Skip to main content
  1. Home
  2. Computing
  3. Apple
  4. News

A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Add as a preferred source on Google
Apple MacBook-review-lid
Bill Roberson/DIgital Trends

If you’re using a company-issued Mac running a version of Apple’s operating system prior to MacOS High Sierra 10.13.6, you will want to tell your system administrator to upgrade your OS to the latest version. At the Black Hat security conference in Las Vegas, researchers demonstrated a method where a malicious actor could remotely take control of a new Mac due to vulnerabilities with Apple’s corporate Device Enrollment Program (DEP) and Mobile Device Management (MDM) tools.

A new Mac could be compromised when it connects to a Wi-Fi network, security officer Jesse Endahl from Fleetsmith and Dropbox staff engineer Max Belanger discovered. Apple has since patched the security flaw last month when it released the MacOS 10.13.6 software update, so companies will want to migrate their Mac fleet to the latest software and not issue employees a Mac with a prior version of the OS out of the box.

Recommended Videos

“We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time,” Endahl told Wired. “By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”

Typically, when you begin setting up a Mac, the device communicates with Apple’s servers to identify itself. If Apple’s server recognizes that the Mac’s serial number is registered with the DEP, it will initiate an MDM configuration sequence. Most companies hire a Mac management firm, like Fleetsmith, to help facilitate MDM provisioning to allow Macs to download the necessary programs required by the company. For security, Apple employs certificate pinning to identify web servers, but when the MDM hands off to the Mac App Store to download enterprise apps, “the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest’s authenticity,” Wired reported.

This opens up a vulnerability where a malicious hacker could replace the original manifest with a malicious one. When this happens, the computer could be instructed to download malware, like keyloggers, spyware, cryptojacking software, or software that could monitor the corporate network and spread itself to other devices. “And once a hacker has set up the attack, it could target every single Apple computer a given company puts through the MDM process,” Wired said.

Though the attack cannot be easily pulled off, it still represents a dangerous vulnerability given that hackers can just target one Mac to gain entry into an entire corporate network. “The attack is so powerful that some government would probably be incentivized to put in the work to do it,” Endahl said.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Canva Code 2.0 just made vibe coding way less intimidating for everyone
Canva Code 2.0 feature

Coding used to be reserved for developers who spent years learning complex languages. That has slowly changed with vibe coding, which lets you build apps and websites using simple, plain-language prompts. 

The problem is that most of these tools still feel intimidating for regular folks, as they still need to understand the code to make any meaningful changes. If not, everything you make tends to look the same.

Read more
Windows users can finally pick when updates stop with Microsoft’s latest patch
From pausing updates on your own schedule to rolling back a broken PC in one click, here's everything new in Windows 11's July 2026 update.
Windows 11 Laptop

Patch Tuesday updates are usually a shrug-and-install affair, but Microsoft's July 2026 release actually gives you something to be excited about.

You can grab this update, tagged KB5101650, right now through Settings, or manually via the Microsoft Update Catalog if you'd rather not wait for it to roll out.

Read more
Can AI audiobooks narrate better than humans? This study says many listeners think so
New study finds listeners favor AI narrated audiobooks over traditional human narration in blind testing.
Audiobooks on Spotify on an iPhone.

You might assume most listeners would pick a real human voice over a synthetic one, but a new study says otherwise. Edison Research at SSRS surveyed 1,005 fiction audiobook fans in May 2026 for a study commissioned by AI audio company Spoken. The twist is that listeners rated the AI narration higher, and they did not even know it was AI until after they heard it (via Variety).

Why listeners favored the AI narration

Read more