MacInTouch Amazon link...

Apple's Mac Security Updates

Channels
Apple, Security
I haven't monitored the last couple of updates closely, but the whole process seems to be getting more and more complex, with long delays and multiple restarts for Macs running OS X 10.11 and macOS 10.13. I keep feeling like something is going wrong, but I can't pin down what. It does not help that Apple gives no indication what the updates are unless you check the App Store. I would like to see a verbose mode option to tell us what to expect and warnings of anything unusual, like "don't leave this to update overnight or it may freeze".
This won't help the "don't leave this overnight" issue, but if you want to see the security content of updates, subscribe to Apple's security announcement e-mail list. You'll probably get messages for products you're not interested in (e.g. iTunes for Windows even if you don't use Windows, watchOS even if you don't have an Apple Watch, &c.), and sometimes the content messages don't arrive until a week or two after the updates are available, but the messages do contain complete information on the vulnerabilities similar to what is, sooner or later, available in the notices linked to Apple's security updates Web page. I find it's helpful to have a record of what was in each patch.

The broader issue of all the other content of the updates is something Apple has never addressed. Are caches being cleared (a process that takes a while)? Are filters being added to Gatekeeper? Are firmware patches being installed, and if so for what subsystem? Would it really give away some secret sauce if Apple told us (particularly those of us who administer machines for other people, e.g. customers or family members) that kind of thing?
 



I am on Sierra and had two updates, one for Safari and the Security Update. Instead of updating all, I did the Safari Update first, ......
I take the same approach for my early 2009 Mac Pro 4,1 flashed to 5,1.
However, I have not allowed any of the updates that will flash the firmware or EFI.
So, no High Sierra - I'm too chicken, afraid it might brick my only machine

But now it looks as though the Sierra update is also going to mess with the firmware/efi.

How to protect myself? So far as I know, EFI is the first partition of a drive, and firmware is a flashable ROM on the board.

Has anyone faced the same issue?
 


Just a wild guess here, but maybe your firmware was updated when you installed macOS 10.14, and now the installers for Security Updates can't reconcile the "mismatch" between the firmware and OS versions. So it fails with an error rather than attempt the installation.
Interesting! I hadn’t thought of that! Thanks!
 


I updated High Sierra on my 2011 Mac Mini last night. First it downloaded 1.88 GB to install the Safari patch and took 2 restarts to complete. Then it downloaded 1.8 GB for the Security patch, which took 3 restarts to complete. Seems a bit excessive, but at least I didn't have to troubleshoot anything.
 


Updated High Sierra 10.13.6 yesterday on a 3-month-old, 2017 iMac 5k, with a 500GB SSD. Selected 'update all' for Safari 12.0.1 and Security Update 2018-002.

After counting one reboot, I saw that Safari had been updated but not the Security Update.

Did that, counted 4 reboots, and boot ROM changed to 166.0.0.0.0 from IM183.0161.B00. SMC unchanged at 2.41f1.

Good news, too. Today I rebooted and saw a huge improvement in startup time. Instead of several minutes from reboot to being able to use Safari or anything else, only one minute is needed. From selecting 'reboot' under the apple menu, it takes 20 seconds to the login screen, 20 more to see the console and Activity Monitor unfreeze and begin functioning (they are set to come up at startup), and about 20 more seconds for Activity Monitor to drop from maximum speed to normal. That is close to what I expected with a new machine, but never saw.

Also, when I previously rebooted with Time Machine plugged in with a USB 3, I always got the recovery screen. Now I don't have to unplug Time Machine before rebooting - the onboard SSD simply takes control as it should.

Thanks, Apple. Glad to see something got cleaned up (firmware??). Anyone else see anything similar? FYI: same updates for my early-2011 MacBook Pro went ok as well.
 


Updated macOS 10.13.6 with Security Update 2018-002 on my mid-2014 Retina MacBook Pro 15" last night.

On first attempt, I got a single normal restart, after which 2018-002 was still in the App Store's update list. Then I applied the iTunes and Safari updates, and then 2018-002 again. This time it went through several restarts -- albeit only one with a bong sound -- including one that said it was calculating time remaining, and another later one that displayed 39 minutes remaining, then 29 less than a minute later, and completed after a total of less than 3 minutes. Finally, I was shocked when, at the end of the final black-screen-with-white-logo-and-progress-bar, my desktop with the App Store window flashed onto the screen, with no login!

I was so befuddled by the lack of a login screen that, after assuring myself that the system was operating normally, I restarted just to see that I was presented a login screen. I was.
 


Updated macOS 10.13.6 with Security Update 2018-002 on my mid-2014 Retina MacBook Pro 15" last night.
... I was shocked when, at the end of the final black-screen-with-white-logo-and-progress-bar, my desktop with the App Store window flashed onto the screen, with no login!
This, unfortunately, is typical behavior for system updates and has been the case for several years. After installing an update that involves a reboot, the system comes back to the state it was in just before the reboot. This means auto-logged in to whatever account that was. The screen will be locked if it was locked when it rebooted, but it will be unlocked if it was unlocked at that time. And all apps will be re-opened (including the App Store, if it was visible before the reboot, as it probably will be if you manually clicked the update button from there).
 


Ric Ford

MacInTouch
Finally, I was shocked when, at the end of the final black-screen-with-white-logo-and-progress-bar, my desktop with the App Store window flashed onto the screen, with no login!
I was so befuddled by the lack of a login screen that, after assuring myself that the system was operating normally, I restarted just to see that I was presented a login screen. I was.
Some relevant info from Apple's terminal world:
Bash:
man fdesetup
...
On supported hardware, fdesetup allows restart of a FileVault-enabled
system without requiring unlock during the subsequent boot using the
authrestart command. WARNING: FileVault protections are reduced during
authenticated restarts. In particular, fdesetup deliberately stores at
least one additional copy of a permanent FDE (full disk encryption)
unlock key in both system memory and (on supported systems) the System
Management Controller (SMC).  fdesetup must be run as root and itself
prompts for a password to unlock the FileVault root volume.  Use pmset
destroyfvkeyonstandby to prevent saving the key across standby modes.
Once authrestart is authenticated, it launches shutdown(8) and, upon suc-
cessful unlock, the unlock key will be removed.  You can also use this as
an option to the enable command if the system supports this feature.  The
supportsauthrestart command will check the system to see if it supports
the authrestart command option, however you should note that even if this
returns true, FileVault must still be enabled for authrestart to work.
...
 


Updating a Mac (in this case, Mac Mini) booted from an external drive that was already updated on a different computer...

Obviously, the latest macOS High Sierra Security Update 2018-002 includes a firmware update - this is noticeable with the loud beep / screen blackening / external drives powering off, and the firmware update progress bar appearing on the screen... However, if one is booting from an external drive (USB, FireWire) and running the update against the internal drive of the Mac Mini, this doesn't occur.

So I am left wondering, has the firmware on the Mac Mini been updated, or only the hard-drive/SSD drive?

The update installer runs successfully (one gets a successful update message). This Mac Mini for some reason was choking on this update - I zapped the PRAM and SMC, ran DiskWarrior and Disk Utility, but nothing would allow it to run after it sat there thinking about it for about 5 minutes. But I was able to run the update when booted from an up-to-date USB external drive. The App Store's little red balloon alert went away after booting the Mac Mini from its internal drive.

This was a friend's machine that I think is a 2012 model. No, I didn't check the firmware version, as I did this 'away from home' and didn't have the info with me. Thanks.
 


Ric Ford

MacInTouch
No, I didn't check the firmware version, as I did this 'away from home' and didn't have the info with me.
I think you want to check the current firmware version on the Mac Mini:
About This Mac > System Report > Hardware > Boot ROM Version.

Recent changes should make it clear whether this is the old or new firmware, as the version numbering system itself is different.

You can also take a look with Howard Oakley's SysHist (which has documentation in the download package). It specifically listed a firmware update when I looked at my (macOS Sierra) system history with it.
 


Sharing my experience installing Security Update 2018-002 High Sierra... The machine is a 2011 Mac Mini i5 with 4GB RAM, and a Samsung SSD with a 120GB HFS+ boot partition. The system is more or less a clean install and lightly used.
  • 18:08 Started installation.
  • 18:09 System restarted, no boot chime. Calculating time remaining...
  • 18:11 System restarted, no boot chime. Firmware update, the progress screen is different than usual, thicker progress bar.
  • 18:13 System restarted, no boot chime. About 44 minutes remaining.
  • 18:16 About 29 minutes remaining.
  • 18:18 About 18 minutes remaining.
  • 18:19 System restarted, no boot chime.
  • 18:20 95% done.
  • 18:21 Update complete.
The startup chime is still there when rebooting normally, but it was muted during the update. I ran GeekBench before and after updating - scores don't seem to be impacted.
 


Obviously, the latest macOS High Sierra Security Update 2018-002 includes a firmware update - this is noticeable with the loud beep / screen blackening / external drives powering off, and the firmware update progress bar appearing on the screen... However, if one is booting from an external drive (USB, FireWire) and running the update against the internal drive of the Mac Mini, this doesn't occur.
None of that occurs? Interesting.

I can understand not needing to reboot in order to install the OS update. Since you're not running from the volume that's being updated, there are no problems with its files being locked or in-use, so you can update them directly without a reboot.

But I would expect you to still need a reboot in order to apply the firmware update.
 


Sharing my experience installing Security Update 2018-002 High Sierra... The machine is a 2011 Mac Mini i5 with 4GB RAM, and a Samsung SSD with a 120GB HFS+ boot partition. The system is more or less a clean install and lightly used.
  • 18:08 Started installation.
  • 18:09 System restarted, no boot chime. Calculating time remaining...
  • 18:11 System restarted, no boot chime. Firmware update, the progress screen is different than usual, thicker progress bar.
  • 18:13 System restarted, no boot chime. About 44 minutes remaining.
  • 18:16 About 29 minutes remaining.
  • 18:18 About 18 minutes remaining.
  • 18:19 System restarted, no boot chime.
  • 18:20 95% done.
  • 18:21 Update complete.
The startup chime is still there when rebooting normally, but it was muted during the update. I ran GeekBench before and after updating - scores don't seem to be impacted.
I had similar result on a 2017 iMac, except that the "44 minutes remaining stage" lasted an incredibly long time. I swear it was at least a nerve-wracking 20 minutes, while the time stayed at 48 minutes remaining, then changed to 47 minutes, only to go back to 48 minutes. And then eventually repeat. And again.

So I spent the time reading all the MacInTouch posts of people who couldn't get through the security update, wondering if I was also one of those people. Meanwhile, no progress.

Then I read the Apple Discussions of people who had to restore their machine because the Security Update wouldn't complete. But wait! It is at 47 minutes now! No, false hope, back to 48 minutes.

Eventually it did complete. What I'm wondering is what in the world was it doing? It couldn't take that long just to update some files. I'm thinking it must have been doing some kind of scan of the drive. Maybe it was revalidating the signatures on every application.

I couldn't find any clues in the logs. Nor by checking what files were modified.

This was too much stress. Apple needs to do something so that users can feel like the update is actually working.
 


I had similar result on a 2017 iMac, except that the "44 minutes remaining stage" lasted an incredibly long time. ...
My iMac 2009 27" went the same way as yours did, Mr. Schmitt. I guess that's life now - I don't have a problem with that wait period as long as it works!

As as far taking the updated external drive over to my friend's Mac Mini and booting up off that to run the update against his Mac Mini drive, I am doubting that the firmware update happened on his machine. I will try to contact him tonight and get his firmware version from "About this Mac." After that I will determine whether or not I have to create a new OS on his machine 'from scratch.' Oh, bother. I sure wish I understood why the last macOS 10.13 update would not run internally on his machine.
 


As as far taking the updated external drive over to my friend's Mac Mini and booting up off that to run the update against his Mac Mini drive, I am doubting that the firmware update happened on his machine. I will try to contact him tonight and get his firmware version from "About this Mac."
Well - apparently, the update did the firmware portion on my friend's Mac Mini. For the Mac Mini 6,1 (with an i5), the Boot ROM Version is supposed to be: 274.0.0.0.0 - and that checks out.

Maybe during the slow first boot-up, after updating from the internal drive, this was applied? My head hurts....
 


I posted a similar problem with my MacBook Pro about a month ago. I have a MacBook Pro 13-inch mid 2012 that needed the macOS update. I downloaded the update and restarted my laptop. But it didn’t restart; the screen went dark with just the cursor showing. I let it run for a few hours that way but still no restart. So I forced a shutdown. I started it up again, and it complained that I didnt shut it down properly.

I called up Apple support and they suggested resetting the SMC, downloading the OS from the Recovery disk and starting in safe boot - with no success. So another call to Apple support suggested I wipe the drive and load the operating system. I went to my local Apple tech to do this, since I couldn’t understand the Apple support person very well. After the Apple tech wiped the drive and loaded the OS and let Time Machine load the res,t it shut down properly.

Now I made the mistake of updating the Security Update 10.13.6 and the MacBook Pro reverted back to not shutting down properly again. I guess I have to let it run without the Security Update? Very frustrated.
 


I downloaded the update and restarted my laptop. But it didn’t restart; the screen went dark with just the cursor showing...Now I made the mistake of updating the Security Update 10.13.6 and the MacBook Pro reverted back to not shutting down properly again.
Given the risks of bricking one's machine with these updates, why on earth should we apply any of them? Why indeed even upgrade an existing machine to the latest MacOS? Surely the old saw applies: "If it ain't broke', don' fix it!"
 


Given the risks of bricking one's machine with these updates, why on earth should we apply any of them? Why indeed even upgrade an existing machine to the latest MacOS? Surely the old saw applies: "If it ain't broke', don' fix it!"
If your computer is not going to be connected to a network, then by all means yes, I completely agree with you.

Unfortunately, most computers are Internet-connected. As such, there are always security holes that need to be fixed as they are discovered. After a few years, Apple stops releasing security updates for a particular release, at which point you will soon end up running a system with known security holes, which a criminal on the Internet could exploit to gain access to your computer.

In other words, "if it ain't broke, it soon will be". Hence the reason to (at minimum) keep your system current with the latest security updates. Once security updates are no longer available, you really need to either install a newer (supported) version of the OS or take the computer off of the Internet.

And if your hardware is too old to install a supported OS release, then your options become either buying new hardware or disconnecting it from your network.
 


Ric Ford

MacInTouch
Unfortunately, most computers are Internet-connected. As such, there are always security holes that need to be fixed as they are discovered. After a few years, Apple stops releasing security updates for a particular release, at which point you will soon end up running a system with known security holes, which a criminal on the Internet could exploit to gain access to your computer. In other words, "if it ain't broke, it soon will be". Hence the reason to (at minimum) keep your system current with the latest security updates. Once security updates are no longer available, you really need to either install a newer (supported) version of the OS or take the computer off of the Internet.
While I've had the same viewpoint and followed this advice, it's also true that I cannot point to any specific Mac security flaw that has been, or is being, actively and widely exploited because people haven't updated their Mac operating system*. If anyone has good examples, I'd love to know about them.

But it's not only the operating system that matters. Much of what we all do is separate from the operating system - web browsing, applications, online services, databases, etc. These have separate issues, on a separate timeline, and have to be managed separately, making things infinitely more complex. For example, you can run a modern, secure browser on an old Mac, and you might use such a web browser on an old Mac to do email to avoid security issues with an old email application. Etc.

(*Security flaws in Windows XP, on the other hand, are a completely different story, and I would never suggest that anyone attach an unsupported Windows system to the Internet.)
 


....After a few years, Apple stops releasing security updates for a particular release, at which point you will soon end up running a system with known security holes, which a criminal on the Internet could exploit to gain access to your computer.
...Once security updates are no longer available, you really need to either install a newer (supported) version of the OS or take the computer off of the Internet.
I agree completely, and would simply underscore that for some users -- print shop owners being a clear example -- keeping an older Mac around but not on-line is both beneficial and important: there are old software programs that will not / cannot run on the newer hardware, and an old Mac is going to be the only option! So I actually recommend that a lot.

BTW now that software "rental" is in fashion, this solution will have problems moving forward -- when the rental licenses lapse and cannot be renewed and the software won't run. That won't be fun.
 


While I've had the same viewpoint and followed this advice, it's also true that I cannot point to any specific Mac security flaw that has been, or is being, actively and widely exploited because people haven't updated their Mac operating system*. If anyone has good examples, I'd love to know about them.

But it's not only the operating system that matters. Much of what we all do is separate from the operating system - web browsing, applications, online services, databases, etc. These have separate issues, on a separate timeline, and have to be managed separately, making things infinitely more complex. For example, you can run a modern, secure browser on an old Mac, and you might use such a web browser on an old Mac to do email to avoid security issues with an old email application. Etc.

(*Security flaws in Windows XP, on the other hand, are a completely different story, and I would never suggest that anyone attach an unsupported Windows system to the Internet.)
I completely agree with Ric, I have customers with older Macs that cannot upgrade past OS X 10.11.6, but they only need to do web browsing and email. So as long as you have virus protection and a system that is 10.10.x or higher, then updates for Firefox and Google Chrome are still supported.
 


So far in my life, the security flaws that have actually bothered me are not in my machine but in storage systems elsewhere - at a box store, airline, etc.

Future problems? Or security flaws in critical infrastructure like your router. Or carefully crafted phishing schemes.

Based on that experience, what security I have on my Mac machine is not a source of my problems so far. However, I do update malware software and my macOS, based on the faith that the idea of an ounce of prevention is worth more than a pound of cure. (A gram of prevention worth more than a kilogram of cure?)
 


Apple has issued Safari 12.0.2 and these are coming up today later: macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
 


Updated my macOS 10.12 Sierra external drive with the latest Safari (no issues updating) and SecUpdate 2018-006 (two reboots/no problems). I noticed that the /Library/Updates/ folder had 3 firmware updates along with the OS update: "FirmwareUpdate.pkg," "EmbeddedOSFirmware.pkg," and "FullBundleUpdate.pkg."
 


Just performed the latest updates for macOS 10.12 Sierra on a MacBook Pro (15-inch, Mid 2014) without any issues.

After the latest update follies, I made sure to perform a manual Time Machine backup first, installed the Safari 12.0.2 update next, then made a Carbon Copy Cloner clone to an external, before I performed the Security Update 2018-006.

The screen estimated about 12 Apple minutes for installation - on this device, more like 6 minutes to update.
 


Updated High Sierra on an internal SSD drive on the Late-2009 iMac 27" - no issues with Safari or the SecUpdate - only one (very long 44 min) restart. As with 10.12.6 Sierra, this update contains a firmware update.
 


Ric Ford

MacInTouch
2015 MacBook Pro firmware before installing today's Safari and macOS 10.12 security updates:

Model Identifier: MacBookPro11,4
Boot ROM Version: 187.0.0.0.0
SMC Version (system): 2.29f24

After doing multiple backups and installing Apple's updates:

Model Identifier: MacBookPro11,4
Boot ROM Version: 187.0.0.0.0
SMC Version (system): 2.29f24
 


There are three packages that are part of the downloads: Embedded OSFirmware.pkg, 59.3MB, FirmwareUpdate.pkg, 203MB, and FullBundleUpdate.pkg, 117MB... yet my Boot ROM and SMC stayed at 213.0.0.0.0 and 1.53f13 on this late 2009 27" iMac. ... Just updated an external FireWire High Sierra drive - no issues.
 


Ric Ford

MacInTouch
Apple issued an additional silent and undocumented security update today:

Gatekeeper version (/private/var/db/gkopaque.bundle) 157
Last installed update 2018-12-05...
 



Is there a way to bypass the updates for Spectre and Meltdown? I'm currently running Sierra but haven't updated since before those exploits became known. I would prefer not to take the performance hit for what is (to me) a non-issue.
 


Is there a way to bypass the updates for Spectre and Meltdown? I'm currently running Sierra but haven't updated since before those exploits became known. I would prefer not to take the performance hit for what is (to me) a non-issue.
I don't think so. Fixes like this are typically hard-coded into the OS kernel, CPU microcode and SMC firmware. They're not something that can typically be added or removed in isolation from the rest of the system.

