This Monday, macOS 10.14.5 (and all the related updates) dropped. The timing was surprising, but became clearer when the news on a new group of Intel CPU vulnerabilities arrived as well.
10.14.5 brings some mitigations to these vulnerabilites, but to be sure, you would have to disable Hyperthreading on your CPU(s) which brings up to 40% performance hit.
With 10.14.5 the new notarization rules for applications and kernel extensions arrive as well. All of this is once again demonstrating the importance (and the challenges) of IT being able to quickly roll-out and support system updates.
There are still a few spots left for the “Introduction to Scripting macOS” class on May 27/28!
If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)
On Scripting OS X
News and Opinion
Apple Updates
- iOS 12.3
- macOS Mojave 10.14.5
- macOS Mojave 10.14.5 Developer Release Notes
- watchOS 5.2.1
- tvOS 12.3
- HomePod iOS 12.3
- Apple security updates
- Download macOS Mojave 10.14.5 Update
- Download macOS Mojave 10.14.5 Combo Update
Articles
- Apple Releases iOS 12.3 and tvOS 12.3 with New TV App, AirPlay 2 Support on Smart TVs – Ryan Christoffel, MacStories
- macOS updates released 5/13/19 – 10.14.5 Mojave (18F132) & (2019–003) – Mr Macintosh
- Apple releases first beta of macOS Mojave 10.14.6 (18G29g) – Mr Macintosh
Tweets
- mikeymikey: “macOS Mojave 10.14.5 (18F132)… ”
- Jason Broccardo on Twitter: “#macadmins n.b. the both the 10.14.5 and iTunes Device Support Update updates have trailing spaces when you are looking at the CLI
softwareupdatelisting. If you want to CLI install you’ll need to account for that.” - Marnin: “When using the Time Server payload on earlier version of macOS 10.14, the time zone was not getting set properly.”
- Ken Case: “Today Apple released macOS Mojave 10.14.5, which fixes a CoreAnimation drawing issue that was affecting customers using large OmniOutliner and OmniPlan documents. If you’re a Mac customer using Mojave, I strongly recommend updating!”
MDS/Zombieload
- MacAdmins: Microarchitectural Data Sampling (MDS) vulnerabilities – Jason Broccardo
- Additional mitigations for speculative execution vulnerabilities in Intel CPUs – Apple Support
- How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities – Apple Support
- Zombieloadattack and force updating MacOS – Alex Usov (Part 2)
- macOS, hyperthreading and Microarchitectural Data Sampling vulnerabilities – Rich Trouton
- Anthony Reimer: “I’ve made a minor update to my Mac Obsolescence Chart to highlight the old Macs that can’t get the ZombieLoad vulnerability patch”
- William Smith: “Commands for a Mac management system to report whether hyper-threading is enabled with regard to ZombieLoad:
/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/grep "Hyper-Threading Technology" | /usr/bin/awk -F ": " '{ print $2 }'“Enabled” or “Disabled” ” - Greg Neagle: “Shorter, faster, and @Sacrilicious-compliant:
/usr/sbin/system_profiler SPHardwareDataType | /usr/bin/awk '/Hyper-Threading Technology: / { print $3 }'” - Allister: “Just, syscuddle Backwards compliant and 100x faster (
/usr/sbin/sysctl machdep.cpu.features | grep -c HTTto be exact)” - Adam Codega: “This hyperthreading thing is perfect for help desks. Got a slow computer? Clear the NVRAM!”
MacAdmins on Twitter
- Caleb Coy: “Was just reminded that the #macadmins Slack community turns 4 this weekend. I don’t know about y’all, but a lot has happened for me in that time and having this community has helped so much.”
- Daniel Jalkut: “Heads up Mac developers: the ”codesign –preserve-entitlements=runtime“ parameter does not actually preserve the runtime flag. Radar #50697511.”
- Timo Perfitt: “Interesting that the additional recovery partition key combos are only available if you have installed 10.12.4 or later at least once.”
- Adam Codega: “A configuration profile is never late. Nor is it early; it arrives precisely when it means to.”
- Kitzy: “macOS Mojave 10.14.5 has been out for over 48 hours now. Still no sign of it in Jamf’s patch management. It’s frustrating that Jamf finally got the mechanics of patch management down but crippled it by making us all rely on Jamf for patch definitions that are slow to update.”
- Ricky Mondello: “Did you know that you can drag Safari’s Downloads popover by its title into being a detached, free-standing window, so you can more easily monitor your long-running downloads?”
Bugs and Security
- Technical Details on the Recent Firefox Add-on Outage – Eric Rescorla, Mozilla Hacks
- Security bulletin for Adobe Acrobat and Reader | APSB19–18
- Important Oracle JDK License Update – Felix Grant, dataJAR
Support and HowTos
- The Mac Admins Podcast – Anthony Reimer
- When does Mojave check an app’s signature? The answer isn’t entirely consistent – Howard Oakley
- Apple released official guide on Secure Tokens – Frederick Abeloos
- Mojave 10.14.5 changes kernel extension security – Howard Oakley
- Final wrap-up on Secure Tokens – Frederick Abeloos
- What is Gatekeeper, and where can I see it? – Howard Oakley
Scripting and Automation
- Checking your app’s own signature – Howard Oakley
- Jamf Cat Report – Nathaniel Strauss
- NoMAD Login and Jamf Connect EAs for Jamf Pro – Nathaniel Strauss
Updates and Releases
- Chromebook Automaton with MDS 1.8 – Tim Perfitt, Twocanoes
- xattred 1.0
- BBEdit 12.6.4 (Mac AppStore, direct download)
To Listen
Just for Fun
Support
There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!
- Weblog
- Weekly Email Newsletter (TinyLetter)
- Apple News
- Micro.blog
- Mastodon.social
If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!