The worldwide thought that a computer with factory settings is pretty much as secure as it gets, as the default software installed is secure and clean, and the device was not yet connected to the Internet. Nonetheless, that might not be the case with Apple’s Mac computer as security researchers have discovered a bug that could allow Macs to be hacked even before the user logs in for the first time.
The bug was discovered by Jesse Endahl and Max Bélanger. The first is the chief security officer of Mac management firm Fleetsmith, and the latter who is a staff engineer at Dropbox.
According to Endahl, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”
The bug takes advantage of Apple’s Device Enrollment Program and the Mobile Device Managment platform. These tools are provided by Apple and help the company to configure the devices. The flaw discovered by researchers would allow hackers to put malware onto the computers remotely — this means that computers are infected even before the first login in.
The good news is that Apple has addressed the issue when they were notified by the researchers. The vulnerability was patched in macOS High Sierra 10.13.6, but devices shipped with an older build could still be vulnerable to it.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.