Xcode update

Xcode is Apple’s software development platform for building macOS, iOS, Apple TV and Apple Watch apps. A new version, released today, patches a security hole and other bugs, and adds support for Apple’s latest OS updates.

Xcode 11.5 is a free download that requires macOS 10.15 Catalina. An Apple ID is required for testing apps on an iOS device. An Apple Developer account is required to submit apps to Apple’s App Store. Continue reading “Xcode update”

FileMaker 19

Claris FileMaker Pro 19 was announced today, the latest step in Apple’s many transformations of database management software originally acquired many years ago from Nashoba Systems. Apple now licenses the software almost entirely on a subscription basis under a subsidiary it calls “Claris”, recycling a name from an earlier era with entirely different products.

FileMaker Pro 19 touts “AI via Apple’s Core ML” to “unlock the potential of data with image classification, sentiment analysis, object detection and more.” Also new is the integration of JavaScript with code libraries and web services “to directly embed maps, animated graphics, data visualization, and more.”

Apple/Claris also says that FileMaker Pro 19 subscriptions are allowed to “create apps directly in the cloud with zero configuration and deployment.” Web publishing lets FileMaker subscribers connect to a server or cloud database via a web browser but is limited to the number of users allowed in the subscription (see below).

Features retained from previous versions include a friendly user interface; support for SQL data sources, JSON and cURL; an iOS client; and server options. FileMaker documentation and release notes offer additional information about the product.

FileMaker 19 is priced starting at $1,140/year for a 5-user cloud subscription that’s limited to hosting 3 “apps” with a limit of 2 GB of “outbound data transfer of FileMaker Data API/OData per user/per month”, and “medium compute” performance. System requirements specify macOS 10.14 or 10.15, Windows 8.1 or later, iOS 13.2 or later.  A 45-day trial is available in return for information about your company.

FileMaker Server “on premise” (non-cloud) versions are priced starting at $900/year with a limit of 5 users and 2 GB outbound data transfer per user per month. A FileMaker Server 19 “developer preview” supports CentOS 7.7, along with macOS and Windows.

Claris Connect, for workflow automation and third-party service integration, is priced starting at $99/user/month with a limit of 15 “active flows” and “10,000 API requests” per month.

A FileMaker Pro “individual” (non-cloud) license option has been marginalized but remains available at $540. (An upgrade from FileMaker Pro Advanced 16 or later is $197.)

Google Chrome major security update

Google Chrome has a major security update today in the latest release with patches for high-priority vulnerabilities (38 in all) plus a “massive security overhaul,” as BleepingComputer reports:

Google has released Chrome 83 today, May 19th, 2020, to the Stable desktop channel, and it includes massive security and privacy enhancments as well as some long awaited features. In this massive release, users are getting a redesigned Privacy and security settings section, better control over cookies, a new Safety Check feature, improved DoH settings, new Enhanced Safe Browsing feature. Tab Groups, and more.

The cross-platform web browser from Google Inc. utilizes a hidden auto-update daemon and agent that wrecked Mac systems and wreaked other havoc, plus other proprietary Google additions on top of its open-source platform.

Google Chrome 83.0.4103.61 is a free download for OS X 10.10 and later, as well as Linux and Windows.

Google Chrome for iOS 81.0.4044.124 is a free download for iOS 12 and up.

Adobe critical security flaws

Adobe posted its latest batch of patches for critical security flaws (involving PostScript) with these urgent updates outside its normal schedule:

Adobe Character Animator | APSB20-25
Summary: Adobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a Stack-based Buffer Overflow Vulnerability that could lead to Remote Code Execution. (CVE-2020-9586)

Adobe Premiere Pro | APSB20-27
Adobe has released updates for Adobe Premiere Pro for Windows and macOS. This update resolves an out-of-bounds read vulnerability that could lead to information disclosure.

Adobe Premiere Rush | APSB20-29
Adobe has released updates for Adobe Premiere Rush for Windows and macOS. This update resolves an out-of-bounds read vulnerability that could lead to information disclosure.

Adobe Audition | APSB20-28
Adobe has released an update for Adobe Audition for Windows and macOS. This update resolves an important out-of-bounds read vulnerability that could lead to information disclosure.

IronWolf SSDs

IronWolf SSDs are new solid-state drives from Seagate Technology LLC, designed specifically for use in NAS (Network Attached Storage) systems and available in both 2.5-inch SATA and M.2 NVMe formats. Features include endurance from 435 to 7000 TBW, sequential read/write speeds up to 560/535 MB/s for SATA and up to 3150/850 for NVMe, all depending on capacity, and compatibility with common NAS systems from Synology, QNAP, et al, plus “firmware to keep your NAS enclosure maximized for demanding 24×7 and multi-user environments.”

IronWolf SSDs are sold through resellers, including Amazon, where the IronWolf SATA SSD started at $69.99 and the IronWolf M.2 NVMe SSD at $144.99 when checked (for the lowest capacity of 240 GB).

 

Discussions

Recent discussion includes the following topics:

BackupLoupe

BackupLoupe is a Mac app from Soma-zone that improves greatly on Apple’s oddball Time Machine software, offering more useful, coherent and detailed information about your backups, files and space usage.

For example, BackupLoupe (but not Time Machine) can tell you easily what files Time Machine backed up, and when, plus what folders were involved, and how much space was required. BackupLoupe also offers the ability to restore and recover files, its own fast search system, Time Machine backup statistics, and more. (See BackupLoupe FAQ for additional details.)

BackupLoupe 3.0.1 is priced at $15 as a personal license for macOS 10.13 or later with a limited trial mode available prior to the non-refundable purchase. Business licenses are priced at $50 per computer. (BackupLoupe 2.16.2 is available for OS X Mavericks 10.9 through macOS Mojave 10.14.)

The latest release brings a few fixes after the major Version 3.0 update.

  • New UI centered around machines, not backup devices; All snapshots belonging to a machine are listed in chronological order, no matter where they are stored
  • Integrated Disk Manager allows for mounting of network backup filesystems from within the application
  • Immediately shows approximate size of snapshot. No indexing required.
  • Reduced size of caches by ~80%
  • Entire snapshots may now be removed from withing BackupLoupe
  • Improved History View with support for QuickLook drag&drop restore
  • Still recognizes machines and volumes after they have been renamed
  • Proper handling of volumes sharing the same name
  • Shared caches for users with admin privileges

VLC

VLC Media Player is a powerful, cross-platform multimedia player from the VideoLAN non-profit organization that plays “most multimedia files as well as DVDs, audio CDs, VCDs, and various streaming protocols.” Other features include subtitle support, extensive controls over video display, video and audio filters, deinterlace, transcoding, metering, a customizable user interface (“skins”), support for a huge collection of media formats and protocols, and much more.

VLC Vetinari was a major update, bringing support for hardware decoding (“to get 4K and 8K playback!”); 10-bit and HDR material; 360 video and 3D audio (“up to Ambisoncics 3rd order”) and “audio passthrough for HD audio codecs”; streaming to Chromecast (“even in formats not supported natively”); browsing of local network drives and NAS, playback of Blu-Ray Java menus, and quite a bit more.

VLC Media Player 3.0.10 is free, open-source donationware for OS X 10.7 and up, as well as Linux, Windows and Android. (Older versions are also available for earlier Macs.)

VLC Media Player’s latest release includes security patches, Catalina tweaks, and other improvements.

  • Multiple DVD fixes & improvements
  • Better adaptive streaming support
  • Fix video rendering on macOS
  • Various MP4 improvements
  • Better macOS Catalina support
  • Adds support for SMB2/3 shares
  • It also fixes security issues notably various DOSes in the microDNS service discovery
  • And a dozen more issues…

VLC for Mobile 3.2.8 is free for iOS 9 and up, with support for cloud sync (Dropbox, GDrive, OneDrive, Box, iCloud Drive, iTunes), direct downloads and through WiFi sharing, as well as streaming from SMB, FTP, UPnP/DLNA media servers and the web.

Discussions

Our latest discussions include the following topics:

Adobe Acrobat/Reader security flaws critical

Critical security flaws in Adobe Acrobat Reader and Adobe Acrobat allow takeover of a victim’s Mac with all-powerful “root” priviliges. Adobe issued patches for this and also for security flaws in Adobe’s DNG SDK software. See MacInTouch discussions for important details about prerequisites for Adobe’s patches.

Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently
Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities (CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. A normal user on macOS (with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware. In this blog, I will analyze the details of vulnerabilities and show how to exploit them.

Adobe Acrobat and Reader | APSB20-24
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution

Adobe DNG SDK | APSB20-26
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple Heap Overflow and Out-of-Bounds Read vulnerabilities that could lead to  Remote Code Execution and Information Disclosure respectively.

Radeon Pro VII

Radeon Pro VII is an upcoming graphics card just announced by AMD (Advanced Micro Devices Inc.) for computers with appropriate PCIe slots, featuring six DisplayPort 1.4 outputs, a 7nm Vega20 GPU and 16 GB of HBM2 memory. Its PCIe 4.0 x16 double-slot card is full height and 10.5″ long, with external power connectors, 250W TBP and a fan.

Other features include “up to 6.5 TFLOPS (FP64) of double precision performance” and Infinity Fabric Link support for combining two of the cards at “up to 5.25x PCIe 3.0 x16 bandwidth with a communication speed of up to 168 GB/s peer-to-peer between GPUs.”

AMD’s Radeon Pro VII $1899 price and availability are described as follows by the company:

The AMD Radeon Pro VII graphics card is expected to be available from major etailers/retailers beginning mid-June, 2020 for an SEP of $1899 USD. AMD Radeon Pro VII-equipped workstations are expected to be available in the second half of 2020 from leading OEM partners.

Carbon Copy Cloner

Carbon Copy Cloner is an essential Mac app from Bombich Software Inc. that offers reliable backup, restore, cloning and integrity-checking capabilities for the Mac. Features include bootable backup clones, network and disk image support, incremental backups (with optional archiving), scheduling, built-in help/guidance, graceful handling of I/O errors, task history, editing of scheduled tasks, task-chaining for creating more complicated backup schemes, the ability to add a Recovery partition and much more. Version 5 brought APFS support for macOS 10.13 High Sierra and later, along with improvements to SafetyNet, scheduling, task management, restore and more.

Carbon Copy Cloner 5.1.17 is priced at $39.95 for OS X 10.10 and up, with a 30-day trial period and upgrade discounts. (Older downloads are available for earlier Macs.) The latest release addresses more “treats” provided by Apple’s macOS 10.15.4 update, among other changes. (See also macOS Catalina Known Issues and the excellent troubleshooting tips in “Help! My clone won’t boot!“.)