Root Persistence via macOS Recovery Mode Safari
yaseeng
22 points
15 comments
April 06, 2026
Related Discussions
Found 5 related stories in 49.9ms across 3,752 title embeddings via pgvector HNSW
- Recover Apple Keychain speckx · 77 pts · March 30, 2026 · 50% similar
- Apple's intentional crippling of Mobile Safari xd1936 · 169 pts · March 22, 2026 · 49% similar
- Remotely unlocking an encrypted hard disk janandonly · 112 pts · March 05, 2026 · 47% similar
- Tailscale's new macOS home tosh · 401 pts · April 02, 2026 · 45% similar
- Make macOS consistently bad unironically speckx · 357 pts · March 27, 2026 · 45% similar
Discussion Highlights (2 comments)
AshamedCaptain
You boot an operating system on the machine, you have access to all unencrypted files, what is so strange about this ? You can do the same thing with Terminal. And smells of GenAI...
yaseeng
For context: I submitted this to Apple in September 2025 and waited 6 months before publishing. Apple closed both reports citing FileVault as a mitigation, which is technically accurate but FileVault is opt-in and many people disable it during setup without understanding what it does (myself included when I got my MacBook in 2020). My personal view is that the behavior significantly reduces the effort required to persist data on an unencrypted system compared to for example side-loading Linux. Regardless, Tahoe 26.3 (It might have been patched before, I didn't check) appears to have silently patched both issues.