Intego Mac Security Podcast

Apple Zero-Day Update, the Kia Challenge, and How to Factory Reset Apple Devices – Intego Mac Podcast Episode 279

Posted on by

Apple has issued an update for a zero-day, in the wild, WebKit vulnerability. The Kia Challenge has shown that you can start some cars with a USB cable. And sometimes you need to factory reset Apple devices; we explain how.

Transcript of Intego Mac Podcast episode 278

Voice Over 0:00
This is the Intego Mac podcast—the voice of Mac security—for Thursday February 16, 2023.

This week’s Intego Mac Podcast security headlines include: updates for all of Apple’s operating systems were just released with important security patches; Microsoft has finally brought down the curtain on the Internet Explorer browser; a so-called “TikTok Challenge” prompts South Korean carmakers to update their software; and a look at when and how to perform a full factory reset on your Apple devices. Now, here are the hosts of the Intego Mac podcast, veteran Mac journalist, Kirk McElhearn. And Intego’s chief security analyst, Josh Long.

Kirk McElhearn 0:47
Good morning, Josh, how are you today?

Josh Long 0:48
I’m doing well. How are you, Kirk?

Kirk McElhearn 0:50
I’m doing okay. It’s been a busy week we’re going to talk about patches and malware and Face ID and Touch ID and resetting Apple devices to factory settings. I think we need to start with the latest—can we have some spooky music here?— zero-day vulnerability that may be exploited in the wild.

Were any serious vulnerabilities patched in Apple’s latest operating system updates?

Josh Long 1:07
That’s right. Apple actually patched a number of operating systems this week. But the biggest issue that was patched was in macOS Ventura, iOS 16 and iPadOS 16. They patched a zero-day in-the-wild actively exploited vulnerability that was reported by an anonymous researcher. And the vulnerable component was WebKit, which, as we mention often, is the engine behind Safari. And it’s used by a lot of different operating system components. Apple patched this for at least Mac and iPhone and iPad, but maybe not for the other operating systems. It’s kind of weird, because Apple has not yet released any details about what was patched in the latest TVOS and watchOS updates that also came out this week.

Kirk McElhearn 2:02
Well, I think we have to assume that they all got patched for the same thing. But Apple has its reasons, sometimes, for not specifying which elements get updated because they’re waiting for something. But this is “zero-day”, “actively exploited”, “in the wild”. That’s like a trifecta, isn’t it?

Josh Long 2:18
Well, it’s kind of different ways of saying the same thing. Really.

Kirk McElhearn 2:21
Oh, so why the…why do we use so many words, just to call it “a bad vulnerability”.

Josh Long 2:25
Some people know of this type of thing as a zero-day vulnerability or…. Apple always uses the term “actively exploited”. But basically, that means it’s in the wild, somebody has used this vulnerability against somebody else. That’s what actively exploited means.

Kirk McElhearn 2:41
Interestingly, Apple released these updates on Monday. They’ve done that a couple of times recently. I kind of wonder if it was because Tuesday was Valentine’s Day, would that be the day when people aren’t updating their devices? It’s not a proper holiday…

Josh Long 2:55
Yeah, maybe. But at the same time, it’s weird when Apple releases things on a Monday because then I.T. administrators are now having to rush. They’re cleaning up after something crashed over the weekend. And now they’ve also got to do patches on a Monday? That’s the whole reason I think that Microsoft does “Patch Tuesday” every month,

Kirk McElhearn 3:15
I always thought Patch Tuesday was because in the United States, you have so many holidays that are on Mondays, if they fall, on other days, they’re observed on the Monday. And so there’s a good chance that there’ll be a couple of Monday’s during the year that aren’t working days, and there’ll be no one there to apply the patches. And if no one applies the patches and the malware happens then that’s not good.

Josh Long 3:35
That’s a fair point. Now, it’s also worth noting that iOS 15 and iPadOS 15 have not gotten a patch for the same vulnerability. Presumably they would be affected. We don’t know this for sure. We’re waiting on Apple to get back to us about it, but they probably won’t. But iOS 15 and iPadOS 15 theoretically should still be getting patches for at the very least actively exploited vulnerabilities. Because that’s been Apple’s practice. For the past several years, they’ve still been releasing iOS 12 updates, even to patch actively exploited vulnerabilities specifically, and only those vulnerabilities on the older version of iOS. One would think that Apple’s gonna release iOS 15 updates. They haven’t yet I don’t know why. That’s kind of odd. Also, now it’s been six months since WatchOS 9 came out. And WatchOS 8 still isn’t getting any security updates. Even though Apple is still selling the Apple Watch Series 3, which can’t be upgraded to WatchOS 9.

Kirk McElhearn 4:37
Well, they’re only selling it as a refurbished watch. They’re not selling it new anymore. Right?

Josh Long 4:41
True. But I mean, Apple is still selling the device and you can’t get security updates for it already for the past six months now. Like this seems really problematic to me.

Kirk McElhearn 4:51
Okay, I just want to comment on a verb tense you used a minute ago, Apple “has still been releasing” iOS 12 updates. How many have there been in the past year? One? And it happened a month ago. And we were very surprised. So “still been releasing” suggest that every time there’s updates, that is still iOS 12 updates, but there haven’t been many, they’ve only been a couple. There was one, two years ago, just before the iPod Touch was discontinued, because it can’t go any further than iOS 12. There was one a couple of weeks ago or a month ago, but there haven’t been that many.

Josh Long 5:20
The recent timeline on iOS 12 updates is September 23 2021, they released an update, and then August 31 2022, and then January 23 2023. So they’ve been releasing like the patches about a year apart, but for some reason, they’re still patching iOS 12. It’s kind of surprising at this point.

Microsoft has removed Internet Explorer from its Windows 10 operating system

Kirk McElhearn 5:43
Okay, in the department of “From My Cold Dead Hands”: Microsoft will forcibly remove Internet Explorer from most Windows 10 PCs today. Now, this was yesterday on the 14th. We’re recording on the 15th releasing this on the 16th. So you will not ever take Internet Explorer from my cold dead hands…are there people like that who are like Internet Explorer stans?

Josh Long 6:04
I don’t know, I’m sure there are people out there probably not so much that they love Internet Explorer so much as there are probably people who work for some enterprise organization that has some legacy web page that only is compatible with Internet Explorer. And they’ve long since lost whatever web developer created that page. And they have no idea how to make this work with newer web browsers. I suspect that it’s those companies that are in that situation that are maybe concerned about not having Internet Explorer anymore. But it’s worth pointing out that this browser had been around for a really long time.

Kirk McElhearn 6:41
Internet Explorer is as old as my first domain. I bought my first domain in 1995. The year that Internet Explorer came out and it was quite revolutionary. When it came out. You remember we were using Mosaic and Netscape and then all of a sudden, whoo, Internet Explorer is here. And now Internet Explorer has gone, we’re not going to shed any tears for Internet Explorer. On the other hand, Microsoft is pushing hard with Edge their new browser, which both of us find quite good compared to Chrome. We’re not going to go into too much detail now. But we’ll be talking soon about how open AI is available in Bing. So you can do these ChatGPT searches. And it only works in Bing in Edge. So if you want to use it, you’ve got to use Edge. And this is Microsoft saying you can play with our toy but you got to use our browser and they’re trying to get browser share to increase which is an interesting approach.

What is the TikTok Kia Challenge?

Kirk McElhearn 7:31
Okay, so before the show, Josh is telling me about the Kia Challenge. The Kia Challenge I’m thinking is it to try and understand what the new Kia logo actually means because I saw this a couple months ago, and it doesn’t look like Kia. Now I actually had a Kia Picanto a couple years ago small car fits kind of in the back of a pickup truck. An American pickup truck was one of those small European cars. It was a pretty basic car. But there is this Kia Challenge now with these newer cars, and my gob has been smacked. You can take something off the steering column and stick a USB plug in and turn it and the car starts. I mean, I still can’t wrap my head around it. We were talking about this for about 10 minutes. It’s like, okay, I can understand you put a USB A plug into something maybe it’s a dongle, it’s recognized because it’s got something on it, but that you actually turn it to activate the ignition that makes no sense.

Josh Long 8:25
Yeah, and it’s not just Kia. It’s also Hyundai or Hyundai depending on your how you prefer to pronounce that car manufacturer. These are Korean car manufacturers, they both have this issue where if you remove the steering column on certain models, you have to remove the steering column by force. And then this is exposed as a slot that fits a USB type A plug. And according to reports, you can just take any old anything, it could be a USB key, it could be a charging cable for your iPhone or whatever. You plug that in to this USB port, and you turn the port and it activates just like you know turning turning your key to turn on the ignition. And then it allows thieves to drive away with your vehicle. So apparently this Kia Challenge has been circulating since around the middle of last year. This is something that affects a lot of vehicles too.

Kirk McElhearn 9:23
So if you have one of these cars, you’re eligible for a free software update. There are about 8.3 million cars altogether. You can get in touch with your local dealership where apparently it’ll take about an hour to get the upgrade and if you get the upgrade you’ll get a window decal indicating that you’ve been equipped with anti theft technology. Now I’m thinking why don’t I just buy the decal if I have any one of these cars, because a thief is going to see the decal and assume that they can’t get it with the USB A key and it’s not going to bother breaking into the car. I’d be just as worried about someone breaking in and trying to start it up as someone actually stealing the car.

Josh Long 9:56
So if you have a Hyundai or Kia car, then you probably want to check this article to see if your vehicle might be on the list. This includes cars all the way back to 2015. And all the way until 2021 that they were built with this functionality.

Forgotten malware gets re-discovered

Kirk McElhearn 10:14
Okay, so we had patches now we have malware there’s newly discovered Mac malware. It was discovered on Valentine’s Day, but it really isn’t that new is it Josh?

Josh Long 10:22
This was kind of an interesting story. So Patrick Wardle tweeted this thing that was like at, I don’t know, like 1:30am. My time in California, Patrick Wardle is in Hawaii. And he posted this thing on Valentine’s Day, and said that he just discovered some new malware and he wrote this big article about it. And there’s a lot of really interesting things to say about this, we’ll have an article on the Mac security blog where you can read a lot more details about this. Some of the highlights first of all, this malware is being called iWebUpdate. And although it was just found, it apparently was first uploaded to Virus Total, which is a site that you can use to scan a file to see whether any antivirus engines are detecting it. It was first uploaded to VirusTotal in 2018, nearly five years ago, which is kind of surprising.

Kirk McElhearn 11:17
So you’re saying that no one noticed it for five years?

Josh Long 11:23
Well, it sat there with a zero detection rate for years and years. And only now that Patrick Wardle has brought this to light is it being detected by different antivirus vendors. This malware is kind of interesting. We don’t know exactly whether this was something that was deployed in the wild whether a lot of people were infected. It had been uploaded multiple times over the past several years. But it’s really surprising to see something that apparently is malware, it has been around for as long as it has been. And yet nobody was detecting it. There’s also some some interesting possible connections to past malware campaigns. We’ll talk about all of that in the article. But the main thing that you need to know is that Intego does detect this malware. So if your Mac is infected, if you’ve got the latest version of Intego Virus Barrier X9, make sure your definitions are up to date, scan your system and we’ll clean it up for you.

Kirk McElhearn 12:24
Okay, we’re going to take a break when we come back, we’re going to talk about whether depending on your threat model, you should turn off Face ID and Touch ID.

Voice Over 12:34
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego Mac Premium Bundle X9 includes VirusBarrier, the world’s best Mac anti-malware protection, NetBarrier, powerful inbound and outbound firewall security, Personal Backup, to keep your important files safe from ransomware, and much more to help protect, secure, and organize your Mac. Best of all, it’s compatible with macOS Ventura and the latest Apple silicon Macs. Download the free trial of Mac Premium Bundle X9 from today, when you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode show notes at That’s, and click on this episode to find the special discount link exclusively for Intego Mac podcast listeners. Intego, world-class protection and utility software for Mac users made by the Mac security experts.

Your personal circumstances can affect your “threat model” which could make Face ID and Touch ID less secure.

Kirk McElhearn 13:50
We got contacted by a journalist last week about some issues occurring in New York City where people have been drugged and they’re forced to unlock their iPhones. Basically, the question was, is Touch ID safe? Is Face ID safe or is something else safe. And we had written an article about this some time ago pointing out the advantages and disadvantages of Face ID and Touch ID. According to your threat model—Josh said this term when we were prepping the podcast; I just want to say threat model about 16 times because it sounds really it sounds like words in khaki, you know what I mean? It sounds like you know serious words. Some of the risk factors involved in this situation are people being drugged who might be unconscious. Now, if you’re unconscious, Touch ID will open your phone, right? If you’re unconscious Face ID kind of hard because you got to look at the phone. But if you’re unconscious and you’ve got a numeric passcode of more than six digits or if you’ve got a unique alphanumeric passcode there is no way that someone can get into your phone.

Josh Long 14:53
Okay, so we need to break all this down. So first of all, the story that this journalist contacted us about they came across our article, which is more secure Face ID Touch ID or passcode, as they were researching whether it’s actually safe to have Face ID enabled. That’s why they reached out to us. Because some New York City officials had been recommending that people who go to bars in Hell’s Kitchen, turn off Face ID and so he was like, wait a minute is Face ID actually not safe. So he was writing this the story about it, he noticed that we say that in our article that Face ID, we rated as a nine out of 10. And Touch ID as an 8 out of 10 in terms of how secure it is, how easy it would be for somebody to break into your phone. Those ratings that we gave Face ID Touch ID, and then the variations of a passcode. Whether you’re using a four digit six digit a numeric, that’s seven or more digits, or an alphanumeric long passcode, we gave all of those different ratings. This is under the assumption that, for example, somebody steals your phone, how easily would they be able to break into your phone.

Kirk McElhearn 16:09
Right This is not if someone is holding a gun to your head in which you will do everything possible to unlock your phone as soon as possible. But this is also the question of people being intoxicated, drugged or unconscious, which brings in a different threat model.

Josh Long 16:22
Yeah. So what I explained to this journalist is that if your threat model includes the possibility of someone taking your phone while you’re intoxicated, or drugged or unconscious, then we would have to change and adjust those numbers, how secure Face ID and Touch ID are. If if you are intoxicated, somebody might be able to grab your phone from you, they might be able to get you to look at your phone, if they held it in front of your face. And in that case, that would actually unlock your phone, if you have Face ID. So you kind of have to readjust those numbers. If this is something that you’re concerned about that it’s likely to happen to you, or plausibly could happen to you, then you’d have to adjust those numbers.

Kirk McElhearn 17:10
Okay, so how would we adjust these ratings? I would say zero out of 10, for Face ID and Touch ID, would that be right?

Josh Long 17:17
Well, Face ID, I would say is still more secure than Touch ID even in that scenario, I would knock it down at least a couple of pegs, I would say maybe about seven out of 10, it still would be difficult for somebody, first of all, they still have to get your phone from you. And they still have to trick you into looking at your phone, which could be difficult, right. And if you’re completely unconscious, somebody can’t just hold up a phone in front of your face and unlock your phone. Because it does require attention, it requires you to be looking at your phone, at least the default setting does require that and it would be kind of difficult for somebody to like prop your eyes open and to have Face ID still recognize your face, even with somebody’s fingers holding your eyes open and all that it just it’s not very plausible, right. So I still think that Face ID is actually pretty good. In even in this scenario. Now, as far as Touch ID, as we mentioned, even if you’re a completely unconscious Touch ID could still allow somebody to get into your phone. So I would reduce that number significantly. It probably it’s no more secure than maybe a four digit passcode in the sense that somebody can easily watch as you’re typing a four digit passcode, they can shoulder surf and find out your four digit code to get into your phone. And somebody could just as easily if you’re unconscious, hold your thumb on your Touch ID sensor and get into your phone.

Kirk McElhearn 18:45
Okay, I want to say that shoulder surfing is a bit more complex than holding your thumb on a phone. If someone’s unconscious, and they put your thumb on the phone, that to me gets a zero out of 10.

Josh Long 18:53
Okay, that’s fair.

Kirk McElhearn 18:55
According to my threat model, if someone’s unconscious, the finger and the thumb are just available.

Josh Long 19:00
One other thing that we should mention about Touch ID is that you still have to know which fingers somebody uses to unlock their device. It’s not that hard to know, if you’ve seen somebody holding the phone, then you know, at least which is their dominant hand that they’re normally using the phone with. And most people are probably using that thumb to unlock their phone, maybe their index finger. So you I mean, you have a couple of tries before you get locked out of Touch ID so it’s pretty likely that you can get into somebody’s phone, even if they’re unconscious. Just by trying a couple of fingers that are likely to work.

Kirk McElhearn 19:37
There’s a problem because Apple allows for five unsuccessful attempts with Face ID or Touch ID before a passcode has to be entered. Now, if you take the four most likely digits the two thumbs into fingers, that’s only four I would think three would be safer, but then three might be too easy for you to mistake. I noticed that if I’ve just washed my hands in the kitchen, and then are completely drying up, put my finger on my iPad in the kitchen, it won’t unlock. So the possibility of it failing once or twice, is entirely possible. And I believe that after 10 failed attempts, it locks completely.

Josh Long 20:13
Now, it actually surprises me that it’s five attempts, I would have thought it was only three. So again, we thought this would be a good idea to talk about to revisit this topic, just because it’s good to know what is inside of your threat model, right? What’s a likely scenario where somebody could potentially try to break into your device? So if you’re going to bars getting intoxicated, and you’re with people that you know, you don’t know, if maybe you don’t want to have Touch ID enabled, I would say Touch ID is probably the one that you should be most concerned about Face IDs, probably not as bad as New York City officials are warning.

Kirk McElhearn 20:51
So here’s a tip, don’t use your thumb or your index finger. Because these are the ones that people are going to try first.

Josh Long 20:58
Yeah. Yeah. Okay. That’s a fair point. However, again, if somebody sees you placing a different finger on your phone, then they will know which finger to use if you’re unconscious, or whatever. So yeah, you have to think about like somebody can, at any point in time, see which finger you’re putting on your phone. And they can also look over your shoulder and see what you’re typing to unlock your phone. If you’re using a passcode. Again, the shorter passcode if you still using a four digit passcode, you need to move on from that that’s just not safe, it’s too easy for somebody to see what you’re typing in. or potentially even to guess if they know you well enough, they might be able to guess what four digit code you’re using. At least please use a six digit code, I really recommend that you use at least seven digits or a an alphanumeric passcode. It’s more secure, the more complex it is, the more difficult it’s going to be for somebody to look at you typing that over your shoulder and know how to get into your phone.

Kirk McElhearn 21:58
Okay, we have an article about this on the Intego Max security blog, I’ll link in the show notes, was it…there was a musician was it Kanye West, who was seen in a video unlocking his iPhone by tapping 6 times (I think it was four times) or maybe four times. Yeah, yeah, that’s kind of easy to spot. It’s not that it’s easy to figure out if you don’t see the person doing it. But if you see someone doing it, it’s easy to spot. Yeah.

Josh Long 22:19
Now this was several years ago, to be fair, and maybe he knew he was going to be in a public place unlocking his phone. And so maybe he changed it right before he got there, but probably not.

When and how should you perform a full factory reset on your Apple device.

Kirk McElhearn 22:32
Okay, now, Josh, I know you’re not the kind of guy who sells his used Macs and iPhones and iPads on eBay, or even trades them in very often. But if you do this, you need to make sure that you can do a full factory reset of your device. Now, whether it’s a Mac an iPhone, an iPad on an Apple Watch, or even headphones, Apple TV HomePod. All of these things have a lot of personal data. It’s not too long ago that this was a complex process. You had to do an awful lot of things to get to this point. Apple introduced the simplified process on its M series Macs M1 and M2 Macs, or Macs with a T2 security chip, which is a couple of Mac’s built between 2018 and 2020. And in System Preferences or System Settings depend on your operating system version, you have an erase all content and settings option. And this does all sorts of things, it resets Touch ID if you used it, it signs out of your Apple ID, it unpairs Bluetooth accessories, it removes all your Apple Wallet items, including Apple card, and it turns off, Find My and Activation Lock. Previously, you had all these steps, you’d have to sign out of Apple ID. But you couldn’t do that until you turn off Find My and then you’d have to go back and sign out of Apple ID and then you’d have to remove stuff from….you had to do it all manually. If you erased your disk completely, you were still safe. But the Activation Lock was the most important thing because someone who bought it, or someone you gave it to wouldn’t be able to turn it on and use it. So this is available now in pretty much all of Apple’s devices with varying abilities. For instance, the Apple TV doesn’t have a lot of your data, but it’s signed into your Apple ID, the HomePod is the same it’s signed into your Apple ID these devices don’t really store data the way a Mac and iPhone or an iPad does. This is important to know that you can do this and there are two cases when you do this. One is you’re selling giving away recycling. And the other is sometimes in order to do a full reset for troubleshooting. Maybe you’ve installed MacOS and hadn’t fixed your problem. Sometimes you have to wipe everything and start from zero.

