Want to share with your friends too?

13 Aug 2018

This bug puts new Apple Mac at risk

Latest Macs bitten by security-bug, Apple issues fix

While Macs are touted to be one of the most secure devices, the same can't be said for the latest Apple machines.

Security researchers have demonstrated a loophole that allows remote access to new Mac computers the very first time they connect to a Wi-Fi network.

Notably, Apple has patched the bug but several machines running old OS are still vulnerable.

Here's more.

In context

Latest Macs bitten by security-bug, Apple issues fix
What's the security loophole?


What's the security loophole?

The security loophole exposes Mac computers that use Apple's Device Enrollment Program (DEP) and Mobile Device Management (MDM) platforms.

Notably, these are tools required for customized setup of the Macs to meet IT requirements within an enterprise.

And the risk lies in how these devices handle MDM. Considering that if a machine gets compromised, hackers can install malware rather than enterprise apps.

Modus operandi

Researchers explain how the new Macs can be compromised

According to the researchers, the new Macs can be hacked using a Man-in-the-Middle (MITM) attack on Apple's MDM vendor who installs enterprise apps.

In this kind of an attack, a hacker could establish private connection somewhere between the MDM vendor's server and the victim device to replace the download manifest with a malicious one and force the Mac to install malware right out-of-the-box.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Fix issued but not all devices are safe


Fix issued but not all devices are safe

The researchers who found this loophole notified Apple and the tech giant soon released a fix in the macOS High Sierra 10.13.6 update released last month.

However, devices that have an older version of the OS still be vulnerable until the new software is installed right away.

Moreover, MDM vendors must also support macOS 10.13.6 to fully mitigate the loophole.

Ask NewsBytes
User Image

Next Timeline