Apple OSes Are Insecure by Design to Aid Surveillance (2024)(sneak.berlin)

12 pointsby fsflover8 hours ago1 comment

barrowclift8 hours ago
This article is in fact from 2023, the only thing from 2024 was an update on 03-11 that confirms the detected issue was addressed in macOS 14.3.1 (and likely earlier versions).
- fsflover8 hours ago
  The update is exactly why I put 2024 to the title. Also, one issue got solved and many others remain unsolved.
  - montyanne6 hours ago
    The plaintext TSS/ECID and the plaintext OCSP issues have been fixed, which IMO were the only meaningful security gripes of the article.
    The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.