Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
The security of pre-installed Mac OS - trust it, or reload it?
- Thread starter Scott_2718
- Start date
- Sort by reaction score
This article was a trash piece. It presented no evidence at all and is considered by the entire tech industry as completely false. It claimed that Chinese factories were installing a tiny spy chip on motherboards. Were that true, the Bloomberg "journalists" would have only had to produce one motherboard with such a chip, but they never did and nobody else ever found one either. Apple, the NSA, and others issued public statements refuting the story.
Last edited:
apologies, i either misread you or confused you with someone else (this will teach me not to drink early in the day)... 🤔
Debating classified incidents is pointless.
Apple has never and will never admint to any security incident.
Even when it’s clear that Apple users are being hacked, the text always says “may have been actively exploited”. Recent example https://support.apple.com/en-us/HT213721
Apple doesn’t even want to directly admit to concerns about supply chain atacks:
“December 2022
Support for this study was provided by Apple.
The conclusions and opinions expressed are exclusively those of the author.”
“Supply chain attacks allow bad actors to bypass the target organization’s security by targeting vendors, suppliers, and widely used software that often have weaker security protocols.”
“Due to the nature of supply chain attacks, even organizations with strong security are at risk of being breached, allowing bad actors to gain access to consumer data.”
https://www.apple.com/newsroom/pdfs/The-Rising-Threat-to-Consumer-Data-in-the-Cloud.pdf
Supply chain atacks are real, they are here to stay and Apple knows it’s a target.
PDF attached, just in case Apple decides to delete the link.
Comprehensive read. But interesting how fast articles like this are outdated. It includes the rosy picture regarding user vaults that was initially presented by LastPass following their data breach.
The problem with assuming the OS might have been compromised right out of the factory is that it would take sophisticated lower-level malware to do it secretely. And that's not the kind of stuff you can just get rid of by reinstalling the OS.
There already is proof-of-concept malware that installs itself into the firmware of Thunderbolt devices and can silently run code on the Mac it is plugged into. Reinstalling MacOS does not remove that, and there is no way to detect that this code is running either. In fact, your very own Mac could be running such code right now. Mine could. There is no simple feasible way for us to check.
There are actual chinese computer brands such as Xiaomi where I'd be way more worried - their pre-installed smartphone apps on their own devices are already known to phone home, to connect to servers that serve ads, and so on.
There already is proof-of-concept malware that installs itself into the firmware of Thunderbolt devices and can silently run code on the Mac it is plugged into. Reinstalling MacOS does not remove that, and there is no way to detect that this code is running either. In fact, your very own Mac could be running such code right now. Mine could. There is no simple feasible way for us to check.
There are actual chinese computer brands such as Xiaomi where I'd be way more worried - their pre-installed smartphone apps on their own devices are already known to phone home, to connect to servers that serve ads, and so on.
It’s about 100 times quicker than reinstalling Windows. Not sure what you mean.
no one is talking about how fast or slow a clean install is... but why it would be necessary on a brand-new mac.
I was responding to someone that said it's a waste of time. It's not. It's quite easy. As for your response, I totally agree with you.