Migration Assistant Security Issue
This security issue with Migration Assistant was sent to Apple.
I purchased a New MacBook Pro M2 max and started to transfer the data from my old Mac Pro using Migration Assistant. When I started the transfer, I received a warning or error message which stated I needed to turn off the firewall. I received this message on both computers. I tried several times to use Migration Assistant without turning off the firewall, but it simply would not work. I turned off both firewalls, the Migration Assistant started working, and it took about four hours to transfer the data.
Shortly after the Migration Assistant finished, I turned both firewalls back on, but it was too late. I use the wallet on the computer and iPhone. I had three credit and debit cards, including Apple Pay, in my wallet. I received a fraud notification on my iPhone alerting me that one of my debit cards had been used in San Francisco by DoorDash. The card was used three different times.
This message is to alert Apple of the security breach when using Migration Assistant. I hope Apple will take this message seriously so that other Apple customers do not suffer the same fraudulent action that occurred when I transferred data using Migration Assistant.
After receiving the fraud notification, I immediately changed my password. I hope this alert will help Apple reprogram the Migration Assistant so this does not happen to anyone else. I do not know to whom to send this information; if you could assist me with emails to the appropriate divisions in Apple, I would appreciate your assistance.
This is Apple's Response
We’re unable to identify a security issue in your report.
We reviewed your report, and we're unable to identify a security issue. If you have new information that you didn't include in your report, providing it now may allow us to review your report further.
A follow-up report was submitted to Apple
The security issue is that you must turn off your firewall to use Migration Assistant. During the time the firewall is off, your computer is very vulnerable to attack from hackers. There must be a way to use Migration Assistant to leave the firewall on. I am sure a large percentage of Apple users use wallet. Once they have access to your computer, all your credit and debit cards are vulnerable. I am in Colorado and also have my driver's license in my wallet. All of this information was stolen and used by the hackers. This is a very serious security breach by anyone using Migration Assistant to transfer data to their new computer.
My other question is, how did the hackers know I was using Migration Assistant to transfer data when my firewall was off?
Apple's response to the second report was the same as their first. Shouldn't Apple be more concerned with this issue?
MacBook Pro Apple Silicon 2023