Questions tagged [macos]
macOS (formerly Mac OS X and OS X) is a series of Unix-based graphical interface operating systems developed, marketed, and sold by Apple Inc.
456 questions
2
votes
1
answer
79
views
MacOS: How to verify dialogue box is genuinely from Apple (not Malware)
A class of dialog boxes, similar to the one above, is a persistent nuisance on a Mac instance. How does one verify dialogue box is genuinely from Apple (not Malware)
0
votes
0
answers
33
views
Is it really a good idea to check downloaded PDFs on VirusTotal? [duplicate]
I often download PDF and DjVu files from shady websites. Is it a good idea to upload them on VirusTotal first or this is not really practially necessary?
I often download 5 different versions of the ...
1
vote
0
answers
40
views
macOS Parallels firewall configuration?
I use Parallels to run different type of OS (Windows, Linux) on the macOS ARM64. I would like to improve the overall security of the machine to be able to connect to a LAN or Wifi and still have a ...
0
votes
0
answers
122
views
Storing APFS password in Apple's Keychain for Time Machine
If you are using an encrypted APFS container, for example, to encrypt the Time Machine, whenever the physical disk is plugged in, MacOS asks for a decryption password with an option to store it ("...
2
votes
1
answer
2k
views
How to implement Wi-Fi deauthentication attack on mac
I am trying to send "de-authentication requests" with Mac but all the previously used tools don't work
I was using bettercap before, now it says that deauth packet
was sent but nothing is ...
0
votes
0
answers
123
views
Adding custom rules to apple xprotect
I'm trying to build an endpoint protection software on MacOS, apart from ESF or OpenBSM, I need to block and detect malicious softwares.
I found xprotect to be useful,
https://www.sentinelone.com/...
4
votes
0
answers
442
views
Why is non-admin user allowed to do macOS update?
On macOS Sonoma, when I use any non-admin user, I am able to do a full OS update, or to run commands like softwareupdate --install-rosetta.
Why is this allowed?
I researched a little and came to this ...
1
vote
0
answers
74
views
How reliable is the multipass cli on macOS for pentesting? [closed]
I've been using multipass to quicly spin up vm's on my mac for my some CS courses which required a linux distro, but I'm getting into pentesting and will need a solution. Any advice or opinions on the ...
2
votes
0
answers
138
views
Is MacOS encryption as secure if FileVault is switched on after installation?
Regarding turning on MacOS' FileVault after it was not turned on for installation, it says here...
If FileVault is turned on later — a process that is immediate since
the data was already encrypted — ...
0
votes
0
answers
136
views
Backup to a remote Encrypted APFS drive mounted through Samba. Is this a sound plan?
Say I have a remote machine (something like a VPS) that I have no physical access or physical authority over other than a user on it (with root access). However, I'd like to do Time Machine backups on ...
0
votes
2
answers
362
views
As a security engineer would you be okay recommending macapps.link?
I really like macapps.link as it helps me to quickly install a bunch of software after a fresh install. However, it doesn't have the transparency such Windows alternatives, like ninite or winget have.
0
votes
0
answers
327
views
USB Drive Malware (.lnk extension) Suspicions: Seeking Advice on Next Steps
I recently encountered a concerning situation involving a USB drive, and I'm seeking guidance on how to proceed.
The scenario:
I used an older computer to extract photos from a DVD and transferred ...
0
votes
0
answers
123
views
Is it normal for Apple push notifications to use the IRC protocol?
Seeing traffic like this on my network and wondering if it’s normal to see IRC being used in macOS push notifications and if anyone has any idea what the apparently escaped code (based on all of the ...
7
votes
1
answer
12k
views
Understanding ssh-rsa not in PubkeyAcceptedAlgorithms
I am having problem in connecting to an Amazon EC2 Linux instance from an old Mac OS machine running El Capitan. Unfortunately without any possibility to upgrade the OS.
Because all the other modern ...
3
votes
1
answer
2k
views
How can an application, using Apple's Secure Enclave on macOS or TPM on Windows, protect itself from other applications accessing its private keys?
I'm interested in using Apple's Secure Enclave on macOS or TPM on Windows to protect cryptographic keys used by an application from being accessed by other applications running with the same or higher ...
0
votes
1
answer
353
views
Can virus survive macOS Recovery?
In what scenarios would a MacOS virus/malware/rootkit/etc (I use those terms to englobe all types of undesirable or malicious software or code) resist a format of the hard drive in MacOS recovery?
I ...
1
vote
0
answers
743
views
File encrypted with OpenSSL cannot be decrypted with LibreSSL
First off, please don't turn this question into a LibreSSL vs OpenSSL holy war! I'm just trying to understand the functional differences between them, nothing more.
I originally asked this question on ...
1
vote
0
answers
119
views
Password generation algorithm used by MacOS keychain
What algorithm does MacOS use in its keychain system to generate passwords? (using password assistant accessed through keychain app and using Safari keychain).
Does it access/is it the GUI for the /...
1
vote
0
answers
579
views
SSH authentication with GPG failing with a new Yubikey with the same gpg keys as the old one
I have a MacBook M1 on which I have been using a Yubikey 5 to authenticate SSH logins to various systems. I recently got a Yubikey 5C so I wouldn't have to use adapters. I moved my keys over to it ...
0
votes
1
answer
227
views
Privacy related to company VPN
Last week my employer sent me a root cert to access the company’s VPN on my personal iMac. When I am connected to the VPN, I’m aware the VPN server can encrypt/decrypt the traffic, but I have some ...
1
vote
0
answers
80
views
Apple Magic Keyboards in Public Spaces Man-in-the-middle
Let's imagine that I leave a Mac with wireless peripherals in a public space like a co-working space that might end up with other wireless devices nearby or physical access (say, at nighttime). My ...
1
vote
0
answers
204
views
Is it possible to add a username a password to a hostname in /etc/hosts? [closed]
Is it possible to add a username a password to a hostname in /etc/hosts?
Like: a.b.c.d username:password@hostname
0
votes
1
answer
913
views
How to prevent the recovery of deleted files without a full format of external HDD?
How can I securely delete selected files so they can’t be recovered, but without the full format of the external HDD? Is this even possible?
I’m using Mac OS.
2
votes
1
answer
1k
views
Is it safe to store data on APFS 256 AES encrypted external HDD disk?
I'm using a MacBook and want to store confidential data (financial documents, passwords, private photos, etc.) on an external HDD disk.
How safe is setting up APFS AES 256 encryption with disk ...
0
votes
0
answers
733
views
Suspicious incoming connection attempts from random IPv6 addresses on local network on macOS
I've been using Little Snitch on my Macbook and I have since a long time a rule to alert on any incoming IPv6 connection, which would be suspicious since I use IPv4 only.
Since a couple of days I've ...
0
votes
2
answers
2k
views
Objectively, what can you do on kali that you can't do on a mac?
What is so special about kali?
Is there some suite that just run on kali and won't on other distros/mac?
Is it just marketed better to the infosec community?
0
votes
0
answers
94
views
Can code be executed from copying the From field of an Outlook Email?
I received a suspicious email in Outlook and wanted to check the from email field to see if it was still a Microsoft address.
I right clicked and selected "copy address" on the From field ...
0
votes
1
answer
4k
views
SSL certificate not standards compliance in Safari
I created a certificate authority on my MacBook, and I'm using it to create a wildcard certificate. I have the root CA added as trusted into my system keychain. On Safari, it complains that the ...
1
vote
1
answer
1k
views
VPN does not hide true location on the Maps app on Macbook
I am using a VPN (NordVPN). I am seeing the VPN IP in browsers - this is ok. However when I check the Maps apps on my mac, it shows my true location. How can I ensure that my true location is hidden ...
0
votes
1
answer
281
views
OS on external drive -- is it safe?
So I'm installing macOS to my external hard drive partition, so I can have a 100% clean environment where I can engage with cryptocurrencies. (Exchanges, stable coins, protocols, putting actual money ...
0
votes
0
answers
146
views
Compromised machine. Should I create a partition or volume to install a clean OS?
My goal is to create a 100% clean environment where I can interact with cryptocurrencies. For that, I can partition my disk or I can create a volume. Which one should I prefer?
Some context about the ...
7
votes
1
answer
4k
views
Is Mac OS safer to use as far as firmware rootkits, cold boot attacks and evil maid?
Windows machines have things like TPM and Secure boot to help protect against firmware rootkits, but is Mac any safer in these regards? How does Mac work in the boot stage and is it any less ...
1
vote
0
answers
307
views
Need help cracking a MacOS Catalina password
I have found the hashes for the stored passwords on my mac, I do not have the administrator passwords, I do have the hashes coming from the /var folder. I have tried decrypting it using hashcat but it ...
2
votes
2
answers
2k
views
Cipher suite choice on macOS on Apple Silicon
I have a postfix mail server that accepts these cipher suites:
tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:
...
