Hey there,

Found this M1 Mac Mini with an iCloud lock on it. Was curious if there are actual real and reliable ways to wipe the device and reinstall macOS, or bypass the lock so that I could use this device? I haven't bought it or anything, just exploring my options. Thanks for the help!

So I would like to preface this by stating clearly: I reported it to Apple, and they determined it is not a security concern. Obviously this is a major security concern for all Intel Mac devices, as it requires no exploitation and cannot be patched, due to the fact that it is possible to reinstall earlier, unpatched Mac versions.

Explanation:

This vulnerability exists because of two reasons; the firmware, which is stored on the actual device hard disk, and the fact that iCloud does not conduct token validation between iCloud and the device itself.

The lack of token validation means that after doing the bypass on the Mac device, it is automatically unlocked on the iCloud account used to lock it, without any user or account validation.

In the best case scenario, this means that the anti-theft measure is completely irrelevant. In the worst case scenario, if someone steals your Mac and knows your password, they have access to everything on your system, even if you flag the device as lost.

I have no idea why Apple does not consider this a security concern, but it is a concern, and one that they apparently have no intention of resolving, or at least acknowledging as an issue in that report. You, as a Mac user, deserve to know the risk.

Be careful with your Mac devices, folks.

Edit:

Actual process:

1. Lock your Mac in Find My, using a different device.

2. Allow the device to reboot to PIN code screen. Power it down.

3. Hold Command-Option-R, wait until the password prompt. Power down.

4. Boot up. You’re at the user login screen and the device is now unlocked on your iCloud account.

It’s unpatchable because it’s possible to revert to a vulnerable version of MacOS using Apple Configurator 2.

Edit 2: I had initially discovered it on my 2019 Intel MBP. u/BourbonicFisky tested and was able to validate this on a 2017 Intel. Multiple users were unable to validate on M1/M2. There may still be a vulnerability there, using a different recovery mode key sequence, but I am unable to validate it due to lack of access to Apple Silicon.

Edit 3:

Because of all the hate I’m getting, here’s Apple’s response to this vulnerability.

I gave them every opportunity to treat this as a serious security concern. I had initially reported it on Nov. 20th. They finally responded with this statement today.

I bought a Mac Mini (2018) since my main computer stopped working and lo and behold it arrived activation locked. The seller has cut me off completely so I can’t get the last used password, apple ID, etc. and I dropped a couple hundred bucks on this and would hate to be out all that money - any way to get around this?

I understand the security of the T2 chip is quite a beast, but maybe the reddit community has some insight.

Thanks in advance.

I have a 2023 Mac mini with the M2 processor that is Activation Locked. While browsing online, I found a video here showing someone using a signed bootable USB drive to bypass Activation Lock. Is there anyone with an idea as to how he did this and how to obtain these keys without paying $180?

I purchased a second hand macbook pro, i’ve been having battery issues since purchasing it. I even spoke to apple help who did the screen control but still the battery was draining quickly. I decided to reset it to factory settings however, I cant get past internet recovery because it goes into activation lock and it’s the old owners icloud. They’re not responding anymore to my messages so i’m stuck! I have the proof I purchased it on ebay but will this be enough?

The photos on the ebay purchase does include the serial number as well .

Purchased a broken macbook A2337 M1 that had a broken backlight & would only turn on when plugged into an outlet , replaced the screen but now the laptop will only turn on if i plug it into the wall & the account on mercari doesn't know the password to get pass the activation lock🤦🏻‍♂️

So I bought a M1 Mac off eBay that's activation locked. (I knew it was locked, I got it cheap) for the purpose of trying to get around the activation lock. And found it had 16gb 2tb sdd. (it was sold as 8/256) I am now slowly coming to the realization that unlocking this thing may be truly impossible by me right now. But is it possible to use it with a different OS? I know the surface pro has an arm version of windows on it. Has anyone been successful in booting windows or linux from startup on an apple silicon chip?

Hello,

I bought a broken for parts Macbook Air m1 and I was able to at least partially repair the logic board but now I'm stuck at activation lock.

I asked the previous owner to erase remotely from his phone and he did but I still get the Activation Lock.

I've done this before in older macs were you just asked to create a pin code to unlock after the erase but seems to be different with newer models.

There any way for him to disable this without being physically present or providing me with his iCloud details (which I'm not comfortable asking)?

As someone that buys broken devices for repair attempts and refurbishing I got learn what is the exact process so I can deal with this situations.Thanks

I do a bit of refurbishing in my freetime for more cash on the side and I had 2 laptops returned without the icloud locks removed so now im trying to get them removed.

I have tried the erase mac button at the top left didn't work so i tried the DFU mode with both on clear password, erase mac, and the one where it reinstalls mac on the 2019 it would just say chip doesn't support this feature except for the reinstall where it goes halfway and than boots to the activate mac screen. the m1 says its not booted for the clear mac and erase mac and for reinstall also brings me to the activate mac screen.

I have heard about programs like Checkm8.info and Iremove.tools but i worry about them stealing my card info and they say they only work on intel based macs to the 2019 only. are these tools legit and is there some work around for the m1 pro?

Any help is appreciated. almost forgot to say I am unable to get in contact with the people that returned it that was my first attempt.

I bought a 2020 M1 MacBook Air recently on Facebook marketplace. The seller showed me it working in a public area, and we did some performance tests and verified that it would suit my needs. So she factory resets it and I buy it, but when I got home I found that it has activation lock on it. I tried to erase it in the recovery menu, but that's also locked behind her Apple Id. She is not getting back to me after 2 weeks, and I can't unlock it. Is there any way around this?

Check it on YouTube, and found there are two software (needs payment) claimed can bypass it, one is called "ifast22", and the other is from "checkm8.info". Do anyone here have experience using one of these in the past? Are they scammer at all?

Thanks,