macOS Catalina: Security and privacy improvements
Apple has released macOS Catalina (v10.15), a new major release of its desktop operating system, which comes with many functional and security and privacy improvements.
The former include a new game subscription service, a feature that extends Mac desktops with iPad as a second display, a new accessibility feature that makes it possible to control Mac entirely by voice, and more.
The latter include, among other things, better protections against macOS tampering, an improved Gatekeeper, and the ability to erase and/or deactivate a lost or stolen Mac and to locate a missing Mac even if it’s offline and sleeping.
System and app security
First things first: starting with Catalina, the system runs on its own dedicated, read-only APFS volume and – Apple claims – “nothing can accidentally overwrite critical operating system files.”
Only Apple will be able to make changes to the system volume, through signed code. The other volume (data volume) is where user and installed application data will be stored.
Another big change that starts with Catalina is the deprecation of kernel extensions (“kexts”).
Apple is pushing developers to switch to using the SystemExtensions framework for installing and upgrading extensions, which will then run in user-space rather than at the kernel level.
“By running in user space, extensions can’t compromise the security or stability of macOS. The system grants these extensions a high level of privilege, so they can perform the kinds of tasks previously reserved to kernel extensions (KEXTs),” Apple explained.
Gatekeeper, macOS’s anti-malware component, has been improved. As before, it enforces code signing and verifies downloaded applications before allowing them to run, but now it will also periodically check their source code after installation, to make sure malicious code hasn’t been introduced at a later date.
With macOS Catalina, notarization of apps, kernel extensions, disk images, installer packages by Apple becomes compulsory.
“Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it,” the company explained to developers.
“Notarization also protects your users if your Developer ID signing key is exposed. The notary service maintains an audit trail of the software distributed using your signing key. If you discover unauthorized versions of your software, you can work with Apple to revoke the tickets associated with those versions.”
Data and user protection
Next: the new OS will check with the user before allowing apps to access their documents, wherever they are (on the system, in the cloud, on an external volume or removable media). It will do the same when apps want to record the screen or keyboard input (in addition to checking whether the user wants give an app access to their camera or microphone).
Activation Lock, the security feature that’s meant to protect Apple devices (and the data on them) if they get misplaced or stolen, will now be available for Macs running macOS Catalina and have the Apple-designed T2 Security Chip (i.e., the iMac Pro, 2018 MacBook Pro, Mac Mini, MacBook Air, and 2019 Mac Pro).
The feature allows the device owner to erase and deactivate the device remotely, and to reactivate it if they ever get it back.
A new Find My app allows users to locate their missing Mac even if it’s offline and sleeping. It does that by sending out Bluetooth signals that can be detected by Apple devices in use nearby, and then relaying the detected location of the Mac to iCloud.
Finally, the macOS native mail client Mail now allows users to block email from a specified sender and unsubscribe from commercial mailing lists, protecting users against unwanted emails.
As a sidenote: the release of Catalina was immediately followed by a release of a security update for it, which plugged a number of flaws, including one in PDFKit that could have allowed an attacker to exfiltrate the contents of an encrypted PDF (CVE-2019-8772) and one in WebKit that could have allowed malicious websites to reveal the user’s browsing history (CVE-2019-8769).