OCLP documentation acknowledges that System Integrity Protection is lowered on most Macs (actually I think it's basically all Macs on Sonoma): https://dortania.github.io/OpenCore-Legacy-Patcher/POST-INSTALL.html#enabling-sip however it doesn't explain the implications.
1) ALLOW_UNAUTHENTICATED_ROOT disables cryptographic verification of file reads from the root volume, making it easier for malware to keep persistent access over the system.
2) ALLOW_UNTRUSTED_KEXTS allows loading kernel extensions not signed by Apple or verified developers, which facilitates stealth rootkits and broad system modifications (for example hiding the audio/video recording privacy indicator).
3) ALLOW_UNRESTRICTED_FS remember the popup asking you to grant access to photos, documents, contacts and so on? Completely gone. Apps can access, unrestricted, any file and document. Accidentally install a malicious app, or a benign app that's exploited and all your files can be stolen.
While for many people being able to run the latest software it's a big deal, I think developers should more clearly communicate that OCLP, while great, cannot be relied on for security.
[link] [comments]
Post a Comment