←back to thread

Apple Confirms Zero-Day Attacks Hitting macOS Systems

(www.securityweek.com)
262 points fortran77 | 2 comments | 20 Nov 24 00:26 UTC | HN request time: 1.082s | source
Show context
consumerx ◴[20 Nov 24 06:32 UTC] No.42191294[source]
that's why you turn on Lockdown Mode or swap to Linux completely :)
replies(3): >>42191303 #>>42191474 #>>42192584 #
danieldk ◴[20 Nov 24 07:16 UTC] No.42191474[source]
I love Linux, but this is really a cheap shot. Out of the box, desktop security is much better on the Mac. Slim boot ROM in place of UEFI (which can be backdoored), no always-running Intel ME/AMD PSP, fully verified boot chain, sealed system volumes, heavy use of a secure enclave to protect secrets, mandatory sandboxing for App Store apps, malware checks through XProtect, limited access of apps to key folders (Desktop, Documents, iCloud Drive), limited access to privacy-sensitive devices (camera, mic), etc.

Linux will get there, but currently macOS is much more secure as a desktop.

replies(2): >>42192772 #>>42193574 #
1. adrian_b ◴[20 Nov 24 13:03 UTC] No.42193574[source]
While in general you are right, you should not forget that almost one year ago it has been revealed that the "Apple Silicon" CPUs had a hardware backdoor that had been exploited for years by malicious entities (i.e. some unprotected test registers that allowed the attacker to bypass the memory protection and gain complete control remotely, through the sending of an invisible message, without any chance of being detected by the owner; the complete exploit had used a chain of bugs in the Apple system libraries, together with the hardware backdoor).

Such a hardware backdoor is rather more severe than most of what has ever been discovered on non-Apple devices.

As long as the main protection of the Apple devices consists mostly in their lack of detailed technical documentation, one can never know whether other such hardware backdoors exist.

replies(1): >>42193716 #
2. acdha ◴[20 Nov 24 13:21 UTC] No.42193716[source]
Do you have a reference for that? It doesn’t sound like GoFetch, which is the closest on timing.