It's been 10 years since the death of Steve Jobs. Michael Dell talks about his memories of the tech icon, including when Jobs tried to convince Dell to license Mac software to run on Intel-based PCs. CNET reports: Fast forward to 1993. Jobs, ousted from Apple after a fallout with the company's board in 1985, had started a new company, called Next, and created a beautiful (but expensive) workstation, with its own operating system, as well as software called WebObjects for building web-based applications. Dell says Jobs came to his house in Texas several times that year, trying to convince him to use the Next operating system on Dell PCs, by arguing that it was better than Microsoft's Windows software and could undermine the Unix workstation market being touted by Sun Microsystems. The problem, Dell says he told Jobs, was that there were no applications for it and zero customer interest. Still, Dell's company worked a little bit with Next and used WebObjects to build its first online store in the mid-'90s.

In 1997, Jobs rejoined a struggling Apple after it acquired Next for $429 million, and he pitched Dell on another business proposal (as Jobs was evaluating Apple's Mac clone licensing project, which he ultimately shut down). Jobs and his team had ported the Mac software, based on Next's Mach operating system, and had it running on the Intel x86 chips that powered Dell PCs. Jobs offered to license the Mac OS to Dell, telling him he could give PC buyers a choice of Apple's software or Microsoft's Windows OS installed on their machine. "He said, look at this -- we've got this Dell desktop and it's running Mac OS," Dell tells me. "Why don't you license the Mac OS?" Dell thought it was a great idea and told Jobs he'd pay a licensing fee for every PC sold with the Mac OS. But Jobs had a counteroffer: He was worried that licensing scheme might undermine Apple's own Mac computer sales because Dell computers were less costly. Instead, Dell says, Jobs suggested he just load the Mac OS alongside Windows on every Dell PC and let customers decide which software to use -- and then pay Apple for every Dell PC sold.

Dell smiles when he tells the story. "The royalty he was talking about would amount to hundreds of millions of dollars, and the math just didn't work, because most of our customers, especially larger business customers, didn't really want the Mac operating system," he writes. "Steve's proposal would have been interesting if it was just us saying, "OK, we'll pay you every time we use the Mac OS" -- but to pay him for every time we didn't use it ... well, nice try, Steve!" Another problem: Jobs wouldn't guarantee access to the Mac OS three, four or five years later "even on the same bad terms." That could leave customers who were using Mac OS out of luck as the software evolved, leaving Dell Inc. no way to ensure it could support those users. Still, Dell acknowledges the deal was a what-could-have-been moment in history. [...] That different direction led to Jobs continuing to evolve the Next-inspired Mac OS and retooling the Mac product line, including adding the candy-colored iMac in mid-1998.

Mac OS X Lion and OS X Mountain Lion can now be downloaded for free from Apple's website. "Apple has kept OS X 10.7 Lion and OS X 10.8 Mountain Lion available for customers who have machines limited to the older software, but until recently, Apple was charging $19.99 to get download codes for the updates," notes MacRumors. "The $19.99 fee dates back to when Apple used to charge for Mac updates. Apple began making Mac updates free with the launch of OS X 10.9 Mavericks, which also marked the shift from big cat names to California landmark names." From the report: Mac OS X Lion is compatible with Macs that have an Intel Core 2 Duo, Core i3, Core i5, Core i7, or Xeon processor, a minimum of 2GB RAM, and 7GB storage space. Mac OS X Mountain Lion is compatible with the following Macs: iMac (Mid 2007-2020), MacBook (Late 2008 Aluminum, or Early 2009 or newer), MacBook Pro (Mid/Late 2007 or newer), MacBook Air (Late 2008 or newer), Mac mini (Early 2009 or newer), Mac Pro (Early 2008 or newer), and Xserve (Early 2009). Macs that shipped with Mac OS X Mavericks or later are not compatible with the installer, however.

Several of macOS Monterey's features won't be available to users with an Intel-powered Macs. On the macOS Monterey features page, fine print indicates that the following features require a Mac with the M1 chip, including any MacBook Air, 13-inch MacBook Pro, Mac mini, and iMac model released since November 2020: 1. Portrait Mode blurred backgrounds in FaceTime videos
2. Live Text for copying and pasting, looking up, or translating text within photos
3. An interactive 3D globe of Earth in the Maps app
4. More detailed maps in cities like San Francisco, Los Angeles, New York, and London in the Maps app
5. Text-to-speech in more languages, including Swedish, Danish, Norwegian, and Finnish
6. On-device keyboard dictation that performs all processing completely offline
7. Unlimited keyboard dictation (previously limited to 60 seconds per instance)

One of the biggest new features of macOS Monterey, the next version of macOS announced at WWDC, is the ability to share a keyboard and mouse across an iMac, MacBook, and iPad. It's called "Universal Control" and it's coming this Fall. Ars Technica reports: Apple SVP of Software Engineering Craig Federighi demonstrated the ability to simply set an iPad near a Mac, move the cursor of the latter toward the former, and have the iPad automatically recognize it. This means users can directly drag and drop files between devices, for instance. Apple demonstrated this feature across an iMac, MacBook, and iPad in concert. Beyond that, macOS Monterey will make it possible to AirPlay video, audio, documents, and other items from an iPad or iPhone directly to a Mac.

The update also brings the Shortcuts feature first seen on iPhones and iPads, allowing users to access automated tasks and workflows on the Mac. Apple says the existing Automator app will continue to be supported with Monterey and that users will be able to import existing Automator workflows into Shortcuts. Safari will also receive something of a makeover with Monterey, bringing a thinner and visually cleaner toolbar alongside more compact tabs. Active tab bars will now house the traditional URL and search bar, and tabs can now be grouped together and accessed through Safari's sidebar. These tab groups can then be accessed and updated across Macs, iPhones, and iPads.

The update will include a number of features from the newly announced iOS 15 and iPadOS 15 updates as well. This includes a SharePlay feature that lets users share content or their current device screen over a FaceTime call and a Focus feature that filters and minimizes notifications when users indicate they are in the middle of a particular activity ("coding," "gaming," etc.).

Apple today released macOS Big Sur 11.4, the fourth major update to the macOS Big Sur, operating system that launched in November 2020. From a report: The new macOS Big Sur 11.4 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences. macOS Big Sur 11.4 lays the groundwork for two upcoming Apple Music features: Spatial Audio with Dolby Atmos and Lossless Audio, both of which will be available on the Mac. It also adds support for Apple Podcasts subscriptions, and fixes a number of bugs. Apple today also released iOS and iPadOS 14.6, marking the sixth major updates to the iOS and iPadOS operating systems that initially came out in September 2020. From a report: The iOS and iPadOS 14.5 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings - General - Software Update. iOS 14.6 introduces support for several previously announced features. It lays the groundwork for the Apple Music Spatial Audio with Dolby Atmos and Lossless Audio functionality, but these new Apple Music capabilities aren't expected to launch until June. The update also adds support for Apple Card Family for sharing Apple Cards, it introduces new Podcast subscription options, and it adds new AirTags capabilities, in addition to addressing several bugs.

Long-time Slashdot reader b0s0z0ku quotes Ars Technica: A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, which are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware's ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

Also curious, the malware comes with a mechanism to completely remove itself, a capability that's typically reserved for high-stealth operations. So far, though, there are no signs the self-destruct feature has been used, raising the question why the mechanism exists. Besides those questions, the malware is notable for a version that runs natively on the M1 chip that Apple introduced in November, making it only the second known piece of macOS malware to do so...

The malware has been found in 153 countries with detections concentrated in the US, UK, Canada, France, and Germany.
Red Canary, the security firm that discovered the malware, has named it "Silver Sparrow." Long-time Slashdot reader Nihilist_CE writes: First detected in August of 2020, the Silver Sparrow malware is interesting in several unsettling ways. It uses the macOS Installer Javascript API to launch a bash process to gain a foothold into the user's system, a hitherto-unobserved method for bypassing malware detection. This bash shell is then used to invoke macOS's built-in PlistBuddy tool to create a LaunchAgent which executes a bash script every hour. This is the command and control process, which downloads a JSON file containing (potentially) new instructions.

Besides the novel installation method, Silver Sparrow is also mysterious in its payload: a single, tiny binary that does nothing but open a window reading "Hello, World!" (in v1, which targets Intel Macs) or "You did it!" (in v2, which is an M1-compatible fat binary). These "bystander binaries" are never executed and appear to be proofs-of-concept or placeholders for future functionality.

An anonymous reader quotes a report from Ars Technica: Homebrew now supports Apple Silicon natively, albeit not with every package. The volunteer Homebrew team made the announcement on the Homebrew blog alongside today's release. While the native support is not yet comprehensive, it bridges the gap significantly, and users can still run Terminal via Rosetta 2 to do what they can't yet while running natively on Apple Silicon. The Homebrew blog post says "we welcome your help" in providing bottles for all packages moving forward.

Here's the full bullet point on Apple Silicon in the Homebrew 3.0.0 release notes: "Apple Silicon is now officially supported for installations in /opt/homebrew. formulae.brew.sh formula pages indicate for which platforms bottles (binary packages) are provided and therefore whether they are supported by Homebrew. Homebrew doesn't (yet) provide bottles for all packages on Apple Silicon that we do on Intel x86_64 but we welcome your help in doing so. Rosetta 2 on Apple Silicon still provides support for Intel x86_64 in /usr/local."

Last week, Apple released macOS Big Sur and the rollout was anything but smooth. The mass upgrade caused the Apple servers responsible for checking if a user opens an app not downloaded from the App Store to slow to a crawl. Apple eventually fixed the problem, "but concerns about paralyzed Macs were soon replaced by an even bigger worry -- the vast amount of personal data Apple, and possibly others, can glean from Macs performing certificate checks each time a user opens an app that didn't come from the App Store," writes Dan Goodin via Ars Technica. From the report: Before Apple allows an app into the App Store, it must first pass a review that vets its security. Users can configure the macOS feature known as Gatekeeper to allow only these approved apps, or they can choose a setting that also allows the installation of third-party apps, as long as these apps are signed with a developer certificate issued by Apple. To make sure the certificate hasn't been revoked, macOS uses OCSP -- short for the industry standard Online Certificate Status Protocol -- to check its validity. [...] Somehow, the mass number of people upgrading to Big Sur on Thursday seems to have caused the servers at ocsp.apple.com to become overloaded but not fall over completely. The server couldn't provide the all clear, but it also didn't return an error that would trigger the soft fail. The result was huge numbers of Mac users left in limbo.

The post Your Computer Isn't Yours was one of the catalysts for the mass concern. It noted that the simple HTML get-requests performed by OCSP were unencrypted. That meant that not only was Apple able to build profiles based on our minute-by-minute Mac usage, but so could ISPs or anyone else who could view traffic passing over the network. (To prevent falling into an infinite authentication loop, virtually all OCSP traffic is unencrypted, although responses are digitally signed.) Fortunately, less alarmist posts like this one provided more helpful background. The hashes being transmitted weren't unique to the app itself but rather the Apple-issued developer certificate. That still allowed people to infer when an app such as Tor, Signal, Firefox, or Thunderbird was being used, but it was still less granular than many people first assumed. The larger point was that, in most respects, the data collection by ocsp.apple.com wasn't much different from the information that already gets transmitted in real time through OCSP every time we visit a website. [...] In short, though, the takeaway was the same: the potential loss of privacy from OCSP is a trade-off we make in an effort to check the validity of the certificate authenticating a website we want to visit or a piece of software we want to install.

In an attempt to further assure Mac users, Apple on Monday published this post. It explains what the company does and doesn't do with the information collected through Gatekeeper and a separate feature known as notarization, which checks the security even of non-App Store apps. The post went on to say that in the next year, Apple will provide a new protocol to check if developer certificates have been revoked, provide "strong protections against server failure," and present a new OS setting for users who want to opt out of all of this. [...] People who don't trust OCSP checks for Mac apps can turn them off by editing the Mac hosts file. Everyone else can move along.

Yesterday, Apple released the latest version of macOS: macOS Big Sur (also known as macOS 11.0) and the rollout was anything but smooth. Many users have complained about Apple services such as iMessage, or even Apple Pay, not working for them. Personally, my 5K iMac (2013), which isn't even compatible with Big Sur, ground to a halt yesterday, as I was unable to open up Google Chrome or any of my Adobe Creative Cloud apps. Even navigating my system preferences was painfully slow.

According to developer Jeff Johnson, the reason apps were failing to launch was because a process called "trustd" failed to attempt to connect to Apple's Online Certificate Status Protocol website (oscp.apple.com). "[D]enying the connection between "trustd" and oscp.apple.com fixes the issue, as does disabling a Mac's connection to the internet," notes Apple Insider. Slashdot reader shanen shares their experience: The story is about different problems, so I'll just start with my own anecdote. The 12GB download was amazingly slow. I'm being charitable and willing to attribute that to high demand. Eventually it did finish. The installation process didn't seem to be too bad. Then I did something with the Mac and it immediately wanted another upgrade. Turned out to be a double upgrade of two slightly different versions of some tools, but another (slow) GB bites the dust. Meanwhile, it decided to do that double-upgrade again? One of those two must have succeeded, because the third attempt failed with the appropriate notice that it had succeeded.

Bottom line? Not reassuring, but it seems to be okay now. I should have made a note about what triggered the extra GB, but I don't think I did anything unusual that should have required an OS-level extension of the system. Ergo, whatever was going on, I think it belonged in the original 12 GB download... Disclaimer needed: I just had an extremely negative interaction with Apple about the battery swelling problem in the course of attempting to consider whether or not I should upgrade my old MacBook Pro. It started on the Apple website, which was amazingly unhelpful even after it dangled a trade-in offer of some kind. Then it continued with a long phone call to a very kind and friendly person who seemed to know not so much, though he eventually led me to the search that revealed "Optimized Battery Charging" as an option that my old Mac cannot use. By the way, new iPhones apparently have it, too. So right now I think Apple finally figured out how to stop the battery swelling, but I am still screwed. I regard the Mac as a sunk cost, and the second rule of sunk cost is to NOT throw good money after bad. The first rule is that no one wants to talk about their mistakes, eh?

So did your upgrade to Big Sur go better than mine? I really hope so. Why share the misery? We have plenty of that with "He whose name need not be mentioned" anymore.

A sizeable number of Mac users are experiencing occasional system crashes after updating to macOS Catalina version 10.15.4, released a few weeks ago. From a report: The crashing issue appears to be most prominent when users attempt to make large file transfers. In a forum post, SoftRAID described the issue as a bug and said that it is working with Apple engineers on a fix for macOS 10.15.5, or a workaround. "SoftRAID said the issue extends to Apple-formatted disks: There is a serious issue with 10.15.4. It shows up in different scenarios, even on Apple disks but is more likely when there are lots of IO threads. We think it is a threading issue. So while SoftRAID volumes are hit the hardest (it's now hard to copy more than 30GB of data at a time), all systems are impacted by this. In our bug report to Apple, we used a method to reproduce the problem with ONLY Apple formatted disks. Takes longer to reproduce, but that is more likely to get a faster fix to the user base."

David Shayer, who worked as a software engineer at Apple for 18 years across iPod, the Apple Watch, and Apple's bug-tracking system Radar, among other projects, looks at the current iOS and macOS releases and tries to work out why they are so buggy. He writes: 1. Overloaded Feature Lists Lead to Schedule Chicken: Apple is aggressive about including significant features in upcoming products. Tight schedules and ambitious feature sets mean software engineers and quality assurance (QA) engineers routinely work nights and weekends as deadlines approach. Inevitably some features are postponed for a future release, as we saw with iCloud Drive Folder Sharing. In a well-run project, features that are lagging behind are cut early, so engineers can devote their time to polishing the features that will actually ship. But sometimes managers play "schedule chicken" since no one wants to admit in the departmental meeting that their part of the project is behind. Instead, they hope someone else working on another aspect of that feature is running even later, so they reap the benefit of the feature being delayed without taking the hit of being the one who delayed it. But if no one blinks, engineers continue to work on a feature that can't possibly be completed in time and that eventually gets pushed off to a future release.

2. Crash Reports Don't Identify Non-Crashing Bugs: If you have reporting turned on (which I recommend), Apple's built-in crash reporter automatically reports application crashes, and even kernel crashes, back to the company. A crash report includes a lot of data. Especially useful is the stack trace, which shows exactly where the code crashed, and more importantly, how it got to that point. A stack trace often enables an engineer to track down the crash and fix it. Crash reports are uniquely identified by the stack trace. The same stack trace on multiple crash reports means all those users are seeing the same crash. The crash reporter backend sorts crash reports by matching the stack traces, and those that occur most often get the highest priority. Apple takes crash reports seriously and tries hard to fix them. As a result, Apple software crashes a lot less than it used to. Unfortunately, the crash reporter can't catch non-crashing bugs. It's blind to the photos that never upload to iCloud, the contact card that just won't sync from my Mac to my iPhone, the Time Capsule backups that get corrupted and have to be restarted every few months, and the setup app on my new iPhone 11 that got caught in a loop repeatedly asking me to sign in to my iCloud account, until I had to call Apple support. (These are all real problems I've experienced.) Shayer has offered several more possible explanations in the original post.

itwbennett shares a report from CSO: iTerm2 users: It's time to upgrade. A security audit sponsored by the Mozilla Open Source Support Program uncovered a critical remote code execution (RCE) vulnerability in the popular open-source terminal app for macOS. ITerm2 is an open-source alternative to the built-in macOS Terminal app, which allows users to interact with the command-line shell. Terminal apps are commonly used by system administrators, developers and IT staff in general, including security teams, for a variety of tasks and day-to-day operations.

The iTerm2 app is a popular choice on macOS because it has features and allows customizations that the built-in Terminal doesn't, which is why the Mozilla Open Source Support Program (MOSS) decided to sponsor a code audit for it. The MOSS was created in the wake of the critical and wide-impact Heartbleed vulnerability in OpenSSL with the goal of sponsoring security audits for widely used open-source technologies. The flaw, which is now tracked as CVE-2019-9535, has existed in iTerm2 for the past seven years and is located in the tmux integration. Tmux is a terminal multiplexer that allows running multiple sessions in the same terminal window by splitting the terminal screen. The flaw was fixed in iTerm2 version 3.3.6, which was released today.

It's happening a little later in the season than usual, but Apple's latest version of macOS is available to download today. From a report: Catalina arrives on the heels of iOS 13, which saw several back-to-back updates after an initially rough launch. For what it's worth, I've been using successive versions of the Catalina beta as my daily driver for months now and can assure you that the latest build is stable enough to safely install. [...] Speaking of games, today also marks the first time that Catalina beta users will have been able to play Apple Arcade games. If you're wondering how the heck you'll play those titles from your Mac, it's worth a reminder that many Arcade games support Xbox and PlayStation controllers.

Also new in this release: As you browse episodes in the podcast app, you'll see avatars for guests and hosts. Apple also says it's made some small usability tweaks to Sidecar, the feature that allows you to use an iPad as a secondary Mac display. You'll also notice more promotional Apple TV+ material in the new TV app, which makes sense -- the streaming service launches November 1st. It'll cost $4.99 a month, but Apple is offering a free year with the purchase of a new Mac, iPhone, iPad or Apple TV. Further reading: Apple's MacOS Catalina Opens Up To iPad Apps; Apple Will Permanently Remove Dashboard In macOS Catalina; Apple Replaces Bash With Zsh as the Default Shell in macOS Catalina; and Apple Finally Kills iTunes.

An anonymous reader writes: "DDoS-for-hire services, also known as DDoS booters, or DDoS stressors, are abusing macOS systems to launch DDoS attacks," reports ZDNet. "These attacks are leveraging macOS systems where the Apple Remote Desktop feature has been enabled, and the computer is accessible from the internet, without being located inside a local network, or protected by a firewall. More specifically, the attackers are leveraging the Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature. When users enable the Remote Desktop capability on their macOS systems, the ARMS service starts on port 3283 and listens for incoming commands meant for the remote Mac." Hackers have figured out a way to bounce traffic off these ports and carry out DDoS attacks with the help of internet connected Macs. Nearly 40,000 macOS systems are currently connected online and can be used to send out DDoS attacks.

Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks. From a report: These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US. The project sought to analyze the Apple Wireless Direct Link (AWDL), a protocol that Apple rolled out in 2014 and which also plays a key role in enabling device-to-device communications in the Apple ecosystem. While most Apple end users might not be aware of the protocol's existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods. But in the past five years, Apple has never published any in-depth technical details about how AWDL works. This, in turn, has resulted in very few security researchers looking at AWDL for bugs or implementation errors.

puddingebola writes: In May, security researcher Filippo Cavallarin made public a vulnerability in macOS's Gatekeeper. The vulnerability can allow an attacker to use a symlink and an NFS server to bypass Gatekeepers authentication and run malicious code. The malware has been named OSX/Linker and has been tied to the same group that operates the OSX/Surfbuyer adware. All macOS versions are affected, including the latest 10.14.5, and Apple has yet to release a patch to this day, a full month after Cavallarin's public disclosure.

Microsoft is bringing its Windows Defender anti-malware application to macOS -- and more platforms in the future -- as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. From a report: To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for Mac" or "for Windows." macOS malware is still something of a rarity, but it's not completely unheard of. Ransomware for the platform was found in 2016, and in-the-wild outbreaks of other malicious software continue to be found. Apple has integrated some malware protection into macOS, but we've heard from developers on the platform that Mac users aren't always very good at keeping their systems on the latest point release. Further reading: Microsoft launches previews of Windows Virtual Desktop and Defender ATP for Mac.

Google's bug-hunting researchers known as Project Zero have revealed a fresh zero-day vulnerability in macOS called "BuggyCow." "The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac," reports Wired. "The trick's name is based on a loophole the hackers found in the so-called copy-on-write, or CoW, protection built into how MacOS manages a computer's memory." From the report: Some programs, when dealing with large quantities of data, use an efficiency trick that leaves data on a computer's hard drive rather than potentially clog up resources by pulling it into memory. That data, like any data in a computer's memory, can sometimes be used by multiple processes at once. The MacOS memory manager keeps a map of its physical location to help coordinate, but if one of those processes tries to change the data, the memory manager's copy-on-write safeguard requires it to make its own copy. Which is to say, a program can't simply change the data shared by all the other processes -- some of which could be more highly privileged, sensitive programs than the one requesting the change.

