Apple has released macOS Sonoma, and we discuss how to prepare your Mac to upgrade to this new operating system. We also talk about the dozens of security fixes included in macOS Sonoma, and how one file format that has been supported on the Mac for decades is going away.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.
Voice Over 0:00
This is the Intego Mac Podcast–the voice of Mac security–for Thursday, September 28, 2023.
This week’s Intego Mac Podcast security headlines include: a rundown of the many security patches Apple has released in its latest operating system updates. You say you want to hack the phones of your political adversaries. But Pegasus spyware is beyond your budget. Then have we got the malware for you. PostScript has seen its last days on macOS. And what to know and do before you upgrade your Mac to macOS Sonoma. Now, here are the hosts of the Intego Mac Podcast: veteran Mac journalist Kirk McElhearn and Intego’s Chief Security Analyst, Josh Long.
Kirk McElhearn 0:49
Good morning, Josh, how are you today?
Josh Long 0:51
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:52
I’m doing just fine. This is one of those weeks, we get once a year for the Mac, once a year for the iPhone and the iPad. And we’ve got a new operating system. We’re recording this on Wednesday, the 27th, it came out yesterday on Tuesday, the 26th. macOS Sonoma is here.The changes are just earth shattering. It’s rebuilt from the ground up. Isn’t that how they say when they’re trying to tell you that they fixed a few bugs?
Josh Long 1:17
“Rebuilt from the ground up” might be a little bit overstated. Yeah. But it’s got a lot of new features, though.
Kirk McElhearn 1:22
It’s got new features, but you’ll look at it and you won’t really see that much. Today we’re going to talk about preparing your Mac to upgrade for macOS Sonoma, because I think a lot of listeners may not have done this on the first day. I did it a week or two ago when the release candidates came out because that’s what I have to do. Next week, we’re going to take a deep dive at a couple of features that we really like and we’ll find out about them next week. But we want to start with all the security updates or what is it 61 or 93 or 740 security updates that were out in macOS Sonoma?
Josh Long 1:52
Well, macOS Sonoma lists a bunch of security updates in its release notes. There are 61 CVE numbers—Common Vulnerabilities and Exposures. These are numbers that indicate a specific vulnerability that has been patched in that operating system. 61 is a lot. 61 may not really be the full picture though, because there’s an additional recognition section at the bottom of this release notes article that has 32 additional recognitions. These are like researchers who have reported vulnerabilities. And Apple is only giving you the name of the component that was fixed and recognizing a particular researcher for their contributions without giving a CVE number. Among these 32 security issues that are listed here as additional recognitions, one of them seems like it this is a vulnerability that was actually patched last week for other operating systems. And by the way, we’ll get to that in just a second. But a security researcher who reports a lot of vulnerabilities to Apple said that he reported 10 issues, only two of them actually got a CVE number in the release notes for macOS Sonoma. He said that several other issues show up under these additional recognitions, even though Apple had said that they were going to be getting CVE numbers and properly listed that way in the release notes. So it’s kind of weird. I’m not really sure why Apple is not properly crediting these researchers and giving them the CVE numbers that they earned for their reports.
Kirk McElhearn 3:33
But we know that sometimes Apple issues updates and then updates the information about them afterwards. Because maybe they didn’t want to expose all the information right away for some reason. Maybe they’re waiting for to update other previous operating systems. And they did do an update to Ventura didn’t they.
Josh Long 3:50
They did. Yeah, and I’m not sure whether that’s the exact reason why Apple has done this in this particular case. Usually, it’s the kind of thing where Apple will withhold information and then add additional things later. So we’ve got 61 named CVEs, there’s 32 additional recognitions, so that gives us 93. But that number may even be bigger than that, because some of these things they credit multiple researchers which may actually be multiple vulnerabilities all under the same category, for example, kernel. On top of that, Apple, typically weeks or months later, will go back and add additional things, additional entries, so we probably could have like 100 or more vulnerabilities that got patched in macOS Sonoma.
Kirk McElhearn 4:38
So I have a question. You said 61 security patches in macOS Sonoma. Does this mean that there were security vulnerabilities in macOS Ventura that Apple held off updating until Sonoma came out?
