From 626bc7ff2ba5056524f81a69b0023fae87c0dbdb Mon Sep 17 00:00:00 2001 From: kimg45 <138676274+kimg45@users.noreply.github.com> Date: Sat, 10 Aug 2024 20:32:01 -0500 Subject: [PATCH] add kernel integrity protection --- content/posts/macos/macOS Security Overview.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/posts/macos/macOS Security Overview.md b/content/posts/macos/macOS Security Overview.md index 13c7d3f..c0bf592 100644 --- a/content/posts/macos/macOS Security Overview.md +++ b/content/posts/macos/macOS Security Overview.md @@ -67,7 +67,9 @@ Apple also issues revocations for notarization tickets, which these are detected ## System Integrity Protection -[SIP](https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/web) protects [system files](https://support.apple.com/en-us/102149) from being changed, even by the root user. Since it's protecting your base system files, you should **never** disable it even temporarily if you want the best security. +[SIP](https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/web) protects [system files](https://support.apple.com/en-us/102149) from being changed, even by the root user. Since it's protecting your base system files, you should **never** disable it even temporarily if you want the best security. + +On Apple Silicon Macs, it's combined with [Kernel Integrity Protection](https://support.apple.com/guide/security/operating-system-integrity-sec8b776536b/web#sec41bf3cd61) to protect kernel memory from being exploited. ## Secure Boot