While Macs are touted to be one of the most secure devices, the same can't be said for the latest Apple machines.
Security researchers have demonstrated a loophole that allows remote access to new Mac computers the very first time they connect to a Wi-Fi network.
Notably, Apple has patched the bug but several machines running old OS are still vulnerable.
What's the security loophole?
The security loophole exposes Mac computers that use Apple's Device Enrollment Program (DEP) and Mobile Device Management (MDM) platforms.
Notably, these are tools required for customized setup of the Macs to meet IT requirements within an enterprise.
And the risk lies in how these devices handle MDM. Considering that if a machine gets compromised, hackers can install malware rather than enterprise apps.
Researchers explain how the new Macs can be compromised
According to the researchers, the new Macs can be hacked using a Man-in-the-Middle (MITM) attack on Apple's MDM vendor who installs enterprise apps.
In this kind of an attack, a hacker could establish private connection somewhere between the MDM vendor's server and the victim device to replace the download manifest with a malicious one and force the Mac to install malware right out-of-the-box.
Fix issued but not all devices are safe
The researchers who found this loophole notified Apple and the tech giant soon released a fix in the macOS High Sierra 10.13.6 update released last month.
However, devices that have an older version of the OS still be vulnerable until the new software is installed right away.
Moreover, MDM vendors must also support macOS 10.13.6 to fully mitigate the loophole.