From time to time security experts from around the world meet to discuss security issues. One of them is the Black Hat conference held in Las Vegas. At one of the events they have managed to take control of a Mac, in the previous configuration of the operating system.
The vulnerability acts the moment we configure Wi-Fi for the first time, taking advantage of the Mobile Device Management tool. In this way, it is possible to install malware on the computer even before the user uses the computer for the first time. The most dangerous thing is that the user cannot be aware of having left a "door" open.
It is true that in order to take control, a series of circumstances must arise that only a small part of users can face. On this occasion, the conditions for the attack to occur, requires our team to use MDM tools, intended for the business world.
We know the news from the magazine Wired:
When a Mac is turned on and connected to Wi-Fi for the first time, it checks in with Apple's servers primarily to send the message, “Hey, I'm a Mac with this serial number. Do I belong to someone? What should I do?"
If the serial number is registered as part of DEP or MDM, that first check will automatically initiate a default configuration sequence, through a series of additional checks with Apple servers and the servers of an MDM vendor. Businesses generally rely on a third-party MDM tool to navigate Apple's business ecosystem. During each step, the system uses "certificates," a method of confirming that particular web servers are the ones claiming. But the researchers found a problem in one of the steps: When MDM goes to the Mac App Store to download business software, the sequence retrieves a text to download and where to install it, without determining the authenticity of the text.
If a hacker could locate somewhere between the MDM provider's web server and the victim device, they could replace the download text with a malicious one that instructs the Mac to install malware instead.
Also this malware could access information on the entire corporate network.
This vulnerability was found by Jesse Endahl, chief security officer at management firm Fleetsmith, and Max Belanger, a plant engineer at Dropbox.
However, This vulnerability was fixed in macOS 10.13.6. last month. These are the reasons why we recommend that you install each update as soon as possible.