Josh Long 4:52
That’s a really good question. We don’t necessarily know the answer to that, unless the security researcher who reported it to Apple comes out and says, Here are the details of this particular vulnerability. And I know that it also applies to this operating system that wasn’t patched. What I’ve done in the past on this. And I’ve given talks at a couple of security conferences, where I’ve talked about having conversations with some of these researchers, sometimes they will tell me Oh, yeah, no, that applied to that operating system, but Apple just didn’t patch it for that operating system for whatever reason. And this is something that people often speculate about. They go, Oh, well, if Apple didn’t patch it for macOS Ventura, then it probably just didn’t apply to macOS Ventura, right? You know, presumably, Apple would just patch everything for the previous operating systems. But unfortunately, that’s not actually how Apple behaves.
Kirk McElhearn 5:44
Okay. And this is a good reason why you should update your Mac to macOS Sonoma, if you can. In the second half of the show. We’ll talk about upgrading your Mac and we’ll talk about which Macs are compatible with macOS Sonoma. I want to go back to last week now on September 21, when Apple released patches for some malware called Predator tell me about this.
Josh Long 6:02
We’ve talked many times about the NSO Group’s Pegasus spyware that is often used by nation state threat actors to spy on dissidents, journalists, and who knows who else. Predator is kind of the I guess you could say that the discount bargain basement alternative to Pegasus. Predator is made by a different company. And at least in this particular case, it wasn’t designed with a zero-click vulnerability. It was designed with a one-click vulnerability, meaning that a potential target would get a maybe a text message that looks like it’s from somebody else. And then they click on a link and now their device gets infected just by clicking on that link. Apparently, the person who was targeted in this case, was an Egyptian presidential candidate, which is kind of interesting, because there’s sort of an implication there that maybe the government of Egypt might have been the originator of this attempted hacking of his iPhone. In any case, somebody attempted to hack his iPhone, and they used a series of vulnerabilities and exploit chain consisting of three vulnerabilities. And these vulnerabilities were patched for iOS 17 and 16 last week, also iPadOS 17 and 16. macOS Ventura, macOS Monterey, and one vulnerability was patched for macOS Big Sur. And then WatchOS 10. And WatchOS 9 also got patches. Notably, nothing for iPadOS or iOS 15, and nothing for WatchOS 8. Remember, I mention this all the time, Apple was still selling Apple Watch Series 3 earlier this year, it can’t be upgraded past WatchOS 8, and no patches for WatchOS 8. And just to wrap this up, I should mention too, that it looks like probably all of these vulnerabilities were patched in macOS Sonoma. So if you want to upgrade to Sonoma, you should be safe from all of these Predator exploited vulnerabilities as well.
Kirk McElhearn 8:13
So let’s go for the malware trifecta. You have some information about new Mac malware, we kind of teased it last week. This is a really weird story, because it’s malware that’s out there. And that not too many companies are getting samples. It’s really hard to get samples, but you managed to get one and you looked at this malware. So tell us what it does.
Josh Long 8:30
Right. So in recent months, there have been some headlines that have shown up in the Mac press where people are saying that malware was found on the dark web or ChatGPT found some malware on the dark web. And the past couple of times this has happened, the research group that reported these things didn’t actually get samples of the malware. And it felt like almost a non story. It’s telling you there’s some malware out there but we don’t have any details about it. There was yet another underground hacker forum where somebody had been claiming to offer some Mac malware for sale. So this is malware as a service. Basically they’re saying you hire me and I will give you some malware that you can use to infect other people’s Macs. In this case, we were actually able to get a sample unlike other researchers in recent months, we were able to see exactly what this malware was. There we’re using a variation of Atomic Stealer, which is a very popular bit of stealer malware on the Mac. By the way, be sure to check out our article on the Mac security blog about recent stealer malware on the Mac. There have been three different malware families that have all had campaigns that seem to be active in September. AtomicStealer, MetaStealer which were mentioned last week and also RealStealer. All of these have had active campaigns in the month of September. So That’s kind of a big deal. That’s a lot of different varieties of stealer malware that are actively out there on the Mac and infecting Macs.
Kirk McElhearn 10:07
One more mention about a change in macOS Sonoma. If you’ve been involved with the Mac for a long time, like some of us decades, if you’ve ever been involved in desktop publishing, you’re familiar with PostScript It was the first language that described the way documents looked that could be transferred from platform to platform that printers could use to reproduce a document that you would create. Now it was it was superseded by PDF, which came out sometime in the 90s in the late 90s, I believe. But PostScript has always been useful because it doesn’t have any cruft in it. It puts everything into ones and zeros, and it’s a language that describes the way things look. So Apple has been hinting that PostScript would be deprecated for the past couple of years. Finally, it is deprecated in macOS Sonoma, which means that macOS can no longer read PostScript files. Interestingly, you can still save files as PostScript files from the Preview app in macOS. There are other apps that can read PostScript files, I tried to open some PostScript files on my Mac today, I have a couple of apps that can do this. One of them is PDF Expert, which is an app that can edit PDFs. Another one is Affinity Publisher, which is a desktop publishing app. But there aren’t too many apps that can open PostScript files. Now this does open a space for people who still want to use PostScript for a variety of reasons. So maybe some other third party apps will add a feature to open PostScript files. I’m pretty sure this open source tools that they can just put into an app to be able to read PostScript files.
Josh Long 11:38
Right, exactly. PostScript has been around since it looks like 1982. And the PDF standard kind of got its start around ’91. And the initial release of it looks like it was ’93. So yeah, it’s been around. Both of these formats have been around for a while, but PostScript certainly has been around quite a bit longer. By the way, it may be that one of the reasons that Apple is removing PostScript at this point is because of potential security vulnerabilities. Because the PostScript standard hasn’t really been updated for a long time. According to Wikipedia, the last stable release of PostScript was 26 years ago in 1997. It’s not necessarily built with security in mind. Back in 2022, there was a vulnerability in PostScript that affected macOS. Apple patched a bug in macOS Monterrey 12.5, and also for macOS Catalina in something called PS Normalizer. They said processing a maliciously crafted PostScript file may result in unexpected app termination or disclosure of process memory. PostScript files can potentially be problematic from a security perspective. And perhaps that’s one of the reasons that Apple decided to deprecate it now.
Kirk McElhearn 12:54
I think most people don’t realize that for a long time after PDF was released, it was not a free tool you could use. Initially, Adobe sold apps to read PDFs to create PDFs, which that was a distiller app. And it wasn’t until 2008 It became an open standard, at which point everyone started using it. I think Adobe actually slowed things down and kept PostScript alive for a long time. But PDF has become so common that I don’t think there’s a computing device on the planet that’s currently sold that can’t read PDFs.
Josh Long 13:25
That’s a fair point. Yeah, I think just about everything. Certainly any computer, smartphone tablet, they can all read PDFs.
Kirk McElhearn 13:32
Okay, let’s take a break. When we come back, we’re going to talk about upgrading to macOS Sonoma. Should you upgrade now or should you wait?
Voice Over 13:41
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X 9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple silicon Macs. Download the free trial of Mac Premium Bundle X 9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the Special Discount Link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 14:56
Okay, so the big question is: do you want to upgrade your Mac to macOS Sonoma? This is a good weekend project, especially if you have more than one Mac, it came out on Tuesday this week. Now, you’ll listen to this podcast on Thursday or Friday or Saturday. It’s not a good idea to take an evening in the middle of week and start doing this in case something goes wrong. To be fair, I had no problems. I haven’t heard of any major problems with the upgrade. This is one of the quickest upgrades I’ve seen. In other words, each time you upgrade, I think in the past with Ventura and Monterey, it would have to boot three times and go through a complicated process. This time, you know, I would set my Mac to upgrade, I’d go sit down and read before I knew it was finished. So I’m not suggesting you do it on a weekday evening, wait for a Saturday or Sunday. But still, Now Josh and I are different. He has an upgraded yet to Sonoma, he always waits because he doesn’t trust anything. Me. I upgrade to Sonoma because I read articles about it. And I need it. And I put it initially on my MacBook Air to prep for it. And as soon as it came out, and I knew it was stable. And as soon as the software we used to record the podcast, which is very important I was sure that it would work, and then I upgraded on my iMac. So the real question is, should you upgrade now? Or should you do it later. And Josh, you are always, I don’t want to say you’re a scaredy cat about this, you just kind of think about all the bad things that can happen, don’t you?
Josh Long 16:13
Well, I think it’s good to have a balance between the wait and see for like a day or two, just, you know, make sure there’s not any really, really big egregious issues before upgrading, in which as you mentioned, it doesn’t really look like there’s I’m not really seeing any reports of any major issues, I did see somebody post something about having some trouble with some unnamed piece of security software, they didn’t mention who it was, it wasn’t Intego. As long as you’ve upgraded all your Intego software, you’re good to go. As long as you’ve run NET update to make sure you’ve got the latest version of all your Intego software, you’re just fine to upgrade to macOS Sonoma. Aside from that, there are not too many things that really necessarily are going to need an update for macOS Sonoma. But it doesn’t hurt any of your critical software that you use every day or every week, you do want to make sure that you do upgrade those first, just in case there’s any compatibility issues. But I haven’t heard about too many things. So I’m probably going to update to Sonoma within the next day or two.
Kirk McElhearn 17:14
Here’s one piece of software that has had a big change, I use Spam Sieve on my Mac to filter spam. And it’s changed from a plugin to an extension. And so this is a new process, Apple no longer supports plugins in Mail. You may have other plugins in Mail that you’ve been using. So check this out, in case you do, that they may not work anymore if the developers haven’t updated them to work as extensions. Another thing to point out, and so I’m going to link to an article in the Intego Mac security blog about how to prepare your Mac, to upgrade to macOS Sonoma. You should always check for any third party drivers. I have a friend who has a big RAID unit, I think it’s a Lacie RAID unit, big queue, five drives. And I know several times in the past years, the drivers weren’t updated early enough for him to be able to upgrade his Mac to the current operating system. Now this is really important because if a device like that depends on a driver, you will no longer be able to access any files on it. Check anything like that if you have a special kind of printer that doesn’t use a built in printer driver. If you have a scanner that has some kind of driver. There might be cameras, you might have a webcam attached to your device that you need. Anything like that check before you upgrade, because these could be things that could well first of all prevent you from doing certain types of tasks, but also crash your Mac if the drivers aren’t upgraded.
Josh Long 18:35
By the way, one particular piece of software that might concern you, if you typically have it integrated with your Apple Mail app is GPG tools. I don’t know if maybe a lot of people use this necessarily. But this is one of those tools that is has been around for a long time. And it’s you may have heard of PGP. Pretty Good Privacy is what do you stand for GPG is the new Privacy Guard or something. It’s like an open source version of it. And GPG tools is a suite for the Mac that allows you to encrypt and decrypt, for example messages that you’re sending through Apple Mail. And because of that lack of macOS mail plugins now, that’s something that you should be aware of, if you do upgrade to macOS Sonoma, you’re no longer going to have that built in plugin for GPG tools.
Kirk McElhearn 19:27
Okay, so let’s talk about compatibility. Every year Apple shifts the compatibility toward the future a little bit but there haven’t been a lot of changes this year. So iMacs from 2019 and later, iMac Pro 2017 and later Mac mini 2018. And later, Mac Pro 2019. And later, MacBook Air 2018 and later and MacBook Pro 2018 and letter so you can have a Mac that’s four years old, but in the case of the iMac, I think before 2019 It was 2017 so it doesn’t go back that far.
Josh Long 19:59
Another way to look at this Is that Apple dropped a few years of particular models, so they dropped any 2017 iMacs except for the iMac Pro, that’s the one exception. The only 2017 Mac by the way that supports macOS Sonoma. But all the other 2017 iMacs have been dropped the 2017 MacBook. So now there is no more plain MacBook that can run macOS Sonoma, and also the MacBook Pro 2017 was also dropped from support for macOS Sonoma.
Kirk McElhearn 20:28
So basically, if you’ve got a Mac that’s four or five years old, you should be fine. We’ll link in the show notes to our extremely popular article How to install macOS Ventura, or Sonoma on unsupported Macs for security improvements. This uses software called Open Core Legacy Patcher, which should be available in October. So if you are using a very old Mac, then you’re going to have to wait to update Sonoma using this software.
Josh Long 20:51
That’s right. As of right now they’re planning on releasing the next version, which is the first official version that will support Mac was Sonoma on October 2, which is really fast. I mean, they were expecting macOS Sonoma to be released in October, so they were going to be ready on day one, which is almost unheard of. So the fact that they’re able to put out their patcher to get your older Mac’s upgraded to macOS Sonoma that quickly is pretty amazing, really.
Kirk McElhearn 21:17
So one thing I like to do before I upgrade before I even do my backups is I check my drives, particularly my startup drive. You can open Disk Utility, which is an Applications slash Utilities, you can run Disk First Aid. I remember back in the day, you would often have catalog problems on drives, and you would have to fix it and DiskWarrior was like the best tool for fixing that. I think when Apple introduced journaling to the file system, it corrected everything, I have never had a problem. I’ve never lost files. I’ve never found errors when I’ve run Disk Utility in Disk First Aid.
Josh Long 21:52
I have had problems with journal HFS+ drives. However, I’ve never to date anyway, I’ve never had an issue with any apfs drives. If you’re running a new enough operating system that you’re basically required now to have APFS as your Apple file system format, you’re probably fine. I don’t think you’re likely to have data loss in most cases on it unless it’s a hardware issue unless your drive actually fails for some reason.
