Despite Apple’s supply chain being among the most closely monitored and analyzed in the world, its devices are not immune to all potential hacks. According to a report from Wired, it’s possible that a brand new Mac could be remotely compromised the first time it connects to Wi-Fi out of the box.
Such attacks were demonstrated Thursday during the Black Hat security conference, according to the report. The attacks target enterprise devices that use Apple’s device enrollment program (DEP) and its Mobile Device Management (MDM) platform.
These tools, according to the report, allow corporate users to go through their company’s customized IT setup themselves, regardless of their physical location. Ideally, this would allow companies to ship Macs to their employees directly, and the devices will automatically join the corporate ecosystem after they connect to Wi-Fi, the report noted.
According to the report, the bug was discovered by researchers Jesse Endahl, the chief security officer of Fleetsmith, and Max Bélanger, a staff engineer at Dropbox. An attack on DEP and MDM would require a lot of access, the report noted. When the researchers discovered a bug in these tools, they realized they could exploit it to gain remote access.
Apple has been made aware of the issue and has since released a version of macOS High Sierra to fix the bug, the report noted. However, machines that are still running an outdated OS are still vulnerable to the attack. IT helpdesk pros who manage Mac devices should patch them as soon as possible.
According to the report, when a Mac’s serial number is enrolled in DEP and MDM, it will automatically run a series of checks—both with Apple’s servers and the MDM vendor’s servers. Researchers found the issue arises in one key step of the process.
The hacker, the report noted, could lurk between the MDM web server and the victim’s device, allowing the hacker to replace the download manifest with a malicious one that forces the computer to install malware instead.