Monday, May 1, 2023

Secret Mac Security

Howard Oakley:

Apple is sadly no stranger to pulling updates. Ever since the days of classic Mac OS, there have been updates that have been rescinded faster than they appeared, sometimes leaving plenty of sick Macs in their wake. This week it seems to have been the turn of its latest anti-malware service XProtect Remediator to suffer this ignominy.

Not that this service officially exists. Since its tentative release in macOS Monterey 12.3 on 14 March 2022 and its rapid maturing during last summer, it has been given no more than an ambiguous byline in Apple’s Platform Security Guide, which doesn’t clearly differentiate the new malware scanner from the old XProtect.


At a little after 1700 GMT last Thursday, 27 April, Apple’s software update servers started offering an update labelled XProtectPayloads_10_15-96 which installed XProtect Remediator version 96 complete with its two new scanning modules for RankStank and RoachFlight. Within 12 hours, that was no longer available, and that new version has vanished without trace, notice or explanation.

I don’t understand why Apple is so secretive about its anti-malware efforts, especially in comparison with general security issues, which it documents very specifically.

See also: Accidental Tech Podcast.


Update (2023-05-02): John Gruber:

Seems a little weird that today’s RSR updates aren’t listed yet on Apple’s security updates page. In recent years Apple has been very diligent about updating this page upon the release of security updates. These new RSR updates seem to exist outside this documentation system for now.

See also: Howard Oakley.

Update (2023-05-03): Mr. Macintosh:

🚨 Apple has not shared the security content of the latest iOS & macOS Rapid Security Response Updates.

IMO update details should be shared for any Mac or iOS update that requires a restart.🖥

If you agree, please file feedback with Apple.📝

See also: Adam Engst.

Update (2023-05-19): Sören:

still no description of the security content of the RSR a few weeks ago. Was that the same patch? A different issue? Was it just a drill?


Update (2023-05-22): Gmarnin:

With the release of macOS 13.4, Apple has documented the what was in the RSR (Rapid Security Response macOS 13.3.1 (a)).

2 Comments RSS · Twitter · Mastodon

My guess is it’s marketing. They don’t want to associate their products with malware.

I mean, most of these silent updates aren't even visible in the UI; you can only get them automatically using a checkbox to install RSRs and "System data files", whatever that means (if the box isn't checked, you simply don't get the updates). You can see them after they're installed, in the System Profile (Software, Installations). Only with the "softwareupdate" CLI, and using the undocumented option "--include-config", can you actually see and install them manually. Bloody ridiculous.

Leave a Comment