MacInTouch Amazon link...

Apple security and privacy

Channels
Apple, Security


Any data in your home should be encrypted... before it leaves. Doesn’t matter if its final destination is the cloud, a USB stick, or a hard drive. Just encrypt it by default. Apple makes this easy via FileVault (plus there are third-party programs, too). But, it has to be encrypted before you upload it. Then no one can scan it, whether they break into your home or into your cloud account.

Yes, this approach may not be as convenient as storing the data in easily browsed formats, but I see it as good hygiene. Some people don’t like the feel of seat belts either and argue for beltless driving... and yet even though the probability of a accident is quite low, most of us still see the benefit of always using our seat belts!

Similarly, encryption should not be seen as some sort of tool to make life difficult for law enforcement, as some in that community have tried to portray it. For the vast majority of users, encryption provides security from the small minority of miscreants that would like to do them harm.

Encryption is not about preventing Apple from scanning for nasty stuff. It’s about preventing social engineering hacks into your iCloud account from yielding something useful (see the celebrity hacks a few years ago).

Yeah, I would like to use iCloud to back up my phone in real time, but so far it doesn’t look like Apple offers a secure way for me to store my iPhone data there with the tools that Apple provides. That’s likely the fig leaf that Apple is throwing to three letter, law enforcement, and other agencies.... and so I risk some data loss if my phone goes missing.

Plus, Apple's pricing on iCloud storage in the past was pretty outrageous and only made sense for folks with no backup strategy.
 


Ric Ford

MacInTouch
"End-to-end encryption" changes things a lot, but iCloud doesn't offer that, nor does Dropbox, but Sync.com and Cryptomator do, for example, as does ProtonMail.
Yeah, I would like to use iCloud to back up my phone in real time, but so far it doesn’t look like Apple offers a secure way for me to store my iPhone data there with the tools that Apple provides.
And here's a new report on Apple's refusal, despite all its privacy marketing, to provide end-to-end encryption:
Reuters said:
Apple dropped plan for encrypting backups after FBI complained
Apple Inc. dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.
 


DFG

On the other hand, another big story yesterday was the revelation that the Manhattan D.A. is operating a "$10 Million lab" dedicated to cracking iPhones (and presumably other smartphones as well).

Reading about this incredible (and possibly illegal) overreach by law enforcement and -especially - the off-base statements of Manhattan D.A. Cyrus Vance, one comes away with the impression that Apple is still firmly on the side of reason and privacy.
 


FYI:
Google Researchers said:
Information Leaks via Safari’s Intelligent Tracking Prevention
by: Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, Roberto Clapis

ABSTRACT
Intelligent Tracking Prevention (ITP) is a privacy mechanism implemented by Apple’s Safari browser, released in October 2017[1]. ITP aims to reduce the cross-site tracking of web users by limiting the capabilities of cookies and other website data[2].

As part of a routine security review, the Information Security Engineering team at Google has identified multiple security and privacy issues in Safari’s ITP design. These issues have a number of unexpected consequences, including the disclosure of the user’s web browsing habits, allowing persistent cross-site tracking, and enabling cross-site information leaks[3] (including cross-site search[4]).

This report is a modestly expanded version of our original vulnerability submission to Apple (WebKit bug #201319[5]), providing additional context and edited for clarity. A number of the issues discussed here have been addressed in Safari 13.0.4 and iOS 13.3, released in December 2019[6].
 


Ric Ford

MacInTouch
Howard Oakley explores the intracices involved in Apple's "app first run" security mechanisms (quarantine, translocation, Gatekeeper, XProtect, notarization, and more).
Eclectic Light Co. said:
What could possibly go wrong on an app first run?
In yesterday’s article, I discussed problems which can arise when first running an app downloaded from the Internet, or delivered via AirDrop, which became translocated and then locked out during its first run. Although the process of app translocation was introduced in macOS 10.12 Sierra, it continues to trip users up, and in combination with the more complex Gatekeeper checks in Catalina, may leave you baffled as to why an app won’t complete its first run successfully. This article steps through the processes involved, and explains how you can deal with problems arising in them.
 


