This article is in fact from 2023, the only thing from 2024 was an update on 03-11 that confirms the detected issue was addressed in macOS 14.3.1 (and likely earlier versions).
The plaintext TSS/ECID and the plaintext OCSP issues have been fixed, which IMO were the only meaningful security gripes of the article.
The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.
fsflover|1 month ago
montyanne|1 month ago
The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.