macOS Activation Lock Vulnerability discovered
iCloud with Find My Mac offers the ability lock your Mac if it's lost or stolen, placing it into a state known as "Activation Lock". Activation lock should prevent a user from being able to access the device without first re-entering a pin or password as it is a lock screen before the computer boots. This isn't nearly as powerful as the iOS version due to the lack of persistent internet connections. A stolen Mac will likely not have an active internet connection. However, if the thief can log in to the Mac and sign into a wifi access point or connect to a known WiFi access point, they would then find the Mac forcible rebooting and locking itself, leaving the Mac in a protected state. This was discovered on reddit, although failed to gain much traction as the initial report required a bit of sleuthing to fully understand the problem and the discoverer was a bit frustrated after Apple dismissing the problem when they submitted a bug report.
It will even lock a user out of booting into recovery mode (it slightly differs on Apple silicon). However, you can bypass this on certain Macs, thus far only Intel Macs seem to be affected. The original discoverer reported using a MacBook Pro 2019 (specs unknown) and I confirmed it on a MacBook 2017.
It requires the following steps:
- Lock a Mac using iCloud's Find My (the Mac to have to Find My enabled and must connect to the internet after the lock has been initiated)
- Wait for the Mac to reboot the activation lock screen. Reboot the Mac into recovery mode by holding command + R.
- Reboot the Mac again. It will now get back to the login screen, defeating the Activation Lock.
I personally confirmed this on a MacBook 2017 (12 inch) multiple times, but was unable to replicate it on a MacBook Pro M1 Max. The affected Mac specs are as follows:
- MacBook 2017 - MacBook10.1 - Core i5 - 8 GB RAM -
- OS version: macOS 13.0 Ventura
- Firmware Version: 4126.96.36.199.0
- OS Loader Version: 564.40.4~27
- SMC Version: 2.42f13