Apple has released updates for most of its current operating systems—iOS 14.4.1 and iPadOS 14.4.1, macOS Big Sur 11.2.3, and watchOS 7.3.2—to address a single security issue in WebKit that could let attackers execute arbitrary code from a Web page. Separately, Apple updated Safari 14.0.3 (8 March 2021) to new builds for 10.15 Catalina and 10.14 Mojave.

The language in the security notes linked above is standard phrasing, but the fact that Apple would update all its operating systems and the relevant bits in Catalina and Mojave suggests that the vulnerability is serious.

Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved validation.

If you’re already running the latest versions of Apple’s operating systems, we recommend installing these updates sooner rather than later due to their narrow scope and the likely severity of the vulnerability.

Here’s how to install the updates:

• iOS 14.4.1 and iPadOS 14.4.1: Install the 143.6 MB iOS 14.4 update (on an iPhone 11 Pro) from Settings > General > Software Update. The iPadOS 14.4 update weighs in at 84.1 MB on a 10.5-inch iPad Pro.
• macOS Big Sur 11.2.3: Use System Preferences > Software Update to install the 2.44 GB update.
• watchOS 7.3.2: Open the Watch app on your iPhone and go to My Watch > General > Software Update. It’s a quick update (60.4 MB on an Apple Watch Series 4) but does require that the watch be on its charger and charged to at least 50%.

Over the weekend, MacRumors broke the news that Apple had quietly added a “while supplies last” tagline to its iMac Pro product page. Apple has since confirmed to MacRumors that it is phasing out the iMac Pro.

Apple first introduced the iMac Pro in 2017 as a stopgap in the lull between the 2013 Mac Pro and the 2019 Mac Pro (see “Apple Releases the iMac Pro,” 15 December 2017). However, other than resetting the core model from an 8-core processor to a 10-core processor in 2020, the iMac Pro languished for over three years without any updates from Apple.

The iMac Pro had a few things working against it. Along with a hefty price tag that started at $4999, the iMac Pro suffered from a lack of expandability and repairability, both key to professional users. Apple also didn’t support it well. When one of Linus Sebastian’s employees broke an iMac Pro, Apple refused to fix it. Linus eventually recruited independent repairman Louis Rossman to help fix it.

When Apple rolled out the redesigned Mac Pro in December 2019 for only $1000 more than the iMac Pro, there was little reason for professionals to opt for the iMac Pro instead (see “2019 Mac Pro and Pro Display XDR: Big Iron for Big Bucks,” 10 December 2019). The Mac Pro was both a much more powerful machine and had the expandability and repairability pros want, even if Apple’s support hasn’t improved much (see “Apple’s Mac Pro Support Reportedly Lacking,” 14 March 2020).

However, the release of Apple’s M1 processor was the true death knell for the iMac Pro. The M1 offers such a massive leap in performance over Intel processors that the base-model MacBook Pro beats even the Mac Pro in single-core benchmarks and gives it a run for its money in multi-core tests. And that’s a chip Apple tweaked for power efficiency for its low-end Macs, not one designed for maximum performance.

We expect Apple to start releasing significantly faster successors to the M1 for professional-level desktop Macs within the next year. It’s not inconceivable that an Apple silicon-powered iMac Pro could return, but given Apple’s lack of enthusiasm in the past, it seems more likely that the company will focus on the iMac and the Mac Pro.

The report from J.C. Stauttener was unusual. He had received the Dutch translation of TidBITS in email every week for years, but in the last few months, when he opened one, he wouldn’t be able to scroll in the issue. His workaround was to reply to the message, at which point he could scroll through the quoted text with no problem. The problem started in macOS 10.15 Catalina, he said, but it persisted through a clean install of macOS 11 Big Sur. Nor did the problem afflict any other messages—just TidBITS in Dutch.

I was, frankly, befuddled. None of my basic troubleshooting suggestions (testing in the preview pane versus a standalone window, trying a different user account or Mac, etc.) made any difference. While J.C. and I were going back and forth, our estimable Dutch translation team was investigating the problem as well. In short order, they figured it out.

