Reply to thread

Message

On occasion, I've posted about Apple's latest updates to macOS and what exploits they fix. However, I haven't mentioned much on the practical side about actual malware, other than a few surveys taken and the most common threats. In that regard, the esteemed Dr. Howard Oakley has released a series of articles after Apple's recent update to XProtect Remediator. The first article covers the KeySteal, HonkBox and BadGacha malware that are detected in that update. The second article covers how troubleshooting has changed with macOS security measures. The third article covers the efficacy of Ventura's signature checks.

Regarding code signing and Gatekeeper, Ventura has changed compared to previous versions, as stated in Dr. Oakley's second article:

From a practical standpoint, this has a significant impact on the effectiveness of the malware which he covers in the third article:

The takeaway is that not only do the prior versions of macOS not receive all of the latest patches, but the security features in Ventura are not present in earlier releases. While updates to XProtect and XProtect Remediator, along with the partial patches for prior versions, do provide some measure of safety, the best way to stay safe is to be on the latest version of macOS available.

I realize that not every user has the luxury to update as soon as possible, some software takes time to become compatible with updates to macOS, but that's on the third-party developers for that failure. End users are left in the position of potentially trading security for compatibility. Apple is currently testing Rapid Security Response in the latest macOS beta, which will become even more important for timely updates in the future.

As I have often said in this thread, unless you absolutely cannot update to the latest release of macOS, then it is best to upgrade as soon as possible. Historically, there have been some users who waited for a few updates after a major release of macOS before updating, because they believed it would be more stable, but this is an antiquated notion. Unless you can't update, either because of software compatibility or old hardware aging out, then the safest action is to update macOS whenever Apple pushes out an update, whether that be a major upgrade or a small patch. For further information, I recommend perusing Dr. Oakley's articles on the subject.

<blockquote data-quote="Colstan" data-source="post: 134334" data-attributes="member: 278">On occasion, I've posted about Apple's latest updates to macOS and what exploits they fix. However, I haven't mentioned much on the practical side about actual malware, other than a few surveys taken and the most common threats. In that regard, the esteemed Dr. Howard Oakley has released a series of articles after Apple's <a href="https://eclecticlight.co/2023/03/02/apple-has-just-released-an-update-to-xprotect-remediator/" target="_blank">recent update</a> to XProtect Remediator. The <a href="https://eclecticlight.co/2023/03/05/last-week-on-my-mac-keysteal-honkbox-and-badgacha/" target="_blank">first article</a> covers the KeySteal, HonkBox and BadGacha malware that are detected in that update. The <a href="https://eclecticlight.co/2023/03/06/how-troubleshooting-has-changed-with-macos-security/" target="_blank">second article</a> covers how troubleshooting has changed with macOS security measures. The <a href="https://eclecticlight.co/2023/03/07/do-venturas-signature-checks-work/" target="_blank">third article</a> covers the efficacy of Ventura's signature checks.Regarding code signing and Gatekeeper, Ventura has changed compared to previous versions, as stated in Dr. Oakley's second article:From a practical standpoint, this has a significant impact on the effectiveness of the malware which he covers in the third article:The takeaway is that not only do the prior versions of macOS not receive all of the latest patches, but the security features in Ventura are not present in earlier releases. While updates to XProtect and XProtect Remediator, along with the partial patches for prior versions, do provide some measure of safety, the best way to stay safe is to be on the latest version of macOS available.I realize that not every user has the luxury to update as soon as possible, some software takes time to become compatible with updates to macOS, but that's on the third-party developers for that failure. End users are left in the position of potentially trading security for compatibility. Apple is <a href="https://www.macrumors.com/2023/03/06/apple-releases-ios-16-4-rsr-b/" target="_blank">currently testing</a> Rapid Security Response in the latest macOS beta, which will become even more important for timely updates in the future.As I have often said in this thread, unless you absolutely cannot update to the latest release of macOS, then it is best to upgrade as soon as possible. Historically, there have been some users who waited for a few updates after a major release of macOS before updating, because they believed it would be more stable, but this is an antiquated notion. Unless you can't update, either because of software compatibility or old hardware aging out, then the safest action is to update macOS whenever Apple pushes out an update, whether that be a major upgrade or a small patch. For further information, I recommend perusing Dr. Oakley's articles on the subject.</blockquote>

[QUOTE="Colstan, post: 134334, member: 278"] On occasion, I've posted about Apple's latest updates to macOS and what exploits they fix. However, I haven't mentioned much on the practical side about actual malware, other than a few surveys taken and the most common threats. In that regard, the esteemed Dr. Howard Oakley has released a series of articles after Apple's [URL='https://eclecticlight.co/2023/03/02/apple-has-just-released-an-update-to-xprotect-remediator/']recent update[/URL] to XProtect Remediator. The [URL='https://eclecticlight.co/2023/03/05/last-week-on-my-mac-keysteal-honkbox-and-badgacha/']first article[/URL] covers the KeySteal, HonkBox and BadGacha malware that are detected in that update. The [URL='https://eclecticlight.co/2023/03/06/how-troubleshooting-has-changed-with-macos-security/']second article[/URL] covers how troubleshooting has changed with macOS security measures. The [URL='https://eclecticlight.co/2023/03/07/do-venturas-signature-checks-work/']third article[/URL] covers the efficacy of Ventura's signature checks. Regarding code signing and Gatekeeper, Ventura has changed compared to previous versions, as stated in Dr. Oakley's second article: From a practical standpoint, this has a significant impact on the effectiveness of the malware which he covers in the third article: The takeaway is that not only do the prior versions of macOS not receive all of the latest patches, but the security features in Ventura are not present in earlier releases. While updates to XProtect and XProtect Remediator, along with the partial patches for prior versions, do provide some measure of safety, the best way to stay safe is to be on the latest version of macOS available. I realize that not every user has the luxury to update as soon as possible, some software takes time to become compatible with updates to macOS, but that's on the third-party developers for that failure. End users are left in the position of potentially trading security for compatibility. Apple is [URL='https://www.macrumors.com/2023/03/06/apple-releases-ios-16-4-rsr-b/']currently testing[/URL] Rapid Security Response in the latest macOS beta, which will become even more important for timely updates in the future. As I have often said in this thread, unless you absolutely cannot update to the latest release of macOS, then it is best to upgrade as soon as possible. Historically, there have been some users who waited for a few updates after a major release of macOS before updating, because they believed it would be more stable, but this is an antiquated notion. Unless you can't update, either because of software compatibility or old hardware aging out, then the safest action is to update macOS whenever Apple pushes out an update, whether that be a major upgrade or a small patch. For further information, I recommend perusing Dr. Oakley's articles on the subject. [/QUOTE]

Verification: Number of states in our country minus the number of Supreme Court Justices?