clicked on? I've seen that seem to happen a few times lately, and thought I might have misread or clicked on the wrong spot, but I have also seen similar things happen if the Mac is busy doing something in the background and hasn't caught up with what else you're doing.

Definitely very aggravating in any case.
 


Could the Mac somehow have misread what you clicked on? I've seen that seem to happen a few times lately, and thought I might have misread or clicked on the wrong spot, but I have also seen similar things happen if the Mac is busy doing something in the background and hasn't caught up with what else you're doing.
Definitely very aggravating in any case.
I am ultra-careful about what I click on, especially with these sorts s of notifications, as Apple has played all sorts of tricks before. This one is new to me, though. I don't ever remember a software update notification offering me the immediate option of "Restart" (I do not have automatically download updates turned on).

And whatever I've done before (which is, either clicking on the text of the notification – which simply takes you to App Store > Updates / System Preferences > Software Update – or choosing Later > Remind me tomorrow) has never, ever immediately turned on "automatic updates"!
 


Ric Ford

MacInTouch
Here's a look at Apple's new alternative to Facebook/Google sign-ins:
Juli Clover said:
Sign in with Apple: What It Is and How It Works
Apple in iOS 13 introduced a new Sign in with Apple feature, which is designed to let you create accounts for apps and websites using your Apple ID, so you don't have to give away your personal information. Sign in with Apple is an alternative to the existing sign in with Google and Facebook options that apps and websites often offer.
 


So ‘Restart isn't actually restart, it's download + restart? right?
No, it means that it has already been downloaded to /Library/Updates and agreeing to it will cause a restart after the displayed amount of seconds.

There has been one occasion back in 2014 with a network time protocol vulnerability where Apple forced a security update download, so they do have that capability, but I haven't heard any other reports about this one.
 


Ric Ford

MacInTouch
Here's some critical information about Apple's latest security patches:
Sophos said:
Apple users, patch now! The ‘bug that got away’ has been fixed
... we urged you, back in August 2019, to double-check that you were patched up to iOS 12.4 – it’s risky to be unpatched at any time, let alone after exploit code is available to anyone who cares to download it.

Interestingly, Google deliberately kept quiet about CVE-2019-8641 at the time, noting that Apple’s fix “did not fully remediate the issue”. It looks as though the Project Zero researchers were right, because Apple’s latest slew of updates include a fix...

... Given that the headline bug in this round of patches could be abused to inject malicious code from a distance – what’s known as RCE, or Remote Code Execution – without waiting for you to click or approve anything, we recommend doing an update check right now.
 


No, it means that it has already been downloaded to /Library/Updates and agreeing to it will cause a restart after the displayed amount of seconds.
There has been one occasion back in 2014 with a network time protocol vulnerability where Apple forced a security update download, so they do have that capability, but I haven't heard any other reports about this one.
I'm sorry but that's just plain wrong on Apple's side (and clearly we've been here before). It does not matter how important the update is, I specifically don't have "automatically download updates" on, and force-downloading content to my computer is totally wrong! Free U2 music [see here] I can just about live with, but force-downloading software after explicitly denying it is #BadApple. Very bad. :-(
 


Ric Ford

MacInTouch
I feel like there's been a little too much Apple security "fun" lately....
ZDNet said:
New Checkm8 jailbreak released for all iOS devices running A5 to A11 chips
A security researcher has released today a new jailbreak that impacts all iOS devices running on A5 to A11 chipsets -- chips included in all Apple products released between 2011 and 2017. This includes iPhone models from 4S to 8 and X.

The jailbreak uses a new exploit named Checkm8 that exploits vulnerabilities in Apple's Bootrom (secure boot ROM) to grant phone owners full control over their device.

... Bootrom jailbreaks are very rare. They are the most highly sought after jailbreaks because they are permanent and can't be patched. Fixing any Bootrom vulnerability requires a silicon revision, meaning physical modifications to device chipsets, something that no company can fix without callbacks or mass replacements. In effect, this is a permanent jailbreak that will work in perpetuity.
 


Ric Ford

MacInTouch
Apple has an unpatched security hole in today's iOS 13.1 release, but the company promises to provide a fix at some unspecified point in the future.
Apple Support said:
https://support.apple.com/en-us/HT210613
An upcoming software update will fix an issue that impacts third-party keyboard apps. ... Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven't approved this access.
And the fix is now in:
Apple said:
About the security content of iOS 13.1.1 and iPadOS 13.1.1
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts