A brand-new Mac can be hacked remotely during its first Wi-Fi connection

Apple MacBook-review-lid
Bill Roberson/Digital Trends

If you’re using a company-issued Mac running a version of Apple’s operating system prior to MacOS High Sierra 10.13.6, you will want to tell your system administrator to upgrade your OS to the latest version. At the Black Hat security conference in Las Vegas, researchers demonstrated a method where a malicious actor could remotely take control of a new Mac due to vulnerabilities with Apple’s corporate Device Enrollment Program (DEP) and Mobile Device Management (MDM) tools.

A new Mac could be compromised when it connects to a Wi-Fi network, security officer Jesse Endahl from Fleetsmith and Dropbox staff engineer Max Belanger discovered. Apple has since patched the security flaw last month when it released the MacOS 10.13.6 software update, so companies will want to migrate their Mac fleet to the latest software and not issue employees a Mac with a prior version of the OS out of the box.

“We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time,” Endahl told Wired. “By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”

Typically, when you begin setting up a Mac, the device communicates with Apple’s servers to identify itself. If Apple’s server recognizes that the Mac’s serial number is registered with the DEP, it will initiate an MDM configuration sequence. Most companies hire a Mac management firm, like Fleetsmith, to help facilitate MDM provisioning to allow Macs to download the necessary programs required by the company. For security, Apple employs certificate pinning to identify web servers, but when the MDM hands off to the Mac App Store to download enterprise apps, “the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest’s authenticity,” Wired reported.

This opens up a vulnerability where a malicious hacker could replace the original manifest with a malicious one. When this happens, the computer could be instructed to download malware, like keyloggers, spyware, cryptojacking software, or software that could monitor the corporate network and spread itself to other devices. “And once a hacker has set up the attack, it could target every single Apple computer a given company puts through the MDM process,” Wired said.

Though the attack cannot be easily pulled off, it still represents a dangerous vulnerability given that hackers can just target one Mac to gain entry into an entire corporate network. “The attack is so powerful that some government would probably be incentivized to put in the work to do it,” Endahl said.

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Computing

These 30 apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…
Gaming

Storytelling masterpiece ‘Gone Home’ is headed to the Nintendo Switch

Fullbright's acclaimed first-person adventure game Gone Home will arrive to Nintendo Switch later this month. The game is available now on PC, Mac, Linux, PlayStation 4, and Xbox One.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Computing

Arm’s future CPU designs may finally catch up with Intel in laptops by 2020

Arm publicly revealed its CPU road map for the first time, covering designs to be released through 2020. Typically disclosed under an NDA, Arm revealed its plans to show how its CPU designs will advance the always-on laptop.
Photography

Color grading pushes Pinnacle Studio 22 toward more pro video editing features

Designed for videographers that aren't pros but aren't basic users either, Pinnacle Studio 22 expands its advanced tools with color grading and four-point editing. The updates bring more advanced tools to the platform.
Emerging Tech

Buying on a budget? Here’s all the best tech you can snag for $25 or less

We live in a world where you can get a cheeseburger for $1, a functioning computer for $5, and thousands of HD movies for $10 -- so it stands to reason that you should be able to pick up some pretty sweet gear for $25.
Computing

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Web

Google claims censored search in China is ‘not close’ as employees protest

Google CEO, Sundar Pinchai, has promised employees that the company is "not close" to releasing a censored search product in China, despite claims that it was working on such a project.
Web

Adobe Spark Page makes web design easy — here’s how to use it

Using artificial intelligence and simple tools, Adobe Spark Page is designed for easy web page design. Here's how to use Adobe Spark Page to create a travel journal, event page or any other one-page website.
Deals

Best Buy drops the price of MacBooks for its anniversary sale

It's not every day you see a MacBook sale like this, so you'll definitely want to consider these savings -- especially if you're a student. Students can save an additional $150 just by signing up for Best Buy student deals.
Deals

Walmart Back to College sale: Save big on computers, TVs, tablets, and more

Walmart's Back to College sale is your chance to score big discounts on name-brand electronics, so whether you're getting ahead of the new school year or just doing some shopping, we've picked out the best deals that can save you hundreds…
Computing

Qualcomm’s Snapdragon 850 chip appears in benchmarks with improved performance

A benchmark for Qualcomm’s new Snapdragon 850 processor show a less-than-stellar increase in multi-core performance over the previous 835 chip. Introduced in June, the Snapdragon 850 promises up to 30 percent better performance.
Computing

Apple’s rumored entry-level MacBook may appear in September starting at $1,200

Apple may reveal new products in September including an entry-level 13-inch MacBook based on Intel’s seventh-generation processors. Apple originally intended these units to rely on Intel’s now-delayed 10nm “Cannon Lake” processors.