The core flaw is in the misclassification of a bare-boned script-based application as “not a bundle”, which allows code to run that would normally have been blocked by your corporate overlords.
Yeah, this article brings such great findings and provides a really thorough root cause analysis, but it’s written in such a bad way. It reads like History Channel shows: “and soon we will show you this. That thing, soon we will show you that…”
It looks (though the post is a little tentative about saying it) like this bug is present in 10.15 Catalina, but that there isn’t a security patch for Catalina. At the moment, I don’t know whether that is just that there isn’t a patch yet, or whether Apple’s tacit but observable “current minus one” policy for security fixes has been re-unwritten.
I don’t particularly want to update my work/PhD-writing laptop to Big Whoop any time soon if I don’t have to, though.
Because this thing direly needs a TL;DR:
The core flaw is in the misclassification of a bare-boned script-based application as “not a bundle”, which allows code to run that would normally have been blocked by your corporate overlords.
Yeah, this article brings such great findings and provides a really thorough root cause analysis, but it’s written in such a bad way. It reads like History Channel shows: “and soon we will show you this. That thing, soon we will show you that…”
It looks (though the post is a little tentative about saying it) like this bug is present in 10.15 Catalina, but that there isn’t a security patch for Catalina. At the moment, I don’t know whether that is just that there isn’t a patch yet, or whether Apple’s tacit but observable “current minus one” policy for security fixes has been re-unwritten.
I don’t particularly want to update my work/PhD-writing laptop to Big Whoop any time soon if I don’t have to, though.
There should be a patch now: https://support.apple.com/en-us/HT212326
thanks for that, it doesn’t show up for me yet but hopefully does soon!