Toggle sidebar Toggle sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Security for OCLP (OpenCore Legacy Patcher)

@Sh3ldon IMac16,2? If so, the only root patches you need for Sequoia should be Wi-Fi. If I were you, I would create an Open Core EFI with OCLP 2.4.1, I'd modify the config.plist to disable injection and blocking of the Wi-Fi kexts, I'd change SIP (csr-active-config) to <00000000>) and then I would install macOS Sequoia.

You should be able to boot macOS Sequoia with this modified Open Core EFI, use the Mac connected to wired Ethernet without OCLP root patches.

If you don't know how to do any of that, this isn't the thread to discuss the steps. Start a new thread and ping me. We can experiment together, since I don't have your iMac to test.

EDIT: If you must have Wi-Fi, I think you know my opinion.
 
  • Like
Reactions: BillyJoeJimBob
These are rather difficult times for security regardless. Here are some points for and against.

1. The attack surface might in some ways be smaller for an OCLP patched version of MacOS than the non-OCLP versions run by most people

2. Having said that, as I understand the current state of OCLP, the weak spot with MacOS post Ventura is likely Wifi as the latest version that uses native Wifi is Ventura, so if you are ok with running that for a while that is an option probably still with some security patching if Apple does that.

3. the state of current US tech and the general situation might all in all be worse regardless for security and a counter intuitive take is that older OS may even be safer for a while as things are, as new backdoors and such will probably not be added to an older OS.

4. For banking and using public wifi on later OS versions including Sequoia there are two options:
Use an USB wifi device or an ethernet adapter. That should keep the system safer as wifi should not need patching. Might need some tweaks when patching and I am not sure OCLP will handle that for you, have not done that myself, but some people are doing it with some degree of success. Patched wifi doing banking on a public wifi is skywriting.

5. Linux is a good choice these days and half of my Macs are already on Ubuntu. Probably bought my last Mac but who knows..
Good luck.
 
  • Like
Reactions: BillyJoeJimBob and Sh3ldon
dimme said:
That's a tuff choice, and I would probably lean towards no longer supported system if you had too. However I think there is a third option and it's linux Mint. I run it on my 2012 Mac mini and it was pretty easy to get set up. There is also plenty of help on line if you get stuck
Click to expand...
Thanks for the reply, but I'd like to stay in the Apple ecosystem if possible. I know Linux has made great strides in simplicity, but I'd prefer to choose the lesser of two evils and stay on Mac. Thanks for the reply, anyway.
 
deeveedee said:
@Sh3ldon IMac16,2? If so, the only root patches you need for Sequoia should be Wi-Fi. If I were you, I would create an Open Core EFI with OCLP 2.4.1, I'd modify the config.plist to disable injection and blocking of the Wi-Fi kexts, I'd change SIP (csr-active-config) to <00000000>) and then I would install macOS Sequoia.

You should be able to boot macOS Sequoia with this modified Open Core EFI, use the Mac connected to wired Ethernet without OCLP root patches.

If you don't know how to do any of that, this isn't the thread to discuss the steps. Start a new thread and ping me. We can experiment together, since I don't have your iMac to test.

EDIT: If you must have Wi-Fi, I think you know my opinion.
Click to expand...
Thanks @deeveedee for the reply. I'm not a tech expert, but thanks to Mr. Macintosh's videos, I was able to install Sequoia on my late 2015 iMac, which supports up to Monterey. I don't use Wi-Fi, so I'm connected to the network via Ethernet. But I was able to do it because the OCLP installer did everything without requiring any special modifications: I made the USB stick according to the instructions, and everything went smoothly. I have 24GB of RAM, and Sequoia works well, but most importantly, it lets me use updated Safari. I'd have a hard time switching to Firefox or Chrome, but if there were no alternative, I'd adapt.

Screenshot 2026-03-24 alle 17.43.44.png


I am running on Sequoia 15.7.4.

Thanks!

Ah, I forgot: I have 1TB SSD inside that works very well and I have NordVPN Threat Protection Pro to protect the Mac.
 
Last edited:
One last thing: I could use my iPhone, which runs iOS 26, for online banking, but I find the process quite cumbersome. I find it easier to type on the physical keyboard than on the iPhone's. Sorry if I've gone off topic with these questions; if so, please move these posts to a more appropriate location.
 
@Sh3ldon I think I misunderstood your request. My instructions were intended to preserve the macOS security that can be compromised with a default OCLP install. Your procedure introduces the security issues that I thought you wanted to avoid.

Glad it's working the way you want it to.

If you want to discuss more specifics of your Mac, I suggest that you create a new thread that doesn't go off-topic here.
 
  • Like
Reactions: Sh3ldon
deeveedee said:
@Sh3ldon I think I misunderstood your request. My instructions were intended to preserve the macOS security that can be compromised with a default OCLP install. Your procedure introduces the security issues that I thought you wanted to avoid.

Glad it's working the way you want it to.

If you want to discuss more specifics of your Mac, I suggest that you create a new thread that doesn't go off-topic here.
Click to expand...
If You and other People agree (and the moderators too) we should continue in this thread I've already opened.
 
Anthropic's latest AI has identified zero-day vulnerabilities in major operating systems. OCLP root patches enable modern macOS support on legacy Macs by injecting old frameworks from previously-released macOS operating systems into the new macOS versions. These OCLP root patches extracted from old macOS versions are no longer being updated by Apple. This means that security vulnerabilities from the old versions of macOS may now exist in OCLP-patched versions of macOS.
 
  • Like
  • Wow
Reactions: MacHeritage, BradleyinDC and jbn858273
deeveedee said:
Anthropic's latest AI has identified zero-day vulnerabilities in major operating systems. OCLP root patches enable modern macOS support on legacy Macs by injecting old frameworks from previously-released macOS operating systems into the new macOS versions. These OCLP root patches extracted from old macOS versions are no longer being updated by Apple. This means that security vulnerabilities from the old versions of macOS may now exist in OCLP-patched versions of macOS.
Click to expand...
"AI" aiding bad actors to find attack surfaces.
How utterly predictable. We discussed this here just a few months back.
 
  • Like
Reactions: MacHeritage
Intersting read, especiall the "SIP Bypass" section:

hacktricks.wiki

macOS SIP - HackTricks

Learn & practice AWS Hacking: HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)...
hacktricks.wiki hacktricks.wiki

Might be a good idea to disable IPv6 and only use IPv4 to have NAT as a barrier between you and the rest of the world.
 
  • Like
Reactions: BillyJoeJimBob and jbn858273
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back