Intego Mac Security Podcast

Unintended Consequences of Third-Party iOS App Stores – Intego Mac Podcast Episode 334

Posted on by

iOS and iPadOS updates bring security fixes and changes for iPhone users in the European Union. Those changes include Alternative App Marketplaces, AKA third-party app stores, on iOS, and Apple’s approach puts user security at risk.

If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.

Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at, and use this link for a special discount when you’re ready to buy.

Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.

Transcript of Intego Mac Podcast episode 334

Voice Over 0:00
This is the Intego Mac Podcast—the voice of Mac security—for Thursday, March 7 2024. This week’s Intego Mac Podcast security headlines include: iOS and iPadOS updates bring security fixes and changes for iOS users in the European Union. Those changes include Alternative App Marketplaces, AKA third party app stores. We have questions. Now, here are the hosts of the Intego Mac podcast, veteran Mac journalist, Kirk McElhearn, and Intego’s Chief Security Analyst, Josh Long.

Kirk McElhearn 0:41
Good morning, Josh. How are you doing today?

Josh Long 0:43
I’m doing okay. How are you, Kirk?

What new features and security fixes are part of iOS and iPadOS 17.4?

Kirk McElhearn 0:45
I’m doing all right. We’re recording this on Wednesday, March 6. And we had some updates to iOS and iPadOS yesterday. But we haven’t had the Mac updates. Now, I’m going to bet you, Josh, that Apple will release the updates just after we finish recording the updates for macOS, TVOS, watchOS etc. Just when we’re finished recording the podcast. So we can’t say on the podcast that they are available or could be.

Josh Long 1:10
But just to be contrarian, I’m going to say that they’re going to come out sometime later, or possibly not even this week, but we’ll see about that. So here’s the thing, like Apple had to release these new updates, specifically the iOS updates because of this new law that went into effect in the EU effective this month. And so Apple had to, among other things, allow third party app stores in the EU. And so that was one of the reasons why Apple needed to come out with this big new iOS update. And of course, because a lot of the same functionality and technologies that are underlying in iOS are the same for iPadOS they also released iPadOS 17.4, even though the iPad is does not fall under this DM a European law.

Kirk McElhearn 2:05
That’s right. It’s only the iPhone because the European Commission deemed that the iPad didn’t have enough market share.

Josh Long 2:11
Right. But we did get–let’s start out with the vulnerabilities. And then we can talk about, more about the features.

Kirk McElhearn 2:17
Let’s talk about the vulnerabilities. And then we’ll talk about the vulnerabilities that are inherent in Apple’s response to the DMA.

Josh Long 2:24
Right, right. Apple has really only revealed four vulnerabilities that have been patched so far by name. So they give CVE numbers for four vulnerabilities of which two of them have been exploited in the wild. So remember, Apple is no longer saying “actively exploited” now they’re just using the word “exploited” instead. But it means basically the same thing.

Kirk McElhearn 2:47
And they’re no longer saying “in the wild” either.

Josh Long 2:51
Yeah, they don’t say “in the wild”, I just add that in just to clarify that somebody somewhere apparently got exploited using this vulnerability. So one of them is a kernel vulnerability. This was also patched in an update for iOS 16 and iPadOS 16. And there were three other vulnerabilities. The other one that was exploited was a vulnerability in RTKit. Now, both the kernel and RTKit are technologies that exists on multiple Apple platforms. And so for some reason, the RTKit one wasn’t fixed for iOS 16, even though it was also exploited. That seems kind of odd.

Kirk McElhearn 3:31
What is RTKit? We’ve never talked about that before, when we’ve discussed vulnerabilities.

Josh Long 3:35
RTKit stands for real time kit. This is just an underlying technology and Unix like operating systems, including macOS. And it has to do with the scheduling of processes and threads, basically background apps and things like that.

Kirk McElhearn 3:49
So I wonder why there could be a vulnerability here, could some malware exploit RTKit to be able to run more processes threads or something on a Mac? We don’t know. We’ll have to wait until Apple issues their information in their security notes to say exactly what happened and what was done.

