Apple's new iPhone Mirroring feature in macOS Sequoia might seem like a convenient way to access your phone from your work computer, but security firm Sevco has uncovered a significant privacy risk that should make employees think twice before enabling this feature on company-owned Macs, at least for now.
According to a new blog post by Sevco, the core issue lies in how iPhone Mirroring interacts with macOS's file system and metadata. When activated, the feature creates "app stubs" for iOS applications in a specific directory on the Mac:
/Users//Library/Daemon Containers//Data/Library/Caches/
These app stubs contain metadata about the iOS apps, including icons, application names, dates, versions, and file descriptions. While they don't include the full executable code, they provide enough information for macOS to treat them as installed applications.
The problem arises because many enterprise security and IT management tools routinely scan Macs for installed software. These tools often use macOS's built-in metadata system, which now includes these iOS app stubs. As a result, personal iPhone apps can inadvertently appear in corporate software inventories.
Sevco demonstrated this issue using the macOS command line tool mdfind, which interfaces with the Spotlight search subsystem:
mdfind "kMDItemContentTypeTree == com.apple.application" | grep Daemon
When executed in a Terminal window that has been granted full disk access without setting up iPhone Mirroring, the command returns a normal list of macOS applications. But when executed in that same Terminal window after setting up iPhone Mirroring, it also returns personal iOS applications and metadata.
For employees, this means that apps they use privately could become visible to their employer's IT department without their knowledge or consent. This could potentially reveal sensitive personal information, such as dating apps, health-related apps, or VPNs used in countries with restricted internet access.
How to Use iPhone Mirroring in macOS Sequoia
Related Roundup: macOS Sequoia
Tag: macOS Security
Related Forum: macOS Sequoia
This article, "Here's Why You Shouldn't Use iPhone Mirroring on a Corporate Mac" first appeared on MacRumors.com
Discuss this article in our forums
https://www.macrumors.com/2024/10/09/do-not-use-iphone-mirroring-corporate-mac/