mOSL: Bash script to audit and fix macOS High Sierra (10.13.x) security settings

Settings that can be audited/ fixed:

enable automatic updates
enable gatekeeper
enable firewall
enable admin password preferences
enable terminal secure entry
disable firewall builin software
disable firewall downloaded signed
disable ipv6
disable mail remote content
disable remote apple events
disable remote login
set airdrop contacts only
set appstore update check daily
check SIP
check kext loading consent
check EFI integrity
check filevault
check firmware password set


Apple: new/updated T2 chip and Secure Boot support articles

Re: and

the latter Apple support article on Secure Boot has been updated recently:

About Secure Boot

Mac computers that have the Apple T2 chip

Apple releases new systems with T2 chip and UEFI SecureBoot

Apple macOS 10.13.6: UEFI SecureBoot support for iMac Pro

Re: and

there is more info on Apple Secure Boot:

Apple: periodic reminder: set your firmware password


Howard Oakley: Hidden caches in macOS: where your private data gets stored

Some time ago, I proposed that macOS 10.14 should be named Gormenghast, to reflect its many concealed and neglected features. These can trip up its own security and the protection of privacy when an old system within macOS is quietly storing sensitive data in an unprotected location. A good example is the latest vulnerability in QuickLook (or Quick Look, as Apple uses both forms).  Here is a brief overview of some of the potentially sensitive information which macOS secretes away in unexpected places. If you’re concerned about protecting the security of your data, these should be places to watch; if you’re a forensic analyst, these are often rewarding places to look.[…]

Hidden caches in macOS: where your private data gets stored

ApfsSupportPkg – Open source apfs.efi loader based on reverse-engineered Apple’s ApsfJumpStart driver

Apple has a new file system, APFS. This causes Hackintosh people lots of grief. There are lots of Apple APFS binaries online, and now there’s this:

Implementation of AppleLoadImage protocol discoverd in ApfsJumpStart Apple driver. This protocol installs in CoreDxe Apple’s firmware. Gives ability to use native ApfsJumpStart driver from Apple firmware

cugu for awesome research according APFS structure
CupertinoNet and Download-Fritz for Apple EFI reverse-engineering
vit9696 for codereview and support in the development

On Intel not talking to OpenBSD about recent FPU vuln

Chip vendors controlling the security of OSes should be more transparent in their selection process. They should maintain a list of OSVs that they maintain embargoed fixes. Then uses could determine if they want to trust the OS or not, or try to lobby to try and get the ISA vendor to support their OS. Is the OS on the list, ok then they may have some chance at fixing things. If not on the list I expect to be vulnerable until the embargo ends. There are MANY more OSes than Microsoft Windows, Apple macOS, a limited number of Linux distros, and sometimes FreeBSD.

In some forums, Bryan Cantrill is crafting a fiction. He is saying the FPU problem (and other problems) were received as a leak. He is not being truthful, inventing a storyline, and has not asked me for the facts. This was discovered by guessing Intel made a mistake. We are doing the best for OpenBSD. Our commit is best effort for our user community when Intel didn’t reply to mails asking for us to be included. But we were not included, there was no reply. End of story. That leaves us to figure things out ourselves. Bryan is just upset we guessed right. It is called science.


Apple macOS 10.13.5 EFI update, CVE-2018-4251


DoNotDisturb: Detect Evil Maid Attacks