Holiday coupon: save $120 to $150 on these upgraded M1 MacBook Air laptops

The best MacBook Air deals are available exclusively at AppleInsider where readers can save $120 to $150 instantly on upgraded models with coupon.

Cyber Week deals

The exclusive MacBook Air discounts are courtesy of Apple Authorized Reseller Adorama when you shop through this special pricing link and enter promo code APINSIDER during checkout. With the coupon, holiday shoppers can save anywhere from $120 to $150 on the popular configurations highlighted below, including those with 16GB of memory and/or extra storage.

M1 MacBook Air promo code deals

  • MacBook Air 7C GPU (M1, 8GB, 512GB) Space Gray: $1,079 ($120 off)
  • MacBook Air 7C GPU (M1, 8GB, 512GB) Silver: $1,079 ($120 off)
  • MacBook Air 7C GPU (M1, 16GB, 512GB) Space Gray: $1,249 ($150 off)
  • MacBook Air 7C GPU (M1, 16GB, 512GB) Silver: $1,249 ($150 off)
  • MacBook Air 8C GPU (M1, 16GB, 512GB) Space Gray: $1,299 ($150 off)
  • MacBook Air 8C GPU (M1, 16GB, 512GB) Silver: $1,299 ($150 off)
  • *Price with coupon code APINSIDER using the pricing links above. Offers are link and promo code activated.

(*) How to apply the APINSIDER coupon at Adorama

  1. Make sure you’re using a browser with cookies enabled that isn’t in private mode.
  2. Click on the price link to the desired configuration from this article or the Adorama price links in our Price Guides. You MUST click through our links in the same shopping session that you use our coupon. If you try to save a link for late, the coupon WON’T WORK. Once you click through a price link, you’ll see a price that’s higher than advertised (we’ll fix that in a moment).
  3. Add the MacBook Air to your cart anyway, and when you’re done shopping, begin the checkout process.
  4. Look for a link that says “Do you have a gift card or promo code?” next to the gift icon. Click that to bring up a coupon code field.
    Where to find Adorama coupon code field
  5. Enter the coupon code APINSIDER in the field and click apply. The discount should appear under “Promo Savings” above the order total.
  6. That’s it. As always, if you have any issues, you can reach out to us at [email protected] and we’ll try and help.

Additional Apple deals

Best Apple Prices

CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the "host" network namespace, for example with docker run –net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container’s privilege, regardless of what container runtime is used for running that container.

Cyber Monday scams? Fakespot says its tech can spot fraudulent reviews and sellers online

The pandemic has made it all but impossible for a retail company without an online presence to survive. While companies heavily dependent on foot traffic, like J.Crew and Sur la Table have filed for bankruptcy this year, companies that are expert in e-commerce have thrived, including Target and Walmart. Amazon has gained perhaps the most steam in 2020, attracting roughly one quarter of all dollars spent online by U.S. shoppers throughout the year.

Unfortunately, as more shopping moves online, fraud is exploding, too, and while many startups work with enterprises on the problem — flagging transactions for banks, for example — one New York-based startup, Fakespot, is using AI to notify online shoppers directly when the products they’re looking to buy are fake listings or when reviews they’re reading on marketplaces like Amazon or eBay are a fiction.

We talked earlier today with founder and Kuwaiti immigrant Saoud Khalifah about the four-year-old business, which got started in his own dorm room after his own frustrating experience in trying to buy nutritional supplements from Amazon. After he’d nabbed his master’s degree in software engineering, he launched the company in earnest.

As it happens, Fakespot was originally focused on helping enterprise customers identify counterfeit outfits and fake reviews. But when the pandemic struck, the company began focusing more squarely on consumers on platforms that are struggling to keep up and whose solutions are largely focused on protecting sellers from buyers and not the other way around.

The pivot seems to be working. Fakespot just closed on $4 million in Series A funding led by Bullpen Capital, which was joined by SRI Capital, Faith Capital and 500 Startups among others in a round that brings the company’s total funding to $7 million.

The company is gaining more attention from shoppers, too. Khalifah says that a Chrome browser extension introduced earlier this year has now been downloaded 300,000 times — and this on the heels of “millions of users” who have separately visited Fakespot’s site, typed in a URL of a product review, and through its “Fakespot analyzer,” been provided with free data to help inform their buying decisions.

Indeed, according to Khalifah, since Fakespot’s official founding it has amassed a database of more than 8 billion reviews — around 10 times as many as the popular travel site Tripadvisor — from which its AI has learned. He says the tech is sophisticated enough at this point to identify AI-generated text; as for the “lowest-hanging fruit,” he says it can easily spot when reviews or positive sentiments about a company are posted in an inorganic way, presumably published by click farms. (It also tracks fake upvotes.)

As for where shoppers can use the chrome extension, Fakespot currently scours all the largest marketplaces, including Amazon, eBay, Best Buy, Walmart, and Sephora. Soon, says Khalifah, users will also be able to use the technology to assess the quality of products being sold through Shopify, the software platform that is home to hundreds of thousands of online stores. (Last year, it surpassed eBay to become the No. 2 e-commerce destination in the U.S., according to Shopify.)

Right now, Fakespot is free to use, including because every review a consumer enters into its database helps train its AI further. Down the road, the company expects to make money by adding a suite of tools atop its free offering. It may also strike lead-generation deals with companies whose products and reviews it has already verified as real and truthful.

The question, of course, is how reliably the technology works in the meantime. While Khalifah understandably sings Fakespot’s praises, a visit to the Google Play store, for example, paints a mixed picture, with many enthusiastic reviews and some that are, well, less enthusiastic.

Khalifah readily concedes that Fakespot’s mobile apps need more attention. Indeed, these are where the company plans to spend time and resources following its new funding round. While Fakespot has been focused predominately on the desktop experience, Khalifah notes that more than half of online shopping is expected to be conducted over mobile phones by some time next year, a shift that isn’t lost on him, even while it hinges a bit on the pandemic being brought effectively to an end (and consumers finding themselves on the run again).

Still, he says that “ironically, a lot of [bad] reviews are from sellers who are angry that we’ve given them F grades. They’re often mad that we revealed that their product is filled with fake reviews.”

As for how Fakespot moves past these to improve its own rating, Khalifah suggests that the best strategy is actually pretty simple.

“We hope we’ll have many more satisfied users,” he says.

Swiss Apple reseller claims MagSafe Duo Charger to arrive Dec. 21

While Apple has yet to announce an official launch date for its MagSafe Duo Charger, an authorized reseller in Switzerland is taking orders for the device with a ship date of Dec. 21.

Digitec Galaxus is now accepting online orders for the MagSafe Duo, a dual-charging device capable of simultaneously powering an iPhone 12 and Apple Watch.

According to the reseller’s website, deliveries of the accessory are expected to ship between Dec. 21 and Dec. 29, though the dates could be temporary placeholders as the world awaits an official announcement from Apple.

Unveiled at this year’s iPhone event in October, the MagSafe Duo Charger has been listed as “coming soon” on the online Apple Store for weeks. With 2020 quickly coming to an end, however, the promised launch is in the offing.

Korea’s National Radio Research Agency gave Apple the green light to start sales of the charging accessory in early November, a decision that was followed by a similar proclamation from the U.S. Federal Communications Commission. For electronics, regulatory approvals typically signal imminent release.

The MagSafe Duo Charger is designed to deliver 15W of power to iPhone 12 series devices. Apple’s support documents reveal that the certain models, specifically the iPhone 12 mini, is restricted to a maximum of 11W or 14W depending on the adapter.

CVE-2020-9117

HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution.

New Patreon project seeks to bring Linux to M1 Macs

Developer Hector Martin, also known as “marcan,” on Monday launched a Patreon to fund solo work on a Linux port for Apple silicon Macs.

According to Martin, Apple’s M1-powered Macs are capable of running Linux, but creating a working port is a major undertaking; a near Herculean effort for one developer. He says he is up to the task, though the project would require dedication equivalent to a full-time job, thus the Patreon.

Martin has experience with open source code, from projects involving Nintendo’s Wii console to more recent Linux ports for Sony’s PlayStation 3 and PlayStation 4. The Patreon’s goal, according to the developer, is to massage Linux on M1 Macs “to the point where it is not merely a tech demo, but is actually an OS you would want to use on a daily driver device.”

Whether the operating system can actually run, and do so with stability, on Apple silicon is up for debate. In a series of posts to Real World Technologies forum earlier this month, creator Linus Torvalds said he would “absolutely love” to own an M1-powered Mac if it ran Linux, but is uncertain such a premise is feasible.

“The main problem with the M1 for me is the GPU and other devices around it, because that’s likely what would hold me off using it because it wouldn’t have any Linux support unless Apple opens up,” Torvalds told ZDNet last week.

Martin agrees that the custom GPU will be a major hurdle, along with effective power management.

Running Linux on things is easy, but making it work well is hard,” Martin says in the Patreon description. “Drivers need to be written for all devices. The driver for the completely custom Apple GPU is the most complicated component, which is necessary to have a good desktop experience. Power management needs to work well too, for your battery life to be reasonable.”

Patreon tiers range from $3 to $48 per month, with perks including the ability to vote on the development of upcoming features, patron-only livestreams and more. Martin estimates he needs about $4,000 a month to take on the project, and that goal is 91% complete at the time of this writing.

If the developer takes on the venture, he plans to collaborate with other developers and “anyone else who wants to contribute.” A timeline for completion was not discussed.