Ric Ford

MacInTouch
A new vulnerability has been identified in the Sudo (Superuser do) command-line program in macOS, Linux and other operating systems. Apple patched the vulnerability for macOS 10.13 and later, but not for macOS 10.12 and earlier. Exploiting the vulnerability requires a non-default mode setting in macOS, but the dangerous mode is the default in some other systems.
The Hacker News said:
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.

... According to Vennix, the flaw can only be exploited when the "pwfeedback" option is enabled in the sudoers configuration file, a feature that provides visual feedback, an asterisk (*), when a user inputs password in the terminal.

To be noted, the pwfeedback feature is not enabled by default in the upstream version of sudo or many other packages. However, some Linux distributions, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.

... To determine if your sudoers configuration is affected, you can run sudo -l command on your Linux or macOS terminal to find whether the "pwfeedback" option is enabled and listed in the "Matching Defaults entries" output.

... Joe Vennix last year reported a similar impact vulnerability in Sudo that could have been exploited by an attacker to run commands as root just by specifying the user ID "-1" or "4294967295."
Apple said:
About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
...
sudo
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2​
Impact: Certain configurations may allow a local attacker to execute arbitrary code​
Description: A buffer overflow issue was addressed with improved memory handling.​
CVE-2019-18634: Apple​

#Linux
 


Ric Ford

MacInTouch
Howard Oakley talks about today's security changes for macOS Catalina:
Electic Light Co. said:
Hardening and notarization finally arrive in Catalina
From today, 3 February, Catalina 10.15.3 finally reaches what Apple had intended to be its launch point: all newly-built apps and command tools for Catalina are now required to be both hardened and properly notarized. This doesn’t mean that you can’t run apps or tools which aren’t, indeed you can still run completely unsigned apps if you wish. But if an app has been signed from today onwards and you expect it to pass Gatekeeper’s full first run checks, hardening and full notarization are no longer optional.

... Over the coming weeks and months, we should finally start to see whether all this effort has been worth it, and does change the threat landscape in our favour.
 


Ric Ford

MacInTouch
Apple has pushed out new versions of its invisible anti-malware files, XProtect and MRT. (The updates are installed on macOS 10.12.6 Sierra, despite Apple having abandoned this macOS for other security updates.)
Eclectic Light Co. said:
Apple has pushed updates to XProtect and MRT
Apple has pushed two updates today, to the data files used by XProtect, bringing its version number to 2113, dated 5 February 2020, and to its malware removal tool MRT, bringing it to version 1.54, also dated 5 February 2020.

Apple doesn’t release information about what these updates add or change, and now obfuscates the identities of malware detected by XProtect using internal code names. Examination of the XProtect data files shows only minor amendments, with the naming of five signatures which were already in the Yara file. No new detection signatures appear to have been added at all.
 


Apple has pushed out new versions of its invisible anti-malware files, XProtect and MRT. (The updates are installed on macOS 10.12.6 Sierra, despite Apple having abandoned this macOS for other security updates.)
Thanks for the heads-up! Running macOS 10.12.6 here. Used the SilentKnight app to get the updates and the following info:
Finding available software
Software Update found the following new or updated software:
* MRTConfigData_10_14-1.54
MRTConfigData (1.54), 4100K [recommended]
* XProtectPlistConfigData_10_14-2113
XProtectPlistConfigData (2113), 68K [recommended]
Downloaded XProtectPlistConfigData
Downloaded MRTConfigData
Installing MRTConfigData, XProtectPlistConfigData
Done with MRTConfigData
Done with XProtectPlistConfigData
Done.
Everything is working so far.
 


Ric Ford

MacInTouch
Apple deployed updates to its invisible anti-malware files, XProtect and MRT, today. Howard Oakley has more details:
Eclectic Light Co. said:
Apple has pushed updates to XProtect and MRT
Apple has pushed two updates today, to the data files used by XProtect, bringing its version number to 2114, dated 20 February 2020, and to its malware removal tool MRT, bringing it to version 1.55, also dated 20 February 2020....
 


I am running Mojave and enrolled in the beta program. I just installed maybe the 5th or more beta security update for macOS 10.14.6.
 


I assume there is no way to manually update XProtect and MRT, like downloading the "latest definitions"and any issuances of updates is OS dependent ... for later versions than, say Sierra.

I am curious as to why the more popular third-party apps, like Malwarebytes, do not
post in the Apple App Store....
 


Ric Ford

MacInTouch
There's a "high" (CVSS 7.5) vulnerability involving Curl in OS X versions prior to macOS 10.12 Sierra (and Apple isn't supporting anything prior to macOS 10.13 with security updates).
NIST said:
NVD - cve-2016-4606
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
 



It's possible from the command line but easier and more informative with SilentKnight.
Thanks. I was sort of thinking, however, if there was a manual workaround trick for security updates for older macOS, like 10.12.6 Sierra. It still appears to me that any security updates are definitively tied to later versions of macOS, either through terminal command, or simply through App Store Software Update.
 


Ric Ford

MacInTouch
The Mac/iPhone clipboard can create a security problem - just think about copying and pasting a critical password or other sensitive data and then having it silently stolen without you realizing it...
ZDNet said:
iPhone and iPad apps can snoop on everything you copy to the clipboard | ZDNet
Did you know that all the apps on your iPhone and iPad can snoop on whatever you copy to the system clipboard (called pasteboard on iOS)? A new security demo by researchers at Mysk shows how this could be used by apps to get detailed information about the user.
Threatpost said:
Apple Takes Heat Over 'Vulnerable' iOS Cut-and-Paste Data
Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadsheet copied into an email.
 


Ric Ford

MacInTouch
I was sort of thinking, however, if there was a manual workaround trick for security updates for older macOS, like 10.12.6 Sierra.
No, there isn't. But it's complicated.

You can, for example, have fully up-to-date web browsers with the latest security patches... Firefox, Chrome, iCab, TenFourFox, etc., for older Mac operating systems, but Apple won't even give you Safari security patches for macOS 10.12 or older Mac systems!

But then there's today's example of the Curl vulnerability. Firefox and Chrome aren't going to patch that, and Apple won't patch it for OS X 10.11 or earlier. In this case, you could potentially replace Curl with an up-to-date version yourself, but it's not simple for someone who's not technically adept in related areas (if it's even feasible at all).

Software now is astonishingly and unknowably complex with components so numerous, widely-sourced, and tangled that you have little hope of really controlling any of it or the vulnerabilities and security mechanisms involved... just pray... and follow all the "best practices" you can.
 


Ric Ford

MacInTouch
Apple's stance on privacy in the U.S. seems to be at odds with its practices in China....
Mikey Campbell said:
Apple to again skip US congressional hearing on Chinese influence in tech
... Apple's willingness to kowtow to Chinese officials is often viewed as antithetical to its well-groomed image as a bastion of human rights, data privacy and free speech.

Beyond iCloud, Apple has agreed to pull controversial apps at the direction of China's government. Most recently, the company yanked HKMaps from the Chinese App Store during the recent Hong Kong protests. When pressed on the decision, the company said the app was in violation of Hong Kong law, a dubious claim considering the title's core functionality did not contravene local regulations, nor did it break rules laid out in Apple's own App Store Guidelines.

The company has a long history of removing apps in compliance with Chinese government requests. In 2017, it pulled The New York Times app and multiple VPN apps for supposed violations, while the Quartz app was likewise removed after it provided extensive coverage of the Hong Kong protests in October.
 


I assume there is no way to manually update XProtect and MRT, like downloading the "latest definitions"and any issuances of updates is OS dependent ... for later versions than, say Sierra.
Just to be clear, XProtect and MRT updates are still provided to OS X El Capitan [10.11] and above (although there appear to be some enhancements to the Catalina versions). They are normally updated automatically if you have enabled that in System Preferences and can be manually updated with a terminal command or SilentKnight.

