Symantec CAs will be completely distrusted across iOS 12 and macOS Mojave devices.
This may not have a huge impact on our lives. Chrome pulled the plug on Symantec certs back in April of this year, following a bit of a fracas between the two companies. As a result, most websites who were using the suddenly untrustworthy certificates have shifted to different providers. The worst users will see is a message that their connection to a website is not secure. As with any time you see this message, proceed with caution. While it could just be an expired certificate, it could be much worse. Don’t enter any sensitive information into a website unless you see the padlock!
Local and FTP PAC files are now deprecated
Proxy servers are never fun to deal with. If your organization uses a PAC file to distribute proxy information to users, make sure that it’s hosted either via http or https. Occasionally I would use a local PAC file for development or testing purposes, and fill in the local path (ie, file:///Users/admin/Desktop/proxy.pac). With Mojave, this is no longer possible.
32-bit apps trigger an alert
This isn’t exactly new, but worth reiterating. Current macOS High Sierra users will see this message if they launch older apps. Moral of the story here is that 32-bit apps will eventually stop running. This already took place on the mobile platform with the release of iOS 11 last year. If you see the message on your Mac and it’s an app you can’t live without, it might be time to either find an alternative or contact the developer and ask them to update it.
The kickstart command
The Remote Management features are something that we enable almost immediately upon setting up a new Mac. It gives an administrator the ability to remotely control or observe a Mac, install software, issue commands, run reports, etc. Historically, we set this automatically during the installation of our helper tools. With macOS Mojave, it is no longer possible to enable the Remote Management features programatically. The only method is for the user to go to System Preferences and physically click on the tick box themselves. While not an issue for a handful of machines, if you are supporting Macs in any quantity this might be enough to ruin your day!
Secure Boot and the T2 chip
While not, strictly speaking, a Mojave feature, this needs to be mentioned. We could easily dedicate an entire blog post to this topic, as it’s quite a deep rabbit hole. Pay attention if you have (or your users have) an iMac Pro or a new 2018 MacBook Pro. If you don’t fall into that category, you may still want to brush up as you can be certain that these changes will permeate the entire Mac lineup in the not-too-distant future. The first thing I’ll mention is backups. The second thing I’ll mention… is backups. The hard drive and logic board are paired, which means if you took the hard drive out of the machine (you can’t, its soldered to the logic board) it is unreadable. If your logic board fails, your hard drive goes with it. I’ve read that in some circumstances data recovery may be possible, but this requires the machine to be bootable and the logic board to the somewhat functional. If you need help backing up, get in touch!
Privacy Preferences Policy Control payload
If you use an MDM to manage your Macs, this is a cool one. For years, thanks to application sandboxing, we’ve been seeing pop ups saying “Safari would like to access your camera” or “Calendar would like to access your contacts”. This is now manageable! As an MDM administrator, you can control which apps have access to what information. This is fantastic news for those among us who are particularly security conscious, or have trigger-happy users who simply click yes to everything they are presented with.Sadly, all these changes mean we must also say goodbye to some old friends. Here is the list of compatible devices:
- MacBook models introduced in early 2015 or later
- MacBook Air models introduced in mid 2012 or later
- MacBook Pro models introduced in mid 2012 or later
- Mac mini models introduced in late 2012 or later
- iMac models introduced in late 2012 or later
- iMac Pro (all models)
- Mac Pro models introduced in late 2013, plus mid 2010 or mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580
Dave DeslauriersDave is a director and co-founder at Crossover Solutions. He has been looking after Apple devices and their users for over 20 years.