The trillion-dollar company Apple is known for its secure suite of software, that can power its range of devices namely, iPhone, iPad, Apple Watch, and the Mac. However, recently some researchers have shown that Apple’s Mac can be hacked right out-of-the-box. According to a report this bug targets Mac devices part of Apple’s Device Enrollment Program(DEP) and Mobile Device Management(MDM) platform. This was showcased at the Black Hat security conference in Las Vegas, Nevada on August 9th.
The vulnerability to the way Mac handles Mobile Device Management allowed the hackers to install unlimited malware, even before its owner could use his device for the first time. Jesse Endahl, chief security officer of the Mac management firm Fleetsmith, and Max Belanger, a staff engineer in Dropbox, found a bug in these setup tools, through which they could exploit it and get a rare remote Mac access.
Endahl told that they found a bug which allowed them to hack the device and install malicious software, even before the user could even log in for the first time, by the time the user can log in the Mac will already be compromised. The researchers notified Apple about the issue, and the company told to have released a fix to the prevalent software macOS High Sierra 10.13.6 last month itself, but the devices already manufactured with an older operating system version will still be vulnerable to getting compromised. Belanger and Endahl also told that the MDM vendors like Fleetsmith, which are hired to implement Apple’s enterprise scheme also need to support 10.13.6 to keep the device secure.