Light

"Firmware" part is outdated / Intel-based Mac only about macos-security-and-privacy-guide HOT 7 OPEN

beerisgood commented on June 26, 2024

"Firmware" part is outdated / Intel-based Mac only

from macos-security-and-privacy-guide.

Comments (7)

kimg45 commented on June 26, 2024 1

I'd be happy to give it a look after my other PR is merged. I'd very much like to remove anything about EOL versions of macOS at the very least.

from macos-security-and-privacy-guide.

drduh commented on June 26, 2024

Indeed, the section needs an overhaul as Apple has seriously buffed capabilities here in the last several years.

from macos-security-and-privacy-guide.

gh0st-1 commented on June 26, 2024

the whole part needs a rewrite as Apple Silicon ARM Macs only need FileVault.

This feature requires a Mac with an Intel processor. For the equivalent level of security on a Mac with Apple silicon, simply turn on FileVault. If the Mac is managed by MDM (mobile device management), MDM administrators can also remotely lock the Mac.

https://support.apple.com/en-us/HT204455

It is possible to put a MacBook Pro with Apple Silicon into DFU mode without requiring a password, according to my understanding. This could potentially allow a hacker with physical access to the device to load malware firmware or wipe the device. In the past, firmware passwords were used on Intel-based Macs to prevent this type of attack. However, it is unclear what measures are currently in place to prevent such an attack on Apple Silicon Macs.

One way an attacker could exploit this vulnerability is by modifying the firmware to insert malicious code and then signing it with a fake Apple signature. The attacker could then put the MacBook Pro into DFU mode and load the malicious firmware onto the device.
It is not clear why there are no safeguards in place to prevent this type of attack on Apple Silicon Macs.

from macos-security-and-privacy-guide.

beerisgood commented on June 26, 2024

See #420

from macos-security-and-privacy-guide.

life00 commented on June 26, 2024

Enabling FileVault is enough for Apple Silicon chips.

This is inaccurate because it is only true when Startup Security is set to Full Security. This should be included.

from macos-security-and-privacy-guide.

beerisgood commented on June 26, 2024

@beerisgood

Enabling FileVault is enough for Apple Silicon chips.

This is inaccurate because it is only true when Startup Security is set to Full Security. This should be included.

Macs with Apple Silicon chips use "full Security" by default. Read https://support.apple.com/guide/mac-help/mchl768f7291/mac

from macos-security-and-privacy-guide.

life00 commented on June 26, 2024

You are right. But it is annoying that it is not mentioned anywhere. Probably it is unrelated to this project as it is assumed that no security features will be disabled. In such case never mind.

I am just one of those folks running Asahi Linux. I have noticed this issue recently and unfortunately there is no way to achieve similar level of physical security when running other operating systems on these platforms.

from macos-security-and-privacy-guide.

Related Issues (20)

Version Consistency Across the Guide: What's the Latest Supported? HOT 5
Does anybody have a better rule set which includes blocking portscans etc? HOT 1
Whom are you protecting against with DNSMASQ/DNSCRYPT HOT 2
Mac Setups
VLC vs browser for unvetted audio/video files HOT 13
Wow! HOT 1
Sectools HOT 1
Question: Why remove the admin account from FileVault? HOT 3
Increasing attack surface using simple virus scanner HOT 4
Misleading information in Google Chrome section HOT 2
Security Guide
Add BusKill HOT 3
please add in these features from the unistgov HOT 8
Mac event IDs
Update to include Brave Browser? HOT 2
WARNING - Dangerous VPN company - Adware/Malware
Mac_OSX_Startup.pdf no longer available HOT 1
Soryy
Little Snitch & Steven Black Host HOT 3

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs