“Apple’s supply chain is one of the most closely monitored and analyzed in the world, both because of the control the company exerts and keen interest from third parties,” Lily Hay Newman reports for Wired. “But there’s still never a guarantee that a mass-produced product will come out of the box totally pristine. In fact, it’s possible to remotely compromise a brand new Mac the first time it connects to Wi-Fi.”
“That attack, which researchers will demonstrate Thursday at the Black Hat security conference in Las Vegas, targets enterprise Macs that use Apple’s Device Enrollment Program and its Mobile Device Management platform,” Newman reports. “These enterprise tools allow employees of a company to walk through the customized IT setup of a Mac themselves, even if they work in a satellite office or from home.”
“DEP and MDM require a lot of privileged access to make all of that magic happen. So when Jesse Endahl, the chief security officer of the Mac management firm Fleetsmith, and Max Bélanger, a staff engineer at Dropbox, found a bug in these setup tools, they realized they could exploit it to get rare remote Mac access,” Newman reports. “The researchers notified Apple about the issue, and the company released a fix in macOS High Sierra 10.13.6 last month.”
Read more in the full article here.
MacDailyNews Take: And, thanks to researchers like these, the Mac gets even more secure!
[Thanks to MacDailyNews Reader “Ladd” for the heads up.]