#1660: OS updates for sports and security, Drobo in bankruptcy, why TidBITS doesn’t cover rumors
In what may be the final feature release of its 2022 family of operating systems, Apple rolled out iOS 16.5, iPadOS 16.5, macOS 13.4 Ventura, watchOS 9.5, tvOS 16.5, and HomePod Software 16.5 with sports-related improvements and bug fixes. tvOS now offers a multiview option for watching up to four games simultaneously, and Apple News provides a Sports section that focuses on game scores, recaps, and more. The updates also bring essential security fixes, some of which migrate down to older versions of iOS, iPadOS, and macOS. Drobo has switched to a self-service support model and filed for Chapter 7 bankruptcy, suggesting that Drobo owners should start researching alternative storage solutions. After relating all these facts, publisher Adam Engst explains why TidBITS doesn’t cover rumors to avoid participating in the corrosive spiral they engender in the industry. Notable Mac app releases this week include Safari 16.5, macOS Monterey 12.6.6 and Big Sur 11.7.7, Fantastical 3.7.13, Default Folder X 5.7.7, PopChar X 9.5, BusyCal 2023.2.2, Parallels Desktop 18.3, Microsoft Office for Mac 16.73, Pixelmator Pro 3.3.3, and Affinity Designer, Photo, and Publisher 2.1.
iOS 15.7.6 and iPadOS 15.7.6 Incorporate Rapid Security Response Fixes
The fixes that Apple distributed in its first Rapid Security Responses were also needed by older versions of iOS and iPad (see “What Are Rapid Security Responses and Why Are They Important?” 2 May 2023). Apple has now released iOS 15.7.6 and iPadOS 15.7.6 to address two WebKit security vulnerabilities handled by the Rapid Security Responses for iOS 16.4.1 (a) and iPadOS 16.4.1 (a).
But that’s not all. The security notes outline 15 additional now-blocked vulnerabilities, including another WebKit vulnerability Apple says is being actively exploited in the wild. I recommend immediately updating older iPhones and iPads that can’t run iOS 16. If iOS 16 is an option for your device, you must upgrade to version 16.5 instead of updating iOS 15.
StorCentric and Drobo in Chapter 7: Start Looking for Drobo Replacements
A banner at the top of the Drobo website reads:
As of January 27th, 2023, Drobo support and products are no longer available.
Drobo support has transitioned to a self-service model. The knowledge base, documentation repository, and legacy documentation library are still accessible for your support needs.
We thank you for being a Drobo customer and entrusting us with your data.
In mid-2022, Drobo filed for restructuring under Chapter 11 bankruptcy alongside its parent company StorCentric. Both bankruptcies have now been converted to the liquidation-focused Chapter 7. While another company could still purchase Drobo and restart sales and support, the statement atop Drobo’s website offers little hope.
If you’re still using a Drobo, I encourage you to make sure you have good backups and start looking for an alternative, either a direct-attached drive or a network-attached storage device. Check out Jeff Carlson’s “NAS: What You Need to Know before Buying” (27 August 2018) and the latest version of his ebook Take Control of Your Digital Storage. Plus, our former managing editor Josh Centers still likes his Synology (see “Using a Synology NAS to Escape the Cloud,” 29 April 2022).
Don’t Worry about Retrospect
The initial version of this article raised the question of what would happen to Retrospect, which was also owned by StorCentric. I’ve now heard from Robin Mayoff, director of Retrospect Support (and a Retrospect employee since 1995), that Retrospect (like another StorCentric subsidiary Nexsan) has emerged from Chapter 11 under new company ownership. Mayoff posted this Alive and well note in Retrospect’s support forum:
A few articles have come out that talk about the StorCentric chapter 7 bankruptcy. Retrospect is under a new parent company. Customers for Retrospect are fully supported, and our website, distributors and resellers are actively selling Retrospect 19.1. Our engineering team is looking into new and exciting features for future versions of Retrospect. Support can always be reached at [email protected].
