System Integrity Protection Inexplicably Disabled by Default on Some New MacBook Pro Models

[MacRumors]

Since OS X El Capitan, the operating system that runs on Macs has been protected by a feature called System Integrity Protection (SIP), which is designed to keep your Mac safe from malware by restricting the permissions of the root user account and preventing unauthorized access to protected files and folders.

System Integrity Protection runs behind the scenes and is generally enabled by default in Macs running OS X El Capitan or later, but it seems the feature is inexplicably turned off on some new MacBook Pro models, leaving them vulnerable.

Developer Jonathan Wight noticed System Integrity Protection was disabled on some machines and tweeted about it this morning, prompting developer Steven Troughton-Smith to do an informal Twitter survey asking users about the status of their new machines.

https://twitter.com/x/status/799305669786468352

System Integrity Protection is indeed disabled out of the box on a number of 13 and 15-inch MacBook Pro models, including one machine owned by MacRumors. Not all MacBook Pro models are affected, however, as there are users who are reporting that System Integrity Protection is turned on as expected.

As outlined in Apple's developer documentation, users can check whether SIP is turned on by entering the "csrutil status" command in Terminal. Enabling SIP requires booting into Recovery mode, turning it on using Terminal, and rebooting.

Apple is aware of the issue and will undoubtedly deliver a fix for the issue in an update, but timing for a release is unknown.

Article Link: System Integrity Protection Inexplicably Disabled by Default on Some New MacBook Pro Models

 

[Blackstick]

Likely just a bug during the factory imaging process.

 

[BootsWalking]

Probably a production-line oversight, perhaps on their test rig.

 

[garirry]

Their quality control is getting ridiculous now.

 

[cmaier]

Enabled on my 15" MBP BTO.

 

[justperry]

Mine is off, but I did that by myself cause I hate to not have control of my system.

 

[cmaier]

Mine is off, but I did that by myself cause I hate to not have control of my system.

So do the hackers who just pwned you.

 

[Appleaker]

I wonder if this is another move by Tim Cook to reduce Mac sales and sell more iPads.

So far the keynote has been followed by bad news only... except for the dongle sale.

 

[srsub3]

Next year announcement: we have done it with courage! Apple antivirus, only 99.99 in the app store! XD

 

[angmi90]

I can confirm that in a base model 13" touch bar space gray model, this feature was disabled by default on my system.

 

[justperry]

So do the hackers who just pwned you.

Haha, not afraid, I have Little snitch running, and even without it I am 99.9999 % sure I won't be hacked.
We are not running windows are we!

Next year announcement: we have done it with courage! Apple antivirus, only 99.99 in the app store! XD

There is no virus on OS X since the beginning OS X 10.b so I am not afraid to get one in the near future.
But, I see the sarcasme in your post.

 

[Yaemon]

Any risk to manually enable it?

 

[PortableLover]

Well apple just got a whole lot more couragous!

 

[TechZeke]

I've disabled it numerous times in order to use custom icons, so I don't see the big deal of this.

 

[Nr123*123]

Yay for quality control.

It's like a car manufacturer releasing a car with no brake pads.

But those emojis, am I right?

I think Tim would fire someone if an emoji was missing. But this will get a patch in a month or two.

 

[Aluminum213]

Courage mode activated

 

[TheBuffather]

I just ran csrutil status in terminal on my 2016 15" MBPr, as well as my 2012 15" MBRr, and both are disabled. I've never manually disabled it on my 2012, so that was a surprise to me.

 

[justperry]

Any risk to manually enable it?

No, you should actually be safer, but, I never had problems with OS X regarding security, I leave mine off.

 

[SgtPepper12]

Well it's a pro machine after all.

 

[Dilster3k]

Terrible news after terrible news non-stop for this product, glad I'm not shelling out nearly 3 grand on a half-baked disaster for somewhat decent specs...

 

[justperry]

Yay for quality control.

It's like a car manufacturer releasing a car with no brake pads.

But those emojis, am I right?

I think Tim would fire someone if an emoji was missing. But this will get a patch in a month or two.

Bold: That's a bad analogy, you won't die if SIP is off, you could die if you don't have brakes.

Terrible news after terrible news non-stop for this product, glad I'm not shelling out nearly 3 grand on a half-baked disaster for somewhat decent specs...

This isn't so bad, we used OS X without sip for more than a decade, we can live without it for another decade.

 

[inhalexhale1]

Courage mode activated

hold command + C for courage mode

 

[pat500000]

Greatest feature!

Man....Apple is being half-as* company lately.

 

[d0nK]

How fitting.

 

[kingtj]

Ah yeah.... the "Microsoft Network" icon. Forgot about that thing. Still less downtime than MobileME had!

hold command + C for courage mode