Apple Introduces Activation Lock for Macs & Read-Only System Volume for Better Security with macOS Catalina 10.15
Apple has released a number of bug fixes with the public release of its latest macOS Catalina 10.15, closing some serious security holes, as we reported earlier. Along with the patches for vulnerabilities, the new major release of Apple's desktop operating system also brings several security and privacy improvements.
Among other enhancements, macOS 10.15 offers better protections against tampering, an improved Gatekeeper, and the ability to locate a missing device even if it’s not connected to WiFi or cellular networks. In the release notes of macOS Catalina 10.15, Apple notes the following security improvements and features:
- Feel secure knowing that apps you use have been checked by Apple for known malware.
- Authorize access to data when apps request it using new data protections.
macOS Catalina 10.15 runs on a read-only APFS volume
Apple said that the new security improvements in Catalina better protect macOS from tampering. The operating system "now runs on a dedicated, read-only system volume, which means it is completely separate from all other data, and nothing can accidentally overwrite critical operating system files," the iPhone maker wrote.
This effectively means that only Apple will be able to make changes to this read-only system volume through signed code whereas the data volume will be used for user data and applications. This read-only APFS will be exclusive for all the SIP-protected folders, system files and most of the preinstalled apps.
"A new Catalina install with a single user account has around 10GB of data on its system volume and another 4 or 5GB in the user data volume," ArsTechnica noted. When you update from High Sierra or Mojave to Catalina, your current system volume is turned into a data volume, system files are deleted and then a new system volume is created where the majority of system files are written. Once the installation finishes, the new volume is marked as read-only.
This sounds a little like Microsoft's "Reserved Storage" feature that was introduced with Windows 10 May 2019 Update, version 1903. The Windows maker reserves around 7GB aside for system, apps, and Windows Update use.
Catalina also supports Activation Lock and improves Gatekeeper
Apple has improved Gatekeeper, its technology that ensures only trusted software runs on a Mac. "Gatekeeper, Apple’s technology to ensure only trusted software runs on a Mac, now checks all apps for known security issues, while new data protections require all apps to get permission before accessing user documents," Apple said.
Every Mac that comes with Apple's T2 Security Chip also now supports Activation Lock making it possible for Mac users to have control over reactivating and erasing data from their missing or stolen devices, similar to an iPhone or iPad.
- Keep track of your devices and find friends and family with an easy-to-use new app.
- Help locate devices even if they're not connected to Wi-Fi or cellular.
- Use Activation Lock to protect Mac models with Apple T2 Security Chip.
With the release of macOS Catalina 10.15, Apple has also introduced a new Find My app that combines Find My iPhone and Find My Friends into a single, easy-to-use app on Mac, iPad and iPhone.
Using Find My, you can now locate a missing Mac even if it isn't connected to the internet or even if it's sleeping by sending out Bluetooth signals that can be detected by Apple devices in use nearby. This location is then relayed to iCloud making it possible for the user to locate their missing Mac in the Find My app.