Detections
Analytics
2.11 Audit Sidecar Settings
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Apple introduced a technology called Sidecar with the release of mac OS 10.15 'Catalina' that allows the use of an Apple iPad as an additional screen. There are no known security issues with the use of Sidecar at the time of the publication of this Benchmark. There are security concerns with some of the underlying technology that allows this feature to work. The Apple support article below has the additional requirements that are reproduced below. So while Sidecar may not have an explicit security concern some organizations may have requirements that block the use of the features required to allow Sidecar to work.https://support.apple.com/en-afri/HT210380
Additional requirements
Both devices must be signed in to iCloud with the same Apple ID using two-factor authentication.
To use Sidecar wirelessly, both devices must be within 10 meters (30 feet) of each other and have Bluetooth, Wi-Fi, and Handoff turned on. Also make sure that the iPad is not sharing its cellular connection and the Mac is not sharing its Internet connection.
To use Sidecar over USB, make sure that your iPad is set to trust your Mac.
Organizations that do not allow the use of iCloud and more specifically Handoff will not be able to use Sidecar.
Some organizations may not allow the use of mixed ownership for P2P wireless or USB connections so that unless the organization controls both the Mac and the iPad connections may not be approved and the use of a single Apple ID for distinctly managed devices may be prohibited.
Rationale:
Organizations need to have an understanding of integration of organizational and personal inventory in the work environment.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:Perform the following steps to set Sidecar to your organization's parameters:
Open System Preferences
Select Sidecar
Select the settings that are within your organization's parameters
Terminal Method:
Run the following to enable or disable Sidecar settings:
$ /usr/bin/sudo /usr/bin/defaults write com.apple.sidecar.display AllowAllDevices -bool <true/false>
$ /usr/bin/sudo /usr/bin/defaults write com.apple.sidecar.display hasShownPref -bool <true/false>
Profile Method:
Create or edit a configuration profile with the following information:
The PayloadType string is com.apple.sidecar.display
The key to include is Forced
The key must be set to:
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AllowAllDevices</key>
<<true/false>/>
<key>hasShownPref</key>
<<true/false>/>
</dict>
</dict>
</array>
</dict>
Note: Using the Terminal and Profile Methods will not display in System Preferences, but will disable the underlying service.
Item Details
Audit Name: CIS Apple macOS 11.0 Big Sur v3.0.0 L1
References: CSCv7|5.1, CSCv7|9.2
Plugin: Unix
Control ID: fc05ac67e4df080a3b370cefdc631a899a4aac0af087acdb33ebea85acd48b78