Last Week on My Mac: What updates?

If you have a Mac or any of Apple’s devices that you haven’t updated this past week, now’s the time to check whether they need one. For over the last few days, Apple has released:

macOS Ventura 13.4.1
macOS Monterey 12.6.7
macOS Big Sur 11.7.8
Safari 16.5.1 for Monterey and Big Sur
iOS 16.5.1
iOS 15.7.7
iPadOS 16.5.1
iPadOS 15.7.7
watchOS 9.5.2
watchOS 8.8.1
XProtect 2168
XProtect Remediator 101
macOS 14 Sonoma, developer beta release 2
iOS 17, developer beta release 2
iPadOS 17, developer beta release 2
watchOS 10, developer beta release 2
tvOS 17, developer beta release 2
Xcode 15 beta 2,

and it’s only ten days since the last updates to Pages, Numbers and Keynote.

Security updates

Most of the flurry of updates is in response to recent reports from Kaspersky about malware, in what they refer to as Triangulation or TriangleDB. Its researchers have discovered evidence of infection of iOS devices going back as long as four years, in a series of attacks that have continued with iOS 15.7. In a series of research articles published this month, Kaspersky’s researchers have revealed how devices have received iMessages with an attachment containing an exploit. Without any user interaction, that attachment has run and exploited vulnerabilities in iOS to launch the malware payload, gain control over the device, and install persistent malware that’s remotely controlled.

Although there’s still much to be learned about this malware, it’s now believed to be targeting macOS as well as other platforms. Apple has thus patched the vulnerability in the kernel that is thought to be exploited by the initial iMessage and its attachment. A second vulnerability in macOS affects WebKit, and is also believed to be used in an active exploit, although probably not Triangulation. Thus these security updates are very important, and should be installed without delay.

Given that Triangulation seems to have been around since 2019, when Mojave and Catalina were current versions of macOS, it seems likely that one or both of those vulnerabilities are also present in those old versions of macOS, which aren’t likely to be updated to address them. If you’re still running either of those, you may wish to reassess your security protection and any continuing use of Messages. If that Mac can run Big Sur or later, now might be a good time to upgrade.

Apple would have preferred to accomplish these urgent fixes without having to release full macOS updates, using its Rapid Security Response (RSR) mechanism, as was done with macOS 13.3.1 a couple of months ago. However, that couldn’t address the vulnerability in the kernel, which still requires a proper update. Apple does have aspirations for RSRs to be more capable, and in their configuration data appears to hope that they will one day even be able to include pre-boot (firmware) patches, but there’s a long way to go before that becomes feasible. An RSR also wouldn’t have been possible for Monterey or Big Sur, or older iOS/iPadOS, which would still have required security updates.

I have examined version and build numbers for macOS 13.4.1 against those of 13.4, and can’t see any evidence of changes other than those expected for the security fixes. The next round of non-security bug fixes is expected in Ventura 13.5, due in late July, and the last before Ventura enters the first year of its security-only support.

Betas

Updates to developer beta releases appear more routine, as this is the time that Apple usually prepares them for the start of public testing, which is expected in early July.

Security software

Updates to XProtect data and XProtect Remediator don’t appear to add support for any new malware detections or remediations, but most probably tune those already offered. One nuisance that has been reported with XProtect Remediator version 101 is that Intego’s VirusBarrier anti-malware product may report a false positive from one of its updated scanner modules. This is one of the dangers with third-party anti-malware checking updated system files, and should be fixed in an update from Intego.

Coming next

Finally, a warning of what happens next in macOS updates, as we reach the end of support for Big Sur, and the replacement of Ventura by Sonoma. In the next couple of months, expect to see the final security update for Big Sur, which will be left unsupported from September or October at the latest. From that time, Ventura will cease receiving non-security updates. However, all versions of macOS from Catalina onwards should still get updates to their XProtect Remediator anti-malware scanners, while earlier versions will only get regular XProtect data updates, as in the past.

12Comments

Add yours

1

David on June 25, 2023 at 9:19 am

My son said ….. “Both my iPad and Mac are unable to be updated as they are too old.”

