Apple’s devices have always been considered quite secure, but it may not be precisely the case. For example, a brand new MacBook is easily hacked. Security experts demonstrated the threat at the Black Hat Security Conference in Las Vegas this week.
The problem arises on MacBooks that use Apple‘s device registration program and its mobile device management platform. The idea of designing this feature is primarily to facilitate device management in the enterprise: sending the MacBook directly to employees so they can set up the device in the office or at home. Jesse Endahl, Fleetsmith’s chief security officer, and MaxBélanger, an engineer at Dropbox, discovered a bug in these setup tools that could be used to gain remote Mac access.
Endahl says, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”
Researchers have notified Apple of the vulnerability, and the company released a fix for macOS High Sierra 10.13.6 last month. However, devices manufactured before the previous month are still vulnerable, and organizations need to update their operating systems to ensure that your system is not weak.