Home > Mac administration, macOS, Scripting > Additional Zoom remediation from Apple via MRT

Additional Zoom remediation from Apple via MRT

Apple had released an MRT update on July 12th to cover the vulnerabilities disclosed for Zoom and RingCentral , but then additional Zoom variants popped up on the radar.

To fix all of the variants, Apple has released another MRT (Malware Removal Tool) update today. This fixes the vulnerabilities found in Zoom and its various white label versions which Zoom developed for third parties:

This MRT update has the following version number:

1.46.1.1563225526

The installer package receipt associated with it is the following:

com.apple.pkg.MRTConfigData_10_14.16U4075

To verify that you have this installed, here’s a one-line command to check for the latest installed MRT installer package:


printf "%s\n" $(pkgutil –pkgs=".*MRT.*") | sort -k1 | tail -1

view raw

gistfile1.txt

hosted with ❤ by GitHub

To verify that com.apple.pkg.MRTConfigData_10_14.16U4075 does install 1.46.1.1563225526, here’s a one-line command to get the version number from the latest installed MRT installer package receipt:


pkgutil –pkg-info-plist $(printf "%s\n" $(pkgutil –pkgs=".*MRT.*") | sort -k1 | tail -1) | plutil -extract pkg-version xml1 – -o – | xmllint –xpath 'string(//plist/string)' –

view raw

gistfile1.txt

hosted with ❤ by GitHub

To assist with getting information like this for Gatekeeper, MRT and XProtect, I’ve written a script that pulls the following information for each:

  • Version number
  • Installation date
  • Installer package receipt identifier

For more information, please see below the jump.

As of Tuesday, July 16 2019, the script below is producing the following output for my Mac running macOS 10.14.5 with the latest MRT update installed:


Gatekeeper version: 172.1.1562957441
Gatekeeper installation date: 07-16-2019
Gatekeeper package receipt identifier: com.apple.pkg.GatekeeperConfigData.16U1824
MRT version: 1.46.1.1563225526
MRT installation date: 07-16-2019
MRT package receipt identifier: com.apple.pkg.MRTConfigData_10_14.16U4075
XProtect version: 2103.1.1556314253
XProtect installation date: 05-02-2019
XProtect package receipt identifier: com.apple.pkg.XProtectPlistConfigData.16U4052

view raw

gistfile1.txt

hosted with ❤ by GitHub


#!/bin/bash
VersionAndInstallDate(){
identify_latest_update=$(printf "%s\n" $(pkgutil –pkgs=".*"$package_type".*") | sort -k1 | tail -1)
version_info=$(pkgutil –pkg-info-plist "$identify_latest_update" | plutil -extract pkg-version xml1 – -o – | xmllint –xpath 'string(//plist/string)')
# Read install date and translate it into human-readable output
install_date_info=$(/bin/date -r $(pkgutil –pkg-info-plist "$identify_latest_update" | plutil -extract install-time xml1 – -o – | xmllint –xpath 'string(//plist/integer)') '+%m-%d-%Y')
echo "$package_type version: $version_info"
echo "$package_type installation date: $install_date_info"
echo "$package_type package receipt identifier: $identify_latest_update"
}
package_type="Gatekeeper"
VersionAndInstallDate
echo ""
package_type="MRT"
VersionAndInstallDate
echo ""
package_type="XProtect"
VersionAndInstallDate

  1. Don
    July 16, 2019 at 9:26 pm

    Is there a way to force the Mac to check in with Apple to get the updated MRT?
    I have several Mac’s online, rebooted several times and they are still below ver 1.45

  2. Peter Trondsen
    July 19, 2019 at 3:08 am

    Looks like Apple pushed another update, the latest is 1.47.1.1563383512
    @ Don, check for software updates first

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: