Hacking a brand new Mac during setup process

Planning to get a brand new Mac that is free from all kind of bugs and has a robust security system, but there is no such device.

According to security researchers, a brand new Mac could be easily compromised remotely just after it connects to Wi-fi.

The researchers will demonstrate the Mac security flaw on Thursday at the Black Hat security conference in Las Vegas. The attack is done by taking advantage of Apple’s Device Enrollment Program (.pdf) and its Mobile Device Management platform.

The flaw in the enterprise tools allows hackers to install malware inside the operating system remotely.

Jesse Endahl, chief security officer of Mac management firm Fleetsmith, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time.”

 “By the time they’re logging in, by the time they see the desktop, the computer is already compromised,”  Endahl says.

Last month, the security researchers had notified Apple about the flaw, and in response to that the company has released a patch for macOS High Sierra 10.13.6, however, the devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable.

from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2KRUACz