{"id":39236,"date":"2023-05-01T15:06:56","date_gmt":"2023-05-01T19:06:56","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=39236"},"modified":"2023-05-22T11:51:48","modified_gmt":"2023-05-22T15:51:48","slug":"secret-mac-security","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2023\/05\/01\/secret-mac-security\/","title":{"rendered":"Secret Mac Security"},"content":{"rendered":"<p><a href=\"https:\/\/eclecticlight.co\/2023\/04\/30\/last-week-on-my-mac-secret-security\/\">Howard Oakley<\/a>:<\/p>\n<blockquote cite=\"https:\/\/eclecticlight.co\/2023\/04\/30\/last-week-on-my-mac-secret-security\/\"><p>Apple is sadly no stranger to pulling updates. Ever since the days of classic Mac OS, there have been updates that have been rescinded faster than they appeared, sometimes leaving plenty of sick Macs in their wake. This week it seems to have been the turn of its latest anti-malware service XProtect Remediator to suffer this ignominy.<\/p><p>Not that this service officially exists. Since its tentative release in macOS Monterey 12.3 on 14 March 2022 and its rapid maturing during last summer, it has been given no more than an <a href=\"https:\/\/support.apple.com\/guide\/security\/sec469d47bd8\/1\/web\/1\">ambiguous byline<\/a> in Apple&rsquo;s Platform Security Guide, which doesn&rsquo;t clearly differentiate the new malware scanner from the old XProtect.<\/p><p>[&#8230;]<\/p><p>At a little after 1700 GMT last Thursday, 27 April, Apple&rsquo;s software update servers started offering an update labelled <code>XProtectPayloads_10_15-96<\/code> which installed XProtect Remediator version 96 complete with its two new scanning modules for RankStank and RoachFlight. Within 12 hours, that was no longer available, and that new version has vanished without trace, notice or explanation.<\/p><\/blockquote>\n\n<p>I don&rsquo;t understand why Apple is so secretive about its anti-malware efforts, especially in comparison with general security issues, which it documents very specifically.<\/p>\n\n<p>See also: <a href=\"https:\/\/atp.fm\/531\">Accidental Tech Podcast<\/a>.<\/p>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2023\/04\/28\/macstealer-malware\/\">MacStealer Malware<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/08\/30\/active-mac-malware-scans\/\">Active Mac Malware Scans<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2022\/08\/15\/xprotect-remediator\/\">XProtect Remediator<\/a><\/li>\n<\/ul>\n\n<p id=\"secret-mac-security-update-2023-05-02\">Update (2023-05-02): <a href=\"https:\/\/daringfireball.net\/linked\/2023\/05\/01\/rsrs-for-ios-16-macos-13\">John Gruber<\/a>:<\/p>\n<blockquote cite=\"https:\/\/daringfireball.net\/linked\/2023\/05\/01\/rsrs-for-ios-16-macos-13\">\n<p>Seems a little weird that today&rsquo;s RSR updates aren&rsquo;t listed yet on <a href=\"https:\/\/support.apple.com\/en-us\/HT201222\">Apple&rsquo;s security updates page<\/a>. In recent years Apple has been very diligent about updating this page upon the release of security updates. These new RSR updates seem to exist outside this documentation system for now.<\/p>\n<\/blockquote>\n\n<p>See also: <a href=\"https:\/\/eclecticlight.co\/2023\/05\/02\/what-is-a-rapid-security-response-rsr\/\">Howard Oakley<\/a>.<\/p>\n\n<p id=\"secret-mac-security-update-2023-05-03\">Update (2023-05-03): <a href=\"https:\/\/twitter.com\/ClassicII_MrMac\/status\/1653477091143237632\">Mr. Macintosh<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/ClassicII_MrMac\/status\/1653477091143237632\">\n<p>&#x1F6A8; Apple has not shared the security content of the latest iOS &amp; macOS Rapid Security Response Updates.<\/p>\n<p>IMO update details should be shared for any Mac or iOS update that requires a restart.&#x1F5A5;<\/p>\n<p>If you agree, please file feedback with Apple.&#x1F4DD;<\/p>\n<\/blockquote>\n\n<p>See also: <a href=\"https:\/\/tidbits.com\/2023\/05\/02\/what-are-rapid-security-responses-and-why-are-they-important\/\">Adam Engst<\/a>.<\/p>\n\n<p id=\"secret-mac-security-update-2023-05-19\">Update (2023-05-19): <a href=\"https:\/\/norden.social\/@chucker\/110395004575815355\">S&ouml;ren<\/a>:<\/p>\n<blockquote cite=\"https:\/\/norden.social\/@chucker\/110395004575815355\">\n<p>still no description of the security content of the RSR a few weeks ago. Was that the same patch? A different issue? Was it just a drill?<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2023\/05\/18\/macos-13-4\/\">macOS 13.4<\/a><\/li>\n<\/ul>\n\n<p id=\"secret-mac-security-update-2023-05-22\">Update (2023-05-22): <a href=\"https:\/\/hachyderm.io\/@gmarnin\/110397886183875910\">Gmarnin<\/a>:<\/p>\n<blockquote cite=\"https:\/\/hachyderm.io\/@gmarnin\/110397886183875910\">\n<p>With the release of macOS 13.4, Apple has documented the what was in the RSR (Rapid Security Response macOS 13.3.1 (a)).<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Howard Oakley: Apple is sadly no stranger to pulling updates. Ever since the days of classic Mac OS, there have been updates that have been rescinded faster than they appeared, sometimes leaving plenty of sick Macs in their wake. This week it seems to have been the turn of its latest anti-malware service XProtect Remediator [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2023-05-01T19:06:59Z","apple_news_api_id":"0767819a-65cd-4c34-91fd-bf7e54665544","apple_news_api_modified_at":"2023-05-22T15:51:50Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABw==","apple_news_api_share_url":"https:\/\/apple.news\/AB2eBmmXNTDSR_b9-VGZVRA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[30,2223,504,48],"class_list":["post-39236","post","type-post","status-publish","format-standard","hentry","category-technology","tag-mac","tag-macos-13-ventura","tag-malware","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=39236"}],"version-history":[{"count":9,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39236\/revisions"}],"predecessor-version":[{"id":39459,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/39236\/revisions\/39459"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=39236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=39236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=39236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}