We frequently embed YouTube videos and Google Forms-based surveys in articles on our Web site. It’s a superior user experience—rather than having to click a link and be sent off to YouTube or Google Forms, you can just watch the video or respond to the survey inline. However, email marketing company Mailchimp recommends against including embedded video and content that uses the IFRAME tag in email messages because most email clients either don’t support the necessary HTML tags or explicitly block them for security reasons (IFRAMEs often contain scripts that could potentially be malicious). As such, our custom WordPress-based system automatically strips embedded videos and IFRAMEs before sending an article in email or building an email issue. We always provide a backup text link for those receiving it in email.

I had failed to mention this technical quirk to our translators, who have always created their own processes for translating articles and assembling them into an issue. Since they start their translation from the Web version of each article, they were getting the embedded videos and IFRAMEs in their source material. The Japanese translation team had independently discovered the problem and stripped any IFRAMEs from their issues, but the Dutch team, unaware of the concern, left them in. We use IFRAMEs only infrequently, but because we were running surveys alongside Jeff Porten’s CES 2021 articles, they popped up in quite a few issues so far this year.

Therein lies the rub. Although Mailchimp says that Mail is the only major email client to support the HTML5 embedded media tags, it apparently cannot handle IFRAME content—or at least the IFRAMEs containing Google Forms that we were creating—or even fail gracefully. That’s a bug, and I’ve reported it. I don’t anticipate Apple devoting much attention to it, though, given how few people would accidentally include an IFRAME in email at this point in time.

Nevertheless, if you ever find yourself unable to scroll a message in Mail, the reason is likely due to an embedded IFRAME in the source. The workaround is to reply to the message and read the quoted text, and you will gain tech karma points for alerting the sender to the problem with a link to this article.

There has been a lot of buzz in the Apple world lately about designer Dustin Curtis and his locked Apple ID. It’s a long and winding tale, but one that’s disturbing for those of us who are heavily invested in the Apple ecosystem. In short, Dustin’s Apple ID ended up locked such that he couldn’t download or update apps, nor could he use Apple Music. His iCloud calendar stopped syncing, and even Handoff stopped working. However, iMessage and Photos continued to work.

How It Happened

The good news is that Apple has reactivated Dustin’s account, but the concerns remain. Let’s try to piece together a timeline of the story:

1. Sometime in January: The bank account number tied to Dustin’s Apple Card account changed, causing autopay to fail.
2. Mid-January: Dustin bought an M1-based MacBook Pro with his Apple Card. Apple offered a trade-in credit for an old MacBook Pro, and Dustin was told he would receive a trade-in kit and would have two weeks to send it in.
3. The trade-in kit never arrived.
4. Apple apparently tried to charge the Apple Card.
5. Mid-February: Apple sent Dustin an email asking about the trade-in. Dustin replied that he never received the kit but didn’t receive a response from Apple.
6. February 15th: Apple sent another email saying that it was unable to collect full payment for a new iPhone (that was erroneous, and was presumably an automated message) and that Dustin’s iTunes and Mac App Store accounts would be disabled until he resolved the situation with an Apple Card specialist at Goldman Sachs. Dustin missed this email initially, finding it only in a search after Apple locked his account.
7. Late February: Dustin discovered that his account had been locked. He immediately called Apple Support and was told that they could do nothing except escalate the issue and that he should hopefully get a call within a day.
8. Two days later, Dustin called Apple Support again. The representative said something about Apple Card but couldn’t help because Apple ID was a different department. The support rep emailed that department—email was apparently the only way to contact them.
9. Dustin found the email he missed earlier and corrected his Apple Card info. However, when he tried to reply to that email, he received an automated “Address not found” bounce.
10. Dustin used Apple Business Chat to contact Goldman Sachs support, who said they would email the Apple ID support department.
11. An Apple ID support rep called Dustin to tell him that his accounts would be restored in 3–5 days. That happened, and all is back to normal.

In a statement to 9to5Mac, Apple denied that the issue was at all related to Apple Card:

We apologize for any confusion or inconvenience we may have caused for this customer. The issue in question involved a restriction on the customer’s Apple ID that disabled App Store and iTunes purchases and subscription services, excluding iCloud. Apple provided an instant credit for the purchase of a new MacBook Pro, and as part of that agreement, the customer was to return their current unit to us. No matter what payment method was used, the ability to transact on the associated Apple ID was disabled because Apple could not collect funds. This is entirely unrelated to Apple Card.

However, developer and blogger Michael Tsai questions Apple’s explanation:

As far as I can tell, it really is an Apple Card-specific issue. With a regular credit card, you can imagine that Apple would have pre-authorized a charge for the trade-in in case it didn’t arrive. And if the bank account linked to the card changed, that would not be Apple’s concern. Apple would add the additional charge, which would go on the card account, the issuer would pay Apple, and then from Apple’s point of view there would be no debt.

Many commentators have suggested that this situation was Dustin’s fault, and while that’s at least partially true, it also exposes some problems at Apple’s end.

Dave Mark at The Loop said:

And to be clear, I think I am less concerned that Apple disabled Dustin’s account as I am that it took so long to address the issue. If the call to Apple customer support had made the issue clear immediately, a couple of clicks would have resolved this. As is, and if true, looks like the left hand didn’t know what the right hand was doing.

At the very least, it seems that Apple has fallen prey to what happens to so many large companies: entire departments don’t communicate with each other, aren’t aware of broader company policies, and can’t resolve problems outside of their direct sphere of influence.

For the rest of us, Dustin’s story throws a spotlight on the danger of doing too much business with a single company. When you buy your hardware from Apple, purchase your software through the App Store, and rely on subscriptions to Apple cloud services, paying for it all with an Apple credit card, you’re signing up for both great convenience and a certain level of risk. That’s not necessarily a bad strategy, but as the 19th-century industrialist and philanthropist Andrew Carnegie recommended, “Put all your eggs in one basket and then watch that basket.”

In this case, watching the basket would entail paying attention to the effect that bank account numbers changing might have, making calendar reminders for known deadlines (like the trade-in kit arriving and its two-week return period), and creating an email strategy that reduces the chance of missing an important message.

It’s also worth putting some thought into how you would work around such a problem if it happened to you. Most Apple services aren’t mission-critical—you could probably go without Apple TV+ or Apple Fitness+ for a while—but what about iCloud Mail and iCloud Drive? Would the loss of iCloud Calendar syncing be problematic? Ensuring the continuity of certain services is yet another facet of a modern backup strategy (see “The Role of Bootable Duplicates in a Modern Backup Strategy,” 23 February 2021).

Much as I’m amazed by the performance of my M1-based MacBook Air, I miss MagSafe. And by MagSafe, I mean the original MagSafe charging plug technology that Apple introduced in 2006 on the first MacBook Pro. Inspired by magnetic power connectors in deep fryers and Japanese countertop cooking appliances, MagSafe made it trivially easy to plug and unplug the power connector.

The big win of the breakaway magnetic connector was that you couldn’t trip over a power cord and damage the power jack or pull the MacBook onto the floor. I can’t say if MagSafe ever saved me from such a calamity, but I appreciated using it for many years across several MacBook models. There was something so utterly satisfying about pushing the power plug toward the MagSafe jack and having it latch on with a solid thunk. Equally gratifying was being able to grab a MacBook off the desk with the merest wiggle to detach it from power.

The main complaint I ever heard about MagSafe came when Apple weakened the magnets in MagSafe 2. Several people accidentally disconnected the connector and pushed it up onto the MacBook just as they closed the screen onto it, breaking the screen. Andy Ihnatko also once complained to me that MagSafe connectors tended to get disconnected when working on soft surfaces like messy hotel beds. Regardless, MagSafe was justifiably popular with most people.

