Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Scott_2718

macrumors newbie
Original poster
May 19, 2020
6
2
Hi all,
Is it too paranoid to think I should reinstall Mac OS on my new mini M2? I guess it comes down to which I trust more, Apple's servers to download the installer, or the factory in Maylasia. The factory seems like more of a black-box to me.
 

jdb8167

macrumors 601
Nov 17, 2008
4,820
4,542
Hi all,
Is it too paranoid to think I should reinstall Mac OS on my new mini M2? I guess it comes down to which I trust more, Apple's servers to download the installer, or the factory in Maylasia. The factory seems like more of a black-box to me.
Since the OS is in a signed and sealed volume only Apple can modify it and have it load through the secure boot loader. If you don’t trust Apple, what good would it do install another Apple OS?
 

HDFan

Contributor
Jun 30, 2007
7,175
3,222
Since the OS is in a signed and sealed volume only Apple can modify it. If you don’t trust Apple, what good would it do install another Apple OS?

As above. Not needed since the OS volume is signed.

 

russell_314

macrumors 603
Feb 10, 2019
6,397
9,766
USA
Hi all,
Is it too paranoid to think I should reinstall Mac OS on my new mini M2? I guess it comes down to which I trust more, Apple's servers to download the installer, or the factory in Maylasia. The factory seems like more of a black-box to me.

Unless you're a high-value target, I wouldn't worry about it. I've never done this and I keep pretty much most of my personal information on my Mac.

Basically, if you haven't done anything to get the attention of a nation state you're fine. If you think you're a high-value target, then reinstalling the OS wouldn't be helpful. You would need to buy a Mac where you can be sure it wasn't specifically meant for you as in not buying it online, but just walking into a random Apple store and picking one out.
 
  • Like
Reactions: R3k

chabig

macrumors G4
Sep 6, 2002
11,385
9,094
Basically, if you haven't done anything to get the attention of a nation state you're fine. If you think you're a high-value target, then reinstalling the OS wouldn't be helpful. You would need to buy a Mac where you can be sure it wasn't specifically meant for you as in not buying it online, but just walking into a random Apple store and picking one out.
It wouldn't matter either way. The operating system on every M-series Macs is identical, bit for bit. If even a single bit differs from the standard installation the machine won't boot.
 

NastyNatex

macrumors member
Sep 24, 2018
59
83
All the information about Apple Security can be found here. Including OS.



EDIT: Also this is what you're looking for.

 
  • Like
Reactions: jdb8167 and chabig

russell_314

macrumors 603
Feb 10, 2019
6,397
9,766
USA
It wouldn't matter either way. The operating system on every M-series Macs is identical, bit for bit. If even a single bit differs from the standard installation the machine won't boot.
I was talking more about hardware modifications. Of course, this is not very common and would only apply to someone being extremely high-value target. It's been done before, but I can't say if that was on a Mac. I would say it's possible but again you have to have the target because it's not worth spending probably hundreds of thousands of dollars on just anyone
 

bogdanw

macrumors 603
Mar 10, 2009
5,972
2,914
Not an unreasonable concern in the time of increased supply-chain attacks.
"New type of supply-chain attack hit Apple, Microsoft and 33 other companies"
https://arstechnica.com/information...d-apple-and-microsoft-is-attracting-copycats/
"Ransomware gang tries to extort Apple hours ahead of Spring Loaded event"
https://therecord.media/ransomware-gang-tries-to-extort-apple-hours-ahead-of-spring-loaded-event
"The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies...The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple"
https://www.bloomberg.com/news/feat...ny-chip-to-infiltrate-america-s-top-companies
 

AlixSPQR

macrumors 65816
Nov 16, 2020
1,046
5,407
Sweden
The latest macOS updates patches a security hole, which would've been present regardless if the former macOS version was preinstalled or not. So, if security is everything, never trust the macOS in itself. There will be new security holes.

IOSurfaceAccelerator
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-28206: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
Source.
 

kitKAC

macrumors 6502a
Feb 26, 2022
835
800
The latest macOS updates patches a security hole, which would've been present regardless if the former macOS version was preinstalled or not. So, if security is everything, never trust the macOS in itself. There will be new security holes.


Source.

You can update macOS as soon as you get to the Desktop without opening a browser or installing an app that might expose you.
 

AlixSPQR

macrumors 65816
Nov 16, 2020
1,046
5,407
Sweden
You can update macOS as soon as you get to the Desktop without opening a browser or installing an app that might expose you.
Yes, but that doesn’t protect me from unknown security holes. They are patched much later, if ever known to Apple. Some organisations help Apple to discover them. As the latest. Some probably don’t and use them in targeted attacks instead. Just remember that macOS or any other OS never is secure in the strictest sense.
 

jdb8167

macrumors 601
Nov 17, 2008
4,820
4,542
Yes, but that doesn’t protect me from unknown security holes. They are patched much later, if ever known to Apple. Some organisations help Apple to discover them. As the latest. Some probably don’t and use them in targeted attacks instead. Just remember that macOS or any other OS never is secure in the strictest sense.
What does this have to do with the decision to reinstall MacOS on a new device?
 
  • Like
Reactions: fisherking

fisherking

macrumors G4
Jul 16, 2010
11,234
5,544
ny somewhere
i had a friend who (years ago) had 2 macbook pros; one connected online for email & websurfing ONLY, and the other, not ever connected to the internet, for all his actual work.

Yes, but that doesn’t protect me from unknown security holes. They are patched much later, if ever known to Apple. Some organisations help Apple to discover them. As the latest. Some probably don’t and use them in targeted attacks instead. Just remember that macOS or any other OS never is secure in the strictest sense.
you do realize that this is an endless war? that there is no one moment when the OS (or any OS) is now fully safe? so reinstalling the OS on a brand-new mac is simply an act of paranoia....
 

Fishrrman

macrumors Penryn
Feb 20, 2009
28,984
13,036
There's no point in "re-installing" the OS onto a brand-new Mac.

It does make sense to do an OS update if you wish. These days, I think the Mac will invite you to do that even before you run setup assistant...
 
  • Like
Reactions: jdb8167
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.