Apple @ Work is brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that fully integrates 5 different applications on a single Apple-only platform, allowing Businesses and Schools to easily and automatically deploy, manage & protect all their Apple devices . Over 32,000 organizations leverage Mosyle solutions to automate the deployment, management and security of millions of Apple devices daily. Request a FREE account today and discover how you can put your Apple fleet on auto-pilot at a price point that is hard to believe.
If you watch any movie that involves hacking or cyber crime, you’ll likely see the root of the breach as a result of some accessory plugged into a computer. Apple certainly doesn’t want macOS to be at the center of a real-life breach, so accessory management is getting an overhaul in macOS Ventura. Let’s look at macOS accessory security, and how Apple is implementing it for its device management partners.
About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise-grade Wi-Fi, 100s of Macs, and 100s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments.
iOS and iPadOS have had strong accessory security for many years now. Even for a device that might rarely use an accessory, Apple included a strong security posture for accessories from the beginning. With macOS Ventura, the Mac is gaining a similar approach to security. If you’re running the betas of macOS Ventura, you’ve likely already seen the popup when you plug up your iPhone, a USB flash drive, or other accessories. This feature prevents USB and Thunderbolt devices from being connected without end-user approval.
The default behavior asks for new accessories, but Apple allows changing the default. Here are the four options you have for macOS accessory security:
- Ask for new accessories
- Ask every time (Most secure)
- Automatically connect when unlocked
- Always (Lease secure)
I’ll likely only have macOS ask for new accessories for my personal Mac. One thing I noticed during my testing is that after updating to the latest iOS 16 beta on my iPhone, macOS seemed to think it was a brand-new device. I am not sure if that’ll be the final behavior for the release version. I suspect that is likely a bug.
macOS admins will be pleased to note that they’ll have complete control over this setting for their fleets of Macs. The allowUSBRestrictedMode restriction that is currently available for iOS is being extended to support macOS with macOS 10.13
Summary on macOS Accessory Security
While my use of macOS accessories goes down by the year, it’s still essential for Apple to enhance the security around the use of them. The fact that it’s not as common of a use case as it might have been in years past is all the more reason to lock down the feature even more. I believe that most enterprises will default to “Ask every time.” I mainly use the ports on my Mac to either plug in an external monitor or charge my iPhone – neither of those allows macOS to allow a connection to the device. It reminds me of the times I’ve plugged up my iPhone to an airplane USB port to charge and get the pop-up to allow a connection. I don’t know why an airplane USB system would need access to my device, but the very fact that it would ask is why I am glad Apple is taking a proactive approach with macOS Accessory Security. macOS Ventura will be available as a free download later this fall.
FTC: We use income earning auto affiliate links. More.