Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Remote Mac hack relies on MDM bug Apple patched in latest macOS update

Researchers at the Black Hat security conference at Las Vegas intend to demonstrate an exploit in Apple's enterprise tools that lets well-equipped hackers compromise a Mac the first time it connects to Wi-Fi, though the bug has already been patched in the latest macOS High Sierra update.

As reported by Wired, Jesse Endahl, chief security officer at Mac management company Fleetsmith, and Dropbox staff engineer Max Bélanger uncovered a bug in Apple's enterprise hardware management setup tools that can be used to gain remote access to a target Mac. The pair plan to demonstrate the exploit on Thursday.

Notably, hackers can — with some difficulty — construct a man-in-the-middle attack that downloads malware or other malicious software before a client logs in to a new Mac for the first time.

Apple's enterprise tools, the Device Enrollment Program and Mobile Device Management platform, work in tandem to provide an easy IT setup regimen for companies deploying a large number of devices to their workers.

With the help of firms like Fleetsmith, companies that take part in MDM programs can send employees new hardware directly from Apple. When an employee opens and logs in to their new Mac for the first time, it connects to Apple's servers, as well as those run by the MDM vendor, to retrieve a configuration manifest.

The Mac skips from server to server to pick up the assets provisioned to complete an automated setup process, one that ultimately results in a custom configured machine ready for integration with the MDM customer's infrastructure. Endahl and Bélanger discovered a problem with Apple's certificate pinning, which authenticates web servers throughout the configuration process.

In particular, the researchers found a bug in Apple's MDM sequence that, when the process hands the machine over to the Mac App Store, fails to complete pinning to confirm the authenticity of an app download manifest, the report said. The hole provides an opportunity for hackers to install malicious code on a target Mac remotely and without alerting the end user.

"We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl says. "By the time they're logging in, by the time they see the desktop, the computer is already compromised."

While technically possible, would be hackers would need access to the right tools and privileges to make such an attack is feasible. For instance, Endahl was only able to demonstrate the vulnerability by using Fleetsmith's MDM privileges to set up a certified server and tainted payload. That said, a dedicated hacker — or motivated government — might be compelled to attempt the attack as it presents potential access to a corporation's entire network of managed Macs.

"One of the aspects that's scary about this is if you're able to set this up at the company level you could infect everybody depending on where you do the man-in-the-middle," Bélanger said. "This all happens very early in the device's setup, so there aren't really restrictions on what those setup components can do. They have full power, so they're at risk of being compromised in a pretty special way."

Apple was notified of the exploit and issued a fix in the latest macOS High Sierra 10.13.6 update released last month, though users are still vulnerable. As noted by Wired, though the bug was addressed a month ago, there are likely many Macs that remain in channel inventory running older, un-patched versions of the operating system. Further, MDM firms processing Mac deployments also need to support the latest macOS 10.13.6 release to counter the exploit, according to Endahl and Bélanger.



11 Comments

MacPro 18 Years · 19845 comments

Removed question ... Didn't read correctly ... need more coffee ...

lkrupp 19 Years · 10521 comments

Listen up all you users who refuse to update for various, usually irrational, reasons. Keep your damn systems up to date. The Apple discussion forums are full of posts from users wanting to roll back updates because something happened and they don’t want to troubleshoot the issue. “I just updated to macOS 10.13.6 and my printer stopped working. How do I go back to 10.13.4?” Or, “I updated to 10.13.6 and this third party game I downloaded six years ago doesn’t work anymore. How do I go back to plain old Sierra?”

Well, you get the drift. 

maciekskontakt 15 Years · 1168 comments

lkrupp said:
Listen up all you users who refuse to update for various, usually irrational, reasons. Keep your damn systems up to date. The Apple discussion forums are full of posts from users wanting to roll back updates because something happened and they don’t want to troubleshoot the issue. “I just updated to macOS 10.13.6 and my printer stopped working. How do I go back to 10.13.4?” Or, “I updated to 10.13.6 and this third party game I downloaded six years ago doesn’t work anymore. How do I go back to plain old Sierra?”

Well, you get the drift. 

Yes. Spend your money on new hardware and replace something that has been working for long time. Do you actually work in Apple marketting department? You sound like you do.
Apple has bad approach and low quality testing and coding these days and that is fact I found out from buddy who just left their development team in Mac in Cupertino. We are from the same region in finance (NYC). You cannot afford to be that arrogant to business users in our area. That is why Apple is niche in it. You do test and support working sytuff or you are gone in no time.Updates and upgrades are rolled out in proper waves and timing - vendor can do this at any time but when something brakes they are "Johnny-on-thespot" and fix overnight or else. I know what was doen in Goldman Saxchs at the time an trust me even Microsoft had to bend and listen.

thedarkhalf 6 Years · 5 comments

lkrupp said:
Listen up all you users who refuse to update for various, usually irrational, reasons. Keep your damn systems up to date. The Apple discussion forums are full of posts from users wanting to roll back updates because something happened and they don’t want to troubleshoot the issue. “I just updated to macOS 10.13.6 and my printer stopped working. How do I go back to 10.13.4?” Or, “I updated to 10.13.6 and this third party game I downloaded six years ago doesn’t work anymore. How do I go back to plain old Sierra?”

Well, you get the drift. 
Yes. Spend your money on new hardware and replace something that has been working for long time. Do you actually work in Apple marketting department? You sound like you do.
Apple has bad approach and low quality testing and coding these days and that is fact I found out from buddy who just left their development team in Mac in Cupertino. We are from the same region in finance (NYC). You cannot afford to be that arrogant to business users in our area. That is why Apple is niche in it. You do test and support working sytuff or you are gone in no time.Updates and upgrades are rolled out in proper waves and timing - vendor can do this at any time but when something brakes they are "Johnny-on-thespot" and fix overnight or else. I know what was doen in Goldman Saxchs at the time an trust me even Microsoft had to bend and listen.

This!! To expect that every user should just upgrade "...just cause" is ignorant to so many factors, especially in the business world.

lkrupp 19 Years · 10521 comments

lkrupp said:
Listen up all you users who refuse to update for various, usually irrational, reasons. Keep your damn systems up to date. The Apple discussion forums are full of posts from users wanting to roll back updates because something happened and they don’t want to troubleshoot the issue. “I just updated to macOS 10.13.6 and my printer stopped working. How do I go back to 10.13.4?” Or, “I updated to 10.13.6 and this third party game I downloaded six years ago doesn’t work anymore. How do I go back to plain old Sierra?”

Well, you get the drift. 
Yes. Spend your money on new hardware and replace something that has been working for long time. Do you actually work in Apple marketting department? You sound like you do.
Apple has bad approach and low quality testing and coding these days and that is fact I found out from buddy who just left their development team in Mac in Cupertino. We are from the same region in finance (NYC). You cannot afford to be that arrogant to business users in our area. That is why Apple is niche in it. You do test and support working sytuff or you are gone in no time.Updates and upgrades are rolled out in proper waves and timing - vendor can do this at any time but when something brakes they are "Johnny-on-thespot" and fix overnight or else. I know what was doen in Goldman Saxchs at the time an trust me even Microsoft had to bend and listen.

I’m talking about macOS and security. Every single word you typed is raging, blathering idiocy, a sure sign of being an Apple hater who makes things up on the spot.  Your OPINION about Apple’s quality is laughable, literally laughable.