MacOS Will Soon Block Unknown USB-C Accessories By Default (techcrunch.com) 175
An anonymous reader quotes a report from TechCrunch: A new security feature in Apple's upcoming macOS 13 Ventura will automatically block new USB-C devices from communicating with the operating system until the accessory can be approved by the user. Apple dropped details of the new security feature in its release notes, which appears to be aimed at protecting newer Apple laptops that run its bespoke M1 or M2 chips from potentially malicious accessories.
According to Apple's description, the feature will be enabled by default and will require the user to approve a USB-C accessory before it can talk to the operating system -- essentially an on-screen pop-up asking the user for permission. Apple says this doesn't apply to power adapters, standalone displays, and connections to an approved hub -- and devices can still charge even if you don't approve the accessory. Apple says that accessories that are already connected will automatically work when updating to the new macOS software.
According to Apple's description, the feature will be enabled by default and will require the user to approve a USB-C accessory before it can talk to the operating system -- essentially an on-screen pop-up asking the user for permission. Apple says this doesn't apply to power adapters, standalone displays, and connections to an approved hub -- and devices can still charge even if you don't approve the accessory. Apple says that accessories that are already connected will automatically work when updating to the new macOS software.
usbguard for mac? Linux users have had it for ages (Score:2)
Isn't this just another mac-specific incarnation of usbguard which we, Linux users, have had since 2015?
Re: (Score:2)
Or just disable the fricking ports in Windoze in the device manager and/or use security policies to control the ports. Every business with more than one employee should do this.
Apple is late to the game.
Re:usbguard for mac? Linux users have had it for a (Score:5, Interesting)
The difference is that Apple is allowing you to use the ports with less risk. With Microsoft you don't have that option. You either disable the ports, or disable new USB device connections with an optional whitelist, but you can't have it prompt you.
This is far superior to what Windows does. Apple can't be late to the party, they're the only ones at the party.
Re: (Score:2)
This is far superior to what Windows does. Apple can't be late to the party, they're the only ones at the party.
As a first party they may be the only ones at the party (except for Linux), but my Windows PC has literally done that for years. MS offers group policy handles for access to USB, and several security packages already offer precisely this feature set, e.g. McAfee enterprise which offered me a nag screen every time I plugged in a USB device. Only after I answered yes would I even get the "new hardware" chime.
Re: (Score:2)
Fair enough. Too bad it's not default on any distribution I've ever seen. I see there's a qt applet too so I guess I will give it a shot. (Fuck GNOME.)
Re: (Score:2)
Not to mention having to google for udev rules and commands when you get a new usb device - to even get the thing working. Security through difficulty!
Old those who cry "walled garden" (Score:2)
...need to work on their reading comprehension skills.
Re: (Score:2)
Necessary for real security (Score:5, Insightful)
While people will claim all kinds of ulterior motives for this, it's really way past due. USB is a genuine attack vector. It's easy to have something that looks like a harmless USB device but that actually does all kinds of nefarious stuff.
Part of the basic design of USB is that you can chain devices, so it shouldn't be unusual if several devices are plugged in at the same time. But this can be used for nefarious purposes by hiding multiple logical devices in a single physical device. Something that looks like a thumb drive can also contain a virtual mouse and keyboard that can automatically enter malicious commands. Something that looks like a mouse can also claim to be a music player and exploit known holes in the music playing software. And so on.
This is not just a theoretical attack. There are proof-of-concept devices that take advantage of this behavior. Asking the user the first time an unrecognized device is plugged in is a simple way of preventing this kind of attack. If they really did just plug in a mouse, they can click on yes and everything is OK. If they thought they plugged in a thumb drive and are asked about a mouse and keyboard, they'll have a chance to stop it.
Re: (Score:3)
Well-said. I kind of wonder if any of the people with spastic anti-Apple reactions here remember the old days of Windows 95 Autoplay, and the whole bundle of worms that opened up.
I/O needs to default to untrusted.
Mac System OS: "Autostart Worm" (Score:2)
I worked for a marketing company in the later nineties. Every Mac in the art department was infected and re-infected by the Autostart Worm off and on, until we could finally disable the autostart feature -- which wasn't until Quicktime 2.5:
https://lowendmac.com/virus/wo... [lowendmac.com]
Our IT guy at the time was getting really annoyed, as this stupid worm kept on popping up. But I don't recall it being much more than an annoyance and fairly easy to remo
More than proof of concept (Score:5, Insightful)
You're absolutely right. I'd like to expand on what you said here:
> This is not just a theoretical attack. There are proof-of-concept devices that take advantage of this behavior.