The macOS Security Updates that you mentioned later are usually provided for the current and previous two versions of macOS and there is no alternate way to obtain them for other versions.
I am curious as to why the more popular third-party apps, like Malwarebytes, do not
post in the Apple App Store....
Apple rules covering App Store applications preclude them from being able to adequately identify and then quarantine or remove such infections. That's why all the effective anti-malware software must be distributed outside the App Store.
 


Just to be clear, XProtect and MRT updates are still provided to OS X El Capitan [10.11] and above (although there appear to be some enhancements to the Catalina versions). They are normally updated automatically if you have enabled that in System Preferences and can be manually updated with a terminal command or SilentKnight.
Just FYI, while GateKeeper updates are still available for Yosemite (10.10), there's no XProtect update available for Yosemite anymore (it's simply no longer part of the update catalog - not even an old/outdated version!).

So your old machine/ setup might just be stuck to the last update it has received (whatever version this is at) and then can't update from that anymore. If you're lucky, it's stuck with 2103 (the last version that was available). If you're unlucky, you're stuck with 2099 or <insert-some-random-number-that-is-smaller-than-2103>.

As a workaround, one can fetch the El Captain (10.11) update catalog manually and extract the direct download link to a more recent (latest?) XProtect update. The downloaded pkg will install fine on Yosemite, too. I'm not 100% sure it works properly, but it can't be worse than being stuck with an outdated version, I guess. A virus test file is still properly triggered at least.

Just a heads-up for people with unsupported versions of OS X. It probably also applies to earlier versions?
 


There's a "high" (CVSS 7.5) vulnerability involving Curl in OS X versions prior to macOS 10.12 Sierra (and Apple isn't supporting anything prior to macOS 10.13 with security updates).
I think this CVS is just a cumulative "Apple CVS" for all the security fixes that were applied between version 7.43.0 and 7.49.1 of Curl (Curl 7.43.0 was the latest version included in OS X 10.11, while macOS 10.12 then came with Curl 7.49.1.)

It's odd that this is published, like, 4 years later. It makes no sense really.

Nonetheless, I went ahead and built myself a new Curl on my Yosemite machine today (with almost all the bells and whistles, no less! :) Since there will be no updates for Yosemite anymore, I'm thinking about replacing Apple's retired Curl there entirely. I wonder if there could be side effects of some sorts (especially with libcurl). Does anyone have experience with such a drop-in-replacement of Curl?

Well… for now there's a fancy up-to-date Curl in "/usr/local" at least:
Bash:
/usr/local/bin/curl -V
curl 7.68.0 (x86_64-apple-darwin14.5.0) libcurl/7.68.0 OpenSSL/1.1.1a zlib/1.2.5 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0 librtmp/2.3
Release-Date: 2020-01-08
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets
Probably the outdated zlib should be addressed too. :)
 


I just returned from a short trip to Arizona, [and] unfortunately, this time I left my iPhone 7 Plus in the [airplane] seatback pocket. I realized this about 20 minutes after my pickup car had left the airport, so it was too late to return to the airport. I filled out the airlines "lost and found" form on another iPhone while on the drive home.

My iPhone's lockscreen has the message "If found, please call (phone number for wife's iPhone) or (phone number for home) for cash reward". The iPhone has a six-character passcode.

I have yet to receive a call... and I just received my once-every-three-days message from the airlines that they haven't found it yet. I figure there must be thousands of items lost at airports every day and didn't really expect them to find it so quickly, if it had even been turned in. I don't think anyone can actually use the phone, as it is passcode locked.

Immediately after returning home, I realized that the major problem I'm having is that now everything I need to do that requires two-factor authentication doesn't work, as my "second device" is the lost iPhone. No second number to text or call.

I can't get into iCloud to "find my iPhone". I can't get into my online bank accounts, because I don't have access to my second device for 2FA. I couldn't register for my doctor's appointment because no second device.

When the iPhone is in my home, my 2009 Mac Pro running Mojave will receive all messages sent to the iPhone via "Messages", but I guess that doesn't work with the iPhone being distant.

