Questions tagged [apple]
The apple tag has no summary.
62 questions
2votes
1answer
335views
Can a TLS MITM decrypt Apple Airdrop files?
I know that TLS MitM can get HTTP/S traffic decrypted when using certificates. I'm wondering if it has the ability to decrypt the Apple Airdrop protocol as well as it doesn't go through a server and ...
4votes
0answers
4kviews
Are there any risks sharing my phone's SEID number with the bank of my credit card?
I was not able to add a credit card to Apple Pay on an iPhone. The bank told me that they need the SEID number of the phone to resolve the issue. By a quick search on the Internet, I learned that the ...
- 141
1vote
0answers
489views
Create and bind to Metasploit reverse shell on Apple Sillicon system
I'm trying to create a persistence module for OSX systems but first I need to create a reverse shell that spawns and binds on the same computer over a LAN. I'm having trouble creating an executable ...
- 81
2votes
1answer
2kviews
Apple Mail versus GMail app content security
I am trying to determine if there is a benefit to using the GMail app over the built in iOS one when it comes to security. I know that both store data locally on the phone, but the question is whether ...
1vote
1answer
253views
How do nonce hashes prevent replay attacks on Apple Silicon?
Apple Silicon-based Macs have a LocalPolicy file that controls the secure boot process. To prevent replay attacks of the LocalPolicy, hashes of nonces are used. From here: The lpnh is used for anti-...
- 277
0votes
0answers
131views
Is it normal for Apple push notifications to use the IRC protocol?
Seeing traffic like this on my network and wondering if it’s normal to see IRC being used in macOS push notifications and if anyone has any idea what the apparently escaped code (based on all of the ...
- 153
1vote
1answer
4kviews
Does Apple’s Hide my Email feature really work?
I was wondering if when you use something like Apple's 'Hide my Email' functionality if there's some way for the organization to still recover the user's original email if the user is then asked to ...
- 113
1vote
0answers
138views
What are the ranges of values for DH parameter a and DH parameter b [closed]
I have discovered that Diffie Hellman(DH)shared key is unequal in Apple Numbers, Google Sheets, and Mac Excel (2008). In Section 1.0, the first try at a solution uses a small Prime to produce certain ...
0votes
0answers
142views
Is iCloud data protection only secured by device passcodes in the event of an Apple server side breach?
I'm trying to understand the security model of iCloud data protection, including the new advanced data protection which expands it to almost all iCloud data. When restoring on a new device, given that ...
1vote
0answers
83views
Apple Magic Keyboards in Public Spaces Man-in-the-middle
Let's imagine that I leave a Mac with wireless peripherals in a public space like a co-working space that might end up with other wireless devices nearby or physical access (say, at nighttime). My ...
0votes
1answer
6kviews
Im get hacked? Why my Iphone opened port 49152 [closed]
i dont understand why my iphone opened port 49152 apple said this port for dynamic i searched on google for several days but i found nothing about this i also factory reset for my iphone but this port ...
1vote
1answer
154views
Set-up Apple Passkey for private users
The demos I've seen for Passkey assume that any public user can register with a website. What about the situation where you want to set up a passkey for an admin user of a website? i.e. How does an ...
- 1,177
0votes
0answers
931views
Spoofed iMessage? Apple account breach? What are the possible ways this happened?
See the screenshot below. A friend asked me about this. Person #1 had a group text thread with Person #2 and Person #3. At the top, Person #2 sent a photo and a message. Person #3 replied. Then there ...
- 119
5votes
1answer
4kviews
AirTag may be trackable over Bluetooth when battery is low
My Apple AirTags are low on battery. At the bottom of the warning it tells me "When AirTag battery is low, privacy protections are temporarily adjusted and AirTag may be trackable over Bluetooth&...
- 1,154
1vote
1answer
531views
Prove Private Key came from Apple Secure Enclave
With TPM 2.0, it's possible to prove that the private key of an asymmetric key pair came from a TPM device (and thus is effectively inaccessible). Is this possible with Apple's Secure Enclave on macOS?...
- 113
