Apple has been always credited with the security of the devices. However, it might not entirely be true. While Windows might be vulnerable to attacks, Apple is not so secure either. It looks like a brand new MacBook can easily be hacked.
The threat was demonstrated this week at the Black Hat security conference in Las Vegas. The threat targets MacBooks that use Apple’s Device Enrollment Program and its Mobile Device Management platform. The idea is to ship MacBooks directly to employees so they can set up the devices from their offices or home. Jesse Endahl, chief security officer, Fleetsmith, and Max Bélanger, staff engineer at Dropbox, found a bug in these setup tools that could exploit it to get rare remote Mac access.
We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they’re logging in, by the time they see the desktop, the computer is already compromised.
– Jesse Endahl
The researchers have already notified Apple about the bug and the company has released a fix in macOS High Sierra 10.13.6 last month. However, the devices manufactured before last month are still vulnerable and the organizations need to update the OS to secure the loophole.
Apple hasn’t commented on the bug or the fix rolled out by the company. However, this bug again reveals that no matter how secure a network or Operating System is, there are still issues and loopholes that can be exploited.