I think there is a way to get around all this by petitioning Apple, but it sounds complicated and takes a lot of time.

So, given that I might be quite some time before my iPhone 7 Plus is found and returned, or given up as lost and replaced, how can I work around the lack of 2FA in the meantime?

How can I prevent this from happening again in the future? Can I add a my lovely bride's different iPhone number to my account? Anything else?

Any and all tips and advice appreciated.
 


... How can I prevent this from happening again in the future? Can I add a my lovely bride's different iPhone number to my account? Anything else?
Any and all tips and advice appreciated.
I have the phone number of two family members listed as "trusted phone numbers" on my Apple ID settings. These are both iPhones so no need for SMS. I believe this would take care of your unfortunate situation (assuming the family members are nearby).
 



How can I prevent this from happening again in the future? ...Anything else?
Any and all tips and advice appreciated.
Ladd, I recommend obtaining and then securing a Google Voice phone number. There are several commentaries available online on how to separate and remove your personal information from Google Voice after signing up for a virtual phone number.
 


I have the phone number of two family members listed as "trusted phone numbers" on my Apple ID settings. These are both iPhones so no need for SMS. I believe this would take care of your unfortunate situation (assuming the family members are nearby).
Perhaps that is something I can do after my current iPhone is returned or replaced. Unfortunately, any attempts to access my Apple ID generate the message "A message with a verification code has been sent to your devices. Enter the code to continue." So I can't go any further to try and add additional phone numbers.
 


You can use Find My without needing 2FA - go to icloud.com/find
I tried that four times yesterday, and three times it said "can't find your iPhone." Once, it showed the iPhone at the Phoenix airport, which was where the plane was going after I got off in Baltimore. I have no idea if the phone is actually there or just the last place I used it while connected to a cell tower.

Four attempts to "find my phone" today all resulted in "can't find it"....
 


If you contact your mobile carrier and have them issue a new SIM card on your account (for use in a replacement phone), you'll be able to receive SMS texts on the replacement phone.

Any Apple device (Mac, iPhone, iPad, iPod Touch) logged in to your iCloud account should be able to receive iMessages and get the 2FA popups used by Apple's security.
 


I just returned from a short trip to Arizona, [and] unfortunately, this time I left my iPhone 7 Plus in the [airplane] seatback pocket. ... Any and all tips and advice appreciated.
Be wary of any message you get stating your phone was found. It could be scammers trying to trick you into unlocking your phone so they can reset it and resell it. With the advent of locked iPhones, this is how thieves are still able to profit from stolen (or found) iPhones.
 


I left my iPhone in an airplane at ABQ airport several years ago – it had been in my lap, and I just stood up and retrieved my carry-on from the overhead bin and forgot the phone. I also had an "In case of emergency" message on the front of the phone, with my wife's phone number listed, an offer to pay for its return, and, at the bottom, the entreaty "No Catholic Hospitals Please." I realized while still in the airport that I'd forgotten the phone, and went to the lost and found. No joy.

I called the office later in the day, describing the phone and its case; they didn't have it. I called the next day and didn't describe the phone, but rather asked if they had taken in any iPhones; they said yes, they had one, but it didn't have a case. I asked them to turn it on, which they did, and told me that it said something about Catholic hospitals. Now the line about hospitals is at the very bottom, beneath the rather prominent plea to call the phone number listed. I told them to hold it, returned to the airport, and gratefully retrieved the phone. Someone had obviously removed the inexpensive case and turned in the phone! Luckily for me, however, it was before the plane left for its next destination – probably because it was on the floor, not in the pocket of a seatback.

The emergency information obviously was no help in returning the phone in that situation (although it did let me ID the phone). I imagine that the number of cell phones that turn up on a daily basis make it unlikely that a busy (perhaps) staff may not check each one.

Whenever I try to Find My (wife's) iPhone, and it is out and about with her, I have to enter the code Apple sends to her devices, but the code always shows up on her iPad, which is at home, far away from the iPhone, which is with her.
 


