Apple Confirms Zero-Day Attacks Hitting macOS Systems

(www.securityweek.com)

262 points fortran77 | 2 comments | 20 Nov 24 00:26 UTC | HN request time: 0.422s | source

Show context

consumerx ◴[20 Nov 24 06:32 UTC] No.42191294[source]▶

>>42189581 (OP) #

that's why you turn on Lockdown Mode or swap to Linux completely :)

replies(3): >>42191303 #>>42191474 #>>42192584 #

danieldk ◴[20 Nov 24 07:16 UTC] No.42191474[source]▶

>>42191294 #

I love Linux, but this is really a cheap shot. Out of the box, desktop security is much better on the Mac. Slim boot ROM in place of UEFI (which can be backdoored), no always-running Intel ME/AMD PSP, fully verified boot chain, sealed system volumes, heavy use of a secure enclave to protect secrets, mandatory sandboxing for App Store apps, malware checks through XProtect, limited access of apps to key folders (Desktop, Documents, iCloud Drive), limited access to privacy-sensitive devices (camera, mic), etc.

Linux will get there, but currently macOS is much more secure as a desktop.

replies(2): >>42192772 #>>42193574 #

1. vetinari ◴[20 Nov 24 11:11 UTC] No.42192772[source]▶

>>42191474 #

Half of the stuff you names is security from you, not security for you.

replies(1): >>42194467 #

2. danieldk ◴[20 Nov 24 15:00 UTC] No.42194467[source]▶

>>42192772 (TP) #

You can turn pretty much all of it off, disable SIP, boot Linux, whatever you like.

Good security is layered. For example, even with a sandbox escape, and app could not read your full Documents directory, modify the OS, or install a firmware-level rootkit.

↑