WWDC23, Troubleshooting Demonstration

WWDC23, Troubleshooting Demonstration
A Swift logo is used to promote Apple's World Wide Development Conference, starting at 10 a.m. PT on June 5, 2023.

Apple is using a Swift logo (Swift is a language developed by Apple) to promote their World Wide Developer Conference 2023, better known as WWDC23.. While it is aimed at programmers and software designers (and the Swift logo is a strong suggestion that development will be the main focus), Apple has traditionally highlighted a consumer-friendly introduction to new products, operating systems, and other goodies in the opening keynote of the conference. This year, the conference will be both in-person and streamed online.

The keynote — and everyone is encouraged to stream it, since it is free — starts Monday at 10 a.m. Pacific Time, June 5, 2023. More details are available on Apple’s site. You can stream it on an iPad, Macintosh, or Apple TV — pretty much anything that can stream video from the Internet.

Then on Saturday, June 10, 2023, at 1 p.m., SMUG will have an in-person demonstration of Computer Troubleshooting for Non-Techies, covering both Windows and Macintosh computers, at Trinity United Methodist Church in Sequim. Check this website for more details, plus a poster for the event, plus three odd troubleshooting guides.

Woman computer techie and her faithful dragon busy troubleshooting four computers.

May 2023 Apple Security Updates

Apple issued a large number of security updates on May 18, plus an unusual one earlier in the month for the AirPods and Beats headphones and earpods. The updates in many case also have performance updates (such as a bug that sometimes resulted in a long pause before a wireless Bluetooth keyboard synced with a Mac at startup, for example). And there is a hint that the updates are also laying the groundwork for Apple’s Worldwide Developers Conference (WWDC23), which begins June 5.

An overview of the updates:

AirPods Firmware Update 5E133, AirPods 2nd gen. and AirPods Pro, AirPods Max

Issued April 11, 2023

Applied automatically when your AirPods are charging and your iPhone is within range of the charger.

Security update.

Beats Firmware Update 5B66, PowerBeats Pro, Beats Fit Pro

Issued May 2, 2023

Automatically updated when in Bluetooth range of paired Mac, iPhone, or iPad.

Security update.

iOS 16.5, iPadOS 16.5

Issued May 18, 2023

For iPhone 8 and later, IPad Pro (all models), iPad Air 3rd gen. and later, iPad 5th gen. and later, iPad mini 5th gen. and later

Many, many security and performance updates.

iOS 15.7.6 and iPad 15.7.6

Issued May 18, 2023

For iPhones and iPads not capable of running iOS 16 or iPadOS 16

Many, many security updates.

macOS Ventura 13.4

Issued May 18, 2023

For all Macs that can run macOS Ventura

Many, many security and performance updates.

macOS Monterey 12.6.6

Issued May 18, 2023

For all Macs that can run Monterey but not run Ventura

Many, many security and performance updates.

macOS Big Sur 11.7.7

Issued May 18, 2023

For all Macs that can run Big Sur but cannot run Monterey or Ventura

Many, many security updates.

tvOS 16.5

For all Apple TV devices that can run tvOS 16

Issued May 18, 2023

Many, many security and performance updates.

watchOS 9.5

Issued May 18, 2023

For Aople Watch Series 4 and later

Many, many security and performance updates.

Safari 16.5

Issued May 18, 2023

The Safari update is included with the Big Sur, Monterey, and Ventura updates.

Several security updates.

You can sign up to get Apple’s security announcements by going to:

https://lists.apple.com/mailman/listinfo/security-announce

and filling in the relevant information. A typical message from the list will look like this. Yes, it is somewhat cryptic and technical, but the important thing is: it tells you there is a security update.

Hash: SHA256

APPLE-SA-2023-05-18-3 macOS Ventura 13.4

macOS Ventura 13.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213758.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

Accessibility
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-32388: Kirin (@Pwnrin)

Accessibility
Available for: macOS Ventura
Impact: Entitlements and privacy permissions granted to this app may be
used by a malicious app
Description: This issue was addressed with improved checks.
CVE-2023-32400: Mickey Jin (@patch1t)

AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved entitlements.
CVE-2023-32411: Mickey Jin (@patch1t)

Associated Domains
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2023-32371: James Duffy (mangoSecure)

Contacts
Available for: macOS Ventura
Impact: An app may be able to observe unprotected user data
Description: A privacy issue was addressed with improved handling of
temporary files.
CVE-2023-32386: Kirin (@Pwnrin)

Core Location
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-32399: an anonymous researcher

CoreServices
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved redaction of
sensitive information.
CVE-2023-28191: Mickey Jin (@patch1t)

CUPS
Available for: macOS Ventura
Impact: An unauthenticated user may be able to access recently printed
documents
Description: An authentication issue was addressed with improved state
management.
CVE-2023-32360: Gerhard Muth

dcerpc
Available for: macOS Ventura
Impact: A remote attacker may be able to cause unexpected app
termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-32387: Dimitrios Tatsis of Cisco Talos

DesktopServices
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: The issue was addressed with improved checks.
CVE-2023-32414: Mickey Jin (@patch1t)

GeoServices
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: A privacy issue was addressed with improved private data
redaction for log entries.
CVE-2023-32392: an anonymous researcher

ImageIO
Available for: macOS Ventura
Impact: Processing an image may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-32372: Meysam Firouzi of @R00tkitSMM Mbition mercedes-benz
innovation lab working with Trend Micro Zero Day Initiative

ImageIO
Available for: macOS Ventura
Impact: Processing an image may lead to arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2023-32384: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero
Day Initiative

IOSurface
Available for: macOS Ventura
Impact: An app may be able to leak sensitive kernel state
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-32410: hou xuewei (@p1ay8y3ar) vmk msu

IOSurfaceAccelerator
Available for: macOS Ventura
Impact: An app may be able to cause unexpected system termination or
read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-32420: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved checks.
CVE-2023-27930: 08Tc3wBB of Jamf

Kernel
Available for: macOS Ventura
Impact: A sandboxed app may be able to observe system-wide network
connections
Description: The issue was addressed with additional permissions checks.
CVE-2023-27940: James Duffy (mangoSecure)

Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-32398: Adam Doupé of ASU SEFCOM

Kernel
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state
handling.
CVE-2023-32413: Eloi Benoist-Vanderbeken (@elvanderb) from Synacktiv
(@Synacktiv) working with Trend Micro Zero Day Initiative

LaunchServices
Available for: macOS Ventura
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
CVE-2023-32352: Wojciech Reguła (@_r3ggi) of SecuRing
(wojciechregula.blog)

libxpc
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32369: Jonathan Bar Or of Microsoft, Anurag Bohra of Microsoft,
and Michael Pearse of Microsoft

libxpc
Available for: macOS Ventura
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved checks.
CVE-2023-32405: Thijs Alkemade (@xnyhps) from Computest Sector 7

Metal
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2023-32407: Gergely Kalman (@gergely_kalman)

Model I/O
Available for: macOS Ventura
Impact: Processing a 3D model may result in disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2023-32368: Mickey Jin (@patch1t)
CVE-2023-32375: Michael DePlante (@izobashi) of Trend Micro Zero Day
Initiative
CVE-2023-32382: Mickey Jin (@patch1t)

Model I/O
Available for: macOS Ventura
Impact: Processing a 3D model may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2023-32380: Mickey Jin (@patch1t)

NetworkExtension
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: This  issue was addressed with improved redaction of
sensitive information.
CVE-2023-32403: an anonymous researcher

PackageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32355: Mickey Jin (@patch1t)

PDFKit
Available for: macOS Ventura
Impact: Opening a PDF file may lead to unexpected app termination
Description: A denial-of-service issue was addressed with improved
memory handling.
CVE-2023-32385: Jonathan Fritz

Perl
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32395: Arsenii Kostromin (0x3c3e)

Photos
Available for: macOS Ventura
Impact: Photos belonging to the Hidden Photos Album could be viewed
without authentication through Visual Lookup
Description: The issue was addressed with improved checks.
CVE-2023-32390: Julian Szulc

Sandbox
Available for: macOS Ventura
Impact: An app may be able to retain access to system configuration
files even after its permission is revoked
Description: An authorization issue was addressed with improved state
management.
CVE-2023-32357: Yiğit Can YILMAZ (@yilmazcanyigit), Koh M. Nakagawa of
FFRI Security, Inc., Kirin (@Pwnrin), Jeff Johnson (underpassapp.com),
and Csaba Fitzl (@theevilbit) of Offensive Security

Screen Saver
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: A permissions issue was addressed by removing vulnerable
code and adding additional checks.
CVE-2023-32363: Mickey Jin (@patch1t)

Security
Available for: macOS Ventura
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved entitlements.
CVE-2023-32367: James Duffy (mangoSecure)

Shell
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2023-32397: Arsenii Kostromin (0x3c3e)

Shortcuts
Available for: macOS Ventura
Impact: A shortcut may be able to use sensitive data with certain
actions without prompting the user
Description: The issue was addressed with improved checks.
CVE-2023-32391: Wenchao Li and Xiaolong Bai of Alibaba Group

Shortcuts
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved entitlements.
CVE-2023-32404: Mickey Jin (@patch1t), Zhipeng Huo (@R3dF09) of Tencent
Security Xuanwu Lab (xlab.tencent.com), and an anonymous researcher

Siri
Available for: macOS Ventura
Impact: A person with physical access to a device may be able to view
contact information from the lock screen
Description: The issue was addressed with improved checks.
CVE-2023-32394: Khiem Tran

SQLite
Available for: macOS Ventura
Impact: An app may be able to access data from other apps by enabling
additional SQLite logging
Description: This issue was addressed by adding additional SQLite
logging restrictions.
CVE-2023-32422: Gergely Kalman (@gergely_kalman)

StorageKit
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file system
Description: This issue was addressed with improved entitlements.
CVE-2023-32376: Yiğit Can YILMAZ (@yilmazcanyigit)

System Settings
Available for: macOS Ventura
Impact: An app firewall setting may not take effect after exiting the
Settings app
Description: This issue was addressed with improved state management.
CVE-2023-28202: Satish Panduranga and an anonymous researcher

Telephony
Available for: macOS Ventura
Impact: A remote attacker may be able to cause unexpected app
termination or arbitrary code execution
Description: A use-after-free issue was addressed with improved memory
management.
CVE-2023-32412: Ivan Fratric of Google Project Zero

TV App
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of caches.
CVE-2023-32408: Adam M.

Weather
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: This  issue was addressed with improved redaction of
sensitive information.
CVE-2023-32415: Wojciech Regula of SecuRing (wojciechregula.blog), and
an anonymous researcher

WebKit
Available for: macOS Ventura
Impact: Processing web content may disclose sensitive information
Description: An out-of-bounds read was addressed with improved input
validation.
WebKit Bugzilla: 255075
CVE-2023-32402: an anonymous researcher

WebKit
Available for: macOS Ventura
Impact: Processing web content may disclose sensitive information
Description: A buffer overflow issue was addressed with improved memory
handling.
WebKit Bugzilla: 254781
CVE-2023-32423: Ignacio Sanmillan (@ulexec)

WebKit
Available for: macOS Ventura
Impact: A remote attacker may be able to break out of Web Content
sandbox. Apple is aware of a report that this issue may have been
actively exploited.
Description: The issue was addressed with improved bounds checks.
WebKit Bugzilla: 255350
CVE-2023-32409: Clément Lecigne of Google's Threat Analysis Group and
Donncha Ó Cearbhaill of Amnesty International’s Security Lab

WebKit
Available for: macOS Ventura
Impact: Processing web content may disclose sensitive information. Apple
is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds read was addressed with improved input
validation.
WebKit Bugzilla: 254930
CVE-2023-28204: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS 13.3.1
(a).

WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.
Description: A use-after-free issue was addressed with improved memory
management.
WebKit Bugzilla: 254840
CVE-2023-32373: an anonymous researcher
This issue was first addressed in Rapid Security Response macOS 13.3.1
(a).

Wi-Fi
Available for: macOS Ventura
Impact: An app may be able to disclose kernel memory
Description: This  issue was addressed with improved redaction of
sensitive information.
CVE-2023-32389: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Additional recognition

Accounts
We would like to acknowledge Sergii Kryvoblotskyi of MacPaw Inc. for
their assistance.

CloudKit
We would like to acknowledge Iconic for their assistance.

libxml2
We would like to acknowledge OSS-Fuzz, Ned Williamson of Google Project
Zero for their assistance.

Reminders
We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Rosetta
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for
their assistance.

Safari
We would like to acknowledge Khiem Tran for their assistance.

Security
We would like to acknowledge Brandon Toms for their assistance.

Share Sheet
We would like to acknowledge Kirin (@Pwnrin) for their assistance.

Wallet
We would like to acknowledge James Duffy (mangoSecure) for their
assistance.

Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.

macOS Ventura 13.4 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

It is highly recommended that you install security updates immediately. While it is very easy to find people on the Internet recommending that you wait, it is very hard to find competent people recommending that you wait.

February 21, 2023: Apple and Accessibility

February 21, 2023: Apple and Accessibility

In February, we looked at accessibility, something of a companion topic to January’s focus on health.

Accessibility is usually associated with individuals who have handicaps: vision problems, hearing problems, and mobility issues. But hearing, vision, and mobility problems are things everyone encounters, and your Macintosh, Apple Watch, iPhone, and iPad have technologies that help you deal with temporary as well as more permanent afflictions.

One of the most basic is changing the size of items displayed on your Mac, iPhone, Watch, or iPad.

You can, for example, vary the size of text,

from small, in instances where you want a lot of stuff on the screen at once, to

normal, for comfortable reading

to large, for reading at a distance

to extra large, for posters or shouting.

You can also change other attributes how information is displayed, depending on the program and context

Somethimes, you can change the background color on the screen,

or tint the screen and text to get rid of blue colors late at night, to help you sleep.

Your iPhone, iPad, and Mac can also speak to you, and you can speak to them.

Unfortunately, Zoom seems to have disabled many of these features, partly because the changes are intended for the user sitting at their own computer, and not for the screens of viewers. Additionally, the demo computer’s screen was being mirrored on a TV, and some of the accessibility features were not available, as the TV was a remote device, not subject to the whims of the computer.

What could not be shown: changing the resolution of the screen. While this was a Macintosh screen, you can do similar things on an iPhone, iPad, and Apple Watch.

This was a screen on the computer. The Displays pane (System Settings > Displays in Ventura) is set at Larger Text,

macOS Ventura System Settings > Displayed set at Larger Text

macOS Ventura System Settings > Displayed set at Larger Text

In this image, the Displays pane (System Settings > Displays in Ventura) is set at the second level, to show more of the screen,

macOS Ventura System Settings > Displayed set to show more screen.

macOS Ventura System Settings > Displays set to show more screen.

In this image, the Displays pane (System Settings > Displays in Ventura) is set at the default level, halfway between Large Text and More Space.

macOS Ventura System Settings > Displays set to the middle, default setting.

macOS Ventura System Settings > Displays set to the middle, default setting.

In this image, the Displays pane (System Settings > Displays in Ventura) is set to show more of the screen.

macOS Ventura System Settings > Displays set to show more of the screen.

macOS Ventura System Settings > Displays set to show more of the screen.

In the final image, the Displays pane (System Settings > Displays in Ventura) is set to show the maximum amount of screen space.

macOS Ventura System Settings > Displays set to show the maximum amount of screen space.

macOS Ventura System Settings > Displays set to show the maximum amount of screen space.

You can easily change the screen resolution at any time. Writing a memo? Set to show larger text. Sorting photos? Set to show more of the screen. You don’t need to strain your eyes to read or write, nor spend endless amounts of time scrolling through lists of photos when it is a simple matter to show more photos at once. Designing a poster? Set to maximum screen size, then set it for larger text to work on fine details.

It was also difficult to demonstrate many of the things you can do with Siri because the Mac is set up to serve the person at the keyboard, and not people in remote locations. In response to one question concerning dictation of messages and documents on the Mac, please see Apple’s online guidance:

https://support.apple.com/guide/mac-help/use-dictation-mh40584/mac

A video of the meeting, including the Question and Answer session, is shown below. Closed captioning was not turned on, so there is no transcript.

February 21, 2023: Apple and Accessibility

Questions and Answers

For our October meeting, we had no planned program, but instead an extended Question and Answer (Q&A) session on almost anything concerning Macs, iPhones, iPads, Apple TV, etc. And we recorded it:

For a larger view, click on the YouTube logo.

URLs of items mentioned in the meeting:

Take Control Books: https://www.takecontrolbooks.com/

A discount code for Take Control Books is posted on the Discussion Boards.

Google begs Apple to change Messages: https://arstechnica.com/gadgets/2022/08/new-google-site-begs-apple-for-mercy-in-messaging-war/

Good luck with that.

Guide to Apple TV+: https://9to5mac.com/2022/10/14/apple-tv-plus-tv-shows-movies-guide/

This is exceptional: short, capsule summaries of the series or movies, complete with a video clip or trailer.

Use your iPhone as a white noise generator: https://www.theverge.com/23131327/how-to-iphone-white-noise-background-sounds-ios-15

Hidden in plain sight.

Notes from the meeting will follow.

Generic Apple Event

Apple has announced they are having an Apple Event on September 7, starting at 10 a.m. PT. Unlike previous streamed events, there is no special phrase or graphic to hint at what is to come. Instead, you get this sparkling star cluster,

Apple event star cluster
An apple-shaped star cluster, or possibly a black hole. Hard to tell.

Presumably, the event will be the usual quarterly announcement of Apple iPhones, iPads, Apple Watches. But the lack of graphical and textual hints is something of a mystery. Maybe this is an unreleased photo of some section of the universe, captured with the James Webb space telescope. Maybe it is the patterned formed by throwing darts at an Apple sticker. Maybe it is a time-lapse aerial photo of an autonomously driven Apple car driving around the Cupertino campus.

You can stream the event on September 7 and find out.

Useless clickbait tips

This entry talks about useless clickbait, but there are some useful tips on screenshots at the end. First, the useless clickbait.

While reading news stories on my iPad, I was presented with two different advertisements offering bizarre suggestions for how to block advertisements on my iPad. Yes, advertisements on how to block advertisements.

These useless advertisements had one real purpose: they were designed to make me curious, and click on the advertisement — in order to see more advertisements. I did not click on the ads.

But I did take screenshots, because they were funny. The first ad:

Most iPad users didn't know how to block ads (do it now!).
Ad blocker? Carpet cleaner? Finger exercise pad? We may never know.

Let us give this some thought. This illustration is suggesting you can block ads by:

  • Turning your iPad screen down and pressing it into your carpet. This works: you won’t be able to see the ads! Or anything else, but yes, you won’t be able to see the ads!
  • Or another possibility: this is a still image, but it might require more action. You might want to rub the iPad back and forth across the carpet. If there is any sand or grit on the carpet, it might scratch up the screen, which will make the ads harder to see. This could be considered an ad blocker of sorts. Also: a great way to damage your iPad.
  • Yet another possibility: this could be part of a larger image, and if you were to zoom out, maybe you would see the user crouched down like a sprinter, waiting for the starting gun to fire. The iPad itself is serving as a starting block, or, to stretch a point, an ad blocker.

As it seemed unwise to click on the link (not to mention silly), we may never know exactly what was intended.

The second ad:

Most iPad users didn't know how to block ads (do it now). An even sillier advertisement than the first.
Here’s how to block ads on your iPad! Or is it even an iPad?

The first thing to note is that this is explicitly PAID CONTENT. Some entity paid to insert this advertisement into a news page, and again, is advertising a way to block advertisements. But consider:

  • Is this even an iPad? That looks like a USB-C port in the center, but none of the iPads with USB-C ports have a bottom edge that looks anything like this.
  • Exactly what is the Q-tip doing? Is it removing gunk from the USB-C port? Maybe the USB-C port has ear wax? It isn’t clear how that can block ads.
  • Maybe the Q-tip is inserting ear wax into the USB-C port to block ads? You wouldn’t expect iPads to promulgate ads through a USB-C port, but then you wouldn’t normally stick a Q-tip in them, either.

After giving this photo several days of thought, the ear wax removal explanation seems to work best, even though it makes no sense. Again, it seemed unwise to click on the ad, so the explanation will remain a mystery.

Screenshots? You can take screenshots on an iPad?

One question you might have: how do I take a screenshot on an iPad? Apple has a support document that describes the process (it is easy): https://support.apple.com/en-gb/HT210781

Another question many people have: where does the iPad put the screenshots? The support document reveals this tidbit, too, at the bottom of the page.

You can also take screenshots on your iPhone: https://support.apple.com/en-gb/HT200289

While it is a little trickier (you need to make a change to the Watch settings on your iPhone first), you can even take screenshots on your Apple Watch: https://support.apple.com/en-us/HT204673

Screenshot of an Apple Watch.
This Apple Watch screenshot shows the current time, including seconds, and (the four corners, top to bottom, left to right) a button for recording voice memos; a weather forecast with temperature range; a button for Strava, an app to record walks, runs, bike rides, etc.; and a button to display Activity (steps, exercise, stands). In the interior, the upper icon in the center will display blood oxygen level, the one on the right displays the current tide at Dungeness Landing, the bottom center shows the time in London, England, and the one on the left triggers the Breath app, which guides you through breathing exercises. There are millions of possible ways to customize the Apple Watch, most of them far less complex.
Apple Watch screenshot showing date, time, outdoor temperature and weather, location, and a view of what the earth would look like at that moment from space.
A more simplified Apple Watch screenshot showing date, time, outdoor temperature and weather, location, and a view of what the earth would look like at that moment from space. The icon at the top is subtly suggesting that the wearer should be in bed.

July 2020: WWDC 2020

Notes by Kathleen Charters

In July, we had a quick review of Apple’s Keynote address at WWDC 2020 (World Wide Developer Conference 2020). But first,

Question and Answer (Q&A) session

Will you demonstrate the Big Sur developer release?

Non-disclosure agreements govern what can be said, and shown; can only repeat what Apple has said in public (with some speculation on things not yet known.)

Should I install the public beta test of Big Sur?

Best Practice: Use a Mac not used for anything important; an expendable machine should be used for Beta testing so testing will not disrupt anything; debugging code slows things down, some of the code functionality is not complete yet. Sometimes, you may have to erase a beta test machine and start over. If you aren’t willing to erase your computer, don’t install the beta test.

What about beta test of iOS?

Public Beta OS is available on the Apple site for each device (Mac, iPad, iPhone, Apple Watch, Apple TV). Only install beta software on a device that you can afford not to use. Keep in mind that you must complete a beta test agreement in order to be a tester, and submit bug reports to Apple.

When will these new operating systems be out?

Apple didn’t say. Traditionally, new releases come out in September-October. COVID-19 has limited developer development and interactions. New OS features may be incompatible with existing virtual conference software, for example; other developers will see a tester disappear and not know what it was that caused the crash. Not clear at all if Apple will be able to complete development, testing and certification of all platforms in time for usual fall rollout.

I did not receive a meeting announcement.

Announcements for the meeting were sent out via E-mail; if you did not receive an email and have signed up, please send an e-mail to Lawrence. Also, check your spam folder, as mail systems give a higher “spam” score for mass messages sent with addresses listed as BCC (blind carbon copies). Also also, we may not have your correct email address, as we’ve had trouble reading some things written on the sign-in sheets. Kris Eklund also posts announcements on Next Door, https://nextdoor.com/.

My Apple Watch is missing some apps after an operating system upgrade.

The Apple Watch needs memory on the computer to do an upgrade. If there isn’t enough memory to complete an upgrade properly, the operating system will delete apps from the watch. This is not really a problem, since the apps are still on your phone. Just use the Watch app on your phone to add the apps back after the OS upgrade.

When looking at Apple Mail vs Gmail on iPad or iPhone, how do I get a list of contacts?

Google is a Web services company and Gmail is Web-based, so open Gmail from a web browser on your desktop computer. In the upper right-hand corner, there is an icon of a cluster of squares, indicating other applications. Click on it, and you wil see one is for Contacts. Google’s Contacts service is shared among all Google services, including Google Docs. Google has online documentation on how to export Apple contacts and import them into Google Contacts. You can also use Apple Mail to view Gmail, in which case Apple Mail will use Apple Contacts for Gmail. On my Mac, I prefer to use Kiwi for reading Gmail, as it allows me to open and view multiple Gmail accounts at once. Kiwi is on the Apple Mac App Store.

Meeting Begins

President Sabrina Davis welcomed everyone to the meeting. Sabrina was overseas for several months, leaving before the pandemic and then getting caught up in mandatory quarantine measures.

SMUG Treasurer Annalis Schutzmann was asked: how do members pay dues when we do not meet in person? You can mail checks to Annalis; use the Contact form on the website, https://strait-mac.org/contact/ — to write to her for the mailing address.

Annalis is working with Lawrence on an online database with the dates of when dues were paid. Lawrence is going to add some logic to flag when dues should be renewed; the treasurer will then send an e-mail to tell where to send checks to join or renew.

SMUG did spend money on a Zoom subscription for the virtual meetings so we can host meetings longer than 40 minutes. Members can attend for free no matter how long the meeting lasts; you do not need to pay for an individual subscription. Lawrence was critical of Zoom’s privacy and security, but Zoom does a good job with controls for running a meeting. Zoom can also be used for troubleshooting by sharing the desktop and for teaching people how to use programs, such as how to use Zoom.

We did consider FaceTime, but while it has superb privacy and security controls, it just isn’t suited for groups of more than three or four at once.

SMUG treasury balance as of last meeting was $752; this meeting the balance was $651.08 after paying for a Zoom subscription.

SMUG elections will will be in October, with all offices open for nominations: President, Vice President, Secretary, and Treasurer.

SMUG is now properly listed on the Apple User Group Resources website, https://appleusergroupresources.com/find-a-group/.

Presentation: World Wide Developer Conference 2020 (WWDC 2020)

This year, you can attend the World Wide Developers Conference for free. The Keynote can be streamed from Apple’s site, and is also available as an Apple TV application. It is two hours long, and is chiefly aimed at software developers. The SMUG presentation will touch on several topics, and add some opinions. You can download the meeting slides from here:

The presentation (sorta) follows the slides.

Apple Safari is the most popular web browser in the world because it runs on iPhones, iPads, and Macs. Until recently, the underlying technology for Safari, WebKit, was also the foundation for Google’s Chrome browser.

Safari – Apple is planning some fundamental changes to Safari’s security and privacy capabilities. You can download the beta now; you don’t need to wait until Big Sur is released.

Apple Silicon – Apple is planning to finish converting all their devices from Intel and other processors to Apple processors. Apple has been using Intel processor chips for 20 years, but the architecture has run into performance bottlenecks that limit improved effectiveness. Also, last year some researchers found a (complex, hard to trigger) zero-day security flaw in all Intel processor chips — all of them — that allow machines using these processors to be compromised.

iPhones, iPads, Apple TV, and Apple Watch already run on Apple Silicon processors, and Apple Silicon Processors are in some recent iMacs and MacBooks, used as security processors for encryption and filtering things coming in from the outside. That means Apple has successfully “tested” Apple Silicon in close to two billion devices; the Mac lineup is the only thing left that is still Intel-based.

Aside from security and performance, Apple can also customize Apple Silicon processors to more closely meet their needs. For example, adding video and sound processors, and video memory to the Apple Silicon processor eliminates the need for separate chips and plumbing to do these functions.

As demonstrated by the iPhone and iPad, Apple can also control power use and heat better through their custom processors. This should result in longer battery life, and less need for noisy fans for cooling.

Apple Silicon is considered a System on a Chip (SoC) processor, allowing support for 64-bit operations, graphics acceleration, WiFi, BlueTooth, control of heat, management of battery consumption, and increase speed, all on one chip.

Also in the new operating systems: new emoji, 171 of them. Personally looking forward to the dodo and ninja icons. The bubble tea icon, which looks to me more like a chocolate milkshake, will also be handy.

macOS 11 Big Sur: this will be a big change. As a clue: this is Apple’s first operating system in 20 years that isn’t named macOS 10.something.

Control Center: Control panel similar to iPad/iPhone for most common changes people make.

macOS 11 Dock – icons in Dock will look the same as in Finder, and on iOS; more consistent is better for accessibility.

Notification Center – will group items, will add control of the most useful to Control Center, and use same icons on macOS and iOS.

Safari startup: the Safari start page will have the sites you most often visit, plus any customizations. You can also customize the background image used by Safari.

Sarai tabs: hover over a tab and get a preview of the page without opening the page.

One-button web privacy report – see who is tracking you on a given site, with the ability to turn off one or all trackers so businesses cannot track you.

Safari translation – not as extensive as Google, but easy to use for selected languages. The translation takes place on your machine; if additional help is required, an anonymous packet is sent off so Apple does not know who requested the information (Google, in contrast, tracks translation requests).

Messages – able to customize Memoji (previously limited just to iOS); group member Memoji make it easier to know who is in a group conversation.

macOS Big Sur: Will support Apple Silicon-based Macs and Intel-based Macs; will run on both. Developers can translate iOS apps to the Mac; this will be a huge gain for game players on the Mac as they can move their games to the desktop with just a recompiling, and converting touch gestures to mouse gestures.

Privacy: Every app, on every Apple app store (Mac, iPad, iPhone, Apple Watch, Apple TV) will have a new privacy policy. You can check to see if developer uses your location pr other information in one easy to read page.

iPhone – iOS Library – if you select it, iOS will automatically group your apps into “Libraries” of similar apps such as Games, Productivity, Navigation, etc. No longer will you have to swipe through pages of stuff to find what you want.

Picture in Picture (PiP) – will allow you to continue to be in a conversation (e.g., FaceTime) and can do other things, or watch a video and write about it.

Groups in Messages – you can set up groups and easily see who is in the group by viewing their Memoji.

Incoming call – you can see who is calling and decide what you want to do about it.

The Home app, previously available only on iPhone and iPad, is coming to the Mac.

New Home screen for HomePod allows you to see what a specific device is doing and control it. The current Home screen is utterly useless…

Apple Translation is coming to iPhone and iPad, in addition to Mac.

Watch OS7 – you will be able to track and check on sleep health; sleep cycle based on personal sleep goal; tracks heart rate and .