Josh Long 4:07
Yeah, I don’t know that Apple will reveal more information what they did say and actually it’s the exact same description for both the kernel vulnerability and for RTKit, which kind of makes me think that they’re related. Maybe they were chained together. They say an attacker with arbitrary kernel Read and Write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. And they say that both of these vulnerabilities were fixed by addressing a memory corruption issue with improved validation.

Kirk McElhearn 4:40
Improved validation. I love improved validation. It’s great when we get an update with improved validation. That’s what I’ve always been waiting for. Okay, so there’s new features as well, before we get to the biggest new features. One that you may notice, if you listen to this podcast in Apple’s Podcast app, is that you’ll be able to view a transcript of the podcast. Yes, and they look pretty reliable. They seem to be done in the background. In other words, it’s not when you start listening to a podcast that the transcript starts grinding and you have a gear icon. Once you tap view transcript, you see the entire transcript of the episode. So that means that as soon as an episode is released, Apple’s got a server someplace it’s doing this transcript. Now, you might choose to read the transcript instead of listening to the podcast. But what you won’t know is who’s saying what, in other words, it does paragraph breaks, but it doesn’t identify voices, because he doesn’t know that this is my voice, and that Josh’s voice is different. However, on the Intego Max security blog, we post transcripts of all the episodes. So if you do want a transcript, you can go to the blog post, and you can read the transcript with the voices, which is better. And it’s also artisanally edited to make sure that the spelling of the people and the proper names and the names of malware are correct.

Josh Long 6:01
Right, exactly. So Apple’s technology is nice to have for podcasts that don’t have any kind of transcription. But it’s it’s not as nice as the handcrafted version that actually distinguishes between different voices. It seems like that should be kind of a basic feature if you’re going to transcribe podcasts because there’s not a lot of podcasts where it’s just one person talking.

Kirk McElhearn 6:25
But how would they know whose voice is what the only way I could think that they could do it is they would have us log into what’s called podcasts Connect, which is the Apple portal for a podcast, and that we look at a transcript and identify voice segments. So it learns it. So it can do it in the future. So we use Otter to transcribe the podcasts. And Otter does that. When we first started doing transcripts, we identified my voice and Josh’s voice and the voiceover of our producer who reads the intro and the ad read in the outro and Otter knows this for every episode. So Apple only needs to be taught this once. And maybe they will do this in the future. It’s worth wondering why Apple is doing this. I mean, we’ve been adding these transcripts to the show notes for a while because we want to have a record with the names of the malware that we’ve discussed. And other things. I don’t think that many people actually read the transcripts. But you know what it gives Apple it gives Apple a huge corpus of text that they can put into a large language model, which ChatGPT is a large language model, we know that Apple is going to be coming out with some AI stuff that there’ll be announcing in June at the Worldwide Developer Conference. And maybe this is one way, they don’t care how precise it is. They just want lots of text, lots of spoken text. And maybe this is a way for them to build up their database. And I’m going to look into this for the next episode, I’m going to see if there’s any…I know that you can choose to opt out of transcripts for any podcast on Podcast Connect. And maybe the opting out would mean that you’re not giving Apple the text of your podcast to put into their large language model.

Josh Long 8:07
Hmm, that’s really interesting. It also makes me wonder if some future you know user accessible LLM that Apple is going to be offering maybe iOS 18 is going to give you for example, search results that include transcripts of podcasts that are on Apple’s podcast platform, so that that could be really interesting.

Kirk McElhearn 8:29
Yeah. Okay, so there are other big changes in iOS 17.4, aren’t there?

Josh Long 8:33
Yep. So we’ve talked about a lot of these things before, the biggest I think most notable change is that we have third party app stores now, right? Only in the EU. So if you’re in the UK, the US, pretty much anywhere in the world outside of the EU, you’re going to not be able to get these third party app stores. But if you are in the EU, then now you’ll soon have the option. Once these third party stores become available, which they are not yet, you’ll soon be able to download a third party store and then you’ll be able to get apps through that third party store. Among other changes, we now have the ability through apps obtained through those third party stores, they’re allowed to use a different browser engine. So for example, if Mozilla wants to release a version of Firefox, that uses its own Gecko rendering engine instead of Apple’s WebKit engine, they can do that same thing with Google Chrome, Google can you can use their own engine if they decide to distribute a version of Chrome outside of the official Apple App Store on some third party app store. And any other browser can do the same thing.

Kirk McElhearn 9:49
But what happens if you leave the European Union?

Josh Long 9:53
Well, that’s a potential problem. And we’re going to talk more about that. That’ll be our main topic for today. So we’re gonna get back Up to that point of discussion, but yeah, that there’s some kind of big problems with this.

What is the current status of Epic Games’ relationship with Apple?

Kirk McElhearn 10:07
Okay. Now one thing that everyone is waiting for is the Epic Games App Store on iOS. What are we going to see that?

Josh Long 10:14
Well? That’s a great question, because it seemed like Apple was allowing Epic Games to have its own developer account. Again, remember, Apple banned Epic Games several years ago, because of some shenanigans that epic pulled where they tried to circumvent Apple’s in app purchase cut, you know, so they were allowing people to purchase things in app without giving Apple their cut of that purchase that in app purchase, you mean the apple tax? The Apple tax? Yeah. So because epic was bypassing that intentionally, blatantly, Apple revoked their developer certificate, meaning they could no longer distribute any apps on not only iOS, but also macOS, any Apple platforms. So just recently, epic posted that they had gotten access again, they had to have a new developer account, and Apple apparently issued it to them. And so they were planning to release a new epic game store. And all of a sudden today…

Kirk McElhearn 11:17
And then there was a plot twist.

Josh Long 11:20
Yeah, apparently Apple revoked Epic Games new developer certificate. Hmm. That’s kind of odd.

Apple announces M3 MacBook Air models

Kirk McElhearn 11:28
Yeah. And Epic just announced this today on March 6, and they are unhappy. And, you know, I’m getting tired of this. Like, they’re all acting like children here, someone’s got to sort this out. It’s not for us to really go into much detail on a play fortnight, so I don’t care that much. What is important is that if you’re in the EU, you will have these third party app stores. So we are going to talk about potential security risk a little bit later, before the break some new Apple hardware M3 MacBook Air, because the M2 wasn’t good enough, so they had to increment it to the M3. Now, apparently, early benchmarks show it to be about the same as the MacBook Pro. So you’re getting the same speed and processor and all those features without getting all the extra elements that you get with the MacBook Pro, I did read that the M3 MacBook Air can support two displays, previous models could only support one. And Apple has finally finally retired the M1 MacBook Air which they were still selling, which was the last with the original aerodynamic wing shaped form that the MacBook Air has had since what 2007 or 2008. So that was a big deal. Of course, Apple just announced this via press release. They didn’t do any sort of Event because I mean, what’s the difference an M2 MacBook Air M3 MacBook Air. It’s the same thing. It’s just incremented by one. There’s a new Apple watch band, a new Hermes watch band, which it’s supposed to look like, you know, driving gloves with the holes in it, it kind of looks like that. It’s like a knitted type thing that that harkens back to the Hermes driving gloves of the 30s or something. I guess that’s Apples, you know, on one hand, you get a MacBook Air the other hand, you get new watchband, that’s this week, are you going to buy any of these new products, Josh?

Josh Long 13:15
No, I’m not in the market for a watchband. And I don’t really need an M3 MacBook Air. I mean, like at some point, I’ll probably get an M3 or later. But right now, the M1 processor that I’m using is working just fine for me.

Kirk McElhearn 13:31
So worth pointing out that you could get three of these new Hermes watchbands for the price of the M3 MacBook Air, no three and a half. It’s $349.03 MacBook Air, so it’s a 1099.00 So let’s say four Hermes watchbands for MacBook Air and still have some change left over to buy a hotdog. We’re gonna take a break when we come back, we’re going to talk about a serious security risk with third party app stores in the European Union.

Voice Over 14:00
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at That’s and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.

Details about Apple’s Alternative App Marketplaces beg questions about security

Kirk McElhearn 15:16
So we talked about these third party app stores in the European Union, Apple calls them Alternative App Marketplaces, AAMs, we’ll call them AAMs from now on. Something would happen if you install some apps from an AAM in the EU. No, that’s too many abbreviations, a third party app store in the EU. If you leave the EU for short term travel, you will continue to have access to Alternative App Marketplaces for a grace period. I’m reading from an apple document that will link to in the show notes. If you’re going for too long. How long is too long, you will lose access to some features, including installing new alternative app marketplace, that’s fine, right? Apps you installed from Alternative App Marketplaces will continue to function. That’s great. But they can’t be updated by the marketplace. You downloaded them from Oh, so let’s get back to too long. If you go from Germany to the United States for a week on vacation, well, you’ll probably be able to access the Alternative App Marketplaces because they are giving you a grace period. Let’s say you’re going for three weeks for work, maybe you can no longer access the alternative app marketplace. The problem here is not so much that you can’t get new apps. But as Apple says, apps installed on Alternative App Marketplaces will continue to function, but they can’t be updated by the marketplace you downloaded them from now we know a lot of people are going to install alternative browsers, as you mentioned, Firefox and Chrome, and maybe even Edge which is a Chromium based browser. And we know that most malware threats come via the browser these days. So if you’re using a third party browser, you will no longer be able to update it, if there are security fixes issued.

Josh Long 17:04
Right? Yeah, the browser is a high value target, because everybody uses a browser. And so you know, there’s a lot of people who are trying to find ways to exploit browsers to potentially infect devices, or do other bad things. So the idea of let’s, let’s say, just in a hypothetical scenario, let’s say that Mozilla comes out with a new version of Firefox, you move from some EU country, to Canada. And at some point, unspecified, we don’t know how long this grace period is, maybe you’ve lived there a month or so. And now you can no longer update that version of Firefox, it’s not clear exactly what is going to happen. It sounds like you won’t be able to open those third party app stores anymore. And that’s why you can’t update those apps obtained through that third party app store anymore, because there’s no update process that works outside of going inside that app. That’s the reason why Apple’s not going to allow you to update these apps anymore is because you would have to go into the third party app store in order to update those apps. But the problem with that is now you’ve got a version of Firefox that’s going to continue to run Apple does say apps you installed from Alternative App Marketplaces will continue to function. So that means you would have a version of Firefox that now has known vulnerabilities after some period of time, or Chrome or whatever it might be. And now you’ve permanently got a vulnerable app on your device. So what we don’t know is is Apple going to maybe pop up a dialog box saying, because you’re no longer in the EU, this app may be out of date in may pose a security risk, right? It would be nice if Apple did that Apple’s not saying whether or not they’re going to do something like that. But if they’re not doing that, then they’re really doing people a disservice. Because now, Apple devices, if they’ve moved from the EU to more or less permanent location outside of the EU, now they’re going to be much more vulnerable, especially if they’ve got these third party browsers.