So I rescind any previous or implied suggestion that Retrospect users start looking for alternatives. Since its introduction by Dantz Development in 1989, Retrospect has survived through being purchased by EMC in 2004, shut down in 2007, revived in 2008 with a transfer to new EMC subsidiary Iomega, and sold in 2010 to Roxio, whose parent company Sonic Solutions was soon acquired by Rovi, which had no interest in backup software. The core Retrospect team then spun Retrospect out of Rovi in 2012 and developed the app for 7 years before StorCentric acquired it. If my math is correct, Retrospect’s new ownership marks the company’s eighth incarnation across 33 years, a history that exceeds even our own.
TidBITS Doesn’t Cover Rumors. Here’s Why
This is a sad story. A leaker identified on Twitter as @analyst941 says they were shut down by Apple. If their story is true, analyst941 was fed information by their sister, an Apple employee, who the company identified in a sting operation involving false information. In a farewell post, analyst941 said their sister was fired and that both she and they face legal action by Apple.
Apple hasn’t confirmed the story, but the accuracy of analyst941’s previous leaks makes it credible that they had an insider source. Apple’s sting operation also conforms to typical corporate anti-leak policy; in the security world, such an operation is called a canary trap. (Many years ago, a leaker told TidBITS editor Glenn Fleishman that Apple has long seeded different project code names to uncover leaks.) Find the general area of the leaks, feed different people uniquely trackable information, and then fire, sue, and—if the leak constitutes a crime—report those responsible to the authorities.
There’s nothing good about how this situation appears to have unwound, which exemplifies why TidBITS doesn’t cover rumors. In the technology field, outside of a whistleblower revealing illegal behavior, lies about a company’s products or services (particularly around data security), or activities that could endanger the public, leaks of confidential corporate information generally cause everyone to suffer—or at least look bad.
- Leakers break social and legal contracts with their employers, usually from a desire to seem important, though financial reward can also be a motive. Neither is positive, and the repercussions of being discovered can be life-changing. These people want to have their cake and eat it, too: they want to keep their job and show off by releasing secrets, such as in the case of Jack Teixeira, who allegedly posted confidential Pentagon documents to a Discord server.
- Companies come off as heavy-handed for running sting operations against employees and resorting to harsh penalties. But they have little choice given that revealing corporate secrets could materially hurt both the company and, by direct extension, its employees and shareholders. For example, Apple could see billions in lost or deferred iPhone revenue if buyers delay purchases in anticipation of rumored features.
- Publishers profit from this illicitly gathered material and encourage potential leakers with the promise of fame. Some even pay for information, adding a financial incentive. Creating a market for stolen secrets is responsible in part for generating a lack of trust between employers and employees, which encourages burdensome employment contracts and excessive employee surveillance. I never want TidBITS to benefit from the misfortunes of others. I write based on information that comes from reliable sources underpinned by analysis, publicly accessible documents, and other sorts of verifiable disclosures that aren’t leaks and don’t seem to harm individuals or our community.
- Consumers provide the paying (at least with their eyeballs) audience for this material, thus implicitly rewarding publishers and leakers alike. Why? The attraction of learning information that companies want to keep secret is almost salacious—how different is hearing that iOS 17 might offer options for alternate app stores from following rumors of <insert celebrity name here> cheating on their spouse? Yes, there can sometimes be utility in learning pre-release details, but is illicitly obtained information worth the cost?
Getting on my high horse is unlikely to make much difference in the tech media landscape. But I feel that shining a light on the corrosive nature of trafficking in leaks is worthwhile if doing so can even slightly reduce their supply and demand.
Sports and Bugs in tvOS 16.5, macOS 13.4 Ventura, iOS 16.5, iPadOS 16.5, watchOS 9.5, and HomePod Software 16.5
Baseball and soccer fans, take note! In the just-released tvOS 16.5, Apple has added multiview for the Apple TV 4K, allowing fans to watch up to four simultaneous streams, including Major League Soccer matches, “Friday Night Baseball” games, and select MLS and MLB studio shows. Apple says:
With this entirely customizable new multiview experience in the Apple TV app on Apple TV 4K, users can see the available live games displayed at the bottom of their screen, choose the ones they want to watch, and toggle between multiple layout options. Fans can also choose to display one match more prominently, or watch two to four matches in a split-screen view. Users can also control audio preferences, including the home radio feed for MLS Season Pass, and home and away radio for “Friday Night Baseball.” If a user wants to stop watching in multiview, they can quickly switch to full screen with one click.
