This year’s Black Hat USA and DefCon indeed bring some most interesting discoveries. Recently, researchers demonstrated at the event an ‘Open Sesame’ vulnerability that made Windows 10 vulnerable to hacking. Now, another group of researchers demonstrated how the MDM vulnerability facilitates remote hacking a Mac during the initial setup process.
MDM Flaw Allowed Hacking A Mac Remotely
On Thursday, two researchers discovered a flaw that allowed hacking a brand new Mac after exploiting MDM vulnerability. In fact, the hack was possible right after taking it out of the box. Jesse Endahl, Chief Security Officer Fleetsmith, and Max Bélanger, a Dropbox engineer demonstrated the vulnerability by hacking a Mac remotely.
The researchers said that the vulnerability affected Macs using Apple’s Device Enrollment Program and Mobile Device Management platform. At first, Wired revealed their findings after which they presented the details along with practical demonstration at the Black Hat USA event at Las Vegas.
Explaining their discovery, Endahl said,
“We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they are logging in, by the time they see the desktop, the computer is already compromised.”
Apple Patched The Flaw Last Month
According to the researchers, targeting a Mac this way is not easy. However, anyone with sophisticated hacking tools can access Macs through this vulnerability. The possible consequences of pulling off such a hack could result in anything from installing spyware to cryptominers. The flaw could even lead to hacking multiple vulnerable devices over a network.
“One of the aspects that’s scary about this is if you’re able to set this up at the company level you could infect everybody depending on where you do the man-in-the-middle. This all happens very early in the device’s setup, so there aren’t really restrictions on what those setup components can do.”
Fortunately, Apple already patched the flaw in the MacOS High Sierra 10.13.6 after receiving a report from the researchers. However, devices shipped earlier with older OS versions remain vulnerable until updated.