Apple has required macOS developers to comply with many modern security practices. John explores the next logical step.
After the controversy surrounding Zoom and its hidden web server, Apple is pushing a hidden Mac update that removes it.
In the latest issue of Mac Format magazine, Adam Banks writes a guide on how to stay safe online. This is a PDF version and on page 66.
Using a Mac makes you safer than average when going online. That’s partly because of Apple’s efforts to secure the operating system; partly because the Mac App Store gives you somewhere to get most of your third-party software safely. It’s also partly because bad actors – in the security industry sense, not the Hollyoaks sense – tend to be less interested in targeting macOS. But that doesn’t mean either you or your Mac can’t get fooled. Know your way around the common risks and basic protections to keep yourself out of harm’s way.
This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.
Dave and Kelly recap the first day of WWDC including the (public) keynote address and the State of the Union, new hardware, and new software.
Security researcher Patrick Wardle found he can bypass macOS security by using synthetic clicks built with AppleScript.
Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.
Mr. Wardle refers to this as a “second stage” attack, because the hacker or malware needs access to your Mac to exploit this bug.
Bryan Chaffin and Andrew Orr join host Kelly Guimont for a discussion of walled-off sections of the internet and a look ahead at WWDC.
Project Marzipan, bringing iOS apps to the Mac, is not a prelude to merging the OSes. It’s actually a protective measure for macOS.
Pandora announced today that the Pandora desktop app for macOS is now available to download, giving you full-featured access to the streaming service.
EVE Online is an MMO where gamers can build and pilot spaceships and explore the universe. Today the company will start using direct upstream Wine versions for its Mac client.
On rollout, Mac users will no longer need to run a wrapper to execute a 32-bit client on their native 64-bit operating systems, which will allow the EVE client to make better use of system resources and resolve a number of long standing issues that pilots who are playing on Mac experience.
Using upstream Wine will also improve the speed at which updates will reach our pilots who’re playing on Mac, with a multitude of Mac compatibility improvements becoming available to all Mac users with this single release.
Dave Mark brought up a good question regarding Jason Snell’s article, which is about how the Mac won’t be locked down like iOS with the introduction of Marzipan apps.
Will I be able to download a Marzipan app from a developer’s site and just run it on my Mac? Or will Marzipan restrict apps to the Mac App Store?
I have a feeling they will be restricted to the MAS. If Mark Gurman is right, Apple plans to merge iPhone, iPad, and Mac apps into a single download. After that, the two App Stores could be merged. Locking Marzipan apps would be the logical first step down that road.
Bryan Chaffin is joined by guest cohost Ken Ray for a spirited look into Apple’s earnings report. The two also weigh the real meaning behind Apple’s outward emphasis on services and what that means for Apple hardware. They cap the show with a rant about AT&T’s fake 5G. Spoiler: AT&T’s claims of a “5G” network are fake.
Bloomberg’s Mark Gurman got the goods on Apple’s WWDC software plans. Highlights include several improvements to Maps that I’m looking forward to. Apple is also improving the Health app, Reminders, adding audio book support to Apple Watch, a standalone app for the Apple Watch App Store on the watch itself, new Watch complications and faces, improved share sheet in iOS, combined Find my Friends and Find My iPhone, improved iMessage, an updated Books app with a reward system, and much more. There’s a ton of information in this piece, and it’s a good read.
John Martellaro and Andrew Orr join host Kelly Guimont to discuss parental control apps and the (non) inevitable merge of macOS and iOS.
macOS and iOS need not merge in order to lead the way forward. Perhaps all that’s required are shifting perspectives by the primary generation of users.
Bryan Chaffin and John Martellaro join host Kelly Guimont to discuss the possiblity of Marzipan updates to iTunes, and the future of macOS.
German video editor Thomas Weinreich created a concept video that gets rid of the desktop metaphor on macOS. Replacing it is a user interface similar to what we get with the iPad. Windowed apps are replaced by full screen apps that can be displayed into multi-window Split Views. Like Ben Lovejoy said, it seems like maybe it could be similar to what Apple is thinking of. However, I personally don’t believe the rumors of a macOS/iOS hybrid. Additionally, this concept paradigm doesn’t make sense on Macs that don’t have touchscreens. The macOS desktop metaphor might be aged, but I think it makes sense for devices that use a mouse or trackpad. What do you think?
The RSA Conference is a series of computer security conferences. This year, security researcher Patrick Wardle announced a new tool for Macs called GamePlan.
…GamePlan, a tool that watches for potentially suspicious events on Macs and flags them for humans to investigate. The general concept sounds similar to other defense platforms, and it hooks into detection mechanisms—has a USB stick been inserted into a machine? has someone generated a screen capture? is a program accessing a webcam?—Apple already offers in macOS. But GamePlan, cleverly written with Apple’s GameplayKit framework, collects all of this data in a centralized stream and uses the videogame logic engine to process it.
I use a couple of Mr. Wardle’s security tools. I look forward to downloading GamePlan.
Google publicly disclosed a zero-day flaw in macOS found by two researchers after Apple failed to fix it within a 90-day deadline.