Kirk McElhearn 22:21
Okay, next thing, backup your Mac. And then you know what to do. After that you back it up again. One backup is not enough, belt and suspenders. And even a little what the third thing would be, extra shoes or something like that. I have too many backups. But I have saved my cured pork several times, because I have too many backups. Anytime you’re doing a major upgrade, you don’t know what can happen. Let’s say you have a power outage in your house, in the middle of the upgrade, your Mac might not boot. So you’ve got to have backups.
Josh Long 22:51
You can actually backup with Apple’s Time Machine, which has been a feature in macOS for many years now. As well as Intego Personal Backup. So you have your Mac backed up in two different ways. And there’s lots of other ways that you can backup as well. But if you’re doing both of those, that’s definitely a good belt and suspenders approach.
Kirk McElhearn 23:10
And add them extra shoes or boots or whatever, because it never hurts, at least for your important files, right? Maybe you put them in the cloud, maybe you use an online backup or something. But your important files are the things you can’t get back, you can always rebuild an operating system redownload apps, it’s a pain, it takes a long time. But there are files that you can’t afford to lose.
Josh Long 23:29
Right I was gonna say that extra backup might be your iCloud backup. For example, if you’re synchronizing your files to iCloud, that’s another place that you can keep things backed up. And of course, you may also want to have an online backup service, I think Kirk, you use Backblaze that seems to be the most popular one on the map right now.
Kirk McElhearn 23:47
Okay, time to upgrade. 12 gigabytes, you got to download 12 gigabytes. Now a few years ago, if you remember, I had Victorian internet and it would have taken hours and hours and hours and I’ve had gigabit fiber for about three years and whoosh. I don’t even notice 12 gigabytes is a lot. And depending on your bandwidth, you may not even be able to download it at home, you may have to go to a coffee shop where they’ve got fast Wi Fi to download it. It’s really important that after you download it, you make sure that you don’t delete the installer. So if you install it on one Mac, I’m not sure if this is happening this year. But in the past, this has often happened, the Mac would delete the installer after it was finished to save space, it’s taken up 12 gigabytes. But if you’ve got multiple Macs or if you think you may need to reinstall it at some point in the future, it’s better to offload it on another drive 12 gigabytes is a lot. And I think it’s were four or five years and it’s been 12 gigabytes every year. I don’t know why it’s not bigger or smaller. Maybe they’ve decided that that’s the size it’s going to be. Worth pointing out that if you did install beta versions of macOS Sonoma, and I’ll link in the show notes to an article talking about that even though the beta campaign has finished the final update or what gonna be about six gigabytes. So that meant that not everything needed to be updated. But 12 gigabytes is a lot, right.
Josh Long 25:06
And it’s actually been about 12 gigs for a few years now, I’m just looking at my backups that I’ve made, these typically will show up in your Applications folder, it’ll be called something like install macOS Sonoma. And if you make a copy of that application somewhere else, that’s how you can back that up. So I’ve got a couple of zip files that I’ve made from past versions, and Monterey was 12.1, for my Big Sur installer that I made was also over 12 gigs. So they do take up a lot of space, and they don’t really compress well. So even though I made a zipped version of them, they’re about the same size when they’re fully expanded to,
Kirk McElhearn 25:44
Okay, if all goes well, your Mac will reboot into macOS Sonoma you’ll get these fancy new screensavers, which really annoy me because I don’t like when the screensaver moves. So you might want to check out some of that. If something goes wrong. You’ve got those two or three backups, you can restore your Mac from one of your backups or clone or a time machine backup, maybe redo it. I pay attention a lot to forums about what people were talking. I haven’t heard any serious problems with macOS Sonoma installations. The same with iOS and iPadOS. There was a period some years ago when there were a lot of issues. But it seems that they’ve really got things improved, that this is no longer a frightful thing to do.
Josh Long 26:26
It could be either, that there’s not any really major under the hood changes, and it’s mostly superficial changes. The other thing is maybe apples actually doing a better job of transitioning and beta testing and so forth and making sure that the process goes smoothly.
Kirk McElhearn 26:42
Okay, that’s enough for this week. Next week, we’re going to talk about two of our favorite features in macOS Sonoma. Until next week, just stay secure.
Josh Long 26:49
All right, stay secure.
Voice Over 26:51
Thanks for listening to the Intego Mac Podcast—the voice of Mac security—with your hosts, Kirk McElhearn and Josh long. To get every weekly episode, be sure to follow us on Apple podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software: intego.com.
