Since that’t the case I fail to see how this is a large vulnerability. The article doesn’t seem to address this point (possible I just missed this).
Employers usually allow this or don’t explicitly forbid it, and most employees aren’t exactly security conscious or willing to sacrifice convenience. So it’s not that shocking to me, but it is weird that there isn’t more education or rules around it.
I can't remember last time I even heard about a malware in someone else's Windows machine, let alone my Windows machine. I don't know what you mean by debugging installers.
Sounds like an outdated opinion. Just like those "lol PHP bad" regurgitations and linking outdated articles about it.
Also most Windows software is just taken off the web and installed with administrator privileges. Sure, there are package managers. In practice, they're rarely used on Windows.
From a technical standpoint, Windows isn't "that bad" at allowing malware. From a culture standpoint, almost nothing has changed since the 90s. Linux and Mac have a different culture.
They gutted the OS so much that users start disabling security features.
And don't get me started with atrocious window manager from macOS. Took a decade to improve it slightly. Still far away from some Linux DE and Windows. I don't enjoy having to buy apps to fix macOS. There are some open source tools for some things but for others it's cost effective to just buy.
> If your Mac asks whether to require Mac login to access your iPhone, choose Ask Every Time or Authenticate Automatically. You can change this later in iPhone Mirroring settings on your Mac.
Seems its an app setting to have this protected or not ?
-- Your iPhone and Mac are signed in to the same Apple Account using two-factor authentication.
You must be signed in to the same iCloud account on a personal device and a work device in order to use a feature? Operational security isn't worth the hassle: most people will just do whatever it takes to do the thing. And when they are finished, it's not as if they are likely to sign back out on either device.
My life is simple enough that I just dupe the occasional MTWTF personal events as "reserved blocks" onto my work calendar, and maintain my off-hours and SS personal calendar separately.
Oh well. Gotta draw the line somewhere I guess.
Yet not a single concern about tethering an iPhone (with an external connection) to a PC on the company's internal network, bypassing all firewalls, proxies, and other protections. That is grounds for immediate dismissal at some places.
I expect security people to think more like network engineers and less like teenagers gossiping in the canteen.
Also, there are two orthogonal concerns at play here: Companies generally don't want personal devices (at least those not covered by MDM) to hold company data, but companies also might not want to inadvertently hold personal data of their employees.
https://support.apple.com/en-us/120421
Under iPhone Mirroring system requirements
Your iPhone and Mac are signed in to the same Apple Account using two-factor authentication.
Your iPhone and Mac have Bluetooth and Wi-Fi turned on.
Your iPhone is not sharing its cellular connection (Personal Hotspot is not in use).
Your Mac is not sharing its internet connection or using AirPlay or Sidecar.
Lots of people who are entitled to a corporate smartphone also have a single phone with two sims for work/personal, because of the same reasons: cheaper, more convenient, large data plans on corporate device. These devices are MDM enrolled and the company will at least check what apps are installed.
I've been wondering if there is a way for iOS authenticator apps to opt out of mirroring, but haven't found anything so far.
Now if you loaded a crypto wallet on your work device, that would be another story..
Because then there's no slippery slope and you're making a conscious choice. A lot of people lead really boring lives and just want the convenience of using their personal e-mail on the work device. Their employer knowing that the kids need to be picked up from soccer at 6 is a non-issue.
Obviously, if you do have things it's important that your employer/police/government/etc. not know, then don't, a million times.
But if you don't care, then let people make that choice.
That's great and fine, until anything non-trivial in your life happens. Illness, relationship drama, recruiter conversation, off-hand low-context remarks to/from friends...
The corporate suckware hoovers up the data, and a) exposes you professionally to the company's whims of self-protection, and b) exposes the company legally to your personal imperfections.
Don't cross the streams. It would be bad.
It's best to completely remove that avenue / temptation anyway, IMO. You can handle personal stuff on your phone. Logging in your work PC is asking for trouble.
We have crowdstrike falcon at work, and I would love to know what they are monitoring.
[0] https://www.karltarvas.com/macos-app-sandboxing-via-sandbox-...
Just dumb to mix personal and work - computers are no longer exotic.