CCE-50406-8Platform: cpe:/o:apple:mac_os_14 | Date: (C)2024-04-23 (M)2024-04-23 |
The Find My service must be disabled. A Mobile Device Management (MDM) solution must be used to carry out remote locking and wiping instead of Apple's Find My service. Apple's Find My service uses a personal AppleID for authentication. Organizations should rely on MDM solutions, which have much more secure authentication requirements, to perform remote lock and remote wipe.
Audit:
Verify the macOS system is configured to disable Find My service with the following command:
/usr/bin/osascript -l JavaScript << EOS
function run() {
let pref1 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowFindMyDevice'))
let pref2 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
.objectForKey('allowFindMyFriends'))
let pref3 = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.icloud.managed')\
.objectForKey('DisableFMMiCloudSetting'))
if ( pref1 == false && pref2 == false && pref3 == true ) {
return("true")
} else {
return("false")
}
}
EOS
If the result is not "true", this is a finding.
Remediation:
Configure the macOS system to disable Find My service by installing the "com.apple.applicationaccess" configuration profile.
Parameter:
[Yes/No]
Technical Mechanism:
Configure the macOS system to disable Find My service by installing the "com.apple.applicationaccess" configuration profile.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 3.7 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 1.4 | Privileges Required: NONE |
Severity: LOW | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:99405 |