Checking if Apple’s Zoom remediation update has been installed on your Mac

July 12, 2019 Leave a comment

As part of the Zoom vulnerability issue, further problems have been discovered as security researchers look into the local webserver installed by older versions of the Zoom app for macOS.

Apple has moved quickly and released an update to MRT (Malware Removal Tool) which addresses the issue by removing the local webserver. This update has the following version number:

1.45.1.1562731315

The installer package receipt associated with it is the following:

com.apple.pkg.MRTConfigData_10_14.16U4071

To verify that you have this installed, here’s a one-line command to check for the latest installed MRT installer package:

To verify that com.apple.pkg.MRTConfigData_10_14.16U4071 does install 1.45.1.1562731315, here’s a one-line command to get the version number from the latest installed MRT installer package receipt:

To assist with getting information like this for Gatekeeper, MRT and XProtect, I’ve written a script that pulls the following information for each:

  • Version number
  • Installation date
  • Installer package receipt identifier

For more information, please see below the jump.

Read more…

Slides from the “Installer Package Scripting” session at Penn State MacAdmins 2019

July 11, 2019 Leave a comment

For those who wanted a copy of my installer scripting talk at Penn State MacAdmins 2019, here are links to the slides in PDF and Keynote format.

PDF – https://tinyurl.com/PSUMacAdmins2019PDF

Keynote – https://tinyurl.com/PSUMacAdmins2019Keynote

Zoom vulnerability and remediation script

July 10, 2019 5 comments

Zoom is a popular video conferencing suite which is used by a number of shops because it provides a consistent cross-platform experience. Recently, it was discovered that Zoom was setting up a local webserver process. This capability enabled Zoom’s client to be launched in response to clicking a URL, but it also potentially allowed someone to be forcibly connected to a Zoom call with their video camera active. This issue has been assigned the following CVE identifier:

CVE-2019-13450: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13450


Update: 7-11-2019 – Apple has released an update to remove the Zoom web server from all Macs. This update deploys silently and does not require user interaction. For more details, please see Zoom’s July 10th blog post: https://blog.zoom.us/wordpress/2019/07/10/security-update-and-our-ongoing-efforts/



Once this vulnerability was widely publicized, Zoom responded with an updated version of their Zoom client for macOS which removes the local webserver and also allows users to manually uninstall the Zoom client. They also provided the following manual remediation instructions:

I’ve taken those commands and used them to build a script to address the vulnerabilities described in CVE-2019-13450. For more details, please see below the jump.

Read more…

Managing macOS Mojave’s FileVault 2 with fdesetup

July 3, 2019 3 comments

Since its initial release in OS X Mountain Lion 10.8.x, Apple’s main tool for managing FileVault 2 encryption has been fdesetup. With the transition from managing Core Storage-based encryption on HFS+ to managing the native encryption built into Apple File System completed, this well-developed toolset continues to be Apple’s go-to tool for enabling, configuring and managing FileVault 2 on macOS Mojave.

With its various functions, fdesetup gives Mac administrators the following options for managing FileVault:

  • Enable or disable FileVault 2 encryption on a particular Mac
  • Use a personal recovery key, an institutional recovery key, or both kinds of recovery key.
  • Enable one or multiple user accounts at the time of encryption
  • Get a list of FileVault 2-enabled users on a particular machine
  • Add additional users after FileVault has been enabled
  • Remove users from the list of FileVault enabled accounts
  • Add, change or remove individual and institutional recovery keys
  • Report which recovery keys are in use
  • Perform a one-time reboot that bypasses the FileVault pre-boot login
  • Report on the status of FileVault 2 encryption or decryption

For more details, please see below the jump.

Read more…

Slides from the “MDM: From “Nice to Have” To Necessity” session at MacDeployment 2019

June 10, 2019 Leave a comment

For those who wanted a copy of my MDM talk at the MacDeployment 2019 conference, here are links to the slides in PDF and Keynote format.

PDF – https://tinyurl.com/MacDeploy2019PDF

Keynote – https://tinyurl.com/MacDeploy2019Keynote

New TLS security requirements for iOS 13 and macOS Catalina 10.15

June 6, 2019 Leave a comment

As part of the information published at WWDC 2019 by Apple, the following KBase article has been released:

Requirements for trusted certificates in iOS 13 and macOS 10.15: https://support.apple.com/HT210176

Screen Shot 2019 06 05 at 8 39 55 PM

This KBase article describes how Apple is implementing new security requirements for TLS server certificates. These certificates are used by servers to encrypt communication between Apple devices and those servers, to make sure that all communication between the servers and those devices is protected.

  • Certificate key sizes must be 2048-bit or greater
  • SHA-2 must be used for the certificate signing
  • DNS hostname of the server must be listed in a Subject Alternative Name (SAN) certificate extension in addition to being listed in the Common Name field of the certificate.

Also, all TLS certificates issued after July 1, 2019 must meet these additional requirements:

What happens if you use iOS 13 or macOS Catalina to try to connect to servers with TLS certificates which don’t meet these standards? The connection will fail because the OS will reject the certificate as being invalid. This may result in a web browser not connecting, an app crashing or some other undesired behavior.

Screen Shot 2019 06 05 at 8 47 31 PM

Screen Shot 2019 06 05 at 8 48 57 PM

As part of testing iOS 13 and macOS 10.15 ahead of their release dates, I strongly recommend testing the various services used at your workplace to make sure that the TLS certificates used by the services of your company, school or institution are able to pass these requirements. Otherwise, you may find some unfortunate surprises on Release Day this fall.

Categories: iOS, Mac administration, macOS

WWDC 2019 notes

June 4, 2019 Leave a comment

This week, I’m out in San Jose, California as an attendee of Apple’s WWDC 2019 conference. As part of this, I’m taking notes during the labs and sessions. Due to wanting to stay on the right side of Apple’s NDA, I’ve been posting my notes to Apple’s developer forums rather than to here.

To make it easier for Mac admins to access them, I’ve set up a post in the forums where I’ve linking the various forum posts with my notes. It’s available via the link below:

https://forums.developer.apple.com/message/362911

Categories: Documentation, WWDC 2019
%d bloggers like this: