Yes, I just stumbled on it when looking at unfamiliar ASPCarry on my M1, 22D49
foo@bar-MacBook-Pro ~ % sudo launchctl list
1239 0 com.apple.nand.aspcarry
sudo launchctl procinfo 1239
program path = /usr/libexec/ASPCarryLog
system/com.apple.nand.aspcarry = {
active count = 2
path = /System/Library/LaunchDaemons/com.apple.nand.aspcarry.plist
From Logs
log show --predicate ' eventMessage CONTAINS "nand"'
Acquiring assertion targeting [osservice<com.apple.nand.aspcarry>:1049] from originator [osservice<com.apple.powerd>:320] with description <RBSAssertionDescriptor| "App is holding power assertion" ID:385-320-883 target:1049 attributes:[
<RBSDomainAttribute| domain:"com.apple.appnap" name:"PowerAssertion" sourceEnvironment:"(null)">,
<RBSAcquisitionCompletionAttribute| policy:AfterApplication>
]>
This is about as far as I've gotten when I saw this post.
jetlag73
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for
Post
Replies
Boosts
Views
Activity
I've also captured traffic that is malformed coming into my brand new Mac Apple Silicon. Port 7000 was open and bound to ControlCenter. The traffic I've captured (PCAP) respembles the airplay protocol RTSP. using a blist00 tag followed by a payload.
Interestingly, the attack traffic (dport 7000) has TCP options set. They are 12 bytes. 0101 and then 10 more bytes for an array of two timestamps. I'm pretty sure this is part of the attack payload.