The gk.db database, a new security resource in Catalina that blocks developers by Team ID and which may be related to Notarization, resides within the XProtect bundle's Resources folder. The 10.15.1 and 10.15.2 versions turn out to have different shasums, and if you dump the SQLite3 databases and run a diff on them they might seem at first. Apple released an update for macOS Catalina that includes the new Battery Health Managment feature for MacBooks, and a new option to turn off user zoom in FaceTime chats. There are also several bug. MacOS Catalina 10.15.5 introduces battery health management in the Energy Saver settings for notebooks, an option to control automatic prominence of video tiles on Group FaceTime calls, and controls to fine-tune the built-in calibration of your Pro Display XDR. The update also improves the stability, reliability, and security of your Mac. DriverKit is a new SDK with all-new frameworks based on IOKit, but updated and modernized. It is designed for building device drivers in userspace, outside of the kernel. Mac apps, installer packages, and kernel extensions that are signed with a Developer ID must be notarized by Apple to run on macOS Catalina.
It's been two months since Apple dropped the initial release of macOS Catalina, and after a rapid few supplemental updates and a first point upgrade in the first month, things appear to have slowed down to a normal cadence. This week, Apple dropped the public release of 10.15.2, a full month after showing developers the first beta. So, what's changed in this update? New mac os 10 14. Let's take a look and see!
Features and Tweaks
After installing the 10.15.2 update, users should find they are now on build 19C57. While point updates are not typically opportunities for Apple to add new features, 10.15.2 does bring a small number of user level additions.
Apple News receives a new layout and now carries content from the Wall Street Journal and other 'leading newspapers', while Stocks adds links to related content at the end of articles. The Music app restores column browser view for managing the music library, while iTunes Remote now supports using an iOS device to remotely control the Music and TV apps on a Mac. More details are provided by Apple here.
Bug Fixes
The 10.15.2 update brings six patches for what appear to be privilege escalations in, among other APIs and services, CFNetwork Proxies (CVE-2019-8848), the Kernel (CVE-2019-8833, ) and Security (CVE-2019-8832).
There is also a fix for an arbitrary code execution bug in FaceTime (CVE-2019-8830) when handling a maliciously crafted video, and Catalina's Bluetooth receives a patch for CVE-2019-8853 which could allow an application to read restricted memory.
Apple also finally applied a patch for the opensource tcpdump and libpcap networking utilities. That patch has been available since September, but for reasons only Apple know this didn't make the cut for the initial release of Catalina in October or the first point update after that. Having now just made it into macOS, it's worth noting that the tcpdump
4.9.3 and libpcap
version 1.9.1 are exclusive to Catalina, at least at the moment. Mojave and earlier OSs haven't received the updated versions, which plug an astonishing 32 vulnerabilities with CVEs stretching back all the way from 2017 to 2019. While the vulns all have ‘Modified' status in the NIST database, they at least have a description indicating the issue, save for the most recent one, CVE-2019-15167, which remains reserved.
Apple's security notes also gave additional recognition to Kishan Bagaria and Tom Snelling for their assistance in what Apple have only described as an issue in 'Accounts'. The same recognition also appears in the iOS and iPadOS 13.3 release notes. Bagaria has published a blog post detailing an iOS/iPadOS bug that allows a malicious user to cause a Denial-of-Service attack on nearby devices that have AirDrop enabled. Whether the bug applied to macOS as well hasn't been mentioned, but credit in the Catalina security release notes suggests that macOS may have either been susceptible to some version of 'AirDoS', as Bagaria has dubbed it, or needed some kind of update to maintain AirDrop compatibility with patched mobile devices.
Security Changes Apple Didn't Announce
As usual with macOS updates, there's a few things under the hood that have occurred that Apple do not make public statements about but which are nevertheless of interest to the security community. As described by researcher Scott Knight and independent macOS developer and blogger Howard Oakley, 10.15.2 has seen some important changes to XProtect. Mac vs pc for adobe premiere.
Let's take a look at the two XProtect bundles side by side to see how they differ. Here, I've made local copies of the original 10.15.1 and 10.15.2 bundles so that I can safely mess with them.
As we can see, the version number has been bumped in the Info.plist and version.plist files from v2108 to v2109.
The most obvious change is in the XProtect.yara
files, with the updated file having increased in size from 44KB to 51KB. Let's run a diff on them and output only the additions to a new text file (here I've changed the respective file names to make it easier to see which is which).
$ diff XProtect_10_15_1.yara XProtect_10_15_2.yara | grep > | sed 's/>//' >> Xprotect_new.txt
Let's examine that in Vi and see what we've got. There's 109 additional lines.
We can do a quick grep
to see how many rules or new families there are.
$ grep 'rule XProtect_' Xprotect_new.txt
It appears there are 7 new families, three of which – MACOS_7726045, MACOS_0dd569a, and MACOS_bca65d5 – have a curious new meta label gk_first_launch_only
set to the value of true
.
$ grep -B3 'gk_first' Xprotect_new.txt
As one of the changes made to Catalina's Gatekeeper protections is to include security checks not just on first launch but at unspecified times after that, it's plausible that this label may be related to that, perhaps telling XProtect to skip these checks on code that's already been checked and passed. At this point that remains speculation until we've had further time to correlate the rules against actual samples (a list of samples that match the rules has already been collated by Scott Knight here).
Importantly, macOS users that are still on Mojave 10.14.6 or earlier should be aware that at present the v2109XProtect update has not been seeded to those earlier macOS versions, so you are only getting the updated protection if you are on Catalina.
