A new report from Wired reveals a common vulnerability in Macs that exploits DEP and MDM platforms.
Despite Apple's supply chain being among the most closely monitored and analyzed in the world, its devices are not immune to all potential hacks. According to a report from Wired, it's possible that a brand new Mac could be remotely compromised the first time it connects to Wi-Fi out of the box.
Such attacks were demonstrated Thursday during the Black Hat security conference, according to the report. The attacks target enterprise devices that use Apple's device enrollment program (DEP) and its Mobile Device Management (MDM) platform.
SEE: Mobile device security: A guide for business leaders (Tech Pro Research)
These tools, according to the report, allow corporate users to go through their company's customized IT setup themselves, regardless of their physical location. Ideally, this would allow companies to ship Macs to their employees directly, and the devices will automatically join the corporate ecosystem after they connect to Wi-Fi, the report noted.
According to the report, the bug was discovered by researchers Jesse Endahl, the chief security officer of Fleetsmith, and Max Bélanger, a staff engineer at Dropbox. An attack on DEP and MDM would require a lot of access, the report noted. When the researchers discovered a bug in these tools, they realized they could exploit it to gain remote access.
Apple has been made aware of the issue and has since released a version of macOS High Sierra to fix the bug, the report noted. However, machines that are still running an outdated OS are still vulnerable to the attack. IT helpdesk pros who manage Mac devices should patch them as soon as possible.
According to the report, when a Mac's serial number is enrolled in DEP and MDM, it will automatically run a series of checks—both with Apple's servers and the MDM vendor's servers. Researchers found the issue arises in one key step of the process.
The hacker, the report noted, could lurk between the MDM web server and the victim's device, allowing the hacker to replace the download manifest with a malicious one that forces the computer to install malware instead.
The big takeaways for tech leaders:
- New reporting from Wired reveals that enterprise Macs equipped with DEP and MDM are susceptible to numerous attacks as soon as they are connected to Wi-Fi.
- Apple has taken steps to address the issue in the newly updated High Sierra 10.13.6, but machines that haven't been updated are still susceptible.
- Reducing the risks of BYOD in the enterprise (TechRepublic)
- Hacking campaign targets iPhone users with data-stealing, location-tracking malware (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- This new feature will make it tougher for cops and hackers to unlock your iPhone (ZDNet)
- Here's why Apple will soon lock your iPhone Lightning port after inactivity (TechRepublic)