The iBulletin » Mac » Blackhat community highlights Mac’s vulnerability to hacking on first Wi-Fi connection
Mac News

Blackhat community highlights Mac’s vulnerability to hacking on first Wi-Fi connection

The trillion-dollar company Apple is known for its secure suite of software, that can power its range of devices namely, iPhone, iPad, Apple Watch, and the Mac. However, recently some researchers have shown that Apple’s Mac can be hacked right out-of-the-box. According to a report this bug targets Mac devices part of Apple’s Device Enrollment Program(DEP) and Mobile Device Management(MDM) platform. This was showcased at the Black Hat security conference in Las Vegas, Nevada on August 9th.

The vulnerability to the way Mac handles Mobile Device Management allowed the hackers to install unlimited malware, even before its owner could use his device for the first time. Jesse Endahl, chief security officer of the Mac management firm Fleetsmith, and Max Belanger, a staff engineer in Dropbox, found a bug in these setup tools, through which they could exploit it and get a rare remote Mac access.

Endahl told that they found a bug which allowed them to hack the device and install malicious software, even before the user could even log in for the first time, by the time the user can log in the Mac will already be compromised. The researchers notified Apple about the issue, and the company told to have released a fix to the prevalent software macOS High Sierra 10.13.6 last month itself, but the devices already manufactured with an older operating system version will still be vulnerable to getting compromised. Belanger and Endahl also told that the MDM vendors like Fleetsmith, which are hired to implement Apple’s enterprise scheme also need to support 10.13.6 to keep the device secure.

The malware did not only include key-loggers and screen-grabbers but could also include tools that look for vulnerabilities in the entire corporate network. Despite the bug, researchers who performed the test have praised Apple’s application security, as Apple’s software can kill any malicious app that has been installed on the Mac computer. Apple already has issued a patch with macOS High Sierra 10.13.6. This patch will now rectify the flaw, but this is a reminder that even minute weaknesses in an ecosystem as vast as Apple can have potentially serious consequences.

About the author

aakanksh

Add Comment

Click here to post a comment