Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
A missing permission check in Jenkins Active Directory Plugin 2.19 and earlier allows attackers with Overall/Read permission to access the domain health check diagnostic page.
A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to list global pod template names.
A missing permission check in Jenkins AWS Global Configuration Plugin 1.5 and earlier allows attackers with Overall/Read permission to replace the global AWS configuration.
Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server.
A cross-site request forgery (CSRF) vulnerability in Jenkins Active Directory Plugin 2.19 and earlier allows attackers to perform connection tests, connecting to attacker-specified or previously configured Active Directory servers using attacker-specified credentials.
A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1.27.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode.
Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password.
It’s the biggest change to the Mac since the move to Intel, and it comes on top of the biggest change to macOS since OS X. Apple Silicon and macOS Big Sur are going to work, but it will take time.
Apple makes it sound very easy for everyone to move to using macOS Big Sur on the forthcoming Apple Silicon Macs. In fairness, Apple has also actually made it very easy — with Rosetta 2, with the developer transition kit, and with all the resources it can offer.
There’s no question that Apple Silicon will work and that’s actually a remarkable thing. Apple is replacing the very core of the Mac and they’ve convinced us all that they’re going to do it seamlessly.
Yet as deep as the change goes into the heart of the Mac, the effects of that also go extremely wide. As well as every app and utility that every user has, it also affects every piece of hardware that plugs in to every Mac.
Although all developers and all users that AppleInsider asked are positive and looking forward to Apple Silicon, that doesn’t mean they plan to switch on day one. There are issues which are small enough that you can expect them to be addressed, but not necessarily immediately.
Ready and waiting for Apple Silicon
One developer that is typical of the attitude to macOS Big Sur on Apple Silicon is the Omni Group. Maker of OmniFocus, OmniOutliner, and more, it has developing software applications since the days of Steve Jobs‘s NeXT company.
Consequently its apps have decades of work in them, which means potentially very old code — which certainly leverages every nook and cranny of macOS. Yet Ken Case, CEO, is entirely positive.
“Yes, our apps do have pretty deep roots!” says Case. “As a long-time Apple developer, there’s nothing about switching over to Apple silicon which concerns me— in fact, I’m really, really looking forward to it.”
“This transition is in some ways much easier than many of Apple’s earlier transitions (PowerPC, Intel, 64-bit, etc.), because in this case most of our app logic has already been running on Apple silicon (in our iPhone and iPad apps),” he continues.
“So as Mac transitions over to Apple silicon, we’re building apps for an architecture that’s already familiar [and] using a toolset that’s already familiar,” says Case.
Apple Silicon and Big Sur security
At the opposite end of a quite short spectrum is Mike Bombich, creator of backup app Carbon Copy Cloner (CCC). Ultimately, he says in a new blog post, he is “really stoked” and “optimistic” about Big Sur on Apple Silicon, but early users of any backup app are coming up against a new move by Apple.
From Big Sur onwards, macOS itself is installed on a Signed System Volume. No one but Apple can copy the system, so at first it appears that no one can make a bootable backup. According to Bombich, you can install Big Sur on an external volume and then back up to it, but that is one more thing to know about.
And it comes on the heels of the T2 security processor, which for a couple of years now has prevented Macs being booted from any external drives. There’s a way around that, but again it takes preparation in advance, it’s not a problem you want to find when things have gone wrong.
In the case of Carbon Copy Cloner, though, work now is ultimately going to be worthwhile because of the difference the new OS and the new architecture should make in the future.
“Our solution is tied so closely to the logistics of the startup process,” writes Bombich, “[that we]spend about a quarter to a half of our year just making CCC work with the next year’s OS.”
With Big Sur, Bombich expects that there will come a “perfect division of responsibility,” between Apple protecting the Mac’s startup volume, and CCC being able to concentrate on backing up data.
Emulation and universal binaries
It’s specific details like this that are giving concerns to developers, although again none expect problems to persist. Sergey Krivoblotsky, software developer at MacPaw, told AppleInsider that he is worried about how developers may be using third-party tools or libraries.
Apple’s documented advice is that “if your project depends on any third-party libraries, contact the original vendors” and get them to produce Universal Binaries, or versions that will work with Apple Silicon. “You cannot produce a universal version of your binary without universal versions of all linked libraries,” continues Apple.
Krivoblotsky is also a little wary of how Intel-based apps may be slowed down when running under Rosetta 2 emulation. “I remember Rosetta 1,” he says, “and it wasn’t always the best experience.”
“[Plus] new technologies use previous experience and fix some of the old bugs but at the same time they create new, often unexpected, ones,” he continues. “And only the official release of ARM-based macs will show how stable they are.”
Code-level changes in Apple Silicon
Apple makes it sound as if you can run your old Intel apps just fine under emulation, or you can quickly recompile them to work directly on Apple Silicon. This is all true, but if it means old code can be recompiled for the new platform, it can still mean that the thinking behind that code may need to change.
Serhiy Butenko, software engineer on CleanMyMac X, sent us an example of an unexpected issue that was affecting coding. “On Apple Silicon, you need to request the absolute time in a different way [to Intel],” he says.
Big Sur on Apple Silicon will take a request for time from an app and return it a numeric value counted in what are called ticks. “It has so happened on Intel processors that 1 tick equals 1 nanosecond,” continues Butenko. “Everyone has used this method and it’s been OK because there have only been the Intel processors. Then Apple Silicon appeared and 1 tick no longer equals 1 nanosecond, so it’s not clear what the result will be.”
MacPaw developer Serhiy Buchnev, agrees that “sure, there will be some difficulties during transition,” and also that Rosetta 2 will have some issues. “But I think this difficulties are worth it. Developers in the Apple ecosystem have already passed through similar transformation back in the days during the transition from PPC to Intel and it was done pretty smoothly.”
User demand for Apple Silicon hardware
The presumption is that Apple Silicon Macs will be faster than Intel ones. “When we make bold changes,” said Tim Cook at the announcement, “it’s for one simple and powerful reason. [It’s] so we can make much better products.”
Doubtlessly, every Apple user, most especially pro ones whose work depends on Macs, wants faster machines. However, for those who need speed the most, they also need total reliability.
Nobody expects Apple Silicon Macs to go wrong, but of the different users AppleInsider talked with, one was certain that they would not be committing to the new machines right away.
Musicians. It used to be that musicians were drawn to Apple gear because PCs famously added latency problems, so keeping instruments in sync would be an issue.
Faster Macs should help ensure that’s still true, that Apple performs well for musicians, but they’re not just dependent on Apple. None of the major music hardware developers were willing to discuss future plans, but their hardware depends on drivers for Macs and these will all have to be tested.
The prevailing attitude amongst musicians is that they’ll let these manufacturers do the testing, they won’t unbox an Apple Silicon Mac and bring it out on stage just yet.
Optimism for the future
So there are issues, that there will be a transition period for users, developers, and hardware manufacturers as well as for Apple. Again, though, every person we spoke with fully expects Apple Silicon to be good for their business.
That is partly because of how faster Macs can be expected to sell better, but it’s also because of how Apple’s moving to ARM processors is likely to make serious chip updates more frequent.
“[This will all mean] moving to a CPU platform whose roadmap has had strong year-over-year improvements for the past decade (unlike what we’ve seen on the Mac),” said the Omni Group’s Ken Case.
“I might be a bit sad to lose compatibility with some older Mac software — although a lot of that already happened in Mojave and Catalina,” he continues, “but I’m looking forward to gaining compatibility with a whole, much larger world of iOS apps that will already be available on day one.”
We just don’t know yet when Day One will actually be. However, that’s surely something Apple is going to reveal at its November 10 event.