Pre-installed Sierra Mac OS might hurt Apple’s most reliable supply chain by supplying MacBook that is already hacked.
Most of us order brand new Apple products because of its virgin condition, which means I will get free of bugs system. However, on Thursday a group of researchers demonstrates at the Black Hat security conference in Las Vegas regarding the possibility of Apple’s brand new products will be untarnished.
The attack, which is discovered by the researchers, is infecting those MacBook that uses “Apples Device Enrollment Program” and “Mobile Device Management platform.” These programs and tools provide access to workers of an organization to control the custom Information Technology configuration by themselves from any corner of the world.
This configuration strategy is used to provide the accessibility to the organization to supply new MacBook directly to its employees from Apple Store. And due to “Apple Device Enrollment Program” and “Mobile Device Management Platform” tools they can set up the device according to their business systems by connecting MacBook with the internet.
Hacking enterprise Mac OS
Therefore when Jesse Endahl (Chief Security of Mac Management) and Max Belanger (Staff Engineer at Dropbox) found a bug into the configