henfredemars@infosec.pub
on 19 Sep 2024 20:55
nextcollapse
Is this safe?
Do I want to download my OS from someone nearby?
Telodzrum@lemmy.world
on 19 Sep 2024 21:14
nextcollapse
I assume it’s signed by Apple, so yes it’s safe. No, you don’t ever want to have to do this.
Ptsf@lemmy.world
on 19 Sep 2024 21:15
nextcollapse
A pre-registered checksum will ensure that the downloaded file is what it says it is before running. So yes, it is safe. Unless you’ve found a collision in the checksum algorithm apple is using, although the chances are better that you’ll squeeze water out of dry desert sand.
(Edit: To those thinking they’ll rely on just code signing for this, you’re likely way off base.)
hemmes@lemmy.world
on 19 Sep 2024 21:16
nextcollapse
Neither the MacTrast nor the original 9to5 article discusses the security behind Apple’s iOS implementation. But we know all firmware packages are signed and I would imagine this would be no different, with the recovery partition OS performing a check of the signature.
WolfLink@sh.itjust.works
on 19 Sep 2024 21:35
collapse
I’m sure Apple over-engineered the security of this to prevent this from becoming a vector for jailbreaking.
As a nice side effect, I would trust it.
Plus the people you would get firmware from like this would be your family/friends/coworkers or maybe an Apple Store employee if you really don’t know anyone else with an iPhone.
reddig33@lemmy.world
on 19 Sep 2024 22:31
nextcollapse
That’s slick.
ozymandias117@lemmy.world
on 19 Sep 2024 22:46
nextcollapse
All the “portless iPhone” rumors have seemed unlikely because of DFU mode.
If they can now enter DFU wirelessly from the initial bootloader in silicon, they might actually be close to a portless iPhone
JaymesRS@literature.cafe
on 20 Sep 2024 02:00
collapse
I wonder if this development isn’t tied to the sealed box updates tool that rolled out earlier this year.
threaded - newest
Is this safe?
Do I want to download my OS from someone nearby?
I assume it’s signed by Apple, so yes it’s safe. No, you don’t ever want to have to do this.
A pre-registered checksum will ensure that the downloaded file is what it says it is before running. So yes, it is safe. Unless you’ve found a collision in the checksum algorithm apple is using, although the chances are better that you’ll squeeze water out of dry desert sand.
(Edit: To those thinking they’ll rely on just code signing for this, you’re likely way off base.)
Neither the MacTrast nor the original 9to5 article discusses the security behind Apple’s iOS implementation. But we know all firmware packages are signed and I would imagine this would be no different, with the recovery partition OS performing a check of the signature.
I’m sure Apple over-engineered the security of this to prevent this from becoming a vector for jailbreaking.
As a nice side effect, I would trust it.
Plus the people you would get firmware from like this would be your family/friends/coworkers or maybe an Apple Store employee if you really don’t know anyone else with an iPhone.
That’s slick.
All the “portless iPhone” rumors have seemed unlikely because of DFU mode.
If they can now enter DFU wirelessly from the initial bootloader in silicon, they might actually be close to a portless iPhone
I wonder if this development isn’t tied to the sealed box updates tool that rolled out earlier this year.