Weekly News Summary for Admins — 2019-07-12

Apple released an unexpected update to the entry-level MacBook Air and MacBook Pro 13“ this week. What the new release replaces is interesting, as well: the non-retina entry level MacBook Air, the no-Touchbar 13” MacBook Pro, and the 12″ MacBook are all discontinued.

The iMac and the (cylinder) Mac Pro are the only remaining Mac models without a T2 chip. All current Mac models except the iMac Pro and the Mac Pro now require macOS 10.14 Mojave as their minimum OS.

We also got an interesting vulnerability story with the popular videoconferencing software Zoom. The reaction from Zoom was slow, they did not address the issue until the researcher published the problem, but Apple reacted much faster, adding the problematic local web server, that Zoom installed to bypass some of the system’s user security to macOS’s Malware Removal Tool’s list of, well, malware within 24 hours.

Finally, I am going to give a half-day class based on the ‘Moving to zsh’ article series at our offices in Amsterdam on September 6. If you are wondering why Apple is changing the default shell, how it will affect you, and how you can increase your Terminal productivity with zsh, then sign up here!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

• Build a shellcheck installer for macOS
• Moving to zsh, part 5: Completions (part 1)

News and Opinion

• MacBook Air and MacBook Pro updated for back-to-school season – Apple
• Apple Discontinues 12-Inch MacBook – Joe Rossignol, MacRumors
• Apple significantly lowers Mac SSD upgrade pricing, 1 TB MacBook Air now available – Benjamin Mayo, 9to5Mac
• On PASCAL – Charles Edge
• Last Week on My Mac: Useless information – Howard Oakley
• No Algorithms Follow-Up – Brent Simmons

macOS Catalina and iOS 13

• A Word About Apple’s OS Betas – Max Seelemann, Ulysses Blog
• 7 Big Security Surprises Coming to macOS 10.15 Catalina – SentinelOne

MacAdmins on Twitter

• Sisyphus-J: “MacOS/iOS Entitlement database now updated for MacOS 15 and iOS 13 beta 3. with over 150 more daemons and 500 more entitlements.. including such fine gems as com.apple.rootless.kext-more-securer-management http://newosxbook.com/ent.jl”
• Mustafa Hussain: “In macOS, when you drop a Calendar event into the Terminal, the Terminal adopts the event’s color. As it should.… ”
• Steve Troughton-Smith: “Disasters like Zoom are why the Mac gets progressively more locked-down, and why commandline tools and daemons can’t be exempt from signing & security. By default, we should trust no software, and neither should the hardware it runs on…”
• Alex Wild: “Apparently sailors used to use a log, tied to a measured rope & thrown overboard, to periodically measure the speed of a boat. They’d then write the data in a ”log-book“ Which is why we now use the word ”log“ to record data. Things I learned. https://www.etymonline.com/word/log”
• Isaac T.: “Confirmed with Apple: sharing with SMB is broken in macOS Mojave 10.14.5. The problem: ”smbd“ deadlocks with multiple users connected to a share. Engineering knows and is working on it. Time to resolution: unknown. Here are the options: 1/” (thread)
• Rich Mogull: ““Shadow IT” is merely how the fearful describe the reduction of friction and democratization of technology to better enable agile business.”

PSU MacAdmins Talks, Slides and Resources

• PSU MacAdmins Python 3 Convert-a-thon resources – Greg Neagle
• PSU MacAdmins 2019 Packaging Workshop slides – Greg Neagle
• Mac Admins Talk: The Loyal Order of Notaries – Tom Bridge
• Slides from the “Installer Package Scripting” session at Penn State MacAdmins 2019 – Rich Trouton

Bugs and Security

• Zoom Zero Day: 4+ Million Webcams & maybe an RCE? – Jonathan Leitschuh
• Zoom vulnerability and remediation script – Rich Trouton
• Everything is on fire – John C Welch
• Zoom in on Privacy and Security – Dam San
• Apple has pushed a silent Mac update to remove hidden Zoom web server – Zack Whittacker, TechCrunch
• Apple has pushed an update to MRT to remove Zoom’s hidden web server – Howard Oakley
• How to remediate the Zoom Vulnerability with Apple Malware Removal Tool – Mr Macintosh
• Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping – Matthew Panzarino, TechCrunch

Support and HowTos

• Silent Office 365 upgrade using msupdate and Jamf – SoundSNW
• Installing and troubleshooting the Jamf ADCS connector – Frederick Abeloos
• Never Send Someone a Password in Mail or Messages: Do This Instead! – Sam Valencia, HCS Technology Group
• macOS Media Management: A Deep Dive – Jon Xavier, Fleetsmith Blog
• Understanding signature checks on notarized apps in Mojave 10.14.5: 1 – Howard Oakley
• Versions and other app metadata: what to trust? – Howard Oakley

To Watch

• Top 10 Outlook Preferences – Office Deployment Insiders
• WWDC19 Video Transcripts Now Available – Apple Developer

To Listen

• Episode 128: APOLLO and Forensic Analysis, with Sarah Edwards – Mac Admins Podcast
• Episode 129: Apple’s Been Busy This Year, with Jeremy Butcher – Mac Admins Podcast

Just for Fun

• How to Be a Professional Dungeons & Dragons Master Hosting Games – Bloomberg (alternative career option)
• 48-Hour Internet Outage Plunges Nation Into Productivity – The Onion

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

• Weblog
• Weekly Email Newsletter (TinyLetter)
• Apple News
• Twitter
• Micro.blog
• Mastodon.social
• Facebook
• LinkedIn

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

• ‘macOS Installation for Apple Administrators’
• ‘Property Lists, Preferences and Profiles for Apple Administrators’
• ‘Packaging for Apple Administrators’