System Integrity Protection disabled by default on some Touch Bar MacBook Pros

AppleInsiderAppleInsider
Posted:
in Current Mac Hardware
Some -- but not all -- Touch Bar models of the new MacBook Pro are shipping with System Integrity Protection disabled, potentially exposing them to malware threats, according to discussions on Twitter.




The issue was called out by developers Jonathan Wight and Steve Troughton-Smith. The latter suggested that there seems to be no obvious trend, other than Pros with a function key row having SIP on as usual.

While Macs do have other safeguards, SIP has been on by default since OS X El Capitan, and limits root permissions -- mitigating the amount of damage malware can do if it does infect a system.

Apple is allegedly aware of the problem, and likely working on a software update. Technically confident Mac owners can turn SIP back on themselves holding down Command-R when booting, releasing when a progress bar appears, then selecting Terminal from the Utilities menu in recovery mode. Entering "csrutil enable" and restarting should complete the process.

Comments

  • Reply 1 of 11
    macplusplusmacplusplus Posts: 2,112member
    to check:
    csrutil status

    Solibestkeptsecretbirkomacgui
  • Reply 2 of 11
    CatoctinCatoctin Posts: 2member
    Just got my new 15" MBP today and checked it.  It is disabled, but on my other two Retina MBPs (work and personal that I'm replacing with the new one), they both had it enabled.
    jony0
  • Reply 3 of 11
    coolfactorcoolfactor Posts: 2,241member
    This article is lacking in details:

    Some -- but not all -- Touch Bar models of the new MacBook Pro are shipping...


    Where's the reports of it being enabled on some of the shipping "models"? They only talk about one or two instances of it being disabled. Could it be disabled due to the functionality of the Touch Bar, and they are still working to resolve some compatibility issues? Or is it merely an oversight on the configuration of "some" models?

    edited November 2016
  • Reply 4 of 11
    chrisrosachrisrosa Posts: 3member
    Was disabled on mine that just arrived today.
  • Reply 5 of 11
    BuffyzDeadBuffyzDead Posts: 356member
    on my Mac Mini, it is disabled ..but that is because I have it set to Download Apps from Anywhere, under Mac OS Sierra. I am the gatekeeper. :)
  • Reply 6 of 11
    juanguapojuanguapo Posts: 75member
    Curious: Is this issue plausibly due to a bad factory image (from the factory; one of many, presumeably)? Also, is it turned-off by default if the new MBP is simply formatted and given a clean install of Sierra?
    Soli
  • Reply 7 of 11
    anomeanome Posts: 1,533member
    Disabled on mine, which arrived not 2 hours ago.

    Is there any indication of a potential compatibility issue, or have people who have enabled it been fine?

    I suppose Apple would say if there was a reason not to enable it.
  • Reply 8 of 11
    plovellplovell Posts: 824member
    Heh - my 2012 Mini shows it as "enabled" :)
  • Reply 9 of 11
    StillWillingStillWilling Posts: 17member
    BuffyzDead
    I like your stance, however, I must share w you that Gatekeeper and System Integrity Protection are two different scenarios.
    SIP is enabled or disabled via the Command Line only.
    But, I enjoyed your post.
    Patrick
    MacOvation

  • Reply 10 of 11
    StillWillingStillWilling Posts: 17member
    I run my Mac Pro and Macbook Pro with SIP disabled so I can use Xtrafinder.
    :)

  • Reply 11 of 11
    macguimacgui Posts: 2,357member
    coolfactor said:
    This article is lacking in details:
    Could it be that the article is based only on details known at the time it was written? And that it's an article and not an exhaustive congressional investigation?
Sign In or Register to comment.