macOS Mojave 10.14.6 Patches a Security Hole

· · Link

Along with iOS 12.4.2 Apple is releasing macOS Mojave 10.14.6, a second supplemental update with security fixes.

If you’re running an earlier version of macOS then you will instead find Security Update 2019-005 for macOS High Sierra and Security Update for macOS Sierra available as system software updates.

The security issue as shared here fixes CVE-2019-8641: A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Answers and Tips for iCloud, iOS 13, iPhone 11, macOS, and More – Mac Geek Gab 781

· & · Mac Geek Gab Podcast

Answers and Tips for iCloud, iOS 13, iPhone 11, Mojave, and More – Mac Geek Gab 781

Lots of new stuff from Apple this week… and lots of technical landmines to navigate. Thankfully, you’ve been sending your questions into John and Dave, and they’ve been doing the research to get you answers. Listen to the answers to your questions – and everyone else’s, too! Press play, and enjoy learning at least five new things… one that might even save your bacon this week!

About the macOS Transparency Consent and Control System

· · Link

Mojave Desktop

The Eclectic Light Company writes:

The Transparency Consent and Control (TCC) system [in macOS] maintains a database of each user’s consents.

This article explains what you must do when uninstalling software in Mojave, and presumably Catalina, in order to remove previous consents for access to protected resources.

If you were to reinstall that software, you would see that it was immediately granted the same access as when it was removed, without your consent being sought again.

This is an interesting and informative article about the seldom discussed macOS TCC.

Prepare for 64-Bit Mac Apps With Go64

· · Cool Stuff Found

Go64 is a free piece of software that checks your Mac for 32-bit apps, which won’t work after macOS Mojave. Although you can do this manually with System Report, Go64 goes further. It takes an inventory of the apps on your Mac and see which ones are still 32-bit. Then, it helps you visit the developer’s website or search the web for update/upgrade information. It then keeps track of upgrade costs so you can add 64-bit apps to your budget. It’s made by St. Clair Software, makers of other great Mac apps like App Tamer, Default Folder X, Jettison, and HistoryHound. Best of all, Go64 is completely free. Download: Go64

Apple Releases Patch for ZombieLoad Flaw in Intel Chips

· · Link

ZombieLoad is a serious flaw affecting almost every Intel chip since 2011. Apple, Amazon, Google, and Microsoft have issue patches for it.

The tech giant said in an advisory that any system running macOS Mojave 10.14.5, released Monday, is patched. This will prevent an attack from being run through Safari and other apps. Most users won’t experience any decline in performance. But some Macs could face up to a 40 percent performance hit for those who opt-in to the full set of mitigations.

Crazy that Intel chips have had this since 2011. This is the first time I’ve heard of ZombieLoad.

Resetting Wi-Fi, Unlocking Your Mac, & Managing Secure Boot – Mac Geek Gab 756

· & · Mac Geek Gab Podcast

Resetting Wi-Fi, Unlocking Your Mac, & Managing Secure Boot - MGG 756

Are you making the most of your Apple TV? Do you know all the tricks the Finder has to offer? Are you managing Do Not Disturb effectively? Your fellow listeners have the answers, and John and Dave share and discuss them for you. Plus, your two favorite geeks answer some of your questions about Wi-Fi, Watch Unlocking, NAS, and more. Press play, listen, and enjoy learning at least five new things!

German Researcher Gives Apple Details of Mojave Keychain Flaw, Despite no Bug Bounty

· · Link

LONDON – Security researcher Linus Henze handed over all the detail of a macOS Keychain bug he discovered, AppleInsider reported. This is despite not receiving any money from Apple. The company does not have a bug bounty program. Mr. Henze had previously withheld the information. He wanted Apple to start offering a bug bounty for security flaws researchers bring them. He discovered an exploit which allowed apps to see passwords held in the macOS Mojave keychain.

German teenager Linus Henze has sent Apple full details of a Keychain security exploit that he demonstrated in early February, and has done so despite the company ignoring his previous conditions. Henze says that he has decided to reveal the details to Apple because the bug he’s found “is very critical and because the security of macOS users is important to me.”

Public macOS Mojave 10.14.4 Beta 3 Is Out

· · Link

The third public beta of macOS Mojave 10.14.4 is out two weeks after the second beta to developers.

The macOS Mojave update can be downloaded using the Software Update mechanism in the Mac App Store after downloading the appropriate profile from Apple’s beta testing website. Apple’s beta testing site gives users access to iOS, macOS, and tvOS betas.

macOS Mojave 10.14.4 will bring Apple News in Canada, Touch ID Safari Autofill, and automatic Dark Mode in Safari.

What Works in macOS Mojave. What Doesn't

· · Link

macOS Mojave on MacBook Pro

Other World Computing publishes a fantastic blog for customers called Rocket Yard.  Here’s a link to one from December by Tom Nelson that covers what works in macOS Mojave and what still does not. It’s full of technical insights and screenshots.  It is current as of version 10.14.2.