(In the Linux world, it's a bit different - many of the kernel fixes can be enabled or disabled at compile time, so you can compile a custom kernel that includes as many or as few as you want.)

This past August, I attended the Linux Foundation's Open Source Summit and attended a presentation about Spectre and Meltdown. In addition to learning lots of interesting things about these bugs, I asked the speaker afterward if macOS has been fully patched to the extent that Linux has been.

His response was interesting. He said that Apple has installed many of the most critical patches but has chosen to not install them all. When I asked why, he said that quite a lot of these vulnerabilities involve code in one process, container or VM accessing data that belongs to a different process, container or VM. For a computer that is typically only running apps for a single user as a time (like most desktop systems), you would have to have installed malware (whether by accident or on purpose) and if that's the case, the malware can cause far more damage than these hardware flaws make possible. In other words, the risk of a meaningful exploit is so low that it's not worth implementing patches that can impose a significant hit on performance.

He said that these vulnerabilities are most critical on public cloud servers because they run code from dozens or even hundreds of different mutually-untrusted users. A user running a VM on (for example) AWS can use these flaws to extract data from other users without those users having to install malware - which is why they are so critical there. But that doesn't happen on single-user computers. There's no point in malware using this flaw to extract data from another process being run by the same user on the same computer - there are plenty of other far simpler mechanisms for exfiltrating that kind of data.

He went on to say that Microsoft has taken a similar approach for non-server releases of Windows. The server editions are hardened much more than the personal editions, because the expectation is that servers will run untrusted code from a variety of users but personal systems will only run code from one user at a time.

I don't completely agree with this point, since some people can and do use Macs in public clouds and I would assume that at least some of them run macOS. But I don't have any hard numbers to back up this assumption.
 


I posted a similar problem with my MacBook Pro about a month ago. I have a MacBook Pro 13-inch mid 2012 that needed the macOS update. I downloaded the update and restarted my laptop. But it didn’t restart; the screen went dark with just the cursor showing. I let it run for a few hours that way but still no restart. So I forced a shutdown. I started it up again, and it complained that I didnt shut it down properly.

I called up Apple support and they suggested resetting the SMC, downloading the OS from the Recovery disk and starting in safe boot - with no success. So another call to Apple support suggested I wipe the drive and load the operating system. I went to my local Apple tech to do this, since I couldn’t understand the Apple support person very well. After the Apple tech wiped the drive and loaded the OS and let Time Machine load the res,t it shut down properly.

Now I made the mistake of updating the Security Update 10.13.6 and the MacBook Pro reverted back to not shutting down properly again. I guess I have to let it run without the Security Update? Very frustrated.
Now I see there is a new security update, and the App Store doesn't list it. Or the new Safari update. I talked to a local Apple Store advisor, and he said that these optical drive MacBook Pros are becoming obsolete. Oh well! At least I have a 5-year-old HP laptop that runs Windows 10, and an iPhone.
 


Ric Ford

MacInTouch
2015 MacBook Pro firmware before installing today's Safari and macOS 10.12 security update...
So, while the 2015 MacBook Pro firmware was unchanged by the latest Apple security updates, the 2018 MacBook firmware did get the following silent change:

2018 MacBook Pro before installing macOS Mojave 10.14.2 update:

Model Identifier: MacBookPro15,2​
Boot ROM Version: 220.220.102.0.0 (iBridge: 16.16.1065.0.0,0)​
System Version: macOS 10.14.1 (18B75)​
After installing macOS Mojave 10.14.2 (which was a weird, confusing process involving multiple black-screen phases, where it was unclear whether the computer was off or on, among other phases):

Model Identifier: MacBookPro15,2​
Boot ROM Version: 220.230.16.0.0 (iBridge: 16.16.2542.0.0,0)​
System Version: macOS 10.14.2 (18C54)​
 


,,, I don't completely agree with this point, since some people can and do use Macs in public clouds and I would assume that at least some of them run macOS. But I don't have any hard numbers to back up this assumption.
Some of the more well known 'cloud' Mac services are co-location (and/or private clouds) not 'public' virtualization. For example, you rent a whole Mac Mini in a cloud facility to run a load, test, etc. Some have rolled out 'private' clouds deploying VMs to a set of machines that are dynamically allocated to you (i.e., can pack more OS instances on the machines you 'rent' and can add/release them for some peak cycles).

