Comment by jeroenhd
7 hours ago
Apple tries to lock down access at the very least. They also patched the vulnerability twice (they restricted Safari for some reason and they also disabled the settings in the new version of Safari). It seems like Apple cares at the very least. Which is weird, because they also give you a terminal?
Lots of people I've met were surprised that I was able to get their photos from their windows laptops without ever needing their password. Especially these days in the age where even phones and Windows 11 will enable encryption by default, it's a tad weird that disk encryption isn't on by default on macOS. I, at the very least, was surprised that disk encryption isn't mandatory and always on on macOS, seeing the way Apple controls both the OS and the TPM firmware so that they're pretty much immune to the dreaded "BIOS update made my laptop ask for bitlocker" problem you get on Windows.
I don't really get why this would be AI generated, what makes you think that?
Completely agree on the encryption point. Apple controls the entire stack and could mandate FileVault encryption by default. The fact that it's opt-in is a weird decision that hasn't caught up with their security posture elsewhere.
On the Terminal point, its worth clarifying that Recovery Terminal does require mounting the data volume first, which typically prompts for an admin password. Safari bypassed that step entirely, which is what made it interesting.
At the very least the author's submission and follow-ups to Product Security looks written by AI.
I come from an Arabic-speaking household so my English can be a bit funky sometimes, sorry. However I did use Claude to help format the CVSS tables and polish the grammar in the formal Apple submission (I was 17 submitting to a major company's security team for the first time). The research and findings however are entirely original.
This isn't "research", kid.