Apple’s desire to move to a single jack that could do double-duty for power and communications was the beginning of the end for MagSafe. USB-C offers those capabilities with a generally well-designed connector that is both slim and bidirectional. The only thing USB-C is not is magnetic.

Happily, Bloomberg’s Mark Gurman has published rumors suggesting that Apple plans to bring MagSafe-like charging back to the MacBook Pro line when it releases the next high-end models based on Apple silicon. But that won’t do those of us with an M1-based MacBook Air or MacBook Pro any good.

Enter Magnetic Charging Nubbins

There is a fix for people like me, who don’t plan to buy a new MacBook Pro purely for a better charging experience. Thanks to Marc Zeedar, who recommended one of these products in TidBITS Talk, for turning me on to this product category.

Magnetic charging nubbins, which are readily available on Amazon from a variety of random Chinese manufacturers, have two parts. A tiny USB-C nubbin sticks out slightly from the side of the laptop, and an L-shaped magnetic connector connects to your existing USB-C charging cable on one side and grabs onto the nubbin with the other.

There are two types of these connectors for sale, those that support both power and 10 Gbps data transfer, and those that focus on charging, supporting just USB 2.0-level data transfer. I think relying on a magnetic connection for any data transfer is a terrible idea—it’s far too easy to disconnect accidentally. The data-focused magnetic nubbins are also quite a bit larger since they need more pins, so they may block two ports. I can’t recommend them.

However, for about $20, you can get a two-pack of the power-focused magnetic nubbins with support for up to 100-watt charging. Marc Zeedar recommended this set from Anmone, whereas I ended up buying a seemingly identical set from Fonken because they came in black and white instead of just black. (I thought the color difference might help distinguish between the charging cables for Tonya’s 2016 MacBook Pro and my M1-based MacBook Air.)

In real-world usage, the magnetic nubbins are as simple as I’ve described. I plugged the nubbin into one of the USB-C ports on my M1-based MacBook Air, plugged the L-shaped magnetic connector into my USB-C charging cable, and then slapped the two together to make a charging connection. A little blue LED illuminated to show the connection had been made correctly, and the MacBook Air made its happy little bong noise to indicate it was slurping down power. Disconnecting from power was just as easy as it ever was with the old MagSafe—I just hold the power connector down as I pick up the MacBook Air. Check out my quick video to see it in action.

Nubbin Niggles

In all honesty, the user experience with the magnetic nubbin isn’t as good as Apple’s MagSafe. Either the magnets aren’t quite as strong, or the “outie” design of the magnetic nubbin means that it’s more readily subjected to shearing forces that break the connection. The old MagSafe ports were “innies,” which made their connections a bit more secure. The other problem is that the standard Apple USB-C charging cable is thicker and less flexible than the old MagSafe charging cable. That makes it a little harder to connect successfully since the magnetic connector has to align perfectly with the nubbin, and it’s more likely to be disconnected by movement.

I also don’t love the L-shaped design. Apple went back and forth on that, with both a T-shaped design that had the cable perpendicular to the edge of the laptop and an L-shaped design that routed the cable parallel to the edge of the laptop. I preferred the T-shaped design before, too—it just feels more natural to me.

Another slight downside is that the nubbin is small enough that it’s a touch tricky to extract from the USB-C port if you need the port for something else. It’s not that hard, but it can be a little frustrating if you just cut your fingernails. I also wouldn’t be surprised if some percentage of them broke—for $10 each, I don’t expect high-end manufacturing.

Finally, some have noted that only one side of the L-shaped adapter has an LED, rendering it harder to determine if it’s connected when the LED is facing down. While I understand the criticism, I consider it more of a feature than a bug, since there are times—hotel rooms while traveling, notably—when I cover overly bright LEDs with carefully placed socks.

All that said, after a few weeks of usage, Tonya and I are happy with the magnetic charging nubbins on both of our laptops. If you’ve been missing MagSafe as well, I think they’re worthwhile, given how inexpensive they are.