Is that right?

LikeLiked by 1 person
- 2
  
  hoakley on June 25, 2023 at 12:06 pm
  
  That depends which models they are. If you’d like to tell me which, I’ll check up for you.
  Howard.
  
  LikeLike
  - 3
    
    David on June 25, 2023 at 3:46 pm
    
    My son has reported ….
    
    “A 2008 24 inch iMac and a 2012 iPad 2 running iOS 9.something (can’t go higher)”
    
    Note: There are newish MacBooks, iPads and iPhones within the family, all of which ARE kept updated.
    
    LikeLiked by 1 person
    - 4
      
      hoakley on June 25, 2023 at 6:24 pm
      
      The latest version of macOS your iMac can run is 10.11.6, I’m afraid.
      The latest version of iOS your iPad can run is 9.3.5.
      Howard.
      
      LikeLike
5

David on June 25, 2023 at 6:45 pm

Many thanks. Just as expected. 🙂

If appropriate, though, will those old devices still receive security updates from Apple?

LikeLiked by 1 person
- 6
  
  hoakley on June 25, 2023 at 7:51 pm
  
  No. Apple hasn’t provided security updates for either of those for several years. For macOS, at present it only supports Ventura (13), Monterey (12) and Big Sur (11). It discontinued support for Catalina (10.15) a year ago, and 10.11 around five years ago.
  Howard.
  
  LikeLike
7

CB on June 27, 2023 at 11:50 am

Howard: is there a major memory leak going on due to this update for Monterey?

MTLCompiler is running and has over 136 processes 1 hour after startup from 90mb per process down to 8.3 at this snapshot.

Found it was doing this so I restarted in safe mode to ‘clean’ up as a strategy followed by a regular restart and soon again it had 76 instances/processes — 1 hour later it is up to 137 instances of MTLCompiler and still climbing.

I never noticed this many prior to most recent updates. Have frequently run into md/mds process issues in previous Monterey and have used some terminal commands found elsewhere to stop/restart it (usually have to try a few times to reign in the high cpu), eventually it worked.

Do you or anyone at all have a clue about what this means and if it’s another Monterey memory leak?

plus Safari 16.5.1 major cpu hog after update w Monterey 12.6.7 June
don’t know if it’s just safari or combo of safari w/ the Monterey update.

any insights appreciated. Thank you.

using iMac 2020 5K (intel)
3.1 GHz 6-Core Intel Core i5
24 GB 2667 MHz DDR4

LikeLiked by 1 person
- 8
  
  hoakley on June 27, 2023 at 3:12 pm
  
  I only run Monterey in VMs now, so I can’t test it. However, given the very limited changes since the previous version, I don’t see how that’s likely. What’s driving all the Metal compiling?
  The only memory leak that I’m aware of that remains in Monterey is the Finder Find leak, which was only fixed in Ventura.
  Howard.
  
  LikeLike
- 9
  
  Myob on June 27, 2023 at 7:14 pm
  
  FWIW, I’m not seeing either issue––MTLCompilerService is using two processes (combined using 10.6 MB) and Safari is using minimal CPU––on a Mac Mini 2014.
  
  As a troubleshooting step you could run for a bit in Safe Mode (without rebooting) and check the behaviors in Activity Monitor.
  
  Perhaps you have a third-party software issue.
  
  LikeLiked by 1 person
  - 10
    
    hoakley on June 27, 2023 at 8:12 pm
    
    Thank you. I agree. I will be writing more about dealing with post-update problems later this week.
    Howard.
    
    LikeLike
    - 11
      
      Myob on June 28, 2023 at 10:57 pm
      
      Thanks in advance of its publication. I’m sure you’ll enjoy the crafting of it.
      
      LikeLiked by 1 person
12

Michael Tsai - Blog - Triangulation Exploit on June 27, 2023 at 7:41 pm

[…] Howard Oakley: […]

LikeLike

Security updates

Betas

Security software

Coming next

Share this:

Related