... Whenever I try to Find My (wife's) iPhone, and it is out and about with her, I have to enter the code Apple sends to her devices, but the code always shows up on her iPad, which is at home, far away from the iPhone, which is with her.
If you enable Family Sharing, you won't need to enter in any codes.

(On iOS 13) Go to Settings > AppleID > Family Sharing and add Family Members. Also in this section there are Shared Features, one of which is Location Sharing. Each member can go into this setting and control whether others in the family group can see their location in the Find My app.
 


Immediately after returning home, I realized that the major problem I'm having is that now everything I need to do that requires two-factor authentication doesn't work, as my "second device" is the lost iPhone. No second number to text or call.
Are you referring to 2FA using SMS to your phone number, or 2FA using an authenticator app (One-Time-Passwords)?

If it's the former (which it sounds like), from my understanding of how carriers work, you should be able to get a new (or existing) phone, a new SIM, and get your carrier to assign your existing phone number to this new SIM (essentially, a sanctioned SIM swap), and 2FA SMS codes should come through to your new SIM/phone.

If it's the latter, then there should be two solutions, depending on how you backed things up:
  • If you backed up your phone with backup encryption enabled, any authenticator app worth its salt will be able to be restored with your existing OTPs you've already setup.
  • Depending on the service you use to set up the OTPs for that service, they may have given you the option to record backup recovery code(s) in order to be able to recover access; for those services, it's probably easiest to use that.
It's worth re-iterating that using SMS for 2FA is not secure and is not recommended! If at all possible, avoid SMS 2FA for any service you use. There's a good guide at Two Factor Auth (2FA) on how to set it up with an authenticator app (or other secure, non-SMS methods) for various services.

Using an authenticator app is much more secure but also needs a bit more care. (If you lose the device, you have to find other means to recover access, which is what recovery codes are useful for.)
 


The Mac/iPhone clipboard can create a security problem - just think about copying and pasting a critical password or other sensitive data and then having it silently stolen without you realizing it...
Does macOS keep a Clipboard log, or does the Clipboard clear prior entries as it's repopulated with new data?
 


Ladd, I recommend obtaining and then securing a Google Voice phone number. There are several commentaries available online on how to separate and remove your personal information from Google Voice after signing up for a virtual phone number.
I second. Also, when I'm traveling internationally, texts going to my Google Voice number can still be retrieved via email/the GV app/the GV web site, but I might not have access to SMS texts.

Also, if you have shared accts with your spouse, you can also set up email filters – e.g. text messages from (bank) automatically get forwarded to me and my wife, because sometimes we're both logging in at different times doing different things.
 


Whenever I try to Find My (wife's) iPhone, and it is out and about with her, I have to enter the code Apple sends to her devices, but the code always shows up on her iPad, which is at home, far away from the iPhone, which is with her.
How are you logging in to Find My? It should never require a 2FA code. If you're using the website, you have to go to icloud.com/find, not icloud.com.
 



Does macOS keep a Clipboard log, or does the Clipboard clear prior entries as it's repopulated with new data?
I doesn't keep a 'log' per se, but it does keep it in the clipboard until the next 'copy' operation (of the same type - so first copying a text password string will put it on the clipboard, and the next copy operation of any text string will "overwrite" it).

However if your use of passwords involve copy/pasting them, I would strongly suggest you use a password manager instead - even the lowly macOS Keychain is an improvement.
 



Ric Ford

MacInTouch
Another update to Apple's invisible Mac anti-malware files:
Eclectic Light said:
Apple has pushed updates to XProtect and MRT
Apple has pushed two updates today, to the data files used by XProtect, bringing its version number to 2115, dated 5 March 2020, and to its malware removal tool MRT, bringing it to version 1.56, also dated 5 March 2020.

Apple doesn’t release information about what these updates add or change, and now obfuscates the identities of malware detected by XProtect using internal code names. Changes since the malware definitions in 2114 are small: MACOS.489e70f has been added, and MACOS.0e62876 amended slightly. Although the additional file LegacyEntitlementAllowlist.plist is included in this update, it hasn’t changed since version 2114.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts