Check: APPL-14-002110
Apple macOS 14 (Sonoma) STIG:
APPL-14-002110
(in versions v1 r2 through v1 r1)
Title
The macOS system must disable Bluetooth sharing. (Cat II impact)
Discussion
Bluetooth Sharing must be disabled. Bluetooth Sharing allows users to wirelessly transmit files between the macOS and Bluetooth-enabled devices, including personally owned cellphones and tablets. A malicious user might introduce viruses or malware onto the system or extract sensitive files via Bluetooth Sharing. When Bluetooth Sharing is disabled, this risk is mitigated. [NOTE] ==== The check and fix are for the currently logged on user. To get the currently logged on user, run the following. [source,bash] ---- CURRENT_USER=$( /usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ && ! /loginwindow/ { print $3 }' ) ---- ==== Satisfies: SRG-OS-000080-GPOS-00048,SRG-OS-000095-GPOS-00049
Check Content
Verify the macOS system is configured to disable Bluetooth sharing with the following command: /usr/bin/sudo -u "$CURRENT_USER" /usr/bin/defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled If the result is not "0", this is a finding.
Fix Text
Configure the macOS system to disable Bluetooth sharing with the following command: /usr/bin/sudo -u "$CURRENT_USER" /usr/bin/defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false
Additional Identifiers
Rule ID: SV-259519r941179_rule
Vulnerability ID: V-259519
Group Title: SRG-OS-000080-GPOS-00048
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |