eXtensions - Monday 15 December 2025
By Graham K. Rogers
An odd day for updates from Apple, but on Friday (Saturday morning here) the latest OS 26 versions became available. There have been some malware types for Macs for a while, but recent attacks have made more use of tricking users into taking steps to open the gates. Some of the recent personnel changes at Apple may well be due to clearing the decks to ensure stability, but the rumor about chipmaker-in-chief, Johny Srouji, has seemingly been disavowed. The Warner/Netflix/Paramount dance continues with share prices now rising.
Many commentators were expecting Apple to release updates to its operating systems this week, but when Friday rolled around, I surmised that this would now be next week. Perhaps the final developer releases had found a problem. I was therefore surprised Saturday morning (here) to see updates available for my devices. I cannot remember the last time Apple put out updates on a Friday, although early versions of OS X were released on Fridays, and there were crowds at the venues (like Siam Discovery Center) for the events starting at 6pm.
As usual, I made sure the iPhone and iPads were backed up to iCloud, then made two Time Machine backups for the Mac. As the backups were completed, I started the downloads for the respective OS versions. The iPhone was first, and that was completed fairly quickly. The iPad mini was also reasonably quick, while the MacBook Pro took a little longer. Once the iPhone was done, I started with the Apple Watch which always seems to be slow: download and installation.
The iPad Pro is always last as I work on that first thing in the morning. That has to wait until I switch to the Mac. The MacBook Pro was still downloading the update and showed 5 hours. While I was working, the download time veered between 11 minutes and 4 hours, suggesting that the link (or the server) was intermittent. By the time I was ready to shower, the update had just started.
I still do not understand how the charging on the Apple Watch works. Sometimes this is quite fast, but at other times it slows considerably, and even goes backwards. On Sunday morning, I put the Watch on charge at 06:04. It showed an 80% charge. At 0635, I checked the progress. It now showed 79% and the green display ring showed its "hook" - Apple probably has a name for this. I tapped the charging ring and was shown a message for full charging which I pressed. Now it will do what I originally intended. I think.
Although it is a little late in the year for Apple to roll out any hardware updates, the way pricing has been moving on some iPads and Macs suggest that retailers are keen to shift what stock they have. Some items mentioned are the M3 iPad Air and the M4 MacBook Pro. It is, of course, a good time to encourage buying as with Xmas and New Year it is a time for giving; and some small businesses may be keen to upgrade equipment using the end of year budget. The stock-shifting can also be a hint that replacements for these devicesare in the pipeline, so we may see new product announcements in mid- to late-January or February.
A lot of Mac users (including me) are fairly confident when it comes to malware. Despite the ways that Apple has tightened up the gatekeepers, causing some little frustration at times, we have still been a bit better off than those on other platforms. I am a bit put off by those sites that warn about Mac viruses. I accept that there is malware aimed at the Mac, and the Trojan Horse is the most likely to be invited in, although there are now increasingly other delivery types. By its definition as an executable, a virus cannot be installed or run on a Mac. The Trojan Horse, spyware and more, are a different matter.
The executable virus is software that must be installed before it can run and replicate itself. On a Mac it needs Admin privileges to do that. This is one reason why I do all work in a User account. If any program needs to be installed (or updated) I have to enter the Admin name and password. That acts as a check. The Trojan Horse uses some form of trickery, such as inviting a user to click on a link, to set its mischief going. Some malware can be installed using an external drive, as in the infamous attack on Iranian centrifuges that were run using Siemens PCs with Windows. This backfired somewhat as the worm known as Stuxnet spread to other countries allied with Iran. It was later rumored that problems in certain electricity generating installations in the USA had been caused by a version of the same (or similar) malware. A worm is spread via a network, and in the case of Iran was allegedly installed using an external drive.
There are other forms of trickery and this week, Howard Oakley (EclecticLight Company) reports on an attack on a Mac that was started through a Google search and AI. There is a warning in the article: don't try this at home. He used a virtual machine to examine a comprehensive report on the attack and its methodology. In this way it appears he was protected from the effects of a real attack on a Mac.
The attack starts with a request for maintenance information and leads to Terminal. That would stop a number of users. All well and good. Years ago, I used to have several calls from help from a user here who would keep trying things that he didn't understand. On one occasion, he changed Admin permissions and locked himself out of his Mac. There were no smartphones then, so I had to find the instructions for resetting the Mac, using Single-user mode and send the information by SMS. Luckily he was able to follow the information and regain control of his Mac. It did not stop the calls for help.
Like other attacks, the information that was shown in Terminal looked genuine (note the recent attack using Apple's own messages - Andrew Orr). This installed malware, however (AMOS). Oakley notes that we are going to see more of this and we should trust nothing from a search engine. He gives a couple of other useful warnings in his article that explains how this all worked, writing that this succeeded because "at each step you have been tricked into bypassing its protections." This was what happened in the very different attack that Orr reports. Instructions for each step seem reasonable.
In both cases, however, there were some subtle errors that might have stopped the really sharp user. Howard Oakley examined this in a virtual machine keeping his system safe; others might react to online search suggestions by opening Terminal and following the suggestions. Oliver Haslam (AppleInsider) also outlines the information from the Huntress researchers. He concludes with a number of warnings about trusted sources and Terminal (only if you know what you are doing). This is also covered by Ben Lovejoy (9to5Mac).
That question of trust in what the Huntress researchers call a "poisoned conversation" is illustrated by the screen shot of the analysis summary I took from the Huntress site:
Following on from the recent news on personnel departing Apple Terrence O'Brien (The Verge) has a few interesting comments that add more context to the departures and to the Gurman report, particularly the point that Srouji had been thinking about departure since about October. Charles Arthur (Overspill) suggests that the source of this rumor was Dye himself who put his own slant on things: ". . . keen to talk up how enormously important he was for Apple" (3rd comment), although that seems to have backfired with the comments from others, inside and outside Apple.
Charles Arthur puts the whole series of events in some better context, writing that October is bonus time at Apple and that suggests that for some long-serving members of the executive team the end of the year is a better time to make such career decisions. Arthur also suggests that, if Cook were to depart, which does seem more likely as the new pieces are moved into place, Srouji could be in a better position at Apple, even if the Gurman report suggested he preferred working under Cook.
In a follow-up on X, Gurman added a comment from Srouji, "I love my team, and I love my job at Apple, and I don't plan on leaving anytime soon." In reporting this, David Price (MacWorld) managed to add a caveat: "it's likely Apple either made him a substantial offer to stay or "anytime soon" is sufficiently vague."
As the information about the departures goes down the tech press food-chain, so the comments and speculation about Apple's future, become worse (doom scenarios). One needs to remember that Apple does not rely wholly on the senior executives for developments. Each of those top runners have strong teams that do much of the work. This is called delegation and is a feature of many companies. It also means that if an executive leaves, whether by design, retirement, or is dismissed, there is always someone to step up to the plate.
This has become more interesting with input from John Gruber who sounds as confident in Gurman as I am. In his comments that appeared on the Daring Fireball pages, he made some sharp remarks: "It wasn't rumors, plural. It was one report, on Saturday, from Mark Gurman at Bloomberg, and Srouji just called bullshit on it." The rest of the page has some useful comments and input from Neil Cybart. Gruber's closing paragraph includes this: "It speaks to Gurman's personal and Bloomberg's institutional influence that Srouji and Apple saw the need to shoot the bogus narrative down in public like this." Charles Arthur (as in his previous posting) continues to be highly skeptical and has some firm words about Gurman. Not only am I usually skeptical, but I detest the way, week after week, many in the tech press swallow all he writes, hook, line and sinker with little or no analysis of what Gurman is putting out. Bloomberg is no friend of Apple.
There is more unfinished business with the possible Netflix-Warner deal. This is a story that will run for some while yet. It may be expected that there will be some regulatory oversight, but following some comments it appears the President may interfere in what is usually an independent investigatory process. However, within a few hours, Paramount followed with another offer of its own, directly to shareholders. Paramount is owned by David Ellison, son of Larry, who is known to be close to the President. From hereon in, any independence is probably illusory or performative. Warner are supporting the Netflix bid. Several sources commented on this. Kris Holt (Engadget) has a fairly good outline. William Gallagher (AppleInsider) also has some useful input.
The pressure that Paramount and the President will put on Netflix will increase when it was reported who else was likely to be involved. Karl Bode on TechDirt, for example, noted that "Jared Kushner and Saudi money" were now heavily involved in the Ellison-Paramount offer. He added that the President's direct involvement (even before Kushner was inserted into the picture) was not how regulatory approval was supposed to work. But these are not normal times.
Even without the President's input, the proposed Netflix merger with Warner has strong opposition from Hollywood, politicians, and others. A Reuters (Guardian) report that there is a consumer lawsuit that claims, "the proposed deal threatened to reduce competition in the US subscription video-on-demand market". Warner is not involved in this litigation. I am not sure if the Paramount deal is the best alternative solution to this.
On that note, in a comment on the mied messages from the acquisition, Martin Peers (The Information - paywall) looks at the expectations of Wall Street, and how this is redrawing the picture. Paramount and Netflix are after different parts of the company, so he suggests that there is a deal to be made: "One possibility would be that Netflix takes the Warner studio and Paramount takes the HBO Max streaming service and WBD’s cable channels." He adds that this could resolve the antitrust issues that could negatively affect either the Netflix or the Paramount deal.
I was scrolling through news headlines early in the week, when I spotted, "He's a son of a bitch - but he's usually right': why did Seymour Hersh quit the film about his earth-shattering exposés?" Hersh, like Chomsky, is one of those key names that immediately has me reaching for the article (or video clip) that contains the subject matter. It was sort of coincidental that the previous day I had watched a documentary on New Yorker, where many of Hersh's major articles hade been published. They are often long, detailed and somewhat exhausting, but I come away with a sense of fulfillment. Xan Brooks wrote about the making of (and tensions in) Cover-Up and this is a must-see for me, of only to fill in some of the gaps in how it all happened. At the end of the article, were the words, Coverup-Up is out now (in Irish and UK cinemas), and I was pleased to see that this is listed in Netflix with an arrival date of 25 December.
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on X (@extensions_th). The RSS feed for the articles is http://www.extensions.in.th/ext_link.xml - copy and paste into your feed reader. No AI was used in writing this item.
For further information, e-mail to
Back to
eXtensions
Back to
Home Page