Hacker News new | ask | show | jobs
by Gigachad 1096 days ago
I'm not sure if the MacOS codebase gets as much review as Linux, but what makes MacOS more secure is that they utilize multiple layers of security. Finding a bug in a single component is often not enough. Which is why even after countless bugs found in macos and ios, we never see things like the secure enclave and encryption keys compromised, because they are layered out and unaffected by bugs in the OS.

We are at the point where being bug free is impossible and patching after discovery is not good enough. Secure designs must protect against undiscovered bugs.
2 comments
saagarjha 1096 days ago
The Secure Enclave has been compromised in the past: https://raw.githubusercontent.com/windknown/presentations/ma...
link
smoldesu 1096 days ago
You could custom-build a special version of MacOS that runs entirely in userspace, but unfortunately it would never be as secure as a properly-configured Linux system. The default on MacOS is a venerable effort, and a powerful standard to enforce across an entire line of devices. Apple does not give the user enough control to protect them against Apple themselves, though.

There are certainly security and convenience scenarios where MacOS is hard to beat, but no trust-based system can ever be the final say in security.

link