How do I report a likely attack that the MacOS did not identify?
I am reasonably certain my computer was attacked at 5:22 pm this evening by something/someone who went undetected by the Mac OS and that left no traces that any of the detection software can find. I only stumbled across the traces in the
> private > tmp directory.
com.apple.launchd.br0keRd392
com.apple.launchd.UMIc0zXsF5
If your MacBook supports it be aware that Apple has announced that macOS Ventura, as well as the new version of iOS and iPadOS will have a new security feature called “Lockdown” which is specifically designed to help users like yourself that may be targeted by state actors.
If your MacBook supports it be aware that Apple has announced that macOS Ventura, as well as the new version of iOS and iPadOS will have a new security feature called “Lockdown” which is specifically designed to help users like yourself that may be targeted by state actors.
Apple has no way to actively protect your individual Mac from "hackers" other than the built-in security measures already in place in the OS.
If you feel you are under "attack", you need to change all your passwords (to strong ones), be judicious about what sites you visit, heed security warnings, keep your OS up-to-date and generally just be careful.
There are no Mac viruses in the wild but malware is a concern. MalwareBytes and DetectX Swift can detect such threats and usually remove them. Again, malware usually is installed as a result of user actions of various kinds.
I am not seeking individual help. For reasons I won’t detail here I have in the past been the target of Russian State attacks and by others. There are reasons for that. so I am watchful for attacks. I use a number of strategies both to prevent attacks, and to detect them. And for several years I have seen none.
What I asked was not for help for myself but rather if there is any way to highlight potential attacks that bypass Apple’s securities built into the Macs for them to be aware of generally.
This apparent attack occurred entirely silently. It only showed up because it left traces behind.
Those traces do not have the hallmarks of state actors that I have seen in the past. They have the hallmarks of black hat hackers.
If you feel you are dealing with a Russian state attack, you need to report this to some US government agency, not discuss it on an Internet forum. That of course assumes you're in the USA.
If you're in Russia, all bets are off.
Good luck.
Please actually read the post in full. I am not reporting a Russian (or any other) State attack. I commented that I have in the past had such attacks both at work and at home. ALL of those were reported.
This is not that. This is something else. And again, I cannot fully tell what this is. My question is whether there is any way to reach Apple to report such things.
And the answer I fear is - NO, there is not.
As with nearly all corporations and government entities these days, they have been so bombarded in the age of social media and bot attacks that they have all but ceased listening to or taking actual input from human beings.
This forum is perhaps an example. Apple is not here. They are not aiding their user base. Instead random users reply to the best of their very meager and limited abilities. Some have deeper knowledge from decades of experience. Most have little experience.
Worse, in the past 20 years we have seen and gone through a seismic change in how people communicate. Where decades ago we had conversations. Today the dominant mode is to throw thoughts to the wind with no real expectation of reply. Over a century ago it was common to have paragraph long sentences with extremely complex structures to convey ideas. Today, if a sentence is more than 10 words long it is ignored. It it has many multi syllable words it is ignored. If it is technical is is ignored. tl/dr is common. A decade or two ago that was - 'talk to the hand, the brain is not listening'.
My note and question is an example. It is phrased in the simplest possible language. And it has already been misread twice. Please read the full thoughts in context.
This is a true and useful comment. Apple is taking such attacks seriously. I look forward to Ventura for this and other reasons.
Sadly, the security chip Apple designed has a permanent non-repairable, non-protectable security flaw.
I am hoping that in some future production they overcome that. I will upgrade when those products are available.
In the meantime, other methods are needed to monitor and protect things. And for truly sensitive use, it must either be on an air gapped system, or using a different computer likely using Linux or BSD.
If you are going to try and tell us that Linux is more secure then this discussion is over. And of course the very core of macOS is BSD. The chip flaw you speak of requires physical access to the device. You should know that. And if this is what you think of Apple's security then why are you using its products?
Apple security is about as good as it gets - barring some very specialized products the public does not generally have access to. Yes, I realize that it requires physical access for the chip attack. Though for certain attackers (State actors mostly) that is not as secure as it may seem.
I should have been more specific, as I did blur two ideas together. The chip flaw and security in general. And I did err in suggesting linux. My thought was to go to some 'other' OS with the attacker not knowing what the target system is (etc...).
All OSes have vulnerabilities VMS had about the best security with 32 levels of access restriction. But VMS is all but gone.
The major protection from online attacks is to shift to air gapped and physically secured equipment which is encrypted.
And of course NEVER use a USB device of any kind that you are not absolutely certain is safe. Any USB device can declare itself silently to be any other kind of device and do all sorts of nefarious things.
lkrupp wrote:
If you are going to try and tell us that Linux is more secure then this discussion is over.
It all depends on a person's threat model honestly. Despite Apple's use of a Signed System Volume, encrypted storage protected by the Secure Enclave, and other features, Asahi Linux could be considered safer since it is built on free and open source code - something that can't secretly be backdoored by the devs, unlike macOS or Windows.
Hi Serenitat,
You might be able to file feedback to Apple using Feedback Assistant, located in /System/Library/CoreServices/Applications. This app is available both on production and beta versions of macOS.
"And the answer I fear is - NO, there is not."
And that, unfortunately, is correct. There is simply no way for a single end user to report suspicious intrusions.
How do I report a likely attack that the MacOS did not identify?