More than just proof-of-concept, such devices are "productized", readily available for purchase at reasonable prices.
The proof-of-concept level is what I've done personally. At a security company where I used to work, my co-workers and I would mess with each other if you didn't follow security practices. Go to lunch without locking your machine? A co-worker will help you learn better. In the common area, there was a bag of USB flash drives with the company logo on them. So ...
I brought home a flash drive with the logo on it and popped open the case. I installed a new board - essentially an Arduino Pro Micro. I wrote a little Arduino code so it works as both a flash drive and emulates a keyboard, entering whatever commands I wished. The flash drive part held a hidden file containing the keystrokes to enter, so it could be reprogrammed just by replacing the file.
Re: (Score:3)
If they really did just plug in a mouse, they can click on yes and everything is OK.
If the new usb mouse is blocked, how is one to "click on yes"? :-)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Just use your bluetooth mouse to move the cursor over and click on yes. Jeesh do I need to do all the thinking around here! :-)
Re: (Score:2)
Re: (Score:2)
While people will claim all kinds of ulterior motives for this, it's really way past due.
The only people who do so are those who don't think and don't have phones. iOS and Android already do this. My employer provided Windows laptop already does this too (via 3rd party software).
This is just a sensible security practice.
Re: (Score:2)
It really depends how the permission request window is designed. It needs to show what the device is and all its functions, probably with explanatory text that warns the user of the risks. I have a feeling most users will just blindly click accept anyway.
By the way, Windows has supported this for a very long time, I think going back as far as XP, maybe earlier. It's quite as nice, you have to manually approve new devices, but given the tendency of the user to blindly accept everything that might actually be
Re: (Score:3)
By the way, Windows has supported this for a very long time, I think going back as far as XP, maybe earlier. It's quite as nice, you have to manually approve new devices
Requiring the user to know ahead which devices to block or not block is NOT the same feature.
Re: (Score:2)
It blocks everything except stuff you whitelist. When you plug something in you can see it's VID/PID/serial number so that you can add an exception if you want to. You can use it in exactly the same way, except less convenient.
Re: (Score:2)
Re: (Score:2)
Pray exactly how do I click yes when I plug in a new unknown mouse? You are assuming that you have a previously available functioning mouse and keyboard.
I would note that it could look like a real keyboard and be a real keyboard, that also does nefarious stuff behind your back. Does not need to be a thumb drive. I am sure I could open up an existing keyboard add a daughter board that did nefarious things and close it back up. Well maybe not with what Apple tries to pass off as a keyboard, but how anyone can
Time limits (Score:2)
This is the strange part:
"Approved devices can connect to a locked Mac for up to three days."
Do they expect the device to change all of a sudden? I mean, a regular thumb drive will install a nefarious virtual keyboard? But then shouldn't the system catch it?
Maybe this is about power saving? But then, the docking station will be always connected, and you come back one week later, and see your KVM not working? Again this does not make sense.
It's ok... (Score:2)
If your mouse stops working, just plug in another one and then click the button to allow it work.... wait... what?
Re: (Score:2)
I was thinking this could bring back the good old 'No keyboard detected, press any key to continue'
how ? (Score:3)
I wonder how they're going to do that, technically? Does USB-C have different specs than older USB instead of just a different connector?
I've looked into this and the USB protocol (pre-USB-C) just doesn't give you anything to identify a unique device with. You can identify device types, model, manufacturer, etc. - but even those are simply numbers supplied by the device itself. So the obvious thing to do for a malicious device is to present itself as something popular. Say, the standard Apple keyboard or Magic Mouse.
I haven't looked for years, so is there something new in the USB standard that I'm not aware of?
Re: (Score:3)
They likely mean the device and vendor ID as USB devices are not required to have an unique serial number or the like. Vendor and device ID be faked though and an USB attack device may well pretend to be a popular keyboard or mouse, for example.
The pathetic thing here is that not even the release notes by Apple are clear. Apparently technical writers do not need to understand technology these days...
Re:how ? (Score:5, Insightful)
They likely mean the device and vendor ID as USB devices are not required to have an unique serial number or the like. Vendor and device ID be faked though and an USB attack device may well pretend to be a popular keyboard or mouse, for example.
That's the thing. The USB spec provides a "serial number" field, but pretty much nobody uses it. And the VID etc. are essentially a "please tell me who your are" thing and I can respond with whatever I feel like today.
As a way to understand which driver the OS should load, this is sufficient. As a security layer against malicious devices, USB simply doesn't provide anything that you could actually use.
Re: (Score:2)
I've looked into this and the USB protocol (pre-USB-C) just doesn't give you anything to identify a unique device with.
Of course you uniquely identify a device: Based on the port it is plugged into. This is one of the reasons USB>serial adapters will always get the same COM port number when plugged into the same USB socket, but plug it into a different socket or plug a different model adapter into the same socket and you get a new COM port.
Mind you there's no need to memorise the unique device. You can just memorise the enumeration of a device on a port and present the nag screen to the user every time the device is conn
Re: (Score:2)
Of course you uniquely identify a device: Based on the port it is plugged into.
Not true. You don't get a unique identifier and the identifier you get isn't guaranteed to be stable over time, or trustworthy.
a device enumerating itself with multiple functions.
That's probably what you want to do, though again my work on this was a couple years ago so I don't know what the AV tools do these days if you try that.
Re: (Score:3)
Not true. You don't get a unique identifier and the identifier you get isn't guaranteed to be stable over time, or trustworthy.
You do at a given time. The fact it's not stable over time is not relevant for security (only for offering the user a bypass to security). A USB device in one port literally can't pretend to be plugged into another port, and identifying the same VID/PID/device type on the same port twice gives you a big fat "your hardware is not working" error.
And if you think about how the USB subsystem works it has to be unique at any given time, otherwise how would the software stack know which device to communicate with
Re: (Score:2)
If I were designing a system like this I'd require all devices that don't have a serial number to be confirmed every single time they are plugged in.
For devices with a serial number it would be difficult for an attacker to guess that number. Given that it appears Apple will allow devices connected to a trusted hub without confirmation, the risk seems lower than an attacker simply plugging their malware into the user's dock.
Re: (Score:2)
There is a "serial number" field in the USB specs, but both according to lots of online sources I checked and the tests I've made with numerous devices, it is empty most of the time.
Re: (Score:2)
Serial number is optional. If a device doesn't supply one then the host should treat it like a new device every time. If it does then the idea was that the host could keep track of different physical devices, but of course if the creator is a bad actor there is nothing stopping them from re-using serial numbers.
Re: (Score:2)
> Does USB-C have different specs than older USB instead of just a different connector?
Just deductively, USB-C (3.x?) probably has some management commands that let you apply power, ask for a bus connection, not get a bus connection, and then later be given a bus connection.
Older USB has been a mess - many devices need a power cycle to reattach to the bus.
Why would I ever buy apple products? (Score:2)
Re: Why would I ever buy apple products? (Score:2)
Re: Why would I ever buy apple products? (Score:2)
Re: (Score:2)
All for the weird perception that macs do graphics better than a PC.
Depends on your perception. Games better on Macs, no. Professional video and photography on Macs and PC can be the same; the difference is a prosumer Mac is specced for that role whereas PCs have a range of quality based on equipment and budget.
IMO, this isn't worth the inconveniences.... (Score:2)
Again, this amounts to one of those ideas that a computer-savvy, security-minded individual thought was a great idea. "Hey, we need to alert users whenever a new USB device is inserted, because hidden devices might be lurking inside the one they THOUGHT they were plugging in!" Except the reality of this is, 99% of users who intentionally plug in a device are going to click ok,approve,yes,whatever makes the annoying dialog boxes go away so they can continue using it.
They're not going to think, "Hey ... wai
Re:Pay fealty to Apple, or else... (Score:5, Interesting)
... there is always the obligatory cynicism about profit motives behind any change from the Evil corporations but I have to say it is about time. USB is the easiest attack route other than social engineering.
I wonder if it will be effective against shape shifters, that is devices that get installed as a mouse but change to a key logger or malware injector of some flavour. Depends on how the OS recognizes a "new" device.
Also won't help if a malicious memory stick is installed and approved by the user.
Re: Pay fealty to Apple, or else... (Score:2)
Re: (Score:2)
Most keyboards and mice install automatically without intervention unless a security policy has been set or the port/device class is disabled. You don't have to social engineer someone sticking crap into a USB port. All you have to do is provide the device, like dropping a memory stick on the ground in a parking lot or selling someone a keyboard.
But you are right, clicking approval at a prompt is almost automatic for many people.
Re: (Score:2)
I have seen USB keyboards and printers run a driver installer when they are first plugged into Windows a lot of times.
Won't users just click yes? (Score:2)
Re: Won't users just click yes? (Score:3)
Re: (Score:2)
it worked for windows UAC didn't it?
Re:Pay fealty to Apple, or else... (Score:5, Funny)
... or be blocked from Apple devices? Is this just Apple taking their Walled-Garden to an even higher, more profitable level?
Yeah, because approving a 3rd party USB device by clicking a nag screen away is such a massive burden on the user. Why this is a grievous violation of your sacred constitutionally guaranteed human rights, you poor long suffering #colossal #victim ... and if that sounded like over the top flame bait it wasn't ... that was a highly acidic sarcastic comment on your miserable attempt at trolling.
P.S. Top Trolling tip: Splitting the comment up between subject and body does not make you look cool, it just reduces people desire to read what you wrote.
Re: (Score:2)
What you are talking about is more typical of displays. Much content is only viewable with a monitor connected by HDMI, not VGA. This is a rank profiteering.
Re: (Score:2)
... or be blocked from Apple devices? Is this just Apple taking their Walled-Garden to an even higher, more profitable level?
You mean copying features from Android? My phones have presented a nag screen when connecting via USB or having a USB device attached to them for as long as I can remember.
It's a good security feature, one that my company windows laptop has as well.
Re: (Score:2)
I thought that IOMMU had already solved this.
Re:lolz (Score:5, Insightful)
It is clear from TFS that this is blocking the data communication. Up until now devices tended to let anything plugged into it to have data access willy-nilly, leading some people (like me) to carry around USB connectors that have the data pin disabled so that data access cannot happen when you simply want to charge.
This is a Very Good Thing that all digital devices should follow. No data communication as a default.
FYI: USB nasty list (Score:4, Informative)
Good idea. Totally agree with you.
List of USB attacks [bleepingcomputer.com]
eh, USB is such a fertile area of attack. So much fun. Why spoil things by blocking data attachments?
Re:FYI: USB nasty list (Score:5, Insightful)
Unfortunately it doesn't do anything to address two types of attack.
1. Malformed USB descriptors exploiting flaws in the USB stack. The computer has to read the descriptors before it can decide if a device is allowed or not.
2. Exploits in the USB stack or drivers once the user has approved a device. That method was used to crack open the PS4 security once a suitable flaw in the USB stack was discovered.
The only defence against those is to run the USB stack and drivers in a sandbox with very limited privileges. I don't know if MacOS does that, Windows attempts to but it's not perfect.
Re: (Score:2)
Re: (Score:2)
Sure, but then all you can do is charge (and technically at no more than 100mA, although in practice most chargers will supply their max rated current no matter what). If you want to use a mouse or a flash drive or something...
Re: (Score:2)
Re: (Score:3)
This is a Very Good Thing that all digital devices should follow. No data communication as a default.
Agreed, Android already does this. Plug a device into a PC and it will charge and present the user with an option screen to select if and which protocol to open up. Likewise plug a USB device into the phone and you get screen asking for permission for data access.
Every other OS should follow suit.
Re: (Score:2)
iOS has done this for years also.
Re: (Score:3)
Exactly where apple stole this "innovation " from.
This wasn't touted as some Fantastic Apple Invention(sm), you sad, sad Troll.
Re: (Score:3)
Re: (Score:3)
I think his point was that Apple is often touted as a highly innovative company by their fanbase whilst in reality they usually lag behind the competition in terms of new features.
Actually, he doesn't have a point.
Like Singeon Polevaulter, his only goal is to Contradict anyone who Posts anything in Support (or even mention of) Apple.
https://m.youtube.com/watch?v=... [youtube.com]
Re: (Score:2)
Don't know why you were modded down, iOS has done this for years.
Re: (Score:2)
It is clear from TFS that this is blocking the data communication. Up until now devices tended to let anything plugged into it to have data access willy-nilly, leading some people (like me) to carry around USB connectors that have the data pin disabled so that data access cannot happen when you simply want to charge.
This is a Very Good Thing that all digital devices should follow. No data communication as a default.
PD runs to negotiate the high power charging. So data comes first.
Sit back and wait for all the attacks via PD.
RTFA (Score:5, Informative)
Chargers are excluded and unapproved devices can still charge from the port.
Re: (Score:2, Troll)
Re: (Score:3)
Give it time.
Found the Evil Maid!