Kirk McElhearn 19:18
Okay, so think of this scenario, you’re a student going to college in the US. You haven’t permanently moved, you’ve kept the app store and you’re in your original home country of Spain or Italy or Poland or whatever. And you can’t get updates to your apps. Now, what I think Apple is targeting is people who are outside the EU, such as in the US who want to install fortnight on their phones, and who use a workaround to set up accounts in some EU country. It’s not that hard to connect to an app store in a different countries using a VPN. But you do have to have a payment method. I mean, there are ways to do it. You can you can have people send you gift cards that you can put in your account. Apple has never enforced This in the past, I know many people who are in Europe and have us App Store accounts. There’s a well known Mac journalist who bought a vision pro who lives in a European country and has been writing about it. And it’s very clear that Apple does not enforce that sort of thing. But they seem to want to be enforcing it here, I think there’s two possibilities of things that Apple could do, they could make some sort of a pop up a suggestion to say, you know, this is I don’t think they would talk about security, they would say it can’t be updated, and something like that. The other possibility is that they start forcing people to switch their accounts, because you can switch the region of your account, it’s a kind of a permanent thing, it’s quite complicated, you have to have no credit to your account, like gift card credit, you have to have a payment method in the new regions, let’s say you’ve gone from Spain to the United States, you have to have a credit card in the US or something, you have to have an address that you put in. So it’s a complicated process. And a lot of people don’t bother, because in most cases, you’re able to get all your apps that you need. Most developers when they release an app, they release it in all the app stores right there. Even if it’s an American bank, they’re gonna release it in all the app stores because they know they have clients who are from other countries using other countries, app stores in the US. And it makes no sense for them to not have these apps. So I think Apple, the whole region thing, there’s logic in having this regional separation, if only because of value added tax that’s different in each country, right. And so they have to kind of enforce what can get sold where but now they’re in a situation where they’re trying to prevent people from potentially using an app store that they could have used before, of course, third party app store, the Apple App Store, they’re not going to enforce anything, I don’t think. And it just feels like they’re trying to do something to say, You know what, we’re still in control, regardless of what you forced us to do. And no, you can’t play fortnight on your iPhone, if you’re in the US.

Josh Long 22:01
Well, you may not be able to do that anyway. Well, we’ll have to see whether Epic Games ever gets their account back. But yeah, I understand that Apple’s kind of thumbing their nose at, you know, the EU because of this new legislation that they obviously don’t like. And they’re trying to kind of do the bare minimum and make it as annoying as possible. Just, you know, to sort of prove a point, I guess that that this new laws really egregious and Apple’s opinion, right. So I get what Apple’s doing. But this is not consumer friendly. And it could even potentially put consumers at risk. That’s the biggest problem, in my opinion.

Scheme uses simple AppleScript to fool user into installing malware

Kirk McElhearn 22:39
Okay. So we have some interesting new malware this week. And it’s not that serious, but there are some new techniques that are kind of worth talking about.

Josh Long 22:48
Yeah. So the first one we’ll talk about is there was an article on Krebs On Security, where he talked about calendar meeting links being used to spread Mac malware. And well, that’s not exactly accurate. So what happened was, this particular person had a startup, and they were contacted by somebody who wanted to supposedly set up a meeting with them. So basically, the meeting link didn’t seem to work. And so they were in communication with each other through telegram. And they said, Oh, try this link instead. And they had the person download an AppleScript, and run it on their computer thinking that they were installing some teleconferencing platform. And that still wasn’t working. And they said, Oh, okay, well, we’ll We’ll reschedule the meeting for another day. Well, days later, the guy realized, I think I just installed malware on my computer the other day, all of this to say, if somebody sends you a link and says, Hey, install some software, don’t do it. And in this case, it was an AppleScript, which is really bizarre and unusual. Normally, somebody’s not going to send you a script file, or even an AppleScript app for that matter.

Kirk McElhearn 23:56
Right. And a script file means that when you double click it, it opens the script editor app, and you see all the code in front of you. Which, for someone who doesn’t know much about computers, it just looks like gobbledygook, right? You can’t send someone an AppleScript app unless it’s code signed, notarized. And so the way that they could get around it was by sending the raw script. And of course, if the person’s talking to you and saying, Well, we have to do this really special process. So here’s what’s going to happen. And you click the play button, and it happens. And you don’t see what happens in the background. As it downloads something malicious. And installs it runs a shell script in the background and does all sorts of thing. I think it’s kind of clever to use AppleScript, particularly when the user is seeing it. It’s not hidden. Because most people don’t know what this is. They just wouldn’t think well, this person knows what he’s talking about. He’s going to fix this.

Josh Long 24:49
Right? So the main takeaway here is be careful about what people send, you don’t just run whatever random code that somebody’s sending you, or apps or scripts or whatever it might be.

What is Activator malware?

Kirk McElhearn 24:59
Okay, so what about Activator? I liked that name because it doesn’t sound like a strange malware name.

Josh Long 25:05
Yeah, so Activator is the name of so as a new Mac malware family that we’ve seen throughout the year so far, January and February, it’s come up a couple of different times. And this is yet another one of these Trojan horses. That’s how it’s presented. You come across this through BitTorrent. So basically, if you’re trying to pirate some software, and you go hunting around on BitTorrent to see if you can find a full version of some software, and you download it, you may actually be getting this Activator Mac malware, which is, of course, going to infect your computer, and it behaves as a backdoor meaning that it gives some bad guy, whoever developed that software, the ability to send commands to your computer. And so for example, they could do all sorts of things. They could steal your computer, they can take screenshots of whatever you’re seeing on your screen, they could turn on your camera or microphone and record you or other things like that.

Kirk McElhearn 26:02
I just I’m just trying to imagine who could ever think that downloading something through a torrent is going to be dangerous.

Josh Long 26:10
It’s not a good idea. We actually have an article on this from the Mac security blog from several years ago.

Kirk McElhearn 26:15
I was being sarcastic.

Josh Long 26:18
No, I I know. I know. People do. People actually do download stuff from from torrents all the time. And you know what it, there are legitimate uses for BitTorrent. But by and large, a lot of people really use it for piracy, whether that’s app piracy, or music piracy, or movie piracy, or whatever it might be. Bottom line, don’t do that. You’ll you’ll be safe. If you have accidentally downloaded some malware from a torrent. This Activator malware is of course detected by Intego virus barrier, so you will be safe. But we definitely don’t recommend that you go and hunt for software on Victoria.

Exploiting a device’s vulnerability to warn device owner of that vulnerability

Kirk McElhearn 26:56
Okay, we recently talked about how the Feds were hacking into people’s routers to update their firmware. And now we have a story about someone hacking into 3D printers to warn owners of a security for now I remember there was an early worm or virus and it goes back to the 80s or early 90s. That was designed to do something good to warn people about something but ended up doing something bad. The idea of anyone hacking into any device to say that I’m doing something good is really disturbing, at least to me.

Josh Long 27:28
Yeah, and the early days of malware, there were some examples of some code that wasn’t intended to cause damage or cause harm to your system. Sometimes they were kind of more meant as jokes. Obviously, malware has come a long way. And now it’s primarily used to steal information, and to give bad guys access to lots and lots of different machines. So they can, you know, make them part of a botnet or any number of other malicious things. In this case, what’s happening is that some 3D printers have become infected. Because they had a vulnerability, somebody decided that oh, well, I’m going to create a worm that is going to infect vulnerable 3D printers, and inform the owner of the 3D printer that their device is vulnerable and needs to be updated. So several owners of 3D printers have been posting online and saying that they’ve been getting these messages, they’ve been finding a file on their 3D printers storage drive that says, hacked machine, readme dot G code is the name of the file with underscores in between hacked in machine and read me. And then it says your machine has a critical vulnerability posing a significant threat to your security, immediate action is strongly advised to prevent potential exploitation, etc. And it says this is just a harmless message you’ve not been harmed in any way and has a little ASCII art of a worm. This is an example of a worm that’s designed with I guess, positive intent. They’re trying to encourage people to install software updates, so that really malicious people don’t infect their 3D printers and do something much worse.

Kirk McElhearn 29:10
I just don’t like hackers doing that, whether it’s the Feds or someone doing this to a 3D printer. I know that it’s good intentions, but you never know what could go wrong. All right, Josh, that’s enough for this week. And I’m sure that once we say “stay secure”, Apple will drop its updates to macOS and tvOS and watchOS and if you listen to this podcast and you know that the updates are out, we’re sorry because Apple waits until we finished recording before they released them. Until next week, Josh, stay secure.

Josh Long 29:38
All right, stay secure.

Voice Over 29:40
Thanks for listening to the Intego Mac Podcast, the voice of Mac security, with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at The Intego website is also where to find details on the full line of Intego security and utility software:

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →