Don’t you need to be signed in to the same iCloud account on both your laptop and phone to use this feature? That would mean that in order to encounter this issue you already need to be using a work account on a personal device, or vice versa.<p>Since that’t the case I fail to see how this is a large vulnerability. The article
doesn’t seem to address this point (possible I just missed this).
There also seems to be a bug in the VPN that requires sending all traffic when the VPN address is on a different subnet. It should be possible to manually specify subnet mask, but it seems to be ignored. I’m not sure if the VPN is advertising this incorrectly, but it worked fine before upgrading.
I miss out on a lot of nice MacOS features because I refuse to sign into my personal iCloud account on my work mac, even though we are allowed to do so.<p>Oh well. Gotta draw the line somewhere I guess.
So the threshold of concern by a "security" company is "they might audit your apps and find out you're gay!"<p>Yet not a single concern about tethering an iPhone (with an external connection) to a PC on the company's internal network, bypassing all firewalls, proxies, and other protections. That is grounds for immediate dismissal at some places.<p>I expect security people to think more like network engineers and less like teenagers gossiping in the canteen.
Speaking of iPhone Mirroring: Doesn't this effectively downgrade two-factor authentication to a single factor for flows like "tap 'yes' on your phone to login"?<p>I've been wondering if there is a way for iOS authenticator apps to opt out of mirroring, but haven't found anything so far.
It's incredible to me how many people log into personal account on work devices. People should really research the amount of data security tools harvest.