The State of Mac Security

It’s now the ‘silly season’ in the northern hemisphere, that period of a month or more when most people are away from the office. Apart from those Apple engineers still working hard to get Ventura and other new operating systems ready for release in the autumn/fall, all goes quiet. Over the last few months, much has changed in Mac security. This is the ideal chance to catch up before the pace picks up again in September.

macOS updates

A week ago Apple released its latest round of updates to supported versions of macOS.

If all goes according to plan, macOS 12.5 will be the last update to Monterey containing general bug fixes and enhanced features. Although it still didn’t address a remaining serious memory leak, as far as I can see all other serious bugs have now been addressed, together with another fifty security vulnerabilities. If you’re intending to remain on Monterey for the time being, or to upgrade to it, now’s a good time to schedule that.

For those remaining on Big Sur, the update to 11.6.8 also brought plenty of fixes for vulnerabilities. However, Catalina Security Update 2022-005 is likely to be its last as it slips into a quiet retirement. If your Mac can be upgraded to Big Sur or later, this is the time to plan that move.

The next scheduled macOS updates are most likely to coincide with the release of Ventura, and should consist of 12.6 and 11.6.9, both pure security updates.

Malware protection

Although Apple runs its security engineering teams 24/7, August is also usually a quieter period for significant updates to bundled protection tools. This year is likely to be different, though, as those are in the midst of change.

XProtect was last updated to version 2161 on 30 June, and may well see another update before September, but MRT hasn’t been updated since 29 April, when it reached 1.93. That’s most probably because Apple has shifted emphasis to a new set of tools in XProtect Remediator, which appear set to take over from MRT most likely with the release of Ventura. At present, Apple hasn’t provided any version of that new suite of tools to run on macOS earlier than Catalina.

XProtect Remediator has been the centre of attention: since it was updated to version 62 on 17 June, it has had a further three updates to reach 67 on 21 July. It has grown from 7 executable modules in version 2 to 12 in the current release.

Those still running Mojave and earlier must now be looking anxiously at what the future holds for both MRT and XProtect. Without further timely updates to those tools, old versions of macOS are likely to become increasingly vulnerable to attack. This is an appropriate time to reconsider your security, and whether you need to augment what comes in macOS with a little extra.

Update reliability

There are widespread reports of increasingly unreliable macOS system and security data updates too. Just because Software Update might reassure you that “your Mac is up to date” doesn’t mean that it is fully up to date at all. This applies particularly to security data updates including XProtect and XProtect Remediator, most of all when you’re running a local Content Caching server.

Before you run away for some well-earned relaxation, check that your Macs haven’t quietly fallen behind with those updates. This is simplest using one of my free utilities like SilentKnight, but if you want to check for yourself it’s easy to work through the apps and bundles in /Library/Apple/System/Library/CoreServices, or in earlier versions of macOS /System/Library/CoreServices. If you’re running a Caching server and can’t seem to get updates to install properly, disable the server before looking for and installing those updates. I have other tips here to help get your Macs updated.

Third-party protection

If you do decide that you need to augment the security protection in macOS, we’re fortunate in having a treasure-chest of free security utilities provided by Objective-See. When you download those products, please take the opportunity to contribute to ensure they remain free to use in the future.

There are also commercial security products, of which I have little experience. My first stop remains Malwarebytes, but I’m sure there are others worth looking at if you need.

Have a great silly season!