Security researchers discovered a way to invade new Mac

At the Black Hat Conference held in Las Vegas, security researchers demonstrated a way to control a new Mac.

At the Black Hat held in Las Vegas, security researchers demonstrated a way to control a new Mac. They said there were vulnerabilities in the ways of Mac’s MDM, which allowing them to install malicious software without limitations, even before the user sees the desktop the first time. Of course, attacking a new Mac is not easy.

According to the report of Wired, when a Mac opens and connects to Wi-Fi for the first time, it will continuously register Apple’s servers, almost meaning: Hey, I’m a MacBook with serial number, I belong to whom, and what I should do.

The serial number is part of the registration of DEP and MDM, Mac will automatically activate the predetermined setting sequence through Apple’s servers and MDM supplier’s servers when registering for the first time. Enterprises usually rely on third-party MDM to navigate Apple’s ecosystem for enterprises.

But researchers found a problem during the process. When MDM is being transferred to Mac App Store for downloading enterprise software, the sequence will search a list used to determine which to download and where to install without confirming the authenticity of the list.

If hackers can lurk between MDM supplier’s web servers and devices to attack, they will be able to replace the download list with malicious programs, instructing the Mac to install them. This kind of malicious programs include keylogger, screen capturer as well as vulnerability tools of the whole network.

Jesse Endahl, chief security researcher of Mac’s management company Fleetsmith, and Max Belanger, Dropbox’s engineer, discovered the issue. They reported to Apple, letting the company fix it with certain time before they reveal the attacking way. In fact, this vulnerability has been fixed in macOS 10.13.6.