Apple released some big updates today/yesterday for their various platforms (macOS, watchOS, homeOS, iOS, iPadOS) and in those updates were a health dosage of security fixes as well (link). One of the biggest things ai noticed after installing the macOS 10.15.6 update was that the Boot ROM on both my iMac and MacBook Pro were updated to 4220.127.116.11.0 which makes me wonder what else was updated in regards to microcode updates being deployed. In the security update section I found this to be quite interesting:
Which probably explains why it was 2.65GB in size because of the need to recompile code to address the pointer authentication codes not being properly enforced at compile time. It would be interesting to see how many of the flaws that were reported to Zerodium were due to that flaw in the compiler.
I think the interesting part is the firmware update where I ran the following command sysctl -a | grep machdep.cpu and what stood out at me was machdep.cpu.microcode_version: 214. I think did some Googling and and found this article over at Red hat (link).
On the topic of security, it is interesting seeing the type of security features that ARM64 has as part of it’s ISA and how Apple will leverage those features to create a more robust system. I also wonder, as part of the move to close off the kernel to third parti extensions that Apple will move its GPU drivers out of the kernel into user space which would then open up the possibility for Nvidia to make an appearance on macOS given that in such a scenario the divers would sit in user space and only would require notarisation. The next couple of years with the transition to Arm combined with Apple continuing to rearchitect the core of their operating system.