Apple Mac Vulnerability Allows Remote Hacking During Device Setup
Cybersecurity researchers have demonstrated an exploit that allows attackers to compromise Apple Mac computers during their initial connection to a Wi-Fi network. The vulnerability was reported by Jesse Endahl, Chief Security Officer at Fleetsmith, and Max Bélanger from Dropbox.
According to a report presented by the experts at the Black Hat conference, the flaws are found in certain setup tools used for these desktop computers. The researchers focused on two tools: the Device Enrollment Program and Mobile Device Management (MDM), which are used to help company employees set up their devices for organizational use. These tools can also be used for remote work.
Essentially, these tools allow devices to be immediately configured to connect to a company’s ecosystem after their first connection to a Wi-Fi network.
“We discovered a bug that allows a device to be compromised and have malware installed on it. All of this can happen before the user logs in for the first time,” explained Jesse Endahl. “So, even before the user sees the desktop for the first time, their computer could already be compromised.”
Attackers can carry out a successful attack using the well-known “man-in-the-middle” technique, which allows them to download malicious files onto the device.
The main vulnerability lies in the lack of certificate verification when using Mobile Device Management to determine which applications should be installed. In other words, the download of applications is not verified in any way.
Although an exploit for this flaw already exists, cybercriminals would need access to a specific set of tools and privileges for the attack to work. Such targeted attacks are of particular interest to state-sponsored hackers, as they allow access to a company’s network and the theft of internal information.
Apple has already addressed this vulnerability with the release of macOS High Sierra 10.13.6 in July, but experts say this does not completely resolve the issue. Devices that have not received the update remain vulnerable to attacks.