Automatic hand washing to make sure wash hands for long enough, complete with an animation and countdown, and feedback on whether you spend adequate time washing hands; a boon for COVID-19 prevention.

These are just a small subset of the topics covered in just the keynote. A huge amount of information was provided – this covers the most useful changes for the SMUG population.

Questions:

Will these new operating systems support my device?

If you have a device with the most current OS, you should be able to run the new one, if no incompatibilities are found during beta testing.

Are older operating systems less secure?

Apple provided Security updates to everything last week going back to High Sierra; you are encouraged to install the updates; protect yourself from being hacked, do not get too far behind – invest in a new machine if cannot run Catalina.

When a new OS comes out, Apple no longer offers the old one so get up to date now.

But how do I handle my 32-bit apps?

Every Apple device will be 64-bit only; they will not run 32-bit software going forward. If you positively can’t live without a 32-bit app, find an older Mac or iPhone or iPad and use it just to run the 32-bit apps; run new apps on current OS.

Moving from Catalina to Big Sur will be a huge step – wait a week or two before downloading it when it comes out; will be released in fall (around October).

You really do what a machine capable of running Catalina right now. If you want a reliable source for older machines (with guarantees ranging from 90 days to 1 year); OWC sells older machines, and Apple sells refurbished older machines.

Apple store in University Village – how are they operating under COVID-19 rules?

Don’t know. Apple stores in Tacoma and West Seattle are the closest, but haven’t been across the Sound in months.

Costco for Apple products – does not always have the best price, only have one version and it may not be the version you want/need; may not be able to upgrade it; recommend at least 16GB memory, check on size of storage – recommend at least 500 GB or more; new machines have USB-C connections so can attach external storage; do cost comparison. Caution: Best Buy clerks and Costco clerks may not be as knowledgeable you might want them to be. When it comes to storage, keep in mind that movies and photos take up a lot of space, messages with images attached can take up a lot of space. Average mac person keeps a machine 7 years – think about the future for memory and storage.

Will the new machines require more memory?

New Macs with RISC chips – does not require more memory (outdated concept – was an issue early on but no longer a limiting factor); video audio photos use memory.

Chrome browser wants 8-10 GB memory for caching pages so runs faster, this takes memory.

Should I wait for the new computers? My current one is old.

If in need of a computer now – buy one, it will take time to have Apple Silicon Macs designed, built, and distributed, in past it took 2 years to transition to new chips.

I’m hesitant to go to Catalina – need to upgrade 32-bit to 64-bit before upgrade OS.

If you are already running in 64-bit, the app will run on Catalina; currently there is no way to safely run 32-bit programs; MS Office 2011 32 bit will not run under Catalina. Numbers is free if Excel no longer runs; if purchase MS Office 365 subscription can put it on up to 5 devices; Office Home is $69.95 – look around for best deal, comes with 1 TB cloud storage. And KeyNote is better than PowerPoint.

Will the new watchOS work on older watches?

Apple only talked about the new operating systems, and not hardware. Unless some feature uses something not on your watch, if your current watch is running the latest watchOS, it will probably work with watchOS 7.

Random comments:

Developers can purchase MacMini for development platform. The Mac mini comes with an Apple Silicon CPU, rather than an Intel CPU.

Movie on Apple TV+: Greyhound is a World War II movie with Tom Hanks; very highly recommended.

Expect first Apple machine with Apple Silicon to be a laptop since a laptop would be an obvious beneficiary from improved battery life and heat management.

Apple demonstrated some very impressive text recognition capability, which should serve as a preview for what the new iPadOS offers.

LIDAR facial recognition for iPad and iPhone may be next.

Next month

Next month: digital photography: taking photos

Future topic: Time Machine Back-ups.

Books about Macs Black Friday sale

In recent meetings, we’ve mentioned Take Control Books. Originally done as an offshoot of one of the first Macintosh mailing lists (established in 1984), Take Control Books are electronic books dealing with mostly Mac-centric topics, such as macOS, Photos, Pages, etc.

Take Control Books is having a “Black Friday” sale on some of their most important books, including several mentioned in recent meetings. While I haven’t read most of these, I do have quite a few of their books, and highly recommend them. They cover critical Mac topics quite well.

Here is the announcement of their sale, with links:

✩✩✩

The sale is on! From now through next Monday, December 2, we’re having a Black Friday/Cyber Monday sale—50% off on our most recent releases. No coupon or special links are required.

Here are the books that are on sale:

Connect and Secure Your iPhone and iPad
Take Control of Automating Your Mac
Take Control of Calendar and Reminders
Take Control of Catalina
Take Control of iOS 13 and iPadOS 13
Take Control of macOS Media Apps
Take Control of Notes
Take Control of Photos
Take Control of Upgrading to Catalina
Take Control of Wi-Fi Networking and Security
Take Control of Your Apple ID
Take Control of Your Browser
Take Control of Your Digital Photos

The sale ends promptly at midnight on Monday, December 2 (Pacific time).

✩✩✩

They have a large number of books available, covering almost any Mac or iOS topic you can imagine: https://www.takecontrolbooks.com/catalog/

The nice thing about their books: because they are electronic, you can find a book you want, buy it, download it, and be reading it almost immediately. Books are available in ePub (iPad and iPhone), Mobi (Kindle), and PDF (Acrobat) format.

Coming soon

Coming soon

Apple WWDC19 was full of wonders

Apple’s World Wide Developer Conference (WWDC) was held earlier today, and Apple made a number of announcements:

New Mac Pro is a highly customizable box.
The new Mac Pro is endlessly customizable, offering huge amounts of memory, storage, video power, etc. There is even a rack-mounted version, in case you want a small herd of these for crunching vast herds of bits and bytes.
  • iOS 13 is aimed at being much faster, even on existing hardware, and is bringing Dark Mode to the small screen, along with outstanding security and privacy;
  • iPad software is being split off from the iPhone to a new iPadOS, with features that take advantage of the vastly larger screen;
  • the Mac Pro returns, in a powerful 28-core monster;
  • Apple returns to the display business with an exotic Pro Display XDR;
  • watchOS 6 will add new health and fitness metrics and capabilities, and new watch faces;
  • tvOS 13 will allow multiple user profiles, so you can watch what you want, and listen to what you want;
  • macOS Catalina returns to the California coast, and splits iTunes apart with separate apps for Apple Music, podcasts, and Apple TV;
  • another huge change to macOS Catalina is Sidecar, a built-in capability to use your iPad as an additional screen of your Mac, and use iPad capabilities — such as the pen — with your Mac;
  • accessibility changes, to macOS, iOS, and iPadOS, promise to vastly expand what can be done by those with vision, hearing, or mobility limitations, including both the very young and the very old.
iPadOS showing Dark Mode and something more than apps on the home screen.
New iPadOS showing Dark Mode and the ability to display information on the home screen.

You can watch the keynote (a bit more than two hours) here.

Tapping the Apple Watch face will soon allow you to record a voice memo.
Soon you will be able to record a voice memo on your Apple Watch with just a tap.

Most people will never own a Mac Pro; fully equipped with the new Pro Display XDR, you could buy a decent car — a new car — for the same price, or less. But almost everyone with an Apple device will benefit from iOS 13, iPadOS, tvOS 13, watchOS 6, and macOS Catalina. In particular, the accessibility features, and the vastly expanded iPad capabilities, are worth a long, thoughtful look. And the security and privacy features built into the new operating systems — all the operating systems — are extraordinary.

The programming tools will roll out immediately, with the finished iPhone, iPad, watch, TV, and Mac operating systems coming out in the fall. The Mac Pro and Pro Monitor will be out “this fall,” but you can sign up to be notified when they are getting close.

An iPhone Note in Dark Mode, with an option to send an email notification directly from the Note.
iPhone Notes in Dark Mode, with the option of sending an email notification directly from the note.

Since this is the World Wide Developers conference, there was also a presentation on coding, and it was impressive. While GUI (Graphical User Interface) programming has been touted for a couple decades, the reality is that complex programming is almost entirely based on thousands, or millions, of lines of text-only code. But with the forthcoming Xcode 11, you really can drag-and-drop large chunks of graphical elements, and large chunks of code, into your application code. And Apple has vastly reduced the code barriers between macOS and iOS apps with new technology that lets you very quickly, and fairly painlessly, transform an iOS app into a Macintosh application in just a few days.

Xcode 11 will offer drag-and-drop programming, and you can code for a Watch, Apple TV, Mac, iPad or iPhone by just selecting an option at the start of the project -- and little more.
Code on the left, with a live preview of the result on the right, compliments of the new Xcode 11.

watchOS 5.2.1 security update

Apple released a security update for Apple Watch, watchOS 5.2.1, on May 13, 2013. You can subscribe to Apple security announcements at https://lists.apple.com/mailman/listinfo/security-announce/


APPLE-SA-2019-5-13-4 watchOS 5.2.1

watchOS 5.2.1 is now available and addresses the following:

AppleFileConduit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

CoreAudio
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro’s Zero
Day Initiative

Disk Images
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological
University

Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and
Hanul Choi of LINE Security Team

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8591: Ned Williamson working with Google Project Zero

Mail
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8626: Natalie Silvanovich of Google Project Zero

Mail Message Framework
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8613: Natalie Silvanovich of Google Project Zero

MobileInstallation
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)

MobileLockdown
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to gain root privileges
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8637: Dany Lisiansky (@DanyL931)

SQLite
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Apple Watch Series 1 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8600: Omer Gull of Checkpoint Research

SQLite
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research

SQLite
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8602: Omer Gull of Checkpoint Research

sysdiagnose
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)
of Tencent Keen Lab, and dwfault working at ADLab of Venustech
CVE-2019-8601: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero

Wi-Fi
Available for: Apple Watch Series 1 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt

Additional recognition

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

CoreFoundation
We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian
Zhang, Huiming Liu of Tencent’s Xuanwu Lab for their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
an anonymous researcher for their assistance.

MediaLibrary
We would like to acknowledge Angel Ramirez and Min (Spark) Zheng,
Xiaolong Bai of Alibaba Inc. for their assistance.

MobileInstallation
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select “My Watch > General > About”.

Alternatively, on your watch, select “My Watch > General > About”.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222