When Apple released its new macOS operating system to the public yesterday, a serious server failure occurred, resulting in widespread Big Sur download/installation failures, iMessage and Apple Pay declined, but not only that, even running macOS Catalina and earlier Performance issues for users of the version. We learned yesterday why this happened, and now, a security researcher has conducted an in-depth discussion on the privacy and security issues of Mac (especially Apple Silicon).
Soon after the official launch of macOS Big Sur for all users, we began to see reports of extremely slow download times, download failures, and errors that occurred when the download did pass, which ultimately prevented the installation.
At the same time, we saw Apple’s Developer website crashed, and then iMessage, Apple Maps, Apple Pay, Apple Card and some Developer services were interrupted. Then, reports were flooded with third-party applications on Macs running Catalina that hadn’t started or hanged and other slow-running performance earlier.
Developer Jeff Johnson was the first to point out what happened: a problem with the Mac connecting to Apple̵
Now, security researcher and hacker Jeffry Paul published in-depth research in his article “Your computer is not yours” to understand what happened to him and the privacy and security issues associated with it.
On modern versions of macOS, you simply cannot power on your computer, start a text editor or eBook reader, and perform write or read operations without the need to transfer and store activity logs.
It turns out that in the current version of macOS, the operating system sends a hash (unique identifier) of each program it runs to Apple at runtime. Many people don’t realize this because it is silent and invisible. It will fail gracefully immediately when you are offline, but today the server has indeed slowed down and has not reached the fast failure code path. Everyone’s application is If they are connected to the Internet, they can open it.
He went on to explain what Apple saw from the process:
Because it uses the Internet for this operation, the server can see your IP and know the input time of the request. IP addresses allow for rough city-level and ISP-level geolocation, and are allowed to have headers containing the following:
Date, Time, Computer, ISP, City, State, Application Hash
This means that Apple knows when you are at home. At work. Which apps did you open there, and how often. They know when you open Premiere in a friend’s house on their Wi-Fi, and they know when you open the Tor browser in a hotel in another city.
Paul went on to make the argument that many readers might be thinking: “Who cares?” He answers this question by explaining that the OCSP request is unencrypted, not just that Apple has access to the data:
1. These OCSP requests are transmitted Unencrypted. Everyone who can see the network can see these, including your ISP and anyone eavesdropping on its cables.
2. These requests will be transferred to a third-party CDN operated by another company, Akamai.
3. Since October 2012, Apple has been a partner of the PRISM espionage program of the US military intelligence community, which allows the US Federal Police and the military to access the data without restrictions anytime and anywhere without issuing any warrants. They did more than 18,000 times in the first half of 2019 and another 17,500 times in the second half of 2019.
This data is equivalent to a large amount of data about your life and habits, and allows the person with this data to identify your exercise and activity patterns. For some people, this may even pose a personal danger to them.
Paul mentioned some workarounds to prevent this tracking, but he emphasized that macOS Big Sur might solve these problems.
Now, until today, it is not possible to block this type of content on a Mac using a program called Little Snitch (in fact, this is the only thing that currently allows me to use macOS). In the default configuration, it completely allows all these computers to Apple communications, but you can disable these default rules, and then continue to approve or deny each of these connections, and your computer will continue to operate normally without affecting your Apple.
The macOS version 11.0 (also known as Big Sur) released today has a new API that prevents Little Snitch from working in the same way. The new API does not allow Little Snitch to check or block any OS-level processes. In addition, the new rules in macOS 11 even hinder VPNs, so Apple apps will bypass them.
@patrickwardle let us know
trustd, The daemon responsible for these requests is located in the new
ContentFilterExclusionListIn macOS 11, this means that it cannot be blocked by any user-controlled firewall or VPN. In his screenshot, it also shows that CommCenter (for making calls from Mac) and the map will also leak through the firewall/VPN, thereby potentially damaging your voice traffic and future/planned location information.
Paul emphasized that Apple’s new M1-powered Macs will not run anything earlier than macOS Big Sur, and said that this is an option:
You can have a fast and efficient machine, or you can have a private machine. (Apple mobile devices have been using this approach for several years.) Without using an external network filtering device that can be fully controlled (such as a travel/vpn router), it is impossible to boot any operating system on the new Apple Silicon Mac. You won’t call home, and you can’t modify the operating system to prevent this from happening (or they won’t boot at all due to hardware-based encryption protection).
He updated the post to share that there may be a solution through the bputil tool, but he needs to test it to confirm this.
Finally, Paul said: “Your computer is now serving a remote host, which has determined that they have the right to monitor you.
Apple regards privacy and security as its two core beliefs, so time will tell whether we can see Apple change the exposed issues during the launch of Big Sur.
You can find the full text of Jeffry Paul here.
FTC: We use profitable car affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: