Carbon Copy Cloner

Carbon Copy Cloner is an essential Mac app from Bombich Software Inc. that offers reliable backup, restore, cloning and integrity-checking capabilities for the Mac. Features include bootable backup clones, network and disk image support, incremental backups (with optional archiving), scheduling, built-in help/guidance, graceful handling of I/O errors, task history, editing of scheduled tasks, task-chaining for creating more complicated backup schemes, the ability to add a Recovery partition and much more. Version 5 brought APFS support for macOS 10.13 High Sierra and later, along with improvements to SafetyNet, scheduling, task management, restore and more.

Carbon Copy Cloner 5.1.18 is priced at $39.95 for OS X 10.10 and up, with a 30-day trial period and upgrade discounts. (Older downloads are available for earlier Macs.)

The latest release works around a nasty problem with Apple’s recent macOS 10.15.5 update, among other changes. (See also macOS Catalina Known Issues and the excellent troubleshooting tips in “Help! My clone won’t boot!“.)

A bug in macOS 10.15.5 impacts bootable backups, but we’ve got you covered
Update (May 29, 2020): This issue is now addressed in CCC 5.1.18, which is available for immediate download.
… I suppose we’ll find out in future OS releases whether this was a simple filesystem bug that slipped into a production OS release, or if Apple finds it to be an acceptable practice to blindside developers by silently removing documented functionality in the middle of a production OS release cycle.

VMware security update

VMware Fusion 11.5.5 patches a security problem in the cross-platform virtualization system from VMware Inc.

Attackers with normal user privileges can exploit this issue to escalate their privileges to root on a system where Fusion is installed. The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2020-3957 to this issue. See VMSA-2020-0011 for more information.

VMware Fusion creates “virtual machines” that can run one operating system (Windows, Linux or Mac) within another operating system for testing, development, security or cross-platform capabilities (e.g. running Windows on OS X in order to use Windows applications on a Mac).

Features include shared folders, support for the latest Windows 10 releases (and a Windows Migration Assistant) and for Retina Macs (including iMac 5K), Touch Bar, Apple Metal graphics, DirectX 10, OpenGL 3.3, USB 3, 64-bit processing and more.

VMware Fusion 11.5.5 is priced at $79.99. The updated version suddenly requires macOS 10.14 or later and fails on earlier versions.

Trial versions and upgrade discounts are available. VMware Fusion Pro is priced at $159.99. See comparison tables and FAQ for more information.  (See also Known Issues for workarounds to a number of problems with macOS 10.15 Catalina and other issues.)

VMware Workstation Player and Workstation Pro host virtual machines on Linux and Windows (but Apple licenses prohibit use of macOS on non-Apple hardware).

Discussions

Apple updates are a hot topic with unwanted Apple update nagging, stealthy changes, patches, unfixed bugs, App Store problems, boot/error logs, etc.

Old systems discussion ranges over analog computers;  electromagnetic pulse/coronal mass ejection dangers, the power grid and Faraday cages; speed and bandwidth (tapes in trucks vs. telephone lines); rural telephone cooperatives; GE and the light bulb, etc.

Additional topics include the following:

Canon Webcam Utility

EOS Webcam Utility is pre-release (“beta”) software from Canon USA Inc. that provides limited webcam functionality for a number of the company’s EOS and PowerShot digital cameras.

Similar to the Windows operating system version released April 28, the new macOS compatible software solution requires one single USB plug (which may need to be purchased separately) to connect the compatible camera to the computer. Once the software is downloaded and the camera is configured within a video conferencing application, the user will have improved video appearance while participating in video conferencing and virtual meetings.

EOS Webcam Utility Beta 0.9.0 is available free of charge for Windows and macOS 10.13 and later, distributed as a download package that installs a launch daemon, a framework, and a CoreMedia EOSWebcam plug-in, as well as an Uninstaller app.

Caution Notes/Tips: Using EOS Webcam Utility Beta Software
When using the EOS Webcam Utility Beta software with macOS 10.14(Mojave) and 10.15(Catalina), the following applications will not list or permit EOS Webcam Utility Beta software to function on your device:

    • Safari (Use Google Chrome)
    • FaceTime
    • Skype*
    • Zoom*
    • WebEx*

*Use Web-based Skype, Zoom and WebEx in Google Chrome instead of as a native application.

Apple additional security patches

In addition to a big batch of macOS security and bug fixes, Apple issued security patches for its Safari web browser (for macOS 10.13 and later), plus Apple Windows software, as well as tvOS and delayed notes about recent iOS and watchOS security patches.

macOS security patches, bug fixes, etc.

Apple posted macOS 10.15.5 today to patch a bunch of big security holes, plus patch updates for the two previous macOS versions it supports. (Apple no longer supports macOS 10.12 or any earlier versions.)

macOS 10.15.5 also adds features, including “battery health management”, plus a bunch of bug fixes, including kernel panics with RAID volumes, GPU-related freezes, sleep/wake bugs, authentication issues, T2 sound bugs, notification badge bugs, and more.

macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra

  • Processing a maliciously crafted image, audio file, or PDF file may lead to arbitrary code execution
  • A remote attacker may be able to cause arbitrary code execution
  • An application may be able to execute arbitrary code with kernel privileges
  • malicious application may be able to gain root privileges
  • Importing a maliciously crafted calendar invitation may exfiltrate user information
  • A remote attacker may be able to leak sensitive user information
  • A malicious website may be able to exfiltrate autofilled data in Safari
  • A malicious application may be able to bypass Privacy preferences
  • A malicious application may be able to break out of its sandbox
  • A file may be incorrectly rendered to execute JavaScript
  • Inserting a USB device that sends invalid messages may cause a kernel panic
  • [etc.]

Little Snitch security update

Little Snitch is privacy/firewall software for the Mac from Objective Development Software GmbH that monitors network activity and gives you control and visibility for data leaving your computer via network connections. Features include connection alerts with flexible blocking of outgoing traffic, including on-the-fly control, rules-based configuration (with several aids) and configuration profiles (e.g. for different locations or networks); DNS name based traffic filtering; network monitoring displays and snapshots (with details about traffic, history, hostnames, ports, geographic locations, etc., plus packet capture in PCAP format); an inbound firewall; a “research assistant” database to help identify networks and activities; and much more.

Little Snitch 4.5.2 is priced at $45 for OS X 10.11 and up. A demo mode functions for three hours at a time, for 30 days. (Little Snitch legacy versions support Mac OS X 10.2 and up.)

The latest release brings a security patch and should be installed promptly:

We highly recommend to update to this version soon because it fixes a possible privilege escalation.

  • Fixes a privilege escalation issue (CVE-2020-13095). Details about this issue will be revealed later.
  • Fixes an issue in the connection alert causing the user’s host/domain choice to be ignored under some rare circumstances.

Discussions

Email discussion talks about Apple Mail issues; Stunnel and Eudora; Postbox and Thunderbird; IMAP and POP; VFEmail follies; MailMate, GyazMail, and more.

Phone services discussion includes Ooma pricing and features, Vonage, and wiring; fax issues with VoIP; Obi, Google Voice and E911; POTS as backup; iOS Notes document scanning, and more.

Other updates include the following topics:

  • Apple security – iOS 14 leak; “unc0ver” zero-day jailbreak
  • Apple updates – App Store bugs and iOS 13.5; Mojave changes and confusion
  • AppleCare – Apple ID bug still unresolved after a month
  • Competition – Dell G5 laptops; market share; Windows Hyper-V for ARM
  • iOS 13 – user interface changes
  • Linux – Ubuntu 20.04; GNOME-Mac connection; reverting kernels; column view
  • Mac Pro (classic) – temperatures and fan control
  • macOS Mojave – sleep/wake bugs
  • Old systems – analog computers ruled the waves
  • Security – rampant supply chain vulnerabilities

Chromium: major security update

The Chromium web browser gets a bunch of high-priority security patches (including for CVE-2020-6465 to CVE-2020-6469, plus others) in the latest release, in conjunction with the “massive” overhaul of Chrome 83.

Chromium is an open-source web browser project on which Google Chrome is built, but it doesn’t include Google’s proprietary alterations, such as the hidden auto-update daemon and agent that wrecked Mac systems and caused other havoc. (Chromium also omits the Adobe/Pepper Flash plug-in with Flash’s many dangerous security flaws.)

Chromium 83.0.4103.61 is a free download for OS X 10.10 and up, available via SourceForge and via FreeSMUG. A separate Chromium updater extension checks FreeSMUG for new releases, and Chromium can also be installed and updated via Homebrew.

Chromium is available for Linux and Windows, too.