Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Pushes Another Automatic Mac Software Update to Address Further Zoom-Related Vulnerabilities
- Thread starter MacRumors
- Start date
- Sort by reaction score
The iPhone does the exact same thing. There's an automatically updated app block list. (Remember Facebook got their VPN app blocked.) When you plug in a MFi or first-party accessory, the iPhone again checks the authentication signature/firmware online and blocks or updates it as necessary.
Last edited:
For security issues? Yes! But iPhone you can't install apps without going through App Store, which can pull the app and prevent it from operating. so its less likely to be an issue. You are kind asking: "if someone found a nasty virus on Windows and MS pushed out a security fix (as they have done from time to time), is that a problem?"
[doublepost=1563305078][/doublepost]
I know if you use Google chrome, they push a "GoogleSoftwareUpdateAgent" on you. Its google so who knows what else they are doing with it, kind scary to think about it.
[doublepost=1563305318][/doublepost]
Not exactly. Developers have specific rules and guidelines to follow about what they can and cannot do on the security model. When they are egregiously found to be bypassing security to do nefarious things on your computer, absolutely - SHUT THEM DOWN. You probably noticed that the companies didn't have a consent option to allow this on your computer? Also, how would you feel if this crap was placed on a computer that could spy on your daughter, or any other child (or adult)? LOCK THEM UP!
[doublepost=1563305414][/doublepost]
and thank-goodness for the zero-day folks. find, inform, monitor, and if they don't fix, release to public!
Ever use Google Play Services on an Android? Google pushes updates to you whether you like it or not.
Actually this time there are 2 softwares apple pushed out together : Gatekeeper 172 AND MRT 1.46.
Sometimes they install automatically but often they don't.
To check which versions you have, do this in terminal:
For gatekeeper:
/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /private/var/db/gkopaque.bundle/Contents/Info.plist
For MRT:
/usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /System/Library/CoreServices/MRT.app/Contents/Info.plist
If the numbers reported are lower than 172 and 1.46 respectively you can install them manually. If you have catalina however, you'll have to disable SIP first.
Gatekeeper 172 for Mountain Lion to Catalina:
http://swcdn.apple.com/content/down...3kpgv4lqzk4tyqpc9fni/GatekeeperConfigData.pkg
and
MRT 1.46 for El Capitan to Mojave:
http://swcdn.apple.com/content/down...ag5hnd5xt2reksjor2qhm/MRTConfigData_10_14.pkg
MRT 1.46 for Catalina:
http://swcdn.apple.com/content/down...aoy617oms0kjhlhcg7nyl/MRTConfigData_10_15.pkg
Last edited:
Except this isn’t an OS update... It’s a signature for the malware removal tool.
Ah. In any case, it’s the exact same kind of thing as the weekly Microsoft Malware Removal Tool. I don’t see why people get in a big tizzy about it unless it’s just to be ridiculous.
For those worried about Apple pushing out auto silent updates.
My understanding is that Apple's updates they publish via Gatekeeper/MRT are more akin to what Microsoft pushes through Windows Defender/Security Essentials than say a Windows service-pack/Security patch.
It's not so much an OS update as an update to what those tools are looking for as malware and how to deal with that malware.
My understanding is that Apple's updates they publish via Gatekeeper/MRT are more akin to what Microsoft pushes through Windows Defender/Security Essentials than say a Windows service-pack/Security patch.
It's not so much an OS update as an update to what those tools are looking for as malware and how to deal with that malware.
So there wouldn't open a window with the video from the webcam right ?
And would there still be the green dot next to the webcam?
I am really curious how far these 2 apps could have gone
[doublepost=1563307307][/doublepost]
Thanks man! Really appreciate it - Was 94 respectively 1.40 on 10.14.5 - Don't know why
And would there still be the green dot next to the webcam?
I am really curious how far these 2 apps could have gone
[doublepost=1563307307][/doublepost]
Thanks man! Really appreciate it - Was 94 respectively 1.40 on 10.14.5 - Don't know why
Are you for real?
I trust Apple BECAUSE they forced a security update.
When I bought a Mac, I bought a computer whose security “just works” and is more dependable than competitors. Thankfully that’s true months and years after paying for it too.
