Excellent read this thread. Bottom line, if you value security and privacy you should be buying new hardware that is stilll in software support with Apple.
Once Apple stops supporting intel in the next year or two, this project will have nowhere else to go.
Great point. Excellent thread! Security is important a never ending battle.Excellent read this thread. Bottom line, if you value security and privacy you should be buying new hardware that is stilll in software support with Apple.
Once Apple stops supporting intel in the next year or two, this project will have nowhere else to go.
Very insightful info.@Subarctic5216 I'm not trying to be alarmist, but I want you to understand the worst-case scenario, so that you can act according to your own risk tolerance and security posture...
Apple has wisely implemented multiple layers of security in macOS. These layers include SIP, a sealed APFS Volume and SecureBoot. Even Apple knows that it is foolish to rely on a single security measure, because software and hardware inevitably have flaws that can be exploited.
In order for OCLP to work its magic, it must defeat/disable these security measures to permit unauthorized frameworks and kernel extensions to be injected into macOS (e.g., graphics extensions and Wi-Fi frameworks). With this compromised security, your Mac may be more vulnerable to exploits introduced by websites that you visit, software that you download and USB thumb drives that you insert - even if you are on your home network.
Only you know how careful you are to avoid these potential exploits and only you know what additional measures you take to ensure the security of your Mac. But no matter how careful you are to recognize the phishing e-mail that you receive, if you fall into a trap only once with inadequate security protections, you could inadvertently allow a hacker to exploit a security vulnerability. Use your judgment to determine how much personal / private information you store on an OCLP-patched MAC, what websites you visit with an OCLP-patched Mac and what secure / private credentials you employ on an OCLP-patched MAC -- regardless of whether the OCLP-patched Mac is on your home network or a public Wi-Fi hotspot.
You should also be aware that, depending on the nature of the exploit, a PC or Mac on a private network can be used as a gateway for hackers to other PCs or Macs on that private network. Again, not to be alarmist, but to make sure you understand the worst-case scenario.
Since OCLP-patched Macs are not subject to any third-party security certifications (which are resource intensive and expensive), there is no way to know the extent to which an OCLP-patched Mac is vulnerable to hacker exploits. "It works, therefore it must be ok" is not a wise security assessment.
@Subarctic5216 I'm not trying to be alarmist, but I want you to understand the worst-case scenario, so that you can act according to your own risk tolerance and security posture...
You should also be aware that, depending on the nature of the exploit, a PC or Mac on a private network can be used as a gateway for hackers to other PCs or Macs on that private network. Again, not to be alarmist, but to make sure you understand the worst-case scenario.
Since OCLP-patched Macs are not subject to any third-party security certifications (which are resource intensive and expensive), there is no way to know the extent to which an OCLP-patched Mac is vulnerable to hacker exploits. "It works, therefore it must be ok" is not a wise security assessment.
Were you hacked as you were finishing your statement? 🤣The information you are putting up here is critically impotyttgj
If you don't care, then this thread isn't for you. The point of this thread is that OCLP documentation and in-app messaging does not even have any warnings. Prior to this thread, the documentation said "you're just as safe as with a fully-supported Mac." The documentation was revised as a result of a request in this thread. This thread isn't telling anyone not to use OCLP - it's just making sure that users understand what macOS security features are disabled/defeated by OCLP in order to enable unsupported versions of macOS.I have been reading through this thread and other threads over the internet and all I can find is warnings, The attacker could and could and could and no evedance that an attack has happened due to disabling SIP, I may be wrong but it seems that disabling SIP is not a big deal and not as dangerous as we are made to think.
As with all subjects it's all about your risk and your subjective evaluation of risk, which makes it very challenging to decide as people generally like a nice and clear 'yes or no' answer.I have been reading through this thread and other threads over the internet and all I can find is warnings, The attacker could and could and could and no evidence that an attack has happened due to disabling SIP, I may be wrong but it seems that disabling SIP is not a big deal and not as dangerous as we are made to think.
I think you need to cool the pace and be less aggressive defending you thoughts, also try to refer to other resources than your posts to make them trust worthy.If you don't care, then this thread isn't for you. The point of this thread is that OCLP documentation and in-app messaging does not even have any warnings. Prior to this thread, the documentation said "you're just as safe as with a fully-supported Mac." The documentation was revised as a result of a request in this thread. This thread isn't telling anyone not to use OCLP - it's just making sure that users understand what macOS security features are disabled/defeated by OCLP in order to enable unsupported versions of macOS.
