What is USB Restricted Mode in macOS Ventura
Beginning with macOS Ventura, a new layer of protection offers some reassurance to enterprise IT against USB device-borne attacks.
Mac computers using the new Apple silicon will require USB and Thunderbolt accessories to be approved by the user before the accessory can communicate with macOS.
When a new USB or Thunderbolt device is connected to a Mac, the user will be prompted to approve the connection. The end user must unlock a locked Mac before the computer will recognize the accessory. This makes use of the allowUSBRestrictedMode restriction, which is new to the Mac. When your Mac is locked for more than an hour, the protection kicks in.
It does not apply to power adapters, displays, or connections to an approved hub, according to Apple, and devices will continue to charge even if you select Do Not Allow Use of a Connected Accessory. Energy flows, but data does not, according to the theory.
Where does USB Restricted Mode operate?
- On Apple Silicon Macs, the protection is enabled by default.
- The enabled protection is to Request New Accessories; other options include:
- — Every time, inquire.
- — When unlocked, this happens automatically.
- — Always.
- Requesting new accessories is the bare minimum of security, though highly secure enterprises will want to request permission each time.
- You can disable / enable the setting by going to: System Settings>Security & Privacy>Security
- Setting up an accessibility Switch Control configures the policy to allow accessory use at all times.
- For up to three days, approved devices can connect to a locked Mac.
This is a new security setting and configuration Apple is planning to introduce from Ventura forward. More articles related to USB and Mac computers.