this post was submitted on 19 Sep 2024
84 points (96.7% liked)

Apple

17529 readers
55 users here now

Welcome

to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!

Rules:
  1. No NSFW Content
  2. No Hate Speech or Personal Attacks
  3. No Ads / Spamming
    Self promotion is only allowed in the pinned monthly thread

Lemmy Code of Conduct

Communities of Interest:

Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple

Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode

Community banner courtesy of u/Antsomnia.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] henfredemars@infosec.pub 16 points 2 months ago (4 children)

Is this safe?

Do I want to download my OS from someone nearby?

[–] hemmes@lemmy.world 27 points 2 months ago

Neither the MacTrast nor the original 9to5 article discusses the security behind Apple's iOS implementation. But we know all firmware packages are signed and I would imagine this would be no different, with the recovery partition OS performing a check of the signature.

[–] WolfLink@sh.itjust.works 19 points 2 months ago

I’m sure Apple over-engineered the security of this to prevent this from becoming a vector for jailbreaking.

As a nice side effect, I would trust it.

Plus the people you would get firmware from like this would be your family/friends/coworkers or maybe an Apple Store employee if you really don’t know anyone else with an iPhone.

[–] Telodzrum@lemmy.world 10 points 2 months ago

I assume it’s signed by Apple, so yes it’s safe. No, you don’t ever want to have to do this.

[–] Ptsf@lemmy.world 4 points 2 months ago* (last edited 2 months ago)

A pre-registered checksum will ensure that the downloaded file is what it says it is before running. So yes, it is safe. Unless you've found a collision in the checksum algorithm apple is using, although the chances are better that you'll squeeze water out of dry desert sand.

(Edit: To those thinking they'll rely on just code signing for this, you're likely way off base.)