0
votes
1
answer
377
views
Virus from Embedded Image in Mac Mail?
I'm using macOS High Sierra, and mac Mail version 11.3. I have a script that uses the Twitter API to continually fetch tweets in real-time and send the contents of each of these tweets, including any ...
0
votes
0
answers
241
views
When I visit an http://gofile.me/ link, how much information to I provide to the NAS server owner?
There are files I need from a heavy NAS user and they've given me a link of the form http://gofile.me/xxxxx/xxxxxxxxx If my laptop running the Chrome browser in macOS is connected to the internet via ...
1
vote
1
answer
1k
views
Is it possible to bruteforce Yubikey's PIN when using it as PIV/Smart card?
I'm considering using Yubikey to log in to my Mac. However, in my threat model I have to assume that it will fall into the wrong hands, hence the question: does Yubikey have any mechanisms that ...
1
vote
1
answer
159
views
Read files protected with System Integrity Protection with sudo
I had a debate with a friend about the security model in new OS X versions. OS X El Capitan and newer have the System Integrity Protection security feature which protects aspects of the OS even from ...
4
votes
3
answers
11k
views
How secure is OpenCore Legacy Patcher?
My MacBookPro doesn't get major updates anymore, but the hardware still works well.
I came accross OpenCore Legacy Patcher, which allows to install recent versions of MacOs onto older macs through ...
1
vote
1
answer
254
views
Does MacOS Filevault + Mac hardware obviate lengthy login passwords?
Take the combination of an encrypted disk with a secure enclave chip that never exposes an internal Key Encryption Key and throttles or prevents too many password guesses.
Seems to me that this should ...
0
votes
1
answer
302
views
Postgres.app security on a Mac?
I'm wondering if there are any security concerns with installing PostgreSQL on a Mac using the app?
https://www.postgresql.org/download/macosx/
I had a look at the data folder and it's owned by me ...
0
votes
2
answers
2k
views
Is Xcode vulnerable due to log4j?
After the log4j vulnerability was announced, I scanned my Mac to see if any applications were using it.
find / -name "*log4j*" 2>/dev/null
Here's the output that indicates that Xcode has ...
4
votes
1
answer
12k
views
hashcat skipping gpu even if it's recognizing the device and the driver is installed
I'm trying to run hashcat on a MacBook Pro.
Running hashcat -I to check the devices' informations yields:
hashcat (v6.2.5-38-g8b61f60e8) starting in backend information mode
OpenCL Info:
============
...
0
votes
1
answer
122
views
Mac os x installation partition integrity
Let's suppose i lend my new macbook to a (dishonest) friend.
This is a new fresh macbook, just unboxed.
My friend does what ever he wants on this macbook.
One month later, he gives me back the macbook....
0
votes
0
answers
29
views
Can someone on same wifi access my computer? [duplicate]
I was connected to a hotel wifi and airport wifi last week. Some of the files in my Downloads folder now has been compromised (soft keys stolen).
Can someone connected to same wifi gain access to my ...
0
votes
0
answers
26
views
Can work system admin remote into my personal Mac when I connect to work VPN? [duplicate]
I usually connect to my work VPN on my personal Mac and then use Windows Remote Desktop client to access my work computer.
Today on my Mac while disconnected from the VPN I noticed the username/...
1
vote
1
answer
268
views
How to know which IP address is used for my DNS queries on macOS?
I'm not an expert, only have basic knowledge about all this but I'd like to understand what's going on so please bear with me.
I'm currently using a VPN (IKEv2 protocol) on a macOS system and I can ...
1
vote
1
answer
3k
views
How does FileVault work with Time Machine?
Let's suppose a Mac OS computer with two users: user1 and user2. These users are not administrators. FileVault is enabled.
The computer is connected to an empty external hard drive for Time Machine.
...
0
votes
0
answers
183
views
Hybrid-Analysis.com indicates the website that my macOS system is contacting is likely malicious
Backstory:
I just upgraded my MacBook from OS X 10.11.6 to the most updated version of macOS, 10.14.6 Mojave. I also have the Little Snitch network filter installed. I know nearly nothing about ...
1
vote
2
answers
1k
views
Safe or Unsafe to Store Passwords in Chrome on MacOS?
I've seen conflicting opinions on this, more than the below, but i.e.
Unsafe: https://www.techrepublic.com/article/why-you-should-never-allow-your-web-browser-to-save-your-passwords/
Safe: https://...