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers

The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.

Manchester United, an English Premier League stalwart and a football club with a huge worldwide fanbase, has been targeted by a cyberattack. Now, Man U may be facing a no-win scenario.

Reports suggest a ransomware attack, launched Nov. 20, 2020, is believed to involve the compromise of personally identifiable information (PII) and/or mission-critical information assets. These mission-critical assets, as yet unconfirmed, could be anything from business plans to highly competitive player transfer targets.

The club has claimed that customer information is not believed to be at risk in the attack.

Man U is one of the most popular and most profitable soccer clubs in the world, and the Red Devils are likely caught between a rock and a hard place. Should they pay the ransom, or should they sit tight? The decision is anything but simple, and both choices likely come with consequences.

Ransomware attacks have been around for decades, growing increasingly common in recent years. They have been especially prevalent during the COVID-19 pandemic, as many organizations failed to adequately secure data and systems when remote working became the universal norm earlier in 2020.

There has been little confirmed information about what exactly happened in the Manchester United incident and how the attackers gained access, as the organization has remained tight-lipped about the attack. The club described the attack as both “sophisticated” and “disruptive,” though many compromised entities often describe incidents as such when, in truth, they are anything but sophisticated.

“Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations,” the team said in a statement. Manchester United likely attempted to secure its networks prior to the attack, but the attackers still found a way in.

The UK’s National Cyber Security Centre (NCSC) is helping the club in its response to the attack. However, other than the UK’s Information Commissioner’s Office (ICO) being informed, little is known about what data might have been compromised.

If PII has been compromised, then Manchester United is likely to face a fine (eventually) from the ICO, which under the European Union General Data Protection Regulation (EU GDPR) could be up to 4% of its annual global revenue or about £18 million, whichever is greater. The pandemic has affected the club’s financial results, and its guidance on turnover for 2019-20 was for a revenue range equivalent to $730 million to $750 million. Undoubtedly 4% of this would be a significant number.

Further financial penalties could come from the U.S. government, as Manchester United is listed on the New York Stock Exchange (NYSE). The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory on Oct. 1, 2020, highlighting “the sanctions risks associated with ransomware payments related to malicious cyber-enabled activities.” The advisory goes on to state that “companies that facilitate ransomware payments… not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”

For Man U, again, the fine could be significant, with a figure estimated to be about $20 million.

Paying ransomware is not illegal in the UK, but is generally counselled against by Her Majesty’s Government (HMG). Doing so would surely add to the public embarrassment the team already faces.

Should the team choose not to pay the ransom, it may endure a longer, more difficult path to restore its business operations. More than two weeks after the attack, it has reportedly yet to restore full access to its systems, including its email. It may also have to recreate or rebuild valuable data assets.

Another risk of not paying is data extortion. According to Omdia research, should victims fail to pay the ransom, attackers increasingly threaten to release the victim’s sensitive data publicly, which would cause even more harm. While paying the ransom may seem untenable, the exposure of the team’s inner workings to the world may be even worse.

Undoubtedly the club is in an awful predicament. It will be very interesting to watch events unfold in Manchester.

Maxine leads Omdia’s cybersecurity research, developing a comprehensive research program to support vendor, service provider, and enterprise clients. Having worked with enterprises across multiple industries in the world of information security, Maxine has a strong … View Full Bio

Recommended Reading:

More Insights

12-hour flash deals: $799 MacBook Air, $300 off MacBook Pro, $150 off 2020 iPad Pro

Cyber Monday deals and steals continue on Apple products, with B&H matching the lowest price ever recorded on the 2020 Intel MacBook Air. Holiday shoppers can also save hundreds of dollars on MacBook Pros and grab the best price on a spacious 2020 iPad Pro.

Apple Cyber Monday deals continue

With inventory constraints plaguing the Apple space, now is the time to pick up holiday gifts at discounted prices before supply runs out.

Shoppers today can save $200 on Apple’s 2020 Intel MacBook Air in your choice of Space Gray, Silver or Gold. Now priced at $799 for the 256GB Core i3 processor — or $899 for the quad-core Core i5 model — these deals match the record low prices we saw during the Thanksgiving weekend.

Also available is a $300 cash markdown on Apple’s Mid 2020 13-inch MacBook Pro. This configuration features a multitude of uprades, including a quad-core 2.0Hz Intel Core i5 10th Gen proc, 16GB of memory and a spacious 1TB SSD.

Last, but certainly not least, is a $150 cash discount on Apple’s newest iPad Pro. The spacious 256GB Wi-Fi model in Silver is currently on sale for $949, with limited supply available at the reduced price.

Each of these Apple deals includes free expedited shipping within the contiguous U.S.

Additional Apple deals

Best Apple Prices