A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Apple MacBook-review-lid
Bill Roberson/Digital Trends

If you’re using a company-issued Mac running a version of Apple’s operating system prior to MacOS High Sierra 10.13.6, you will want to tell your system administrator to upgrade your OS to the latest version. At the Black Hat security conference in Las Vegas, researchers demonstrated a method where a malicious actor could remotely take control of a new Mac due to vulnerabilities with Apple’s corporate Device Enrollment Program (DEP) and Mobile Device Management (MDM) tools.

A new Mac could be compromised when it connects to a Wi-Fi network, security officer Jesse Endahl from Fleetsmith and Dropbox staff engineer Max Belanger discovered. Apple has since patched the security flaw last month when it released the MacOS 10.13.6 software update, so companies will want to migrate their Mac fleet to the latest software and not issue employees a Mac with a prior version of the OS out of the box.

“We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time,” Endahl told Wired. “By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”

Typically, when you begin setting up a Mac, the device communicates with Apple’s servers to identify itself. If Apple’s server recognizes that the Mac’s serial number is registered with the DEP, it will initiate an MDM configuration sequence. Most companies hire a Mac management firm, like Fleetsmith, to help facilitate MDM provisioning to allow Macs to download the necessary programs required by the company. For security, Apple employs certificate pinning to identify web servers, but when the MDM hands off to the Mac App Store to download enterprise apps, “the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest’s authenticity,” Wired reported.

This opens up a vulnerability where a malicious hacker could replace the original manifest with a malicious one. When this happens, the computer could be instructed to download malware, like keyloggers, spyware, cryptojacking software, or software that could monitor the corporate network and spread itself to other devices. “And once a hacker has set up the attack, it could target every single Apple computer a given company puts through the MDM process,” Wired said.

Though the attack cannot be easily pulled off, it still represents a dangerous vulnerability given that hackers can just target one Mac to gain entry into an entire corporate network. “The attack is so powerful that some government would probably be incentivized to put in the work to do it,” Endahl said.

Computing

Acer’s new Swift and Nitro laptops are now powered by the latest AMD chips

Ahead of Computex, Acer has announced a pair of updates to a couple of its most popular budget laptop lines. Both the Nitro 5 and Swift 3 will now be powered completely by AMD silicon in the form of Ryzen 7 Mobile.
Computing

Keep your kids safe online with these great parental control tools

The internet can be a dangerous place, especially for your loved ones. Check out our selection of the best free parental control software for Windows and MacOS, so you can monitor your child and block unsavory sites.
Gaming

Apple Mac users should take a bite out of these awesome games

Contrary to popular belief, there exists a bevy of popular A-list games compatible for Mac computers. Take a look at our picks for the best Mac games available for Apple fans to enjoy.
Computing

The 2019 MacBook Pro is an impressive performance update, but not much else

With increased competition from Windows laptops, Apple could do with refreshing its MacBook Pro line. Fortunately, it looks set to do that in 2019. Here's everything we know so far.
Home Theater

Plex is free and easy, and you'll wonder how you survived without it

If you want a Netflix-like experience for the media you already own, you need Plex. It's the free media center software that automatically catalogs and plays your movies, music, photos, and more, on your TV. Here's how to use it.
Computing

One of these monitors will look great next to your new MacBook Pro

Apple doesn't make its beloved Cinema Display monitors anymore, which makes finding the best monitor for the MacBook Pro more difficult. In this guide, we break down some of our favorites and offer something for every size and budget.
Product Review

Can the Samsung Space Monitor save you from your cluttered desk?

High-concept monitors can sometimes over-complicate thing. Samsung's Space Monitor, however, tries to fix that problem by lifting the monitor off and away from your desk.
Deals

Lenovo Memorial Day sale drops price of ThinkPad X1 Carbon Laptops by almost 50%

The ThinkPad is an icon in the laptop world and the X1 Carbon has been a favorite of ours for years. If you’re looking to score one for less than a grand, Lenovo has the 5th-gen Thinkpad X1 Carbon on sale right now for just $849.
Computing

B&H cuts the price on this 27-inch LG monitor — save up to $90, today only

B&H's DealZone sales offer deep price cuts on some quality products, but they only last for a single day. This means you'll need to act quickly to save nearly 50% on LG's 27MK430H-B 27-inch Monitor with FreeSync -- making gaming on this…
Computing

Amazon drops killer deals on certified refurbished MacBook Pros for today only

Amazon is offering discounts of up to $320 off on four refurbished 2018 MacBook Pros as part of its current Deal of the Day promotion. Interested customers can snag two different MacBook Pros with 256GB of SSD storage for $1,330 each.
Computing

The Dell XPS 13 headlines the best laptop deals for May 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we have you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Computing

HP drops killer deals on laptops with up to $1,300 off for Memorial Day Weekend

HP is currently dropping prices on Spectre x360, Envy, Pavilion, and Omen laptops during its Memorial Day event. So if you're in dire need of a new laptop, the latest holiday savings may be exactly what you're looking for.
Computing

These external drives have speed, durability, and storage space to spare

Whether you want an external storage drive that is fast, portable, or comes with a ton of storage, these are the best external hard drives available today. They all come with great features and competitive pricing.
Deals

Best Memorial Day sales 2019: Amazon, Best Buy, and Walmart drop discounts

If you're looking to save big on some shiny new stuff for Memorial Day 2019, we've gathered everything you need to know into one place. Find out where to save the most money before the summer hits its stride.