Thunderbird is Mozilla Corp.’s open-source, cross-platform email, chat, calendar, contacts and newsfeed (RSS) program, which features reliable email processing, smart folders, phishing protection and spam tools, special support for large-file transfers, quick filtering, Web searching, and plug-ins/add-ons for customization. See Thunderbird help topics for more information.
The cross-platform web browser from Google Inc. utilizes a hidden auto-update daemon and agent that wrecked Mac systems and wreaked other havoc, plus other proprietary Google additions on top of its open-source platform.
Google Chrome for iOS 83.0.4103.88 is a free download for iOS 12 and up.
TenFourFox Feature Parity Release 23 is free and open-source software for PowerPC-based Macs running Mac OS X 10.4 and 10.5. Release 23 brings security fixes, faster performance and other improvements.
- Improved image and CSP compatibility
- All relevant security and stability fixes from Firefox ESR 68.9
Firefox ESR 68.9.0esr (see security notes and downloads) includes the security fixes for the Extended Support Release family for OS X 10.9 or later, Linux, or Windows. A Firefox FTP server includes all the various versions for downloading.
Firefox Quantum Developer Edition is an alternate version for desktop systems that incorporates tools such as editors, debuggers and responsive design views.
Firefox Quantum for Enterprise is a version that lets people set up policies (e.g. proxy, restrict features) with Group Policy on Windows and a JSON file on Mac and Linux.
Firefox for iOS 26 is a free mobile version for iOS 11 and up, with automatic search suggestions, a private browsing mode, tracking protection and Siri Shortcut support for iOS 12 and later. The latest update adds QR sync:
Syncing your bookmarks, logins and browsing history is easier than ever with QR code pairing. Pair Firefox for iOS with Firefox desktop using your phone’s camera for a seamless experience.
Apple posted unexpected security updates today for its Mac, mobile and media platforms just a week after its last batch of critical security patches, apparently this time looking to shut down the unc0ver jailbreak.
- macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra
- iOS 13.5.1 and iPadOS 13.5.1
- watchOS 6.2.6
- tvOS 13.4.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory consumption issue was addressed with improved memory handling.
Apple also modified the macOS 10.15.5 update packages it had posted last week on its Downloads page (which is often out of date and misleading but has been updated).
Recent discussion topics include:
- Apple security – “Sign in with Apple” zero-day
- Apple updates – ARD failure, nagging, Dashboard problems, etc.
- AppleCare – Apple ID bug continues
- Hard drives – lawsuit over SHR switch
- iPhone SE – update experiences; Costco
- MacBook Pro – RAM price raised
- Old systems – TV technology history
- Printing – 64-bit options for envelopes
- Security – websites scanning your ports
- Virtualization – VMware update trap; virtual networks
VMware Fusion 11.5.5 patches a security problem in the cross-platform virtualization system from VMware Inc.
Attackers with normal user privileges can exploit this issue to escalate their privileges to root on a system where Fusion is installed. The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2020-3957 to this issue. See VMSA-2020-0011 for more information.
VMware Fusion creates “virtual machines” that can run one operating system (Windows, Linux or Mac) within another operating system for testing, development, security or cross-platform capabilities (e.g. running Windows on OS X in order to use Windows applications on a Mac).
Features include shared folders, support for the latest Windows 10 releases (and a Windows Migration Assistant) and for Retina Macs (including iMac 5K), Touch Bar, Apple Metal graphics, DirectX 10, OpenGL 3.3, USB 3, 64-bit processing and more.
Trial versions and upgrade discounts are available. VMware Fusion Pro is priced at $159.99. See comparison tables and FAQ for more information. (See also Known Issues for workarounds to a number of problems with macOS 10.15 Catalina and other issues.)
In addition to a big batch of macOS security and bug fixes, Apple issued security patches for its Safari web browser (for macOS 10.13 and later), plus Apple Windows software, as well as tvOS and delayed notes about recent iOS and watchOS security patches.
Apple posted macOS 10.15.5 today to patch a bunch of big security holes, plus patch updates for the two previous macOS versions it supports. (Apple no longer supports macOS 10.12 or any earlier versions.)
macOS 10.15.5 also adds features, including “battery health management”, plus a bunch of bug fixes, including kernel panics with RAID volumes, GPU-related freezes, sleep/wake bugs, authentication issues, T2 sound bugs, notification badge bugs, and more.
- Processing a maliciously crafted image, audio file, or PDF file may lead to arbitrary code execution
- A remote attacker may be able to cause arbitrary code execution
- An application may be able to execute arbitrary code with kernel privileges
- malicious application may be able to gain root privileges
- Importing a maliciously crafted calendar invitation may exfiltrate user information
- A remote attacker may be able to leak sensitive user information
- A malicious website may be able to exfiltrate autofilled data in Safari
- A malicious application may be able to bypass Privacy preferences
- A malicious application may be able to break out of its sandbox
- Inserting a USB device that sends invalid messages may cause a kernel panic
Little Snitch is privacy/firewall software for the Mac from Objective Development Software GmbH that monitors network activity and gives you control and visibility for data leaving your computer via network connections. Features include connection alerts with flexible blocking of outgoing traffic, including on-the-fly control, rules-based configuration (with several aids) and configuration profiles (e.g. for different locations or networks); DNS name based traffic filtering; network monitoring displays and snapshots (with details about traffic, history, hostnames, ports, geographic locations, etc., plus packet capture in PCAP format); an inbound firewall; a “research assistant” database to help identify networks and activities; and much more.
The latest release brings a security patch and should be installed promptly:
We highly recommend to update to this version soon because it fixes a possible privilege escalation.
- Fixes a privilege escalation issue (CVE-2020-13095). Details about this issue will be revealed later.
- Fixes an issue in the connection alert causing the user’s host/domain choice to be ignored under some rare circumstances.
The Chromium web browser gets a bunch of high-priority security patches (including for CVE-2020-6465 to CVE-2020-6469, plus others) in the latest release, in conjunction with the “massive” overhaul of Chrome 83.
Chromium is an open-source web browser project on which Google Chrome is built, but it doesn’t include Google’s proprietary alterations, such as the hidden auto-update daemon and agent that wrecked Mac systems and caused other havoc. (Chromium also omits the Adobe/Pepper Flash plug-in with Flash’s many dangerous security flaws.)
Chromium 83.0.4103.61 is a free download for OS X 10.10 and up, available via SourceForge and via FreeSMUG. A separate Chromium updater extension checks FreeSMUG for new releases, and Chromium can also be installed and updated via Homebrew.
Chromium is available for Linux and Windows, too.