User profile for user: AppleSupportDisplayName
AppleSupportDisplayName Author
User level: Level 1
16 points

Security Issues in Mac Settings: IMTransferAgent in iCloud & sshd-keygen-wrapper in Full Disk Access

Hi there, wondering if anyone can help.


I recently reformatted my Mac wanting to start a fresh install of Big Sur after getting the new 12 Pro Max. I chose the internet recovery after erasing the volume on my fusion disk.


After install, I meticulously configured every setting and came across the most bizarre entry in Settings > Security & Privacy > Privacy > Full Disk Access > sshd-keygen-wrapper — it has the black (exec) icon. Limited Google results, but apparently a known vulnerability. Forums say when a Mac first receives a remote connection it grants full disk access by default then adds this entry there. If entry is NOT there, the default behavior will happen again (full root-level access). I‘ve never used or given remote machine access to anyone. Since I literally just reformatted I assumed this entry came from Apple as part of the Big Sur release to defend against any threats. How could it not?? I literally reformatted and had been logged in for about 40 seconds (run to the firewall settings after setup completes to enable since it defaults OFF (why Apple, why??)). Anyways, continued weird glitches (like Chinese keyboard in my backups — a discussion for another thread) the point is now, I’m not so sure this is a default entry...


Question 1. Anyone that may have installed a fresh copy of Big Sur ... did this appear on your settings too??


That was ~3 wks ago.


Today I was checking > Settings > iCloud > Options (button inside the “Apps on this Mac using iCloud) and noticed the most bizarre entry here: IMTransferAgent. It has a weird system icon (looks like graph paper). I’ve had Big Sur installed for a little bit now (since released). The only thing different is that I setup my Apple Watch (5) a couple days ago. I’ve had my watch for a while but removed from my iCloud & let it go dead for 3 months when I realized it was hacked late 2018 (discussion for another thread). Googling pulls up a few discussions but none in line with this situation.


Question 2. Anyone else out there see this pop up in their iCloud settings?


This whole experience has left me exhausted, (rightfully) untrusting of ALL Apple products and paranoid. Hoping to find resolve.


Sincerest thanks in advance.

iMac 27″, macOS 11.1

Posted on Jan 5, 2021 5:24 AM

Reply

Similar questions

1 reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Security Issues in Mac Settings: IMTransferAgent in iCloud & sshd-keygen-wrapper in Full Disk Access

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up