←back to thread

Apple Confirms Zero-Day Attacks Hitting macOS Systems

(www.securityweek.com)
262 points fortran77 | 10 comments | 20 Nov 24 00:26 UTC | HN request time: 0.425s | source | bottom
1. consumerx ◴[20 Nov 24 06:32 UTC] No.42191294[source]
that's why you turn on Lockdown Mode or swap to Linux completely :)
replies(3): >>42191303 #>>42191474 #>>42192584 #
2. leoh ◴[20 Nov 24 06:34 UTC] No.42191303[source]
I have got to believe that there are some nasty zero days for linux
replies(1): >>42191345 #
3. proxynoproxy ◴[20 Nov 24 06:45 UTC] No.42191345[source]
The advantage of everyone running the same software and hardware platform is that you can concentrate on hardening that one system. The disadvantage is that vulnerability is universal.

The advantage of everyone running a disparate environment of many of different libraries and binaries is that vulnerability is likely unique. The disadvantage is there are many more opportunities for the researcher to find vulnerability in the mess.

Choose your poison, the only secure system is powered down.

replies(1): >>42192576 #
4. danieldk ◴[20 Nov 24 07:16 UTC] No.42191474[source]
I love Linux, but this is really a cheap shot. Out of the box, desktop security is much better on the Mac. Slim boot ROM in place of UEFI (which can be backdoored), no always-running Intel ME/AMD PSP, fully verified boot chain, sealed system volumes, heavy use of a secure enclave to protect secrets, mandatory sandboxing for App Store apps, malware checks through XProtect, limited access of apps to key folders (Desktop, Documents, iCloud Drive), limited access to privacy-sensitive devices (camera, mic), etc.

Linux will get there, but currently macOS is much more secure as a desktop.

replies(2): >>42192772 #>>42193574 #
5. notactuallyben ◴[20 Nov 24 10:34 UTC] No.42192576{3}[source]
Vulnerabilities in the Linux kernel would have a similar impact to a macOS kernel bug. It’s a myth that “more eyes means more secure” for OSS ;-) - it can be true, but often that’s not the reason
6. fsflover ◴[20 Nov 24 10:36 UTC] No.42192584[source]
You probably mean to Qubes OS.
7. vetinari ◴[20 Nov 24 11:11 UTC] No.42192772[source]
Half of the stuff you names is security from you, not security for you.
replies(1): >>42194467 #
8. adrian_b ◴[20 Nov 24 13:03 UTC] No.42193574[source]
While in general you are right, you should not forget that almost one year ago it has been revealed that the "Apple Silicon" CPUs had a hardware backdoor that had been exploited for years by malicious entities (i.e. some unprotected test registers that allowed the attacker to bypass the memory protection and gain complete control remotely, through the sending of an invisible message, without any chance of being detected by the owner; the complete exploit had used a chain of bugs in the Apple system libraries, together with the hardware backdoor).

Such a hardware backdoor is rather more severe than most of what has ever been discovered on non-Apple devices.

As long as the main protection of the Apple devices consists mostly in their lack of detailed technical documentation, one can never know whether other such hardware backdoors exist.

replies(1): >>42193716 #
9. acdha ◴[20 Nov 24 13:21 UTC] No.42193716{3}[source]
Do you have a reference for that? It doesn’t sound like GoFetch, which is the closest on timing.
10. danieldk ◴[20 Nov 24 15:00 UTC] No.42194467{3}[source]
You can turn pretty much all of it off, disable SIP, boot Linux, whatever you like.

Good security is layered. For example, even with a sandbox escape, and app could not read your full Documents directory, modify the OS, or install a firmware-level rootkit.