MacOS’s Finder (and Xcode) accessing iDevices while network was off
I am trying to figure out what is wrong with my Mac.
Here are my devices:
iPad (7th generation, MW752LL/A) with iOS 14.01 (18A393), iPad Air (MD788LL/A) with iOS 12.4.8 (16G201), iPhone 6 Plus (MGCW2LL/A) with iOS 12.4.8 (16G201)
Mac mini (Mid 2011) with macOS Catalina 10.15.7 (using macOS Catalina Patcher from dosdude1.com)
All devices connected to network / Internet via the same WiFi router. But the Mac’s connection is wired (Ethernet Cat5 cable).
Issue:
My first finding: After turning off the Mac’s Ethernet (see pic1), I still am be able to access all my three iDevices via Finder. I am able to transfer files to and copy from all my three iDevices. If I physically disconnected the Cat5 cable then I will not be able to access the three iDevices. But once I reconnected the Cat5 cable, I one again am be able to access those three iDevices via Finder. All these while my Mac’s network was off. I could confirm that while my Mac’s network was off, none of my applications (Safari, App Store, or any third party apps) were able to access Internet.
So, I sent an email to Apple product-security email. I got a response back a day later saying that “Regarding the issue you reported, we have examined it and determined that it is best addressed via Apple's Support resources which may be found at https://www.apple.com/support/. “ And another link to AppleCare site.
I assumed that they were telling me this issue is unique to my system.
So I decided to dig in. My first intuitively suspicious is Xcode would have the same phenomenon because it probably used the same mechanism to accessing iDevices. I carried out testing with Xcode and it indeed expressed the same behavior.
Next I wanted to eliminate this uncertainty: using macOS Catalina Patcher from dosdue1. I installed High Sierra (latest 10.13.6) into an external USB drive. With this setup, my Mac system should be conformed to Apple’s for the Mac mini mid2011 with proper MacOS at the time it was still being support. The Finder under High Sierra does not support accessing iDevices via WiFi yet. But Xcode does. And I discovered that Xcode also has this phenomenon as described earlier. To minimize any possibility of cross contamination or from Internet, while in High Sierra I did not install any software other than Apple’s security latest update. But I did goto Apple’s developer site to download Xcode v10. And I did boot back to Catalina to export my Xcode certificate so to import into the new Xcode under High Sierra.
Here are my conclusion: Do you agree?
- This phenomenon could not and should not be the norm.
- This phenomenon is not caused by using macOS Catalina Patcher from dosdue1.
- Let’s assume that my Mac’s hardware (Ethernet) was outdated for Catalina. But under High Sierra, Xcode has the same symptoms.
- What is possibility of my Mac's firmware has been compromised?
Since I do not plan to get a current Mac. So I would not be able to determine if any current support Mac hardware experienced this phenomenon.
Any comments?
Edited1: showing ifconfig as requested. Note: I changed the MAC addresses.
Edited2: It seemed like if I turn off IP6 on the Mac then this phenomenon is gone. I got the hint from the ifconfig listing in that IP6 address was still available while IP4 address has gone when the network is off.
Edited 3: After further investigation with hints from comments, I discovered that IP6 was still active even after one turned off the Ethernet as in Network Preferences. Because IP6 was located in another menu: “Advanced…”. If one goes into the this Advanced… menu, the IPv6 is in a separate dropdown (pic2). The only way to turn off the network completely is to go into the Advanced… menu to select Configure IPv6 as Manually (pic3) and leave all fields blank.
So my conclusion is this was by design. That is fine. Except this is misleading. In the Network window (pic1) the Ethernet indicator light is red when you turned off Configure IPv4 while IPv6 is still active. In my opinion, this should not be the case. Simply, this indicator light is for the Ethernet connection: Both IPv4 and IPv6. Unless Apple decided IPv6 is not part of Ethernet. In that case it needs to create another indicator light.
And Finder and Xcode do use IPv6.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
EHC250: flags=0<> mtu 0
EHC253: flags=0<> mtu 0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
ether xx:xx:xx:xx:xx:xx
inet6 fe80::1469:5fff:c541:b802%en0 prefixlen 64 secured scopeid 0x6
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex,flow-control,energy-efficient-ethernet>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether zz:zz:zz:zz:zz:zz
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (<unknown type>)
status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=460<TSO4,TSO6,CHANNEL_IO>
ether yy:yy:yy:yy:yy:yy
media: autoselect <full-duplex>
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr ww:ww:ww:ww:ww:ww:ww:ww
nd6 options=201<PERFORMNUD,DAD>
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether yy:yy:yy:yy:yy:yy
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 8 priority 0 path cost 0
nd6 options=201<PERFORMNUD,DAD>
media: <unknown type>
status: inactive
p2p0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 2304
options=400<CHANNEL_IO>
ether qq:qq:qq:qq:qq:qq
media: autoselect
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
inet6 fe80::97b1:8eb0:7f61:8f08%utun0 prefixlen 64 scopeid 0xc
nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::eedc:91d7:6a3f:2623%utun1 prefixlen 64 scopeid 0xd
nd6 options=201<PERFORMNUD,DAD>
