Hacker Newsnew | past | comments | ask | show | jobs | submit | yaseeng's commentslogin

Completely agree on the encryption point. Apple controls the entire stack and could mandate FileVault encryption by default. The fact that it's opt-in is a weird decision that hasn't caught up with their security posture elsewhere.

On the Terminal point, its worth clarifying that Recovery Terminal does require mounting the data volume first, which typically prompts for an admin password. Safari bypassed that step entirely, which is what made it interesting.


Interesting point on the missing admin password, that does pose a slightly higher risk.

Though IIRC, at least the Intel Macbooks still support some kind of Target Disk Mode that should also bypass the admin password? I don't know if that requires an admin password but none of the guides I can find online state that it's required.


I come from an Arabic-speaking household so my English can be a bit funky sometimes, sorry. However I did use Claude to help format the CVSS tables and polish the grammar in the formal Apple submission (I was 17 submitting to a major company's security team for the first time). The research and findings however are entirely original.


This isn't "research", kid.


You're right that Terminal is accessible via Utilities, but Target Disk Mode and Terminal both require an admin password. Safari bypassed that authentication entirely, writing directly to protected system locations with no admin password


> Terminal both require an admin password

Not in my testing.


Actually this is a distinction worth clarifying, in Recovery Mode, Terminal does require mounting the data volume first, which typically prompts for an admin password. Safari bypassed this entirely, writing directly to protected system locations without any authentication. Furthermore, no GenAI was used in writing the article I come from an Egyptian Speaking background so my English may be a bit funky, sorry :)


> in Recovery Mode, Terminal does require mounting the data volume first, which typically prompts for an admin password.

This is not my experience. The Data volume mounts automatically, and there's no password prompt.


I concur, that is the normal behavior without FDE. But besides, you can still use the Terminal of _any_ other bootable OS X disk, not just the recovery itself. With FDE, neither of this will work.


For context: I submitted this to Apple in September 2025 and waited 6 months before publishing. Apple closed both reports citing FileVault as a mitigation, which is technically accurate but FileVault is opt-in and many people disable it during setup without understanding what it does (myself included when I got my MacBook in 2020). My personal view is that the behavior significantly reduces the effort required to persist data on an unencrypted system compared to for example side-loading Linux. Regardless, Tahoe 26.3 (It might have been patched before, I didn't check) appears to have silently patched both issues.


> which is technically accurate but FileVault is opt-in

It's been on by default since around circa 2013.

Also, Filevault is on top of the encryption provided by secure enclave

> many people disable it during setup without understanding what it does

Citation required. Most people don't disable things on their computer when they "don't understand what it does."

> myself included when I got my MacBook in 2020

That's an anecdote, not evidence of a trend in a population.

> Tahoe 26.3 (It might have been patched before, I didn't check) appears to have silently patched both issues.

Gotta love a clickbait title designed to make people panic....about a minor fixed two months ago


> It's been on by default since around circa 2013

Wrong. It's not on by default.

https://apple.stackexchange.com/questions/324805/do-apple-la...


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: