This also install a lot of stuff people may not want to. You can install only the designated package with :

    softwareupdate -i MRTConfigData_10_14-1.45 --include-config-data

> MRTConfigData

If I'm correct MRT stands for Malware Removal Tool.

I'd feel pretty bad if anything I worked on had to be uninstalled by that.

Well, it’s literally malware.

You are correct, the -a flag will install all updates that are available from Apple. Thanks!

What updates would people not want to install? Just curious, not arguing.

I like to precisely know what's installed and running on my devices. It does not make sense to install latest HP printer software, or new Apple Pro Codecs, to patch a particular security flaw related to Zoom.

Software Update Tool

MRTConfigData_10_14-1.45: No such update No updates are available.

I am also getting this error, and suspect it is because I’m on 10.12.6. If you do system_profiler SPInstallHistoryDataType |grep -A5 MRTConfigData you should see your latest version. For me, it’s 1.42. Not sure how to get the update yet though. Will update this comment once I figure that out.

Update: According to this macworld article, there is a Zoom patch out that fixes this. https://www.macworld.com/article/3407764/zoom-mac-app-flaw-c...

There are also commands at the bottom to manually kill the zoom localhost and disable it. I have opted to run those commands regardless:

  pkill ZoomOpener;rm -rf ~/.zoomus;touch ~/.zoomus &&chmod 000 ~/.zoomus;

  pkill "RingCentralOpener";rm -rf ~/.ringcentralopener;touch ~/.ringcentralopener &&chmod 000 ~/.ringcentralopener;#

What do the chmod do there? Removing files count as writes to the directory at least in Linux, so chmodding the dummy file wouldn't do much I'm thinking.

Idea is to prevent the Zoom Software from ‘repairing’ the ‘damaged’ app by overwriting it with the malware.

I would also set the ‘user immutable’ flag. If you want even better, set the ‘system immutable’ flag (see ‘man chflags’)

Yes sure, but I question if these permissions would do anything to prevent that. It would reject an open() call on the file, but these are expected to be directories so that would never happen, and it doesn't stop an unlink()

Use

    softwareupdate -l --include-config-data

To list available updates, then adjust the command with the MRTConfigData version Apple provides for you.

Thank you for this. HN comments always make me realize I don’t know enough about MacOS command line. My primary system is Linux so I miss out in these MacOS specific commands day to day. But I would love to pick up a few, if there’s a book or document.

Is there a book you can recommend? Or did you pick these up over the years

To check it with fewer mouse clicks:

  system_profiler SPInstallHistoryDataType |grep -A5 MRTConfigData

Helpful! Thanks...

Any details about --include-config-data? Doesn't seem to be documented in the help message.

This blog post[1] has a good explanation of ConfigData updates. The flag would appear to force the install of new Gatekeeper configuration updates.

>To help distinguish Gatekeeper and XProtect updates from other updates in the software update feed, Apple marks them as being ConfigData updates.

>Marking these updates as ConfigData cues the App Store to not display these as available software updates in the App Store’s list of software updates. These updates are meant to be under Apple’s control and to be as invisible as possible.

[1] https://derflounder.wordpress.com/2014/12/27/managing-automa...

Thank you!

softwareupdate --history --all | grep MRT

MRTConfigData 1.45 2019-07-11, 13:10:59 softwareupdated