Google's BuggyCow trick, however, takes advantage of the fact that when a program mounts a new file system on a hard drive -- basically loading a whole collection of files rather than altering just one -- the memory manager isn't warned. So a hacker can unmount a file system, remount it with new data, and in doing so silently replace the information that some sensitive, highly privileged code is using. Technically, as a zero-day vulnerability with no patch in sight, BuggyCow applies to anyone with an Apple laptop or desktop. But given the technical skill and access needed to pull it off, you shouldn't lose much sleep over it. To even start carrying out this Rube Goldberg -- style attack, a hacker would need a victim to already have some form of malware running on their computer. And while BuggyCow would allow that malware to potentially mess with the inner workings of higher-privileged parts of the computer, it could do so only if it found a highly privileged program that kept its sensitive data on the hard drive rather than memory. Project Zero says it warned Apple about BuggyCow back in November, but Apple hadn't acted to patch it ahead of last week's public reveal.

A new variant of the multi-stage Shlayer malware known to target macOS users has been observed in the wild, now being capable to escalate privileges using a two-year-old technique and to disable the Gatekeeper protection mechanism to run unsigned second stage payloads. Bleeping Computer reports: This new Shlayer variant unearthed by Carbon Black's Threat Analysis Unit (TAU) targets all macOS releases up to the latest 10.14.3 Mojave, and will arrive on the targets' machines as a DMG, PKG, ISO, or ZIP files, some of them also signed with a valid Apple developer ID to make them look legitimate. Shlayer samples found by TAU also use malicious shell scripts to download additional payloads just like older installments did, and, in the case of samples distributed as DMG images, will surreptitiously launch a .command script in the background after the user launches the fake Flash installer. The malicious script included in the DMG is encoded using base64 and will decrypt a second AES encrypted script which will be executed automatically after being decrypted.

One it successfully downloads the second stage malware payload, Shlayer will "to escalate privileges with sudo using a technique invoking /usr/libexec/security_authtrampoline," presented by Patrick Wardle in his Death by 1000 Installers talk at DEFCON 2017. The next step is to download extra payloads which all contain adware according to TAU and it makes sure they'll be able to run on the compromised Mac by disabling the Gatekeeper protection mechanism. After this is accomplished, all extra payloads downloaded and launched by Shlayer will be seen as whitelisted software because the OS will no longer check if they are signed with an Apple developer ID. Also, just in case the malware is not able to disable Gatekeeper on the infected Mac, some of the second stage payloads are also signed with valid developer IDs.

An anonymous reader quotes a report from Ars Technica, written by Sean Gallagher: Want to be able to run classic Mac OS applications compiled for the Motorola 68000 series of processors on your ever-so-modern Mac OS X machine? Or maybe you'd rather run them on a Raspberry Pi, or an Android device for that matter? There's an emulation project that's trying to achieve just that: Advanced Mac Substitute (AMS). Advanced Mac Substitute is an effort by long-time Mac hacker Josh Juran to make it possible to run old Mac OS software (up to Mac OS 6) without a need for an Apple ROM or system software. Other emulators out there for 64000 Mac applications such as Basilisk II require a copy of MacOS installation media -- such as install CDs from Mac OS 7.5 or Mac OS 8. But AMS uses a set of software libraries that allow old Mac applications to launch right within the operating environment of the host device, without needing to have a full virtual hardware and operating system instance behind them. And it's all open source.

I got a demo of AMS from Juran at Shmoocon in Washington, DC, this past weekend. He showed me an early attempt at getting the game LoadRunner to work with the emulator -- it's not yet interactive. A version of the project, downloadable from Github, includes a "Welcome" screen application (a sort of Mac OS "hello world"), Mac Tic-Tac-Toe, and an animation of NyanCat. Applications are launched from the command line for now and are executed by the emulation software, which interprets the system and firmware calls. Unfortunately, there's still a lot of work to be done. While AMS works on Mac OS X up to version 10.12 -- both on Intel and PowerPC versions of the operating system -- the code currently won't compile on MacOS Mojave. And the Linux implementation of AMS does not yet support keyboard input. I was unable to get the front end to execute at all on Debian 9 on Intel.