“That attack, which researchers will demonstrate Thursday at the Black Hat security conference in Las Vegas, targets enterprise Macs that use Apple’s Device Enrollment Program and its Mobile Device Management platform,” Newman reports. “These enterprise tools allow employees of a company to walk through the customized IT setup of a Mac themselves, even if they work in a satellite office or from home.”
“DEP and MDM require a lot of privileged access to make all of that magic happen. So when Jesse Endahl, the chief security officer of the Mac management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, found a bug in these setup tools, they realized they could exploit it to get rare remote Mac access,” Newman reports. “The researchers notified Apple about the issue, and the company released a fix in macOS High Sierra 10.13.6 last month.”
Read more in the full article here.
MacDailyNews Take: And, thanks to researchers like these, the Mac gets even more secure!
[Thanks to MacDailyNews Reader “Ladd” for the heads up.]