My concerns with my OCLP-patched Mac started
here ,
here,
here and
here after I started analyzing the nature of the root-patching to fix Broadcom Wi-Fi in Sonoma. Like most everyone else, prior to my Wi-Fi patching concerns, I was a huge OCLP/Dev cheerleader, advocate and supporter (including a donation). My concerns were not because I assumed that the Devs had malicious intent, but because software mistakes can be made and are likely. Without 3rd-party computer security verification and testing, there is no way to be assured of OCLP's (or any software's) data security. No way - I don't care what anyone says or how much you like the developer who created the solution for you.
Most of the biggest computer security exploits (ransomware, stolen identities, hacked e-mails...) are not because of intentional software hacks but because of software bugs that leave exploitable vulnerabilities. And if you watch the news, I don't have to tell you that there are plenty of malicious hackers who are eagerly looking to exploit those unintended vulnerabilities in your home PC or Mac. Even Apple has security-related bugs in their macOS releases, which is why they implemented RSRs (Rapid Security Responses) to provide quick security patches for macOS. If a company like Apple can make mistakes, then so can any software developer or development team. And depending on which Mac you own, if it's patched with OCLP, you can't receive Apple's RSRs - another security issue with OCLP.
At significant risk to relationships with Devs and MacRumors peers, I decided to voice my concerns. I appreciate the professional and courteous responses from Ball of Neon (an OCLP Dev)
here ,
here ,
here ,
here ,
here and
here.
Until the OCLP GUI supports selectively enabling/disabling Wi-Fi post install patches, I have posted one method that can be used to manually disable the Wi-Fi patches
here. *
NOTE: If you decide to allow OCLP to inject Wi-Fi post install patches, understand that you are accepting the following risks:
- Your Mac is rooted and you are allowing uncertified 3rd-party software (OCLP's patches) to be installed at the most sensitive layers of your macOS. If there are any software bugs in the root-patch, these bugs could expose your data, your private credentials and your digital identity to hackers.
- The OCLP post-install patches for Wi-Fi are derived/extracted from an older version of macOS where Broadcom Wi-Fi framework was still supported by Apple. This means that the older Wi-Fi framework being used to patch your modern macOS is "frozen in time" and is not receiving any Apple updates. There will be no attempt by Apple to maintain the security of the Wi-Fi framework, because it is no longer supported by Apple. If hackers discover a security vulnerability in the Wi-Fi Framework, Apple will not be fixing it.
- If a vulnerability is discovered by OCLP Devs and they are able to patch it, it is unreasonable to expect the Devs to communicate the vulnerability and then to patch it in a timely manner (even though they are software gods). They are unpaid volunteers doing this on their own time and at their own expense (despite donations). During the response time (time for Devs to learn about the bug and then the time for it to be fixed and then the time for you to apply the OCLP update), your OCLP-patched Mac may be vulnerable to exploits, allowing a hacker enough time to learn about and exploit the vulnerability. And I want Devs to be able to take vacations as much as anyone (they deserve it!), but not when I'm waiting for a security patch to OCLP.
BTW: I get that one could argue that, since the Wi-Fi framework is extracted from Ventura, it is still getting updates from Apple. Ok - we still have to wait for OCLP Devs to extract the framework from Ventura and release an OCLP update with the new framework. And that only lasts as long as Apple is still supporting Ventura.
*Credit: I can't take credit for the modern wireless patch. I discovered the legacy_wifi patch on my own, but credit to acquarius13 at InsanelyMac for identifying the correct sonoma-development source and finding the modern_wifi code.