A quick search turned up folks like MacStadium (merged with MacMiniColo) and MacinCloud, which don't appear to count toward the number (assigned physical systems). A few that do: XCloud, Microsoft Azure VSTS, and MacCloud, which is more pure pooled virtualization (e.g., ESXi). (XCloud appears to be adding 'bare metal' to their line-up which will side step the problem.)

There are perhaps folks running macOS instances on non-Mac hardware, but that isn't going to tip Apple's decision process (as they are in license violation). Apple may not be actively suing them but they aren't going to put effort into bailing them out of this problem.

The major issue is how big that 'some' people is. If it is 1% of the deployed Mac hardware population, then throwing that baggage onto the other 99% isn't a good trade-off. The dual-edge sword with having just one macOS 'flavor' is that lowering the costs is distributed over the largest base of users. There isn't a separate, hundreds of dollars higher, 'server' OS kernel that segments off a different base of users. If the base active supported Mac market was 60M, then 1% would be around 600K. So someone could point to 10's of thousands of Macs running virtualized instances, and it won't amount to a significant fraction to offset the trade-off. (I think Apple pegged the Mac user base at around 100M in one of events this year. So the 60M mark still getting OS security fixes is conservative.)

Also the workloads. For folks deploying a large build/test suite to the cloud to do QA on a bunch of iOS/tvOS/watchOS products, the objective would be steal what, even if there was a breach? It is one thing if you get a small memory fragment that is the crypto key to some account of high value. But if you snatch the Banana Jr. 9000 app's test user password, what do you really have?
 


... For folks deploying a large build/test suite to the cloud to do QA on a bunch of iOS/tvOS/watchOS products, the objective would be steal what, even if there was a breach? It is one thing if you get a small memory fragment that is the crypto key to some account of high value. But if you snatch the Banana Jr. 9000 app's test user password, what do you really have?
What you have is the ability to pre-load malware into apps that are in development. I would hope you wouldn't be able to add bogus in-app purchases, but that depends on how good the quality control is.
 


What you have is the ability to pre-load malware into apps that are in development. I would hope you wouldn't be able to add bogus in-app purchases, but that depends on how good the quality control is.
That is only if the total development cycle is up in the cloud. I know there are folks that do that, because they don't want to buy/own a Mac for development (e.g, porting to macOS to augment a basic product). However, the master build to submit to Apple to be signed doesn't have to come from the cloud or the same VM instances as the QA OS image. The QA process isn't the development process. Pumping a source snapshot to the cloud and doing a bunch of builds/tests there doesn't really impact the master source control copy.

The short of it is, if you don't put your crown jewels (e.g., master copy of intellectual property) on a virtualized macOS image, then there is a lower risk that folks will break in.
 


Ric Ford

MacInTouch
Howard Oakley is tracking Apple security software updates/versions:
Eclectic Light Co. said:
Apple has pushed a minor update to XProtect
Apple has just pushed an update to the ‘Yara’ data files used by XProtect, bringing its version number to 2101, dated 11 December 2018. This is the second minor update to XProtect in over eight months, which merely raises the minimum usable version number of Adobe Flash Player to 32.0.0.101. It makes no changes at all to malware detection signatures.
...
I maintain lists of the current versions of security data files for Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.
 


Ric Ford

MacInTouch
Apple's getting even more obscure with its invisible security updates:
Howard Oakley said:
Apple has pushed an update to MRT
Apple has just pushed an update to its malware removal tool, MRT, for macOS, bringing its version number to 1.38. The last update brought version 1.35 nearly six months ago (19 June 2018), and Apple seems never to have released versions 1.36 or 1.37.

Apple doesn’t provide any information on what changes this update brings. As it now obfuscates the names of malware which it can detect and remove, it appears impossible to correlate changed strings in the app with any malware known outside Apple.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts