Security changes coming in macOS Catalina: what’s changed

Howard Oakley, Eclectic Light Company:

Apple laid out its plans for the changes in macOS security coming in macOS 10.15 Catalina at WWDC in June. Since then, ten beta releases of Catalina have passed under the bridge, and quite a bit has changed.

The biggest single change coming in Catalina takes System Integrity Protection a step further by separating almost all of the system onto a new read-only volume. In place of a single boot volume such as Macintosh HD, Macs running Catalina have two linked volumes named Macintosh HD and Macintosh HD – Data, with the latter containing all the files and folders which are write enabled, including many from top-level hidden folders and /System itself.

This new separation isn’t optional, and Apple has gone to considerable lengths to make it as seamless as possible, including the addition of a new type of bi-directional link which it terms a firmlink.

MacDailyNews Take: There’s much more in the full article – recommended – in which Oakley also notes, “In early August, Apple announced an expanded Bug Bounty programme which includes macOS, but so far doesn’t appear to have started that. As a result, some macOS security researchers may be sitting on small collections of vulnerabilities which they have discovered in Catalina. Don’t be surprised if these lead to some turbulence in the first months of Catalina’s public release cycle.”

9 Comments

  1. It seems that I will have to run a virtual machine in Parallels with Mojave to continue playing my outdated games.. it should be fast enough.. Apple should provide virtual machine capability as Microsoft does with Hyper V in Windows.. Seriously.. they cannot expect the game companies to update all their old games to Catalina.. They need to provide a way for people to run their old programs and also upgrade to the new system!

  2. Why is every new macOs and iOS release something to dread instead of look forward to? As far as I can tell text selection in iOS13 is WORSE than before, among a litany of other problems. Mojave is installed on a newer Macbook that I use LESS than an older Air running High Sierra. It sounds like Catalina will be the first release that I won’t upgrade to in the first month. You can read every word published about a new release but you won’t know all the little screw-ups („features”) they’ve introduced until you install it and are unpleasantly surprised by them.

  3. Wonder how that’ll work with hybrid hard drives. If you copy part of your system volume to the SSD cache, it’s as vulnerable as it would be on the pre-Catalina drive; if you don’t copy it, then your machine will run a bit slower.

    Also wonder how the app-signing features will affect those of us who code at home for fun. Will I have to option-click every time I create a new build, and thus make a fresh executable? I develop on an older (High Sierra) box, but run on my Mojave MBP, which would get upgraded to Catalina.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.