macsecurity.net

Perth Adelaide Tce, WA

Apple has announced new security measures implemented in macOS 10.15 Catalina. Changes will increase the security of running applications and provide users with better control over program permissions.

So, the new OS will work on the basis of a dedicated system volume in read-only mode. This will allow you to separate critical data from the rest of the information on the computer and block the possibility of changes. The developers also created their own space for launching drivers and other software for peripherals. Previously, these components executed code inside the system using kernel extensions (kernel extension, kext). Now they will not be able to affect the operation of the OS.

The Gatekeeper utility, which confirms the legitimacy of running programs, will also scan the software for known security problems. The check will be carried out at the first launch of applications and periodically repeated during further work. New mechanics will protect the user from vulnerabilities in the software of well-known developers. Earlier, experts demonstrated how, in the absence of such checks, Gatekeeper allows third-party code execution in macOS Mojave.

Important changes also affected the user experience when working with the new macOS. The system will ask for additional confirmation before opening data for any application in the “Desktop”, “Documents” and “Downloads” folders. In the same way, access to iCloud Drive, third-party cloud storage and removable media will be limited. In addition, the user will have to confirm the recording of keys, taking screenshots and recording video from the computer screen.

Another new feature migrated to the Mac from iOS devices. It's about the activation lock that appeared on the iPhone and iPad in 2013 with the release of iOS 7, allowing you to remotely disable a lost or stolen gadget. Now, the owners of iMac Pro, MacBook Pro, Mac mini and MacBook Air, released in 2018 and later, will also have this opportunity.

Finally, the Safari browser will warn users if their chosen password does not meet the security requirements. In this case, the program will offer options for more stable combinations.

In parallel with the announcement of new features, Apple stopped supporting TLS certificates based on SHA-1. This encryption algorithm, which Google, Mozilla, Facebook and Microsoft has already abandoned, has long been recognized as unsafe. The company has published new criteria, without which the certificates will not be accepted in iOS 13 and macOS

Catalina:

· SHA-2 based encryption

· Use of RSA keys with a length of at least 2048 bits;

· Representation of the DNS name of the server in the SubjectAlternative Name field instead of the CommonName.

All certificates issued after July 1, 2019 must also indicate id-kp-serverAuth in the ExtendedKeyUsage field and have a validity period of no more than 825 days. This info is shared by https://macsecurity.net/