There’s more for those who follow sports. With macOS 13.4 Ventura, iOS 16.5, and iPadOS 16.5, Apple News offers a dedicated Sports section to provide easy access to stories, scores, standings, and more. It claims to be specific to the teams and leagues you follow, but when I told it that I was only interested in running, it still insisted on showing me Top Stories about other sports. The pop-up menu in the upper-right corner lets you switch to a sport-specific view. Also, My Sports score and schedule cards in Apple News take you directly to game pages where you can find additional details about specific games.
I’ll continue pining quietly for coverage of Diamond League track meets and other exciting running events while looking at the remaining updates in this batch of Apple operating system releases.
macOS 13.4 Ventura
On the Mac side, macOS 13.4 fixes a bug that caused Screen Time settings to reset or fail to sync across devices, resolves a situation where Auto Unlock with Apple Watch fails to log you into your Mac, addresses an issue that caused Bluetooth keyboards to connect to the Mac slowly after restarting, and fixes a VoiceOver problem with navigating to landmarks on Web pages.
I haven’t experienced the Auto Unlock with Apple Watch problems, but I’ve become utterly addicted to the feature and evangelize it whenever possible, so it’s good to hear that Apple is addressing problems there.
iOS 16.5 and iPadOS 16.5
iOS 16.5 and iPadOS 16.5 both address an issue where Spotlight may become unresponsive and participate in the Screen Time fix.
iOS 16.5 also includes a new Pride Celebration wallpaper for the Lock Screen and jumpstarts Podcasts in CarPlay to ensure that it loads content.
watchOS 9.5
Apple’s release notes for watchOS 9.5 are unsatisfying. Although they claim that “watchOS 9.5 includes new features, improvements, and bug fixes,” the only thing Apple describes is a new Pride Celebration watch face. If you love it, there’s a matching Pride Edition Sport Band.
HomePod Software 16.5
Even more terse are the release notes for HomePod Software 16.5, which fall back on “This update includes performance and stability improvements.” And electrons. So many electrons.
Security Notes Explain Rapid Security Response Changes
Each of the operating system updates comes with a slew of fixes for security vulnerabilities:
- tvOS 16.5: 28 vulnerabilities
- iOS 16.5 and iPadOS 16.5: 39 vulnerabilities
- macOS 13.4: 49 vulnerabilities
- watchOS 9.5: 32 vulnerabilities
Most notable among the security notes are descriptions of three WebKit vulnerabilities that Apple says are being actively exploited, two of which were addressed by the first Rapid Security Response updates (see “What Are Rapid Security Responses and Why Are They Important?” 2 May 2023). One was the usual “Processing maliciously crafted web content may lead to arbitrary code execution,” but the other was a more interesting “Processing web content may disclose sensitive information.” Both were credited to an anonymous researcher, but don’t you want to know the story behind them? Maybe Apple does too.
Now we know why Apple didn’t publish any release notes for the Rapid Security Responses. The vulnerabilities addressed also existed in tvOS 16, watchOS 9, and the older iOS 15 and iPadOS 15 (see “iOS 15.7.6 and iPadOS 15.7.6 Incorporate Rapid Security Response Fixes,” 18 May 2023). Apple never discusses security vulnerabilities until all the updates for those vulnerabilities are available.
Remember how I timed the installation of the Rapid Security Responses to see how much downtime they would entail? My M1 MacBook Air and iPhone 14 Pro both took about 4 minutes before they were usable again. In contrast, installing the 1.59 GB macOS 13.4 update on the MacBook Air took 20 minutes, and updating the iPhone 14 Pro to iOS 16.5 took 29 minutes. I lost track of how long my 10.5-inch iPad Pro took and couldn’t spare the time away from writing to update my 27-inch iMac. I remain a fan of Rapid Security Responses and encourage you to install any future ones immediately.
Since only two of the three zero-day WebKit vulnerabilities were addressed by the Rapid Security Responses, I encourage you to install all of these updates soon. The impact of the third WebKit vulnerability is “A remote attacker may be able to break out of Web Content sandbox.” That sounds bad, and the fact that one of the security researchers reporting it works for Amnesty International’s Security Lab suggests that it may be exploited by the likes of the Pegasus spyware.