Checklist 302: Privacy, Security and the 2022 Updates (Part 2)

On this week’s Checklist, we’ll talk about:

macOS Ventura and security
A Mac bug that breaks malware protection
A new Twitter scam

macOS Ventura security features

Apple has released the new OS for Mac: macOS 13 Ventura.

There were a number of important security enhancements. Here’s a rundown of the most important ones:

System Settings replaces System Preferences, and will be simpler to navigate and use—which should make setting up a Mac for security easier than ever before.
Gatekeeper will check software for code-signing issues more frequently, helping to ensure that bad actors don’t tamper with an app after installation.
Passkeys come to macOS, courtesy of Apple’s collaboration with the FIDO Alliance, and just might spell the beginning of the end of passwords!
Strong password editing will let you create strong passwords edited to meet site-specific requirements (e.g., “can’t contain special symbols but must contain numbers and letters”).
Rapid Security Response will give Mac users a way to get important system security patches in between standard updates and without having to restart their computers.
Brand Indicators for Message Identification (BIMI) is coming to Mail, which means you’ll see verified logos next to brands that email you. This is important for security since brand impersonation is a common tactic in phishing attacks.

Mac Ventura flaw affects anti-malware tools

New operating systems are exciting. But they almost always bring in unforeseen bugs that need to be fixed after release. macOS Ventura was no exception — and unfortunately, one of the those bugs had an impact on security.

As The Mac Observer reports, a Ventura flaw is revoking some third-party anti-malware tools’ Full Disk Access. To quote the piece in TMO:

In order to scan your files and emails for potentially harmful software, [security] apps…require Full Disk Access. You may not remember, but you gave your antivirus or anti-malware software that access when you first installed it. Without Full Disk Access, real-time protection and other features simply can’t run.

The bug doesn’t affect every anti-malware tool out there. For instance, if you’re using SecureMac’s own MacScan 3, the app will still function normally. But users of other Mac security tools may not be so lucky.

If you use another tool, here’s what to do in order to make sure you’re still protected:

Go to System Settings > Privacy & Security and click on Full Disk Access.
Click the “–” at the bottom to remove the tool from the list.
Open your anti-malware app again and try to turn on real-time monitoring (this should result in your app walking you through the steps to grant it Full Disk Access).
Go to System Settings > Privacy & Security > Full Disk Access, find your security app, and grant it Full Disk Access!

Blue checks beware

As we discussed on Checklist 296, scammers love big headlines. Why? Because world news offers them a brand new opportunity to scam!

Last week, the new owner of Twitter, Elon Musk, made news because of reports that he planned charge verified users to keep their coveted “verified” status (indicated by a blue check mark badge next to a their name).

AppleInsider reports that soon thereafter, Twitter users began to receive phishing emails based on the story:

Security reporter Zach Whittaker noted that some people [had] gotten phishing emails that request the receiver to click a link and provide information, so they don’t lose the verification badge.

It just goes to show how quick bad actors are to weaponize hot news — and is a good reminder to take any email about current events with a large grain of salt.

For a refresher on how to spot (and avoid) phishing scams, check out:

Filed under Security News, The Checklist Podcast by SecureMac