Firefox: critical security patch (74.0.1)

Firefox 74.0.1 brings critical security patches with “targeted attacks in the wild abusing this flaw.”

Firefox is the free, cross-platform web browser from Mozilla, promising better privacy than Google’s Chrome and offering an appealing, open-source alternative to Apple’s Safari.

Firefox 74.0.1 is a free download for OS X 10.9 and up, plus Linux, and Windows.

Firefox ESR 68.6.1esr (see security notes and downloads) adds the critical security fix to the Extended Support Release family for OS X 10.9 or later, Linux, or Windows. A Firefox FTP server includes all the various versions for downloading.

Firefox Quantum Developer Edition is an alternate version for desktop systems that incorporates tools such as editors, debuggers and responsive design views.

Firefox Quantum for Enterprise is a version that lets people set up policies (e.g. proxy, restrict features) with Group Policy on Windows and a JSON file on Mac and Linux.

Firefox for iOS 24.1 is a free mobile version for iOS 11 and up, with automatic search suggestions, a private browsing mode, tracking protection and Siri Shortcut support for iOS 12.

Google Chrome security update

Google Chrome is the cross-platform web browser from Google Inc. with a hidden auto-update daemon and agent that has wrecked Mac systems and wreaked other havoc, and it has other proprietary Google additions on top of its open-source platform. The latest release includes critical patches for severe security flaws.

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.

Google Chrome 80.0.3987.163 is a free download for OS X 10.10 and up, as well as Linux and Windows.

Google Chrome for iOS 80.0.3987.95 is a free download for iOS 12 and up.

Mountain Duck

Mountain Duck is a cross-platform utility from David Kocher (Iterate GmbH) that “lets you mount any remote FTP, SFTP, WebDAV, S3 and OpenStack Swift server storage as a local disk in the Finder. Open remote files with any application and work like on a local volume. Transfer files using Finder to remote servers, fast.” Among many MountainDuck features is support for Cryptomator interoperable secure vaults (like cross-platform, cloud-friendly versions of Apple’s FileVault-encrypted Mac disk images).

Mountain Duck 3.3.6 is priced at $39 for OS X 10.11 and later with a trial version available for downloading (and also is available for Windows). The latest release has some bug fixes, after the previous release added support for TLS 1.3 networking and for Cryptomator Version 7 vaults. While Version 4.0.0 is in beta testing with some new features, Version 3 already added a smart synchronization feature for offline support:

Like Dropbox for any cloud storage with smart synchronization. Files are synchronized to your local disk when opened to allow offline usage and changes are uploaded in the background as soon as a connection is available. You can also explicitly select files and folders available for offline use.

EtreCheckPro

EtreCheckPro is an essential Mac troubleshooting and security app from Etresoft (John Daniel) that analyzes many hardware and software details and prepares a report (with personal information removed) detailing configuration information and potential problem areas, such as adware infections (which it can remove), potential malware, third-party kernel extensions and launch daemons; Internet plug-ins; processor and memory hogs; virtual memory usage and more.

Features include specific problem reports, categorized as serious or minor, plus extensive information grouped into multiple categories, including things like software installs, Safari extensions, launch agents and daemons, software crashes, etc., plus a report to flag 32-bit apps that will not run in macOS 10.15 Catalina (including Apple’s own QuickTime Player 7 and DVD Player, for example, among many other Mac apps).

EtreCheckPro 6.2.3 is a free download for OS X 10.9 and up. An optional Power User package is available for $14.99, providing richer reports and built-in troubleshooting aids (see below). The latest release includes more macOS Catalina accomodations and other changes.

EtreCheck also provides a Power User in-app purchase that goes beyond the text-based report. It displays a rich, interactive interface that provides links to additional information, charts and graphs, and information to help you learn more about the details of your computer. If you don’t want to post your EtreCheck report publicly, the Power User package can also generate solutions to your computer problems using our AI-driven diagnostic engine. A Solution will include solutions for each major and minor issue, and, in most cases, one or more step-by-step instructions to help you fix your computer problems yourself.

Little Snitch

Little Snitch is privacy/firewall software for the Mac from Objective Development Software GmbH that monitors network activity and gives you control and visibility for data leaving your computer via network connections. Features include connection alerts with flexible blocking of outgoing traffic, including on-the-fly control, rules-based configuration (with several aids) and configuration profiles (e.g. for different locations or networks); DNS name based traffic filtering; network monitoring displays and snapshots (with details about traffic, history, hostnames, ports, geographic locations, etc., plus packet capture in PCAP format); an inbound firewall; a “research assistant” database to help identify networks and activities; and much more.

Little Snitch 4.5 is priced at $45 for OS X 10.11 and up. A demo mode functions for three hours at a time, for 30 days. (Little Snitch legacy versions support Mac OS X 10.2 and up.) The most recent release “brings new features and improvements requested by users, after a few months of focussing on compatibility with macOS Catalina.” (Install the current version before updating to Catalina.)

Redesigned Research Assistant in Connection Alert …
Improvements in Network Monitor …
Improvements in Little Snitch Configuration …
General improvements and fixes …

BitLocker Anywhere & NTFS for Mac

BitLocker Anywhere For Mac, from China-based Hasleo Software (née “EasyUEFI”) promises to “encrypt drives with BitLocker Drive Encryption, decrypt BitLocker-encrypted drives, change password for BitLocker-encrypted drives, export BitLocker Recovery Key & Startup Key, mount and unmount BitLocker encrypted drive, open, read and write BitLocker-encrypted drives or BitLocker To Go drives in macOS & OS X.”

BitLocker Anywhere For Mac is priced at $39.95 (currently $29.95) for OS X 10.7 and later, with an unsigned installer offered as a free 15-day trial.

Hasleo NTFS for Mac is software for full access to the standard Windows filesystem to “mount, unmount, read and write NTFS drives easily, safely and seamlessly in macOS & OS X.” (Apple only offers read access to NTFS volumes.)

Hasleo NTFS for Mac 3.4 is a free download for OS X 10.7 and later.

macOS Catalina 10.15.4

Along with important security patches, Apple’s macOS Catalina 10.15.4 update brings bug fixes, new features, and other changes.

Finder

  • iCloud Drive folder sharing from Finder
  • Controls to limit access only to people you explicitly invite, or to grant access to anyone with the folder link
  • Permissions to choose who can make changes and upload files, and who can only view and download files

Continue reading “macOS Catalina 10.15.4”

Safari 13.1

Apple released Safari 13.1 for macOS 10.13 and later with patches for serious security flaws:

    • Processing maliciously crafted web content may lead to arbitrary code execution
    • Processing maliciously crafted web content may lead to a cross site scripting attack
    • An application may be able to read restricted memory
    • A remote attacker may be able to cause arbitrary code execution
    • A malicious iframe may use another website’s download settings
    • A file URL may be incorrectly processed
    • A download’s origin may be incorrectly associated

Download links:

Here’s more information from John Wilander about additional changes:

Full Third-Party Cookie Blocking and More
This blog post covers several enhancements to Intelligent Tracking Prevention (ITP) in iOS and iPadOS 13.4 and Safari 13.1 on macOS to address our latest discoveries in the industry around tracking.

iOS & iPadOS 13.4

Apple released iOS 13.4 and iPadOS 13.4 today with undisclosed security patches, bug fixes, and new features.

iPadOS 13.4 introduces support for mouse and trackpad with iPad for greater precision and navigating the system with Multi-Touch gestures, and adds iCloud Drive folder sharing from the Files app and new Memoji stickers. This update also contains bug fixes and improvements.

iOS 13.4 introduces new Memoji stickers and iCloud Drive folder sharing from the Files app. This update also contains bug fixes and improvements.