Re: (Score:3)
I'm the first guy to criticize Apple and even I don't think this is particularly nefarious. Offering the user a choice of whether to have the feature turned on or not would be nice, but at least they're not denying the ability to use them. Also, I'd be surprised if you had to approve a device more than once, given that Apple says that the accessories you've used now will work. That seemingly implies that it's already keeping track of them... which is normal behavior for Windows and sometimes also Linux as w
Re: Fine (Score:2)
Seems to me that if you have to approve unknown devices it's a big security plus.
I assume the password bypass kits wouldn't work if they can't get data access.
Re: (Score:2)
I'm the first guy to criticize Apple and even I don't think this is particularly nefarious. Offering the user a choice of whether to have the feature turned on or not would be nice, but at least they're not denying the ability to use them. Also, I'd be surprised if you had to approve a device more than once, given that Apple says that the accessories you've used now will work. That seemingly implies that it's already keeping track of them... which is normal behavior for Windows and sometimes also Linux as well (for the purpose of reassigning the same device name.)
Since TFS clearly stated that any already-connected Devices would be automagically "Approved" when a User Upgrades to macOS 13, that would imply they are keeping a Database of "Already Approved Devices for this User/Machine" on each Mac.
IOW, of course you will only need to Approve an Unknown Device once.
Plus, it is such a non-annoyance, there is absolutely no reason to give the user (or perhaps some random Malware) the ability to quietly Defeat this excellent Security Improvement. None at all.
Re: (Score:2)
it is such a non-annoyance, there is absolutely no reason to give the user (or perhaps some random Malware) the ability to quietly Defeat this excellent Security Improvement. None at all.
If random malware can flip your security settings, you don't have any security. That's not a reason not to give the user an option. It's a reason to institute some security. If the user is annoyed by a feature, and wants to disable it, they should be able to do so. The reason to give them the ability is that it's their device. Unless you, like Apple, think that the user shouldn't own their own device. In that case, I'm not interested in literally anything you have to say on this subject, because your goals
Re: (Score:2)
it is such a non-annoyance, there is absolutely no reason to give the user (or perhaps some random Malware) the ability to quietly Defeat this excellent Security Improvement. None at all.
If random malware can flip your security settings, you don't have any security. That's not a reason not to give the user an option. It's a reason to institute some security. If the user is annoyed by a feature, and wants to disable it, they should be able to do so. The reason to give them the ability is that it's their device. Unless you, like Apple, think that the user shouldn't own their own device. In that case, I'm not interested in literally anything you have to say on this subject, because your goals are fundamentally counter to mine.
Relax!
There will more than likely be a CLI incantation you can cast in Terminal to return yourself back to a blissfully-ignorant Buns Up and Kneelin' state.
Re: (Score:2)
Re:So, like the years old Android option? (Score:5, Interesting)
You may have missed that this was talking about macOS (i.e., laptop and desktop) rather than the mobile iOS/iPadOS.
You know how doctors can test nerve reflex by tapping on the knee in certain places? And your leg kind of kicks out, uncontrollably? Well, that's the etymology of a knee-jerk reaction, where someone reacts so fast they don't stop and think. Just saying.
Re: (Score:2)
No, I didn't miss anything. It's not news. It's Apple copying a years old Android function on MacOS, or, if you prefer, a two decade old function of Windows. I was giving them the benefit of the doubt.
Knee jerk reaction was all yours, with emphasis on the "jerk".
Re: (Score:3)
IOS has been doing this for many years, so claiming that implementing it on MacOS is copying Android is also a stretch.
Re: (Score:2)
Android did it first because Android was USB from the start, and iOS only implemented it when they added USB C to the iPad.
Not that it really matters, just a point of order.
Re: So, like the years old Android option? (Score:3)
Re: (Score:2)
No, I didn't miss anything. It's not news. It's Apple copying a years old Android function on MacOS, or, if you prefer, a two decade old function of Windows. I was giving them the benefit of the doubt.
Interesting. I don't recall a similar popup when plugging in mouse and printer on an Android tablet. Is that really what happens?
I also don't think even current Windows pop up similar messages. I'm quite certain it doesn't for random HID devices.
Knee jerk reaction was all yours, with emphasis on the "jerk".
Such vitriol over operating system features? Really?
Re: (Score:2)
The popup is the USB icon in the top bar rather than a window, but nothing happens but charging on my devices without tapping that icon and enabling whatever is plugged in, every device, every time. Perhaps you should explore the settings a bit more.
Just because you politely attempted to call me an idiot doesn't mean you didn't start the vitriol you now accuse me of.
Re: (Score:2)
He's just using some Android device that never received updates, so he didn't get that functionality.
Re: (Score:2)
Desktop vs Mobile has nothing to do with whether a feature is already widely in use. Speaking of knee-jerk responses maybe you should think from the perspective of an end user before you post, specifically how many people are probably wondering why some of their devices already do what is being proposed here.
Incidentally my Windows laptop does this too. It's a feature of my employer's security software. Windows also offers a group policy object that allows admins to control this functional and third party s
Re: (Score:2)
Yes, they copied it from iOS where it has been used for years.
Re: (Score:2)
Iphone does it too.
Whats new is that its coming Macs. I expect eventually Microsoft will do the same. Because its kinda obvious security functionality.
Re: (Score:2)
Re: (Score:2)
You have to buy their BT keyboard and mouse and use those to bless their USB counterparts.
Re: (Score:2)
You have to buy their BT keyboard and mouse and use those to bless their USB counterparts.
Catch 22: How do you pair an Apple BT Keyboard and Mouse if it did not come in the box with your device? ;-)
https://support.apple.com/en-u... [apple.com]
"If the device came in its own box or you need to set it up again, follow the steps below. [...] Use one of these cables to connect your wireless device to your Mac: USB-C to Lightning Cable [...] Earlier models of Apple's wireless input devices don't have a Lightning port. To set them up, you need a wired or wireless mouse or trackpad that is already connected to you
Re: (Score:2)
You have to buy their BT keyboard and mouse and use those to bless their USB counterparts.
Just stop it.
Really.
Re: (Score:2)
Re: (Score:2)
Did you read the summary? It will be new, unknown USB devices. If the user approves the device, the device will then be "known".
I did read TFA... now:
Did you read my question?
As it is today, the mac mini comes with no keyboard or mouse inside the box.
If when you plug a keyboard in your brand new macmini, the OS does not allow it to work until approved, how will you press the Y key to aprove it?
If you plug a mouse in your new macmini, and the moues is not allowed to comunicate with the machine until approved Hoy do you click on yes to approve it?
Re: (Score:3)
Early days of Windows XP had this exact same issue, USB devices would not initialize until AFTER logging into the OS, but unable to type in the password to login without a PS/2 keyboard.
This is actually already a solved problem. The HID over USB spec already has a very basic dumb device mode that can be used for simple input, before the full customized drivers are initialized and loaded.
History from literally two decades ago already solved this problem. Learning history is always a good thing to do, even in
Re: (Score:2)
Is it really a solved problem? Because I recall USB hijackers several years back that emulated dumb keyboards but could launch a terminal, blast in a few commands, close the terminal, and you were pwned.
I'm not aware of that ever being solved.
Re: (Score:2)
This is actually already a solved problem. The HID over USB spec already has a very basic dumb device mode that can be used for simple input, before the full customized drivers are initialized and loaded.
Except that is not remotely why Apple and Google [android.com] have implemented this feature. It is not about the computer being able to load drivers to talk to the new USB device. It is about the dangers of an unknown device. With smaller and smaller electronics, things like keyloggers and hijackers can be put into innocuous looking things like a USB cable [keelog.com] which are available to buy today.
Re: (Score:2)
I did read TFA... now: Did you read my question? As it is today, the mac mini comes with no keyboard or mouse inside the box.
Clearly you did not: "Apple dropped details of the new security feature in its release notes, which appears to be aimed at protecting newer Apple laptops . . ." This feature is not intended for desktop machines.
Re: (Score:3, Funny)
How the fuck will the USB Keyboard and Mouse of the Mac Mini and the Mac studio will be approved?
It won’t. Apple obviously didn’t think of this and every Mac Mini and Mac Studio sold with Ventura factory installed will be a brick forever.
Re: (Score:2)
Re: (Score:2)
This obviously is not about security but to give the user a warm, fuzzy feeling in exchange for some hassle.
Re: (Score:3)
Yep a feature specifically designed to mitigate EvilUSB is not about security.
I owe a few people an apology on here. I called them stupid for their posts. But here you are reminding me of what the bar for stupid *actually* is.
Re: (Score:2)
If this is designed to mitigate EvilUSB, then it is a failure from the start. Because it does not and cannot do that with any reliability. An USB attack device can pretend to be whatever other device it wants to be. It just needs to find one that the user allowed before. An USB device can also simulate being unplugged and being plugged in again.
Apple engineers will _know_ that. This is "feel good" security, not actual security. That you have zero understanding of the situation but shoot your mouth off is as