Apple provides so many services for different parts of macOS that it’s hard to keep track of them. If you want to see a short summary, this article lists all service connections for enterprise network administrators, although it doesn’t detail which services use which servers, for example referring to “macOS updates” in many entries.

Many of you seem surprised to learn that Sequoia’s new XProtect updates come from iCloud, although Apple has been using iCloud for similar purposes for at least the last five years.

One good example that’s used every day on your Mac are the notarization checks sometimes run by Gatekeeper when macOS launches executable code, such as an app. In that case, com.apple.syspolicy processes the app’s notarization ticket
looking up ticket: <private>, 2, 1
by trying to fetch its record from iCloud using CloudKit. That’s followed by log entries indicating the network access required to connect with iCloud and check the ticket. Success is reported by com.apple.syspolicy in
CKTicketStore network reachability: 1, Mon Aug 26 09:15:45 2024
looking up ticket: <private>, 2, 0
and further lookups. I first reported those checks with iCloud back in Catalina, in 2019.

A simple way to illustrate the differences between this and using the general softwareupdated service is to compare what happens in the log when you ask if there are any updates available.

softwareupdate

When SilentKnight does this, it uses the only supported method, the softwareupdate tool, as used to keep XProtect up to date in all versions of macOS prior to Sequoia. That command hands over to the softwareupdated service to run the check. That in turn uses components of com.apple.SoftwareUpdateController to summarise the update state of that Mac, connect to the Software Update Server, check all the current versions and build numbers of macOS and its ancillaries, and arrive at a list of updates required. This is even more complex than it sounds, as com.apple.SoftwareUpdateController has to check key settings such as whether the root volume is sealed or not.

You can trace this through several thousand log entries, and after around 4.4 seconds and multiple network connections, softwareupdate finally informs SilentKnight that there are no updates available.

xprotect

Running the command
sudo xprotect check
in Sequoia is far simpler and quicker, as it checks for just one component’s updates through iCloud. The command connects to XProtectUpdateService in the XprotectFramework private framework in macOS, which in turn fires up CloudKit to connect to iCloud. That fetches a database record and returns the result to XProtectUpdateService, and so back to the xprotect tool as its result. Total time taken is 0.5 second.

As Apple’s intent in changing the management of XProtect and its data appears to be to facilitate more frequent and macOS-specific updates, iCloud is an ideal platform to host this on.

Pinniped with tusks

There is, though, one last thing: what is the walrus? As that might seem an odd question, read these two log entries encountered when browsing what happened with the xprotect check command:

12:08:00.919841 com.apple.cdp XPC Error while fetching walrus status: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.cdp.daemon was invalidated: failed at lookup with error 3 - No such process." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated: failed at lookup with error 3 - No such process.}
12:08:00.919845 com.apple.cloudkit CoreCDP reports that walrus is undetermined for the logged in account. Error: Error Domain=NSCocoaErrorDomain Code=4099 UserInfo={NSDebugDescription=<private>}

The prospect of an undetermined walrus that can’t be fetched from inside my Mac might seem worrying

If your Mac is running macOS Sequoia version 15.2 and you keep an eye on its security data updates, you may have noticed that those have changed again. Perhaps the only way to make sense of what has happened is to understand how XProtect updates work in recent versions of macOS.

Before doing that, there are two important issues to make clear:

• Despite their names, XProtect and XProtect Remediator are different, and in Sequoia are updated using different mechanisms. XProtect is run on-demand when macOS is about to execute code, while XProtect Remediator runs scans for malware in the background about once a day. This article is only about how XProtect updates, as XProtect Remediator is still updated using the softwareupdate mechanism, and that hasn’t changed.
• Sequoia obtains XProtect updates through a connection to iCloud that is independent of whether your Mac is logged into your Apple Account in iCloud. So long as your Mac is connected to the internet and nothing blocks its iCloud connections, those updates will be available to it, regardless of whether it’s connected to your Apple Account or iCloud Drive. This is in common with other services that macOS relies on, such as making notarization checks on apps, and updating linguistics data and those used by AI.

macOS Sonoma and earlier

Like other security data updates including XProtect Remediator, XProtect is updated through Software Update, or the command tool softwareupdate, which is how SilentKnight obtains its updates too. Shortly after starting up, and at least daily after that, your Mac’s softwareupdated service contacts Apple’s software update servers and checks whether there are any updates available. If there are, they’ll be automatically downloaded and installed, provided that’s enabled in System Settings.

In this case, XProtect is installed in its traditional place, in /Library/Apple/System/Library/CoreServices as XProtect.bundle.

mcOS Sequoia 15.0-15.1.1

For this brief period, XProtect updates have been available using either of two methods.

The traditional method using Software Update or softwareupdate continues to install the XProtect bundle in its old location, where it could still be used, but the XProtect service in Sequoia expects to find it in a different location, in /private/var/protected/xprotect, where it’s still known as XProtect.bundle.

The new method installs the XProtect bundle directly into its new location, and doesn’t obtain it using Software Update or softwareupdated, but an undocumented service that connects to iCloud instead. That appears to activate at least once a day, independent of softwareupdated, and silently checks for XProtect updates in iCloud. When it finds one, that’s installed directly to /private/var/protected/xprotect but not the traditional location in /Library/Apple/System/Library/CoreServices. It’s therefore perfectly possible for the two XProtects to get out of sync, although the only one that Sequoia uses is that stored in the new location.

Sequoia also introduces a new command tool xprotect to help manage these new updates. If you run
sudo xprotect update
and the version of the XProtect bundle in the traditional location is greater than that in the new location, then the newer version will be copied to the new location to install it there as an update, instead of having to wait for the update through the new iCloud mechanism. This also provides redundancy, but relies on the two sources providing identical updates.

To add a final twist of confusion, if xprotect copies the XProtect bundle from the traditional to the new location, it does so by copying its contents, so its version number changes but the bundle itself retains its previous date of creation and modification, which can prove thoroughly confusing. The lesson here is to check the bundle by its version number, not by its dates.

macOS Sequoia 15.2 and later

In the latest release of Sequoia, the traditional method of updating XProtect is no longer used. If softwareupdate were to download and install an update, then it will only end up in the traditional location, and xprotect update can’t use that to update the new location.

In normal use, this means that the user can’t update XProtect until that new version is made available from iCloud. This ensures that the only versions provided to Macs running 15.2 and later are those intended to be used in Sequoia, but it also means that any delay in providing those via iCloud will leave Macs without the latest update.

Apple has modified the xprotect command to provide one let-out, though: use
sudo xprotect update --prerelease
and it “will attempt to use a prerelease update, if available.” Note that still can’t use a traditional XProtect update installed in the traditional location, and still has to be able to obtain the update from iCloud, but it might work when xprotect check and xprotect update can’t offer a new update yet. Note that Apple describes that early-bird version as prerelease, and it shouldn’t therefore be used as if it’s a regular release, and only for good reasons.

SilentKnight

Because of these changes, as of Sequoia 15.2, SilentKnight is no longer able to provide any assistance in updating XProtect, and its next version 3.0 will also be unable to do anything more useful than inform you that your current version of XProtect is up to date, or out of date. If it is out of date, then it’s up to you what you decide to do about it. In most cases, that should be to leave well alone and let macOS handle the update as it’s intended to.

Because time of release of XProtect updates through softwareupdate and iCloud differ, and vary around the world, availability from one source is no guarantee that the other will also be offering that update. For example, on 17 December, the softwareupdate version became available by about 1830 GMT. A prerelease version for 15.2 was available several hours before that, but the regular release wasn’t available from iCloud until early the following day. If Apple is intending to fork XProtect data for 15.x from those for older versions of macOS, the two update services will be offering quite different bundles anyway, as we experienced briefly in the early days of Sequoia.

Although I do periodically poll traditional softwareupdate servers for new updates, repeatedly doing so for iCloud updates doesn’t appear a good way to proceed, and could in any case be misleading. On the other hand I don’t think it’s intended that apps like SilentKnight should check for prerelease updates as a matter of course, and abuse of that option could lead to its removal. In other words, Apple wants full control over when your Mac can and will update to new versions of XProtect, presumably because Sequoia will be getting different updates in the future.

Summary

• If your Mac hasn’t been upgraded to Sequoia, XProtect updates continue as usual, and SilentKnight will continue to be able to find and install them as it has done in the past.
• If your Mac is running Sequoia 15.0 to 15.1.1, then it will continue to be offered XProtect updates both ways, and should continue to do so until you update it to 15.2.
• Macs running 15.2 and later now get XProtect updates differently. Neither you nor SilentKnight can alter that, unless you want to try obtaining prerelease updates through the xprotect command in Terminal. While SilentKnight and Skint will warn you when an XProtect update is expected, you should rely on macOS to handle those updates for you.

Apple has just released updates to XProtect for all supported versions of macOS, bringing it to version 5284, and to XProtect Remediator for all macOS from Catalina onwards, to version 149. As usual, Apple doesn’t release information about what security issues these updates might add or change.

Yara definitions in this version of XProtect augment existing rules for dylibs in MACOS.ADLOAD, and add 2 new rules for MACOS.DOLITTLE, 1 for MACOS.PIRRIT, 5 for MACOS.BUNDLORE and 5 for MACOS.ADLOAD.

XProtect Remediator adds a new scanner module for Bundlore. There are no changes to Bastion rules for the behavioural version of XProtect (Ventura and later).

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install these as named updates in SilentKnight, their labels are XProtectPayloads_10_15-149 and XProtectPlistConfigData_10_15-5284.

For Sequoia 15.2 and later only: XProtect updates are no longer supplied through Software Update, softwareupdate, or SilentKnight. The only way that your Mac can obtain XProtect updates is through a connection to iCloud, which is supposed to happen automatically. If your Mac hasn’t yet been updated to version 5284, you can try using the Terminal command
sudo xprotect update --prerelease
(with a double hyphen not an m-dash)
That should download and install this update even though it hasn’t yet been generally released through iCloud.

For Sequoia 15.1.1 and earlier only: this update hasn’t yet appeared in iCloud, which may still return an XProtect version of 5283. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

[Updated blind-guessing the changes in 15.2, at 2030 GMT 17 December 2024.]

If, like me, you pay close attention to firmware updates released with macOS, you may have noticed something highly unusual if not unique this week, in the firmware updates that came with macOS Sequoia 15.2, Sonoma 14.7.2 and Ventura 13.7.2: those could mark the end of an era.

All new Macs since Apple transitioned to using Intel processors have one of three classes of firmware:

• Intel Macs without a T2 chip only have EFI firmware, whose version reads something like 529.140.2.0.0. These are model-specific.
• Intel Macs with a T2 chip have firmware for both their Intel systems in EFI, and iBridge for the T2, giving them a double firmware version like 2069.40.2.0.0 (iBridge: 22.16.12093.0.0,0). All models with a T2 chip can run the same EFI and iBridge versions.
• Apple silicon Macs have iBoot, with a version like 11881.61.3, which is common across all models.

This complexity was the reason for my first developing EFIcienC, predecessor to SilentKnight, compiling and maintaining databases of firmware versions, and trying to help those whose Macs stubbornly refused to update their EFI firmware when they should have done. This site still has long lists of the latest firmware versions for Macs running Catalina, for example.

As the number of supported Intel Macs without a T2 chip has steadily fallen, what used to be a long and complex list has shrunk to just seven models. With the release of macOS Sequoia 15.0, Sonoma 14.7 and Ventura 13.7, Apple stopped updating the EFI firmware for Intel Macs without T2 chips, which are now frozen as they were last June and July.

When Apple released Sequoia 15.2, Sonoma 14.7.2 and Ventura 13.7.2 this week, it appears to have ceased updating the EFI firmware in Intel Macs with T2 chips.

T2 models were updated to EFI 2069.0.0.0.0 and iBridge 22.16.10353.0.0,0 when Sequoia 15.0 was released on 16 September 2024. No firmware updates came in the rapid update to 15.0.1, but in 15.1 those models were updated to EFI 2069.40.2.0.0 and iBridge 22.16.11072.0.0,0.

Sequoia 15.1.1 also didn’t bring any change in firmware, and 15.2 updates T2 models to EFI 2069.40.2.0.0 and iBridge 22.16.12093.0.0,0: while the T2’s firmware has been updated, no change has been made in the EFI version. As far as I’m aware that’s the first time that has happened since the initial releases of T2 firmware at the end of 2017 and early 2018. The first record I have of their version numbers is of EFI 1037.147.1.0.0 and iBridge 17.16.16065.0.0,0, since when they have come a very long way.

While I’m sure that Apple could still update EFI firmware if necessary, I think we have seen the last planned updates, with only iBridge for the T2 and iBoot for Apple silicon Macs to continue to advance with future releases of macOS. As the T2 is also Apple silicon, that means an end to the last firmware for Intel processors, after more than 18 years. The end of an era indeed, and time to pour one out for EFI firmware in Macs.

I wouldn’t like to hazard a guess at how much longer Apple will continue to support iBridge firmware for T2 chips. Firmware updates aren’t a required part of macOS updates, and most Macs cease to enjoy them well before they’re updated to their last macOS.

The macOS 15.2 update includes the second phase of AI support for Apple silicon Macs, introducing the Image Playground app, and integrated ChatGPT support in both Siri and Writing Tools. AI now extends support to several of the non-US variants of English, including English (UK), although non-English languages won’t gain support until next year.

Apple’s release notes are a real joy to read and contain more detailed information at last, including the following:

• Photos enhancements,
• Safari supports background images for its Start Page, tries to use HTTPS on all sites, and more,
• Sharing item locations in Find My,
• Sudoku for News+,
• Presenter preview for AirPlay,
• Pre-market quotes in Stocks.

Among the more significant bugs fixed is that Apple silicon virtualisation on M4 Macs can now open all VMs, including macOS guests before 13.4. For those running Ruby with YJIT enabled, this update should fix kernel panics with M4 chips. Further fixes are detailed in the developer release notes, and enterprise release notes are here.

Security release notes are available here, and list 42 entries including 4 in the kernel, none of which Apple reports may already have been exploited.

iBoot firmware on Apple silicon Macs is updated to version 11881.61.3, and T2 firmware to 2069.40.2.0.0 (iBridge: 22.16.12093.0.0,0). The macOS build number is 24C101, with kernel version 24.2.0.

Version changes in bundled apps include:

• Books, version 7.2
• Freeform, version 3.2
• iPhone Mirroring, version 1.2
• Music, version 1.5.2
• News, version 10.2
• Passwords, version 1.2
• Safari, version 18.2 (20620.1.16.11.8)
• Screen Sharing, version 5.2
• Stocks, version 7.1
• TV, version 1..5.2
• Tips, version 15.2
• VoiceMemos, version 3.1.

Inevitably, there are many build increments in components related to Apple Intelligence, and a great many across private frameworks. Other significant changes to /System/Library include:

• Screen Time, build increment
• Siri, version increment
• VoiceOver, build increment
• Kernel extensions including AGX… kexts, AOP Audio kexts, AppleEmbeddedAudio, AppleUSBAudio, and several virtualisation kexts
• One new kernel extension, AppleDisplayManager
• APFS to version 2317.61.2
• Most of the Core frameworks have build increments
• FileProvider framework, build increment
• Virtualisation framework, build increment
• PrivateCloudCompute framework, new version
• Spotlight frameworks, build increments
• New private frameworks include Anvil, AppSystemSettings (and its UI relative), AskToDaemon, many Generative… frameworks involved with AI, OSEligibility, TrustKit, WalletBlastDoorSupport
• Several qlgenerators have build increments.

After that lot, the next scheduled update to macOS Sequoia is in the New Year.

As eagerly anticipated, Apple has released the update to macOS 15.2 Sequoia, together with security updates to bring Sonoma to version 14.7.2, and Ventura to 13.7.2. There should also be Safari updates to accompany the latter two.

For Intel Macs, the Sequoia update is 2.72 GB in size, and for Apple silicon models it’s 3.45 GB.

Security release notes for Sequoia list 42 vulnerabilities fixed in the 15.2 update, including four in the kernel, although none are noted as being currently exploited. Release notes for Sonoma list 25, and those for Ventura list just 22.

iBoot is updated to version 11881.61.3 on Apple silicon Macs, and Intel Macs with T2 chips have their firmware updated to 2069.40.2.0.0, iBridge 22.16.12093.0.0,0. Sequoia 15.2 brings Safari version 18.2 (20620.1.16.11.8).

Later tonight I hope to post a summary of changes in 15.2, in a separate article as usual.

[Updated 1938 GMT 11 December 2024.]

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5283. As usual, Apple doesn’t release information about what security issues this update might add or change.

This version adds new rules for MACOS.DUBROBBER.F2 and MACOS.DUBROBBER.H2, and modifies that for MACOS.DUBROBBER.G.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5283.

For Sequoia only: this update has now been made available in iCloud, which should return an XProtect version of 5283. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

Updated 2242 GMT 19 November 2024.

Apple has just released an update to macOS Sequoia, bringing it to version 15.1.1, build 24B91 (all Macs other than M4) or 24B2091 (M4 Macs only). This brings two important security fixes, to JavaScriptCore and WebKit, both of which Apple believes may already have been exploited. The update should be less than 800 MB to download.

Safari is updated to version 18.1.1 (20619.2.8.11.12). There are also matching updates to Safari available for Sonoma and Ventura, addressing the same vulnerabilities.

Security release notes are here.

(Last updated at 1722 GMT 20 November 2024.)

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5282. The last version released was 5279. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5279), this version renames several existing rules, as MACOS.DUBROBBER.A to MACOS.DUBROBBER.E, and adds new rules for MACOS.DUBROBBER.F, MACOS.DUBROBBER.G and MACOS.DUBROBBER.H. It also adds a new rule for MACOS.TAILGATOR.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5282.

For Sequoia only: this update has already been made available in iCloud, which now returns an XProtect version of 5282. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5279. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5278), this version makes a small amendment to the detection rule for MACOS.PIRRIT.CHU.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5279.

For Sequoia only: there’s no sign of this update being made available in iCloud, which now returns an XProtect version of 5278. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

If you encounter problems with QuickLook not creating Thumbnails or Previews properly, one of the first steps is to discover which code is responsible for generating those for QuickLook. Prior to macOS Sequoia, the standard way to do that was using the command tool qlmanage, among whose options is -m, to list all the qlgenerators available on your Mac. If you’ve tried that in Sequoia, you’ll surely have noticed that no longer works.

qlmanage

Since Catalina, Apple has been encouraging developers to switch away from qlgenerators to app extensions to create custom Thumbnails and Previews for QuickLook, and Sequoia is the first version of macOS that can’t use third-party qlgenerators. I have noticed some document types that only a few weeks ago in Sonoma still used custom thumbnails and full previews, but now can’t do so, although others continue to work normally.

These are controlled in the Quick Look item in Login Items & Extensions in General settings.

That should list all third-party app extensions providing this service, and enabling the right one(s) could fix some of those problems. But it turns out this list isn’t complete, and doesn’t in any case tell you which app extension handles which file type. For those, you’d normally turn to qlmanage, but its -m option can only see the qlgenerators in macOS, and no third-party app extensions at all. In fact, qlmanage is now of little help for anything related to QuickLook. I’ve gone back through Sonoma and Ventura, and qlmanage there is no different: although it does list third-party qlgenerators, none of those provided in app extensions appear in its list.

QuickLook app extensions

As far as I can discover, Apple doesn’t provide any equivalent of qlmanage that can report on QuickLook app extensions. The closest it comes is in the pluginkit tool, that can list all app extensions known to macOS. With a bit of tweaking, its -m option can reveal which of those use the QuickLook SDKs for Thumbnails or Previews.

Armed with the appex bundle path from pluginkit, you can then inspect the Info.plist in each, where there’s an array of QLSupportedContentTypes giving the UTIs of all file types supported by that appex. Although I’m sure someone could implement that in a shell script, this seemed an ideal task for my free utility Mints.

Mints and QuickLook

Version 1.20 of my free utility Mints is now available from here: mints120
from Downloads above, from its Product Page, and via its auto-update mechanism.

This adds a twenty-fifth button to the app’s control window, named QuickLook, at the bottom left. Click on that and Mints will open a new window and fill it with information about all the qlgenerators and QuickLook appexes your Mac knows about.

For qlgenerators, you’re given the file UTI, the path to the qlgenerator file, and (when available) its version number, e.g.
com.adobe.pdf /System/Library/QuickLook/PDF.qlgenerator (1002.2.3)

App extensions are divided into two, the first are those providing Previews, and the second those for Thumbnails, e.g.
com.apple.applescript.text /Applications/PreviewCode.app/Contents/PlugIns/Code Previewer.appex

This is an appex provided in one of Black Pyramid Software’s superb Preview series, in PreviewBundle 2 from the App Store (highly recommended).

You will see a few entries like Safari’s
[none] /System/Volumes/Preboot/Cryptexes/App/System/Applications/Safari.app/Contents/PlugIns/SafariQuickLookPreview.appex
with an appex that doesn’t have a list of file types in QLSupportedContentTypes.

Checking UTIs

It’s easy to guess which UTIs represent many file types, but some are a bit more cryptic. For those, copy and paste the UTI into the UTI field of my free UTIutility and it will give you clues as to its identity, including file extensions.

Unfortunately, some of the system qlgenerators support generic UTIs such as
public.audio /System/Library/QuickLook/Audio.qlgenerator (1002.2.3)
public.image /System/Library/QuickLook/Image.qlgenerator (1002.2.3)
public.movie /System/Library/QuickLook/Movie.qlgenerator (1002.2.3)
which clearly cover broad ranges of more specific file types, but don’t provide any more specific information.

How to identify QuickLook extensions

• List installed QuickLook extensions using Mints’ QuickLook button.
• Identify the file’s UTI using UTIutility.
• Locate the UTI in the list of extensions.
• If no match is found, check UTIs listed in UTIutility as Conforms.
• Check Quick Look item in Login Items & Extensions in General settings, to ensure that extension is enabled.

Next up for Mints is a feature to explore app extensions. I may be a little longer on that one.

If your Mac is still running Sonoma or Ventura, and you have already updated it to 14.7.1 or 13.7.1, you might have noticed that neither updated Safari, nor has there been a separate update released yet for Safari 18.1.

According to release notes for Safari 18.1 (20619.2.8), this new version has already been released for Sonoma and Ventura, but as of 1600 GMT on 29 October 2024, there’s still no sign of any separate update, nor was it bundled in the x.7.1 updates.

Sonoma and Ventura had Safari 18 released for them on 16 September 2024, concurrently with Sequoia 15.0. On 3 October 2024, at the same time that Apple released Safari 18.0.1 in Sequoia 15.0.1, it also released Safari 18.0.1 for Sonoma and Ventura, without any CVEs being reported as fixed.

Current versions of Safari read:

• in Sequoia 15.1 – Safari 18.1 (20619.2.8.11.10)
• in Sonoma 14.7.1 – Safari 18.0.1 (19619.1.26.111.11, 19619)
• in Ventura 13.7.1 – Safari 18.0.1 (18619.1.26.111.11, 18619)

leaving the latter two due an update to Safari 18.1, which would ordinarily have been released with the x.7.1 macOS updates, but hasn’t been yet.

Update

As of 2150 on 29 October 2024, both Safari updates are now available through Software Update. Version and build numbers are 18.1 (19619.2.8.111.5, 19619) for Sonoma 14.7.1, and 18.1 (18619.2.8.111.5, 18619) for Ventura 13.7.1, and Apple lists the CVEs they address in this note.

The macOS 15.1 update is the first scheduled update since Sequoia’s release last month, and brings with it a great many fixes as expected. From user reports, it’s believed to complete correcting problems reported with networking in 15.0, some of which were addressed in 15.0.1, although Apple hasn’t confirmed that.

Apple’s release notes are helpfully more detailed than usual, and include the following:

• new Writing Tools, but only for Apple silicon Macs set to US English as their primary language, with Siri also set to US English,
• a new-look Siri with Type to Siri for those who don’t want to talk to it, richer language understanding and context, and Apple product knowledge,
• Photos can find by description, and now features Clean Up to remove unwanted parts,
• Notifications has summaries, and a new Reduce Interruptions focus,
• Mail and Messages have Smart Reply for suggested responses,
• Notes has transcription summaries,
• iPhone Mirroring now supports drag and drop.

To clarify the requirement to get Writing Tools and other AI to work, the Mac must have an Apple silicon chip (M1 to M4), and:

1. in System Settings, General, Language & Region, the Primary language must be set to English (US), although any other language can be set secondarily, and made the current language in the keyboard menu, and
2. in Apple Intelligence & Siri, the Language set for Siri Requests must be English (United States), although you can turn Listen for Off if you don’t want to converse with Siri vocally.

Once those are set, you should be able to turn Apple Intelligence on. There will then be a short period on the waiting list, for macOS to download the additional models required. You’ll be notified when it’s ready to use.

Security release notes are available here, and list 50 entries, none of which Apple suspects may already have been exploited.

iBoot firmware on Apple silicon Macs is updated to version 11881.41.5, and T2 firmware to 2069.40.2.0.0 (iBridge: 22.16.11072.0.0,0). The macOS build number is 24B83, with kernel version 24.1.0. There are no firmware updates for Intel Macs without T2 chips.

Significant changes seen in bundled apps include:

• Books, to version 7.1
• Freeform, to version 3.1
• iPhone Mirroring, to version 1.1
• Mail and Messages, large build increments
• Music, to version 1.5.1
• News, to version 10.1
• Passwords, to version 1.1
• Photos, large build increment
• Reminders, large build increment
• Safari, to version 18.1 (20619.2.8.11.10)
• Shortcuts, large build increment
• TV, to version 1.5.1
• Tips, to version 15.1.

Inevitably, there are many build increments in components related to Apple Intelligence. Other significant changes to /System/Library include:

• Audio/Plug-Ins/HAL MacAudio driver, to version 510.2
• CoreServices Desk View app, to version 2.0
• CoreServices Siri app, to version 3401.24.3.14.7
• Significant changes across many AGX and AppleEmbeddedAudio kernel extensions
• A new AppleT8140 kernel extension
• APFS is updated to version 2313.41.1
• Many public frameworks have updated build numbers, among them FileProvider
• A new ImagePlayground public framework, which has moved from being private, in anticipation of the new app coming in macOS 15.2
• Many private frameworks have substantial increments in build numbers, particularly Biome, Cloud, Email, Mail, Photo, Photos, Spotlight and FileProvider
• A new DesignLibrary private framework.

Although this isn’t a particularly large update, it does come with the first wave of AI features, and a wide range of other improvements and bug fixes.

Updated 2030 GMT 1 November 2024 with info on non-T2 Intel firmware updates.

As expected, Apple has released the update to macOS 15.1 Sequoia, together with security updates to bring Sonoma to version 14.7.1, and Ventura to 13.7.1. There should also be Safari updates to accompany the latter two.

The Sequoia update is around 2.9 GB for Apple silicon Macs, and about 2.4 GB for Intel models.

As expected, this brings the first release of Writing Tools, in the first wave of new AI features, only for Apple silicon Macs using US English as both their primary language, and that set for Siri. Apple hasn’t got round to providing any list of new or changed features, and you may find that offered by Software Update is the same as for 15.0.

Security release notes are available here for 15.1, which has around 50 entries, here for 14.7.1 with around 39, and here for 13.7.1 with around 36.

iBoot firmware on Apple silicon Macs is updated to version 11881.41.5, T2 firmware to 2069.40.2.0.0 (iBridge: 22.16.11072.0.0,0), and Safari to 18.1 (20619.2.8.11.10).

I will post details of changes found later tonight.

[Updated 1820 GMT 28 October 2024.]

Apple provided developers with two Release Candidates of macOS Sequoia 15.1 this week. Provided there are no serious problems that come to light in the second of those, it’s likely that 15.1 will be released early next week, probably on Monday 28th. This article looks at what that brings, whether it’s safe to upgrade to Sequoia yet, and what comes next.

All supported Macs

Traditionally, the x.1 update is scheduled to be released about a month after the initial upgrade to a new major version of macOS, and brings with it the first wave of bug fixes, and a few features that weren’t quite ready in time.

Although there are reports of some other bugs in Sequoia, by far the most disruptive have been those affecting networking. Apple fixed the most serious of those in 15.0.1, released on 4 October, but some have continued to experience problems. Opinion from those testing betas of 15.1 are that it does resolve all those, and for the great majority should be ready for general use, provided that third-party apps are compatible. So if you normally wait for the x.1 version to be released before considering upgrading, this should fit the bill.

Apple does provide a list of fixes for developers, although as there’s no mention of any networking problems there, I suspect this isn’t of much help to users.

Apple silicon Macs

For those whose Macs run an M-series chip, the main interest in 15.1 is the first batch of Apple Intelligence features. Over the coming months, these should include:

• Writing Tools, a suite of mainly on-device features for summarising and rewriting text.
• Image Playground, producing synthetic images such as Genmoji, again using on-device methods.
• Siri and related enhancements for user assistance, using on-device methods.
• ChatGPT access, for more general AI features using text.
• App-specific enhancement to Photos, including Clean Up, and others.

Of those, 15.1 brings Writing Tools and some other enhancements, but doesn’t bring Image Playground or ChatGPT. Although some have claimed that makes 15.1 little better, that understates the value and quality of Writing Tools for many.

Writing Tools should be accessible to pretty well any recent app that displays significant amounts of text. Although I haven’t intended the lower text view in SilentKnight to support them, Writing Tools are available there from the contextual menu (Control-click). They work great with all the text editors I have tested, including TextEdit, BBEdit, CotEditor, Pages, my Rich Text editor DelightEd, and even in my PDF viewer Podofyllin.

The initial release of Writing Tools in 15.1 does have language and regional limitations. It requires that your Mac’s primary language, as set in Language & Region settings, is set to English (US), although you can still switch to a secondary language such as English (UK) if you prefer. The other key control is in the new Apple Intelligence & Siri settings, where Siri’s language needs to be English (United States). As I don’t like Siri’s spoken interface, I have disabled that by setting the Listen for control to Off, and instead enabled a Keyboard shortcut to open Siri’s interactive window.

Apple has announced future support for non-US variants of English, and next year for other primary languages. However, Writing Tools still work excellently on British English, even that of Charles Dickens, with the settings described above.

When you have updated or upgraded to Sequoia 15.1, I suggest you download text versions of books by your favourite author(s) from Project Gutenberg and explore features in Writing Tools using those as prose sources.

Future Sequoia updates

Apple has this week released the first beta-test of Sequoia 15.2, with most if not all of the other Apple Intelligence features, including Image Playground and ChatGPT. Assuming testing proceeds well and there are no serious problems, this is likely to be released in the first couple of weeks in December. Although not confirmed yet, this should open supported languages to include most major regional variants of English.

Slated for next year is the extension of Apple Intelligence to cover French, German, Italian, Japanese, Korean, Portuguese, Spanish, Vietnamese, and others. However, these features aren’t likely to appear in the countries of the EU this year, and Apple hasn’t yet indicated when that’s expected.

For those concerned about on- and off-device AI and privacy, all the standard features of Writing Tools and Image Playground involve on-device processing, and don’t send your data to remote servers. If you choose to enable ChatGPT access, then that is handled off-device, but is opt-in, and requires a separate sign-in process to access either an anonymised free account or an existing ChatGPT account. You can also require confirmation of any Siri requests handled with ChatGPT before sending any information off-device.

Apple has already published a list of fixes in the first beta of 15.2, although it remains to be seen what it does for users.

M4 Macs

Apple has also signalled that it will be releasing new Macs next week, widely rumoured to be the first to use the M4 chip.

Summary

• Sequoia 15.1 early next week, probably on 28 October, with Writing Tools in US English, and remaining networking bug fixes.
• Sequoia 15.2 already in beta, probably for release in early December, with Image Playground, ChatGPT, and the remainder of this first wave of AI tools, including most other English variants.
• Try Writing Tools out: I think they’re wonderful.

Apple has just released an update to XProtect Remediator security software for Catalina or later, bringing it to version 147. The previous version was 145.

Apple doesn’t release information about what security issues this update might add or change. There are no changes in the number or names of its scanning modules, and Bastion rules also remain unchanged.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac has not yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPayloads_10_15-147.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5278. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5277), this version adds three new definitions for MACOS.ADLOAD.I, MACOS.SOMA.G and MACOS.SOMA.H.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5278.

For Sequoia only: there’s no sign of this update being made available in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that’s complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password. If you’re unsure what to do, this article explains it comprehensively and simply.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

This is the time of year when macOS keeps offering you the upgrade to the new version of macOS, but you may not want to go there yet. This article explains how you can stay running your existing version of macOS, while keeping it up to date.

Skint and SkintM

By default, SilentKnight is intended to download all the latest updates from Apple’s software update servers. Although you can configure it to behave differently, as I explain below, you may like to look at Skint or its menu bar sibling SkintM. Those don’t check for updates, they only check installed versions. They will warn you when your Mac has fallen behind with updates, and let you decide what you want to do.

Skint and SkintM do check that your Mac is running the latest version of its major release of macOS, and is happy if you’re still running Monterey, Ventura or Sonoma, as well as Sequoia, but it will advise you when they fall behind with their security updates; after all, that’s what it’s for.

Switching SilentKnight to manual

For many, SilentKnight’s button to Install all updates is most worrying, as that might inadvertently upgrade macOS to Sequoia. In fact, it isn’t dangerous at all, but before I explain why, you can remove that button altogether. Open SilentKnight, and its Settings, and set them to look as below.

This will still download and install the updates you want, but you won’t be tempted to inappropriately install the lot of them.

Once you’ve done that, click the Set button, quit SilentKnight, and run it again. Now when it tells you there are updates to be installed, you can’t click on a button to bring upgrade disaster.

In fact, after testing SilentKnight with macOS updates and upgrades, they don’t work like that anyway. If SilentKnight were to download a macOS update or upgrade, it can’t complete its installation. macOS first tells you that the update couldn’t be installed, then offers to install it in Software Update. All you have to do is shut your Mac down at that point, then start it up in Safe mode and the update will be stopped.

However, for your comfort and safety, I recommend unticking Allow Install All Updates, just in case.

Installing only the updates you want

Having avoided the update you don’t want, you now need to download and install those that you do. Scroll the lower text view to the bottom, to reveal all the updates available. Each has an opening line that declares it’s a Label, like
* Label: XProtectPayloads_10_15-142
It’s that label you use to identify each update.

In the File menu, select the Install Named Update… command to open the manual updating window. One by one, copy and paste the label from the main window into the Name of update box and click on the Install Named Update button. SilentKnight will then tell you that it has been downloaded and installed. It only takes a few seconds to work through a list of updates like XProtect that you do want, and bring your Mac up to date without inadvertently upgrading it to Sequoia.

Further information

SilentKnight has a wealth of additional information that will help you solve problems like these. The most common are explained in its short text SilentKnight Help, in the Help menu, and there’s also a detailed Help Reference in the same menu.

Key points

Open Settings, and untick Allow Install All Updates, click Set, then quit the app. Open it again, and install each named update one at a time using that command in the File menu, pasting the Label in for each wanted update and clicking the Install Named Update button for each.

This assumes that you are running the latest version of SilentKnight, 2.11. If you’re still running version 1 you need to update for Catalina or later.

Many of you still seem puzzled as to how XProtect installs and updates in macOS Sequoia. This article tries to make this clear, so you can keep XProtect up to date.

Sonoma and earlier

Until this changed in Sequoia, XProtect has been straightforward: its data is stored in a bundle named XProtect.bundle, in the path /Library/Apple/System/Library/CoreServices, which is on the Data volume so it can readily be updated. When you or macOS downloads an XProtect update, it simply replaces that bundle with the new one. This is shown in the diagram below.

Sequoia

XProtect in macOS 15 prefers not to use the XProtect.bundle in its old location of /Library/Apple/System/Library/CoreServices (although it can do if there’s no alternative). Instead, it looks for XProtect.bundle in its new location, /var/protected/xprotect.

However, when you or your Mac use the old update system, including Software Update, softwareupdate or SilentKnight, that still installs the update in the old location, where it won’t normally be used by XProtect when making its checks. What’s supposed to happen is that at least once a day, macOS checks whether there’s a newer update in the old location. If there is, then it should automatically prepare and move that to the new location in /var/protected/xprotect for XProtect to use.

If you want that to happen immediately, then you can run the following command in Terminal:
sudo xprotect update
then enter your admin user’s password. The xprotect command tool will then complete the installation of that update from its old location in /Library/Apple/System/Library/CoreServices into its new location in /var/protected/xprotect.

There’s also a second way that XProtect in Sequoia can be updated, and that’s over a connection to iCloud. If that’s used, then the update is installed straight into its new location, and doesn’t change the XProtect bundle in the old location at all. Although Apple has used that earlier, all XProtect updates since the release of Sequoia have come using the old Software Update system, so have needed to be completed using the xprotect command in Terminal.

This is shown in the diagram below. The blue boxes show the old Software Update system, and the pink boxes are the new parts that ensure the update is installed in the new location.

SilentKnight

SilentKnight still works using softwareupdate, and can’t use the new xprotect command for updates yet, because that requires structural changes in the app that will be available in version 3. However, in Sequoia it reports the version of XProtect installed in the new location, as that’s the one that XProtect now uses.

When SilentKnight discovers a new version of XProtect via softwareupdate, it therefore installs that in the old location, in the path /Library/Apple/System/Library/CoreServices. It has no choice but to do that. Once that’s been installed to the old location, the version shown for XProtect won’t change, as that requires macOS to complete the second stage of the installation. You can then either:

• leave macOS to complete the installation itself, which should happen over the next day or so, or
• run sudo xprotect update in Terminal, which will complete that update immediately. SilentKnight will then show the updated version number correctly.

Key points

In Sequoia, when XProtect is updated by Software Update, softwareupdate or SilentKnight, you should either leave macOS to complete that installation, or run sudo xprotect update in Terminal if you want it to be updated immediately.

This only applies to macOS Sequoia: Sonoma and earlier still work as they always have done.

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5277. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for all supported versions of macOS (5276), this version contains extensive changes, largely of an editorial nature. It adds one new detection rule for MACOS.PIRRIT.CHU, and removes rules for OSX.Genieo.C, OSX.Genieo.B, OSX.Genieo.A and OSX.Leverage.a.

Many rules have changes to their detection hashes, where existing SHA1 hashes are replaced with SHA256. Among the rules changed by this are 36:

• OSX.Proton.B
• OSX.Vindinstaller.A
• OSX.OpinionSpy.B
• OSX.InstallImitator.C
• OSX.Eleanor.A
• OSX.InstallImitator.A
• OSX.VSearch.A
• OSX.Machook.A
• OSX.Machook.B
• OSX.iWorm.A
• OSX.iWorm.B/C
• OSX.NetWeird.ii
• OSX.NetWeird.i
• OSX.GetShell.A
• OSX.Abk.A
• OSX.CoinThief.A
• OSX.CoinThief.B
• OSX.CoinThief.C
• OSX.HellRTS.A
• OSX.MacDefender.B
• OSX.QHostWB.A
• OSX.Revir.A
• OSX.Revir.ii
• OSX.Flashback.A
• OSX.Flashback.B
• OSX.Flashback.C
• OSX.FileSteal.ii
• OSX.MaControl.i
• OSX.Revir.iii
• OSX.Revir.iv
• OSX.SMSSend.i
• OSX.SMSSend.ii
• OSX.eicar.com.i
• OSX.AdPlugin.i
• OSX.AdPlugin2.i
• OSX.Prxl.2

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5277.

For Sequoia only: so far, I have seen no sign of this update in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then once that is complete you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.

Overnight European time, Apple released a small but urgent update to macOS Sequoia, bringing it to version 15.0.1. Although there are no updates to Sonoma or Ventura, there are updated versions of Safari for both.

This Sequoia update is about 1.42 GB for Apple silicon Macs, and around 500 MB for Intel models. It doesn’t bring any firmware updates, but Safari is updated to version 18.0.1 (20619.1.26.31.7). While Apple has released security notes for the concomitant updates for iOS and iPadOS, there are none reported for macOS.

Although Apple remains tight-lipped about exactly what has been fixed in this update, it does admit to fixing a bug in Messages that could crash the app in unusual circumstances, and to improving “compatibility with third-party security software”. It’s assumed the latter refers to the network problems that have been widely reported.

Changes seen in bundled apps include a single build increment in Messages, and Passwords with a new version of 1.0.1. Apart from those and Safari, the only other bundled app to see any change is Photos, with a small build increment. This suggests that there are undisclosed improvements to the new Passwords app.

Significant changes seen in /System/Library include:

• Dock, small build increment
• CFNetwork and Network frameworks, build increments
• MobileSoftwareUpdate private framework, build increment
• Many Photo-related private frameworks, build increments
• SafariSafeBrowsing private framework, build increment
• Sharing private frameworks, build increments
• APFS remains unchanged at version 2313.1.2.

Note that there are no changes in any kernel extensions.

[Updated with further details at 0830 GMT 4 October 2024.]

Apple has just released an update to XProtect for all supported versions of macOS, bringing it to version 5276. As usual, Apple doesn’t release information about what security issues this update might add or change.

Relative to the last version released for Sequoia (5275), this version removes all the new-style rules that had been added to that and 5273. Relative to the general release version 5274, and 5275, it adds one new rule for MACOS.PIRRIT.BM.OBF.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by SilentKnight, LockRattler and SystHist for El Capitan to Sequoia available from their product page. If your Mac hasn’t yet installed this update, you can force it using SilentKnight, LockRattler, or at the command line.

If you want to install this as a named update in SilentKnight, its label is XProtectPlistConfigData_10_15-5276.

For Sequoia only: so far, I have seen no sign of this update in iCloud, which still returns an XProtect version of 5272. If you download and install it using Software Update, softwareupdate or SilentKnight, then you need to update the primary XProtect bundle in Terminal using the command
sudo xprotect update
then entering your admin password.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Sequoia on this page, for Sonoma on this page, Ventura on this page, Monterey on this page, Big Sur on this page, Catalina on this page, Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.