loader gif

Remote Mac hack relies on MDM bug Apple patched in latest macOS update

Remote Mac hack relies on MDM bug Apple patched in latest macOS update (Malware and Vulnerabilities)

Researchers at the Black Hat security conference at Las Vegas intend to demonstrate an exploit in Apple's enterprise tools that lets well-equipped hackers compromise a Mac the first time it connects to Wi-Fi, though the bug has already been patched in the latest macOS High Sierra update. As reported by Wired, Jesse Endahl, chief security officer at Mac management company Fleetsmith, and Dropbox staff engineer Max Bélanger uncovered a bug in Apple's enterprise hardware management setup tools that can be used to gain remote access to a target Mac. When an employee opens and logs in to their new Mac for the first time, it connects to Apple's servers, as well as those run by the MDM vendor, to retrieve a configuration manifest. In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said.

loader gif