NDTV Gadgets360.com
  • Home
  • Laptops
  • Laptops News
  • Hacking a Brand New Mac Is Possible With This Vulnerability, Researchers Claim; Apple Issues Fix

Hacking a Brand New Mac Is Possible With This Vulnerability, Researchers Claim; Apple Issues Fix

, 10 August 2018
Share on Facebook Tweet Share Share Reddit Comment
Hacking a Brand New Mac Is Possible With This Vulnerability, Researchers Claim; Apple Issues Fix

Despite the bug, the researchers who performed the test have praised Apple's application security.

Highlights

  • The hack targets enterprise Mac devices
  • The vulnerability can affect other computers in the enterprise
  • Only sophisticated hackers might be able to carry this out

Tech giant Apple is known for its secure suite of software that powers its range of devices including the iPhone, iPad, Apple Watch, and the Mac. However, researchers have come out with a new revelation that suggests Apple's Mac computers could be compromised right out-of-the-box. According to a report, this bug targets Mac devices that are part of Apple's Device Enrollment Program (DEP) and Mobile Device Management (MDM) platform. It was showcased at the Black Hat security conference in Las Vegas, Nevada on August 9.

Let's start off with detailing what the bug entails. A report by The Wired explains that a Mac, when it's set up for the first time, checks on Apple's servers to verify the serial number. If the server detects an enterprise computer, it automatically initiates a "predetermined setup interface" that follows a process involving Apple's servers as well as the third-party MDM vendor's.

Now, "certificate pinning", a process to verify Web servers, is undertaken. However, there seems to be a vulnerability at one step in this process. The one where the MDM hands over the device's identity to the Mac App Store in order to install relevant software and apps. At this process, researchers found out, "the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest's authenticity".

Thus, the report goes on to say, if a hacker were to somehow get in at this point and redirect users to their own portal, it could end up with the installation of spyware and malware on the victim's computer ending up compromising their data. Furthermore, this victim computer could act as an entry point into other computers in the enterprise's network. This is especially true for employees working from home, considering they are likely to use consumer-grade routers for Internet access.

While a bug indeed, it comes with its fair share of caveats. Firstly, carrying out such a sophisticated attack is difficult and expensive for average Web criminals. However, the bug does not escape the likes of well-motivated and well-funded online hackers. A valid Web certificate is also needed to carry out the plan, which is difficult to obtain.

Despite the bug, the researchers who performed the test have praised Apple's application security considering Apple's software kills any malicious apps after they have been installed on a Mac computer. Apple has already issued a patch for this issue with macOS High Sierra 10.13.6, however units shipping with an older version will still be vulnerable before the update is installed.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Mac, Apple
The US SEC Is Intensifying Its Probe of Tesla
Samsung Galaxy Note 9 Benchmarks Rank It Below iPhone X, OnePlus 6: Report
Vivo Nex
Hacking a Brand New Mac Is Possible With This Vulnerability, Researchers Claim; Apple Issues Fix
Comment
 
 

Advertisement

 
In Mobiles and Tablets
Latest
Popular
Tech News in Hindi
Latest Videos
More Videos
OPINIONS ALL AUTHORS

Advertisement

Amazon Freedom Sale
TRENDING
  1. Flipkart Big Freedom Sale: The Best Deals From Day 1
  2. Redmi Note 5 Pro Goes on Sale via Flipkart, Mi.com in Big Freedom Sale
  3. Samsung Galaxy Note 9 Price in India Revealed, Pre-Orders Open
  4. Xiaomi Mi A2 vs Redmi Note 5 Pro
  5. Samsung Galaxy Note 9 With Bigger Display and Battery Life Launched
  6. Samsung Galaxy Note 9 vs iPhone X vs OnePlus 6 vs Oppo Find X
  7. Vivo Set to Release Android 9.0 Pie Update in Q4 2018
  8. iPhone X Available With Rs. 10,000 Cashback, and More via Paytm Mall
  9. Nokia 7 Plus Gets Android Pie Beta 4: Here's How to Install
  10. Xiaomi Mi A2 Review
© Copyright Red Pixels Ventures Limited 2018. All rights reserved.