Science

This bug puts new Apple Mac at risk

13 Aug 2018 | By Mudit Dube
Latest Macs bitten by security-bug, Apple issues fix

While Macs are touted to be one of the most secure devices, the same can't be said for the latest Apple machines.

Security researchers have demonstrated a loophole that allows remote access to new Mac computers the very first time they connect to a Wi-Fi network.

Notably, Apple has patched the bug but several machines running old OS are still vulnerable.

Here's more.

In context: Latest Macs bitten by security-bug, Apple issues fix

13 Aug 2018This bug puts new Apple Mac at risk

ExplainedWhat's the security loophole?

The security loophole exposes Mac computers that use Apple's Device Enrollment Program (DEP) and Mobile Device Management (MDM) platforms.

Notably, these are tools required for customized setup of the Macs to meet IT requirements within an enterprise.

And the risk lies in how these devices handle MDM. Considering that if a machine gets compromised, hackers can install malware rather than enterprise apps.

Love Tech news?
Stay updated with the latest happenings.
Researchers explain how the new Macs can be compromised

Modus operandiResearchers explain how the new Macs can be compromised

According to the researchers, the new Macs can be hacked using a Man-in-the-Middle (MITM) attack on Apple's MDM vendor who installs enterprise apps.

In this kind of an attack, a hacker could establish private connection somewhere between the MDM vendor's server and the victim device to replace the download manifest with a malicious one and force the Mac to install malware right out-of-the-box.

DetailsFix issued but not all devices are safe

The researchers who found this loophole notified Apple and the tech giant soon released a fix in the macOS High Sierra 10.13.6 update released last month.

However, devices that have an older version of the OS still be vulnerable until the new software is installed right away.

Moreover, MDM vendors must also support macOS 10.13.6 to fully mitigate the loophole.