CCE-50151-0Platform: cpe:/o:apple:mac_os_13 | Date: (C)2024-04-17 (M)2024-04-17 |
In macOS 14.0 Sonoma, Apple released the ability to limit dictation to staying on-device and not sending data to the Siri severs. The use of dictation is likely to include editing documents with confidential information.While Apple does have controls to obfuscate voice data that exists on their servers it is recommended that Dictation collected information does not leave the local Mac.
Rationale:Sending data from dictation to the Siri servers could allow data spillage to occur. From a control perspective it is much safer to ensure information of various levels of confidential is retained locally.
Impact:Keeping all dictation on-device does not allow the system to better understand and learn, through machine learning, from the user.
Remediation:
Profile Method:
Create or edit a configuration profile with the following information:
1. The PayloadType string is com.apple.applicationaccess
2. The key to include is forceOnDeviceOnlyDictation
3. The key must be set to</true>
Parameter:
[yes/no]
Technical Mechanism:
Remediation:
Profile Method:
Create or edit a configuration profile with the following information:
1. The PayloadType string is com.apple.applicationaccess
2. The key to include is forceOnDeviceOnlyDictation
3. The key must be set to /true
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.5 | Attack Vector: NETWORK |
Exploit Score: 3.9 | Attack Complexity: LOW |
Impact Score: 2.5 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:99081 |