The gk.db database, a new security resource in Catalina that blocks developers by Team ID and which may be related to Notarization, resides within the XProtect bundle's Resources folder. The 10.15.1 and 10.15.2 versions turn out to have different shasums, and if you dump the SQLite3 databases and run a diff
on them they might seem at first glance to be different. In fact, the two databases have identical contents, but the data in the tables appears to have been sorted differently.
There does not appear to have been any significant change to Apple's other security technology, the MRT (Malware Removal Tool) app. The executable does have a different shasum on 10.15.2, though:
However, MRT.app's version number remains the same as it is on both 10.15.1 and 10.14.6 at v1.50. Examination of the executables indicates the 10.15.2 version to be functionally identical to 10.15.1 despite the change in hash. The differing shasum
looks to be simply a consequence of the application being re-signed. If you go looking for MRT.app, remember that on Catalina it has moved from /System/Library/CoreServices
folder to /Library/Apple/System/Library/CoreServices
, and now only keeps company with a few other security related tools. An alias is provided to this location from the main CoreServices folder in /System/Library/CoreServices
.
Update
Just as we prepared this post, Apple dropped another XProtect update – it's nice to see them coming so frequently again! – v2110. Analysis shows that this seems to be a correction for errors in 2109, including removing the three rules that contained the gk_first_launch_only
meta tag.
There was also an update to MRT.app, bringing it to version 1.51. The only change seems to have been adding a new variant of Bundlore commodity adware, BundloreFamilyE
.
Conclusion
As always, users are reminded that timely patching is a crucial part of your security posture. As Catalina begins to mature and the number of security bug fixes that haven't been back ported to Mojave and earlier grows, the urgency for those that haven't yet made the jump to 10.15 to update will only increase.
Remember also that whether you're running the latest macOS or an older, unpatched version, the built-in security tools are only going to block known malware families, and then only temporarily until the malware authors modify their code to avoid simple string search matches like those used in XProtect. To ensure that your devices are fully-protected, an on-device security solution that employs behavioral detection is the safest bet.
Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.
Read more about Cyber Security
macOS Catalina gives you more of everything you love about Mac. Experience music, TV, and podcasts in three all-new Mac apps. Enjoy your favorite iPad apps now on your Mac. Extend your workspace and expand your creativity with iPad and Apple Pencil. And discover smart new features in the apps you use every day. Now you can take everything you do above and beyond.
Check compatibility
If you're using one of these computers with OS X Mavericks or later,* you can install macOS Catalina. Your Mac also needs at least 4GB of memory and 12.5GB of available storage space, or up to 18.5GB of storage space when upgrading from OS X Yosemite or earlier.
MacBook introduced in 2015 or later
MacBook Air introduced in 2012 or later
MacBook Pro introduced in 2012 or later
Mac mini introduced in 2012 or later
iMac introduced in 2012 or later
iMac Pro (all models)
Mac Pro introduced in 2013 or later
* To upgrade from Lion or Mountain Lion, first upgrade to El Capitan, then upgrade to Catalina. To find your macOS version, Mac model, memory, and storage space, choose About This Mac from the Apple menu . If your Mac isn't compatible with macOS Catalina, the installer will let you know. View the complete list of compatible computers.
Make a backup
Before installing any upgrade, it's a good idea to back up your Mac. Time Machine makes it simple, and other backup methods are also available. Learn how to back up your Mac.
Get connected
Catalina Mac Os New Features
It takes time to download and install macOS, so make sure that you have a reliable Internet connection. If you're using a Mac notebook computer, plug it into AC power.
Download macOS Catalina
If you're using macOS Mojave, get macOS Catalina via Software Update: Choose Apple menu > System Preferences, then click Software Update.
Or use this link to open the macOS Catalina page on the App Store: Get macOS Catalina. Then click the Get button or iCloud download icon.
Begin installation
After downloading, the installer opens automatically.
Windows vista 32 bit turkce iso indir. Click Continue and follow the onscreen instructions. You might find it easiest to begin installation in the evening so that it can complete overnight, if needed.
If the installer asks for permission to install a helper tool, enter the administrator name and password that you use to log in to your Mac, then click Add Helper.
Allow installation to complete
Please allow installation to complete without putting your Mac to sleep or closing its lid. https://unicfirstmama.weebly.com/dock-1-0-3-customize-your-dock-settings.html. Your Mac might restart, show a progress bar, or show a blank screen several times as it installs both macOS and related updates to your Mac firmware.
Stay up to date
After installing macOS Catalina, you will be notified when updates to macOS Catalina are available. You can also use Software Update to check for updates: Choose Apple menu > System Preferences, then click Software Update.
Or get macOS Catalina automatically
If you're using OS X El Capitan v10.11.5 or later and your App Store preferences or Software Update preferences are set to download new updates when available, macOS Catalina will download conveniently in the background, making it even easier to upgrade. A notification will inform you when macOS Catalina is ready to be installed. Click Install to get started, or dismiss the notification to install later. When you're ready to install, just open the file named Install macOS Catalina from your Applications folder.
What Is New With Mac Os Catalina Os
Learn more
Mac Os Before Catalina
- If the installer shows a list of apps that are not optimized for your Mac, learn about 32-bit app compatibility, then choose whether to proceed with the installation.
- For the strongest security and latest features, upgrade to macOS Catalina. If you have hardware or software that isn't compatible with Catalina, you might be able to install an earlier macOS, such as Mojave, High Sierra, Sierra, or El Capitan.
- You can also use macOS Recovery to reinstall macOS.