One week of rough wave continuation.
The latest MacOS "Big Sur" released on the 13th.The first week was rattling."Download stops on the way", "app slows down", "apps do not open", "Apple pay died", "cannot be used MAP", "processing to the OS before it has nothing to do" is caused by complaints.As I was investigating, I knew that there was a security problem, so Apple was busy with the response.
Please give me a digest of the first week of launch.
① Download endlessly
Apple's server goes down on the first day of launch.A phenomenon that does not end downloading, and a phenomenon that cannot be done at all occurs frequently in various places.After Apple announced that he had "solved the problem," the disability continued, and even those who repeated 12 trys and errors.
② Black out screen
Instead of the installation of the installation forever, the person who did not end the weekend, this time, the person who "cannot get out of the black screen" appeared in the Macrumors Forum, Reddit, and Apple Support Community.The target is MacBook Pro from the second half of 2013 to the first half of 2014, and the new one is the 2015 model and the 27 -inch 2019 model Mac.The Apple logo and progress bar are displayed, but just staring at a bar that doesn't work for hours.When it is forcibly terminated, you will not be able to restart or reset, and you will not be able to enter USB recovery, NVRAM and SMC reset, safe mode, Internet recovery?
③ Bunkinization
It was lucky to try it several times and recover, and some machines were bricked as they were.
④ Not a Big SUR Delays to start up an OS application
For some reason, the damage was spread to those who did not become a pillar and had been suspended, and the OS Mac before the BIG SUR had a slow start of launching the application.
⑤ App launch history is sent to Apple...?
What is the cause?While investigating, the essay was written by security researcher Jeffrey Paul, "Your Computer Isn't Yours."In Japan, he said, "It's been a day when Stallman has finally predicted his PC."
Apple verifies the reliability of the app on the digital authentication system of "Online Certificate Status Protocol (OCSP)" when the application is started.What Paul is concerned about is that "Information on when and where and how many apps they use" will be sent to the Apple server at this time.If you feel like that, you can see all -you -can -eat Apple, and the OCSP authentication request can be sent to the outside, so the destination is a CDN AKAMAI, so you can get to the country ...Above, there is a problem.
Even when starting up a non -genuine app, the hash value indicating the developer of the app from the Mac is Apple's OCSP dedicated server (OSCP).Apple.COM) is sent and authenticated to be a suspicious app.If the server is overloaded on the first day of the Big Sur release, it will not be possible, and will have an effect on other OSs.Paul also reminds me, but this seems to be a problem that was the previous MacOS.
⑥ Firewall or VPN does not work for the Apple application
However, Catalina and Mojave could block usage history with firewalls and VPNs, but in Big Sur, this block is no longer working with Apple genuine apps.So isn't this a problem?At the stage of the beta version, another expert also had a tweet, and JAMF's Security Researcher Patrick Wardle reported to Apple.
If you think that if you make this much noise, it will be corrected in advance ~ If everyone thinks it will be released without patches, so it will be difficult.In this situation, there is a widespread concern that malicious hackers can put malware with genuine apps as a breakthrough.It's better to think that no one knows anymore because Wardle has released the demonstration results on Twitter.Even in MCAFEE, it is written in bold letters that "MacOS Big Sur does not work with fire walls" (I read it now to apply to the Big Sur compatible version ...).
Apple's explanation
In response to criticism, Apple announced a comment on the iPhone in Canada, revised the help of the help of "Opening an app on a Mac" and added a "privacy protection."Since it has not been up in the Japanese version yet, I will translate it from the English version.
In the next year, a new encryption technology will be introduced in the developer ID authentication, and the server disorder prevention measures will be strengthened, and opt -out will be prepared.By the way, this Gatekeeper is the above OCSP digital authentication.
Regarding the cause of server down and low -speed app starting, "the server -side setting error makes it impossible to cache OCSP listening for MacOS developer ID."As expected, Apple is privacy.Both iOS 14 and BIG SUR are promoted and promoted, so it's dignified.Yes, the vulnerability exchange is attached to the new OS launch.Don't worry.If you are uneasy, leave it until the patch comes out.I want to tighten it refreshingly, but I wonder if it's such a story.