Josh Long 24:39
So we actually have two articles about how to factory reset all of these things on the Intego Max security blog. One article focuses on the things that have less personal information on them. So that’s your Apple TV and HomePod those are signed into your Apple ID but besides that there’s not a lot of personal information stored on those devices. And then also how to factory reset AirTag, AirPods and, and Beats Headphones as well. The more complex article is the how to factory reset any Mac, iPhone, iPad, iPod Touch, or Apple Watch, which are devices…most of those except for the Apple Watch have more data about you stored on them, I suppose the watch actually does too, because you can even get your your IiMessages text messages on your watch. So there may also be some information on your watch that you want to make sure to get rid of before you get rid of it.

Kirk McElhearn 25:33
One interesting thing to note is AirTags, if you happen to find an AirTag, I don’t know you’re in a parking lot, you find an AirTag on the ground, you pick it up, you think, Oh, I’m going to be able to use this? Well, you actually can’t. You can reset it. But you can’t use it because it’s still locked to someone else’s account. So don’t think that if you find an AirTag, you’re gonna get lucky and be able to edit to your account.

Josh Long 25:54
Right. And I mean, these devices, the AirTag, if you buy it in a four pack on sale, you’re gonna get it for around 25 bucks. So it’s not like they cost a ton of money anyway.

Kirk McElhearn 26:05
if you do find an AirTag, you should reset it because someone may have dropped it by your car in the parking lot expecting you to pick it up so they could track you.

Josh Long 26:13
That’s a fair point. Yeah, so do reset it, do factory reset it. And Kirk actually recommends in the article that you remove the battery from it, you might actually if you have another AirTag, you could reuse that battery or anything else that uses the same button cell battery, like a watch or something like that. A non smartwatch.

Kirk McElhearn 26:32
Hey, I’m a cheapskate for things like that. If I can get a free battery, why not. In any case, it’s really good that Apple does this, go through the articles. Anytime you’re selling, giving away trading in, go through this article and see all the things you need to do. And you can be pretty sure now with the new T2 security ship or M Macs, you don’t even have to do a Secure Erase of your hard drive as long as you got File Vault on. When you reset the device, Apple wipes the key that allows it to be unlocked with File Vault, and all the data on there is just gibberish and no one can access it.

Josh Long 27:06
One more note on this. If you are the type of person who does like to sell things on eBay, please make sure that you’re actually going through this proper procedure before you list your items for sale. I’ve bought used iPhones in the past on eBay. And I’ve had very frustrating experiences with trying to work with the seller and explain to them that you didn’t actually reset this device properly and having to go through this process to be able to use the device that I just purchased. So it’s it’s good to know how to do these things correctly, especially if you’re going to be selling your device to a third party.

Kirk McElhearn 27:45
This Activation Lock is so important that a number of third party resellers who bought Mac’s can’t get into them because people haven’t deactivated them. And these devices end up getting recycled. Even Apple can’t do anything about these devices. You’re the only person who can with your account. So make sure you do this. Okay, that’s enough for this week. Until next week, Josh stay secure.

Josh Long 28:05
All right, stay secure.

Voice Over 28:08
Thanks for listening to the Intego Mac podcast, the voice of Mac security, with your hosts Kirk McElhearn, and Josh long. To get every weekly episode, be sure to follow us on Apple podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode The Intego website is also where to find details on the full line of Intego security and utility software.

If you like the Intego Mac Podcast podcast, be sure to rate and review it on Apple Podcasts.

Intego Mac Podcast

Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →