Comments (7)
I'd be happy to give it a look after my other PR is merged. I'd very much like to remove anything about EOL versions of macOS at the very least.
from macos-security-and-privacy-guide.
Indeed, the section needs an overhaul as Apple has seriously buffed capabilities here in the last several years.
from macos-security-and-privacy-guide.
the whole part needs a rewrite as Apple Silicon ARM Macs only need FileVault.
This feature requires a Mac with an Intel processor. For the equivalent level of security on a Mac with Apple silicon, simply turn on FileVault. If the Mac is managed by MDM (mobile device management), MDM administrators can also remotely lock the Mac.
It is possible to put a MacBook Pro with Apple Silicon into DFU mode without requiring a password, according to my understanding. This could potentially allow a hacker with physical access to the device to load malware firmware or wipe the device. In the past, firmware passwords were used on Intel-based Macs to prevent this type of attack. However, it is unclear what measures are currently in place to prevent such an attack on Apple Silicon Macs.
One way an attacker could exploit this vulnerability is by modifying the firmware to insert malicious code and then signing it with a fake Apple signature. The attacker could then put the MacBook Pro into DFU mode and load the malicious firmware onto the device.
It is not clear why there are no safeguards in place to prevent this type of attack on Apple Silicon Macs.
from macos-security-and-privacy-guide.
See #420
from macos-security-and-privacy-guide.
Enabling FileVault is enough for Apple Silicon chips.
This is inaccurate because it is only true when Startup Security is set to Full Security. This should be included.
from macos-security-and-privacy-guide.
Enabling FileVault is enough for Apple Silicon chips.
This is inaccurate because it is only true when Startup Security is set to Full Security. This should be included.
Macs with Apple Silicon chips use "full Security" by default. Read https://support.apple.com/guide/mac-help/mchl768f7291/mac
from macos-security-and-privacy-guide.
You are right. But it is annoying that it is not mentioned anywhere. Probably it is unrelated to this project as it is assumed that no security features will be disabled. In such case never mind.
I am just one of those folks running Asahi Linux. I have noticed this issue recently and unfortunately there is no way to achieve similar level of physical security when running other operating systems on these platforms.
from macos-security-and-privacy-guide.
Related Issues (20)
- Version Consistency Across the Guide: What's the Latest Supported? HOT 5
- Does anybody have a better rule set which includes blocking portscans etc? HOT 1
- Whom are you protecting against with DNSMASQ/DNSCRYPT HOT 2
- Mac Setups
- VLC vs browser for unvetted audio/video files HOT 13
- Wow! HOT 1
- Sectools HOT 1
- Question: Why remove the admin account from FileVault? HOT 3
- Increasing attack surface using simple virus scanner HOT 4
- Misleading information in Google Chrome section HOT 2
- Security Guide
- Add BusKill HOT 3
- please add in these features from the unistgov HOT 8
- Mac event IDs
- Update to include Brave Browser? HOT 2
- WARNING - Dangerous VPN company - Adware/Malware
- Mac_OSX_Startup.pdf no longer available HOT 1
- Soryy
- Little Snitch & Steven Black Host HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from macos-security-and-privacy-guide.