←back to thread

265 points fortran77 | 1 comments | | HN request time: 0.21s | source
Show context
consumerx ◴[] No.42191294[source]
that's why you turn on Lockdown Mode or swap to Linux completely :)
replies(3): >>42191303 #>>42191474 #>>42192584 #
danieldk ◴[] No.42191474[source]
I love Linux, but this is really a cheap shot. Out of the box, desktop security is much better on the Mac. Slim boot ROM in place of UEFI (which can be backdoored), no always-running Intel ME/AMD PSP, fully verified boot chain, sealed system volumes, heavy use of a secure enclave to protect secrets, mandatory sandboxing for App Store apps, malware checks through XProtect, limited access of apps to key folders (Desktop, Documents, iCloud Drive), limited access to privacy-sensitive devices (camera, mic), etc.

Linux will get there, but currently macOS is much more secure as a desktop.

replies(2): >>42192772 #>>42193574 #
adrian_b ◴[] No.42193574[source]
While in general you are right, you should not forget that almost one year ago it has been revealed that the "Apple Silicon" CPUs had a hardware backdoor that had been exploited for years by malicious entities (i.e. some unprotected test registers that allowed the attacker to bypass the memory protection and gain complete control remotely, through the sending of an invisible message, without any chance of being detected by the owner; the complete exploit had used a chain of bugs in the Apple system libraries, together with the hardware backdoor).

Such a hardware backdoor is rather more severe than most of what has ever been discovered on non-Apple devices.

As long as the main protection of the Apple devices consists mostly in their lack of detailed technical documentation, one can never know whether other such hardware backdoors exist.

replies(1): >>42193716 #
1. acdha ◴[] No.42193716[source]
Do you have a reference for that? It doesn’t sound like GoFetch, which is the closest on timing.