Apple can make computers with a relatively safe and quiet system, but, of course, not everything is always a bed of roses. A new vulnerability, recently discovered, proves this: apparently, there was (or was) a way to infect a Mac at the very moment it is unpacked and connected to a Wi-Fi network for the first time, with some pre-programmed settings that take advantage of Ma's corporate device program.
As reported by WIRED, the flaw was demonstrated this week by Jesse Endahl, head of security for Macs management firm Fleetsmith, and Max Blanger, Dropbox engineer, at the digital security conference Black Hatin Las Vegas. As usual in these cases, the failure was shared with Apple prior to disclosure and is already corrected on macOS High Sierra 10.13.6, but I have to remember that there are still a lot of boxes with Macs pre-installed with previous systems in store stocks around the world, that is, the problem still lives, although on a smaller scale.
Basically, what happens the following: Apple has a program called Apple Device Enrollment Program, whereby companies that buy Macs wholesale for their employees create a list of specifications (settings to be applied, apps to be downloaded, etc.) that are activated as soon as the computer in question connects to a Wi-Fi network for the first time. When this happens, your serial number (which is linked to the program) is sent to Apple servers, which recognize the machine and send the pre-settings to it.
This exchange of information exists due to a platform called Mobile Device Management (MDM), and therein lies the problem. The researchers discovered a flaw in the protocol that allows it to work and realized that the certificates that authenticate this exchange of information between the Mac and Apple's servers can be spoofed, causing malicious programs such as keyloggers, screen species and other types of malware installed silently.
Two aspects are of particular concern to researchers: the first is that the attack is completely unnoticeable, and when the Mac is turned on for the first time and shows its brand-new desktop, it is already quietly infected. Furthermore, because it is an invasion based on a business protocol, depending on where the hackers target this attack, they can take control of the entire network of Macs of a company what a prospect good unpleasant.
Of course, we are not talking here about a simple attack that any hacker, a hacker, could carry out are extremely complex and costly means of invasion, but which could (or can) be employed by powerful organizations, large companies aiming to undermine competition or even governments around. of the world.
No one is suggesting that we burn all the boxes of Macs that are not yet sold running systems prior to macOS 10.13.6, but if companies purchase these machines, it is good to have an extra dose of attention.