You bought the same. Go get a PC and see how that fares with your optional security.
The rest of the updates are optional. Bizarre how you’re arguing your privacy should be as well.
Last edited:
This is not the end of it.
According to 9to5mac : https://9to5mac.com/2019/07/16/ringcentral-and-zhumu-macos-update/
"Unfortunately, RingCentral and Zhumu aren’t the only video conferencing apps that use Zoom’s code. Apple says that it hopes to patch the vulnerability for all of Zoom’s partner apps in the coming days."
So we are likely to see new updates soon - again.
Thanks for that! Neither had installed on my MacBook Pro running High Sierra.
Problem is if you don't auto-install security updates, it seems macOS doesn't tell you they exist - unlike normal software updates.
Last edited:
Did you vehemently agree to have the webserver installed? And did you vehemently agree that Zoom should leave it there when you "uninstall" their software? Did they get your consent to drop that payload on there, and then happen to leave it behind on their exit?
As for why Apple gets a pass, because they have NEVER abused this ability in my memory, and have only ever used it for very egregious situations like this, not to mention the trust they earned by focusing on data security and privacy for their users for many years now. There is nothing about the pass that was free. They worked hard for it.
Apple is on a rampage of annihilating grotesque third party behavior, and I for one support it.
Imagine if Facebook had done this for Cambridge Analytica!
This is necessary for any device to have at least a modicum of security. Somebody needs to have the ability to remove malware, and it's never going to be the user, since they have no way of knowing the software is there. This is a valid and significant part of Apple's security sales pitch: they're protecting your rights to your Mac/iPhone/iPad/Apple Watch, etc., just as they promised to do.
I hope these automatic updates are fully tested before being pushed out; I remember a few years ago they pushed out one that broke networking. There is no excuse for releasing an untested update, yet I don't recall getting a word of apology out of Apple for it.
Many thanks. To check I have used an awesome application known as SilentKnight (formerly EFIcienC):
SilentKnight 1.0 takes over from EFIcienC for checking and updating security data
https://eclecticlight.co/2019/07/15...cienc-for-checking-and-updating-security-data
On the other hand, just for curiosity, is there a web page where those Apple macOS silent updates are listed? Thanks again.
No it is NOT a software update. It's update of security signature data of gatekeeper, something like the 'virus definition' of antivirus software. It is basically a blacklist that tells the system not to launch certain softwares automatically.
[doublepost=1563348226][/doublepost]
Any chance you’re willing to share your script?It’s a shame that you’d even need to make something like that, especially having to run regularly.
Get EtreCheckPro. It can do the diagnostic task and provide interactive interface for you to clean up manually.
Anyone who is up in arms about windows automatic deliveries of patches, but turns around and thinks Apple is perfectly angelic for doing it, is a hypocrite.
It's unfortunate that no matter what platform you are running on right now, there are so many new security vulnerabilities everyday to the point that if you don't update, you are at risk.
I agree with you that I want controls over what I deliver. But the problem comes down to the people who do not understand what patching is, what it affects and why it's important. it's the problem Microsoft Ran into for decades under the previous model of optionally applying updates whenever the user felt like updating.
Microsoft was getting constantly sued by users who felt that it was Microsofts responsibility to push the updates and keep them secure. Hence microsoft going to automatic forced updates for most users. Even that didn't quiet the people screaming and sueing.
patching is a "damned if you do, damned if you dont" prospect for OS users. Apple gets a "free pass" for many becaue they don't treat Apple like a software company but a lifestyle company, and don't hold them to the same standards they'd hold other software companies.
I keep a list of all available macOS updates here.
https://mrmacintosh.com/macos-system-status-version-info-for-macadmins/
I also just posted a large info page for the Zoom Vulnerability here.
https://mrmacintosh.com/zoom-vulnerably-round-2-10-more-variants-index-of-mrt-links-info/
You'd have a point if Microsoft did their updates correctly, but they don't. Who in their right mind thinks it's ok to force an update right when you're trying to shut down at the end of the day, or just as bad, when you're trying to get started in the morning? You don't force people to wait for your updates. You figure out a way to do them in the background, or you wait.