Following your logic, there is no reason that Apple implemented SIP, sealed APFS volumes and Secure Boot. Also, to cherry-pick SIP and ignore the other disabled/defeated Apple security measures is a bit naive.
Read this.
Good point and well noted, thank you.One could keep one's door unlocked, too. Is it a safe practice simply because the person never reported a home invasion?
No offense taken. If I were stating opinions, then I would need other sources. Let me know which of the facts that I've stated are incorrect....try to refer to other resources than your posts to make them trust worthy.
No offense, best regards.
This thread is 5 months old. The points stated in the thread haven't changed. Please forgive me for the aggressive pace. I tend to get frustrated when users who haven't read the entire thread state their unfounded, unsubstantiated opinions to offer rebuttal to the facts stated here.I think you need to cool the pace and be less aggressive defending you thoughts
Based on what? While you "qualify" this statement later in your post with "Would I do it if I was in a job that someone might be targeting me for? No," it is not possible to make a blanket statement about the likelihood of a compromise without knowing the use case. ... and even then, it is not possible without extensive penetration/vulnerability testing.It's unlikely that using OCLP and the disabling of the additional security measures to allow that will on its own lead to the compromise of your Mac.
Exactly. The information presented here is only to inform and allow OCLP users to make informed decisions based on their risk tolerance and use cases.Would I do it if I was in a job that someone might be targeting me for? No - I would want a full secure stack ( and cost of hardware replacement to achieve that).
Disabling SIP is not dangerous.I may be wrong but it seems that disabling SIP is not a big deal and not as dangerous as we are made to think.
While tempting to make black and white statements about security, making blanket statements like this does not help and is probably what agitates the OCLP fans who feel compelled to defend OCLP and the Devs. In matters of security (especially where there are not tests/certifications by accredited entities), it is best to state the potential vulnerability and then for users to make informed decisions based on their risk tolerance and their use cases. OCLP has its place and can extend the useful life of Macs for many users whose use cases are not compromised by a combination of all or some of disabled SIP, disabled Secure Boot, broken APFS seal and injection of a modified Wi-Fi framework that is no longer updated by Apple.Disabling SIP is not dangerous.
Using OCLP is dangerous.
If you are implying that most of macOS AI features are exclusive to Apple-Silicon Macs, then I agree that OCLP-enabled Intel Macs are unlikely to have these new AI features. If you are realizing that AI makes even the most basic hacker a threat to vulnerable Macs and PCs ...Can we discuss OCLP in the age of "AI" (scare quotes as it is not really AI yet but mostly a plagiarism machine and copyright circumventor) might gradually produce new issues and further complicate a security strategy for end users.
Both I suppose. According to the Apple blurbs Apples take on AI will definitely require M1 or better and the iPhone remote features will require a T2. So there's that, but we will find out as we go what new vulnerabilities can emerge from all this. I would appreciate any comment on how AI could potentially be harnessed by low level hackers as I assume we are already there to some extent. It is way beyond my skillset to say anything about this, other than any exploit that could access the onboard AI in some way would probably be pretty bad.If you are implying that most of macOS AI features are exclusive to Apple-Silicon Macs, then I agree that OCLP-enabled Intel Macs are unlikely to have these new AI features. If you are realizing that AI makes even the most basic hacker a threat to vulnerable Macs and PCs ...
It all depends on what patches your Mac needs to run your desired version of macOS. For example, if your Mac doesn't need graphics and Wi-Fi patches for a particular version of macOS (so essentially, you only need the Open Core boot loader), then you may very well be able to run with SIP fully enabled in your OC config.plist.... after I installed OCLP I reenabled SIP. Everything seems to work for now.
From his writing style, Howard Oakley appears to be senile. Fools are those who trust his closed source apps, like SilentKnight, to manage their Macs security. Also fools are those who trust OCLP to set SIP to undocumented/depreciated values.this is Dr. Oakley's opinion:
'Frankly, anyone who turns SIP off and leaves it off (except for very specific and exceptional purposes, and I still can’t think of any for a user) is a fool and deserves everything that comes to them. It is one of macOS’s primary protections, not only against malware but against all sort of other issues which arise when system files get altered or corrupted.'
I think that says everything we need to know about your writing style.From his writing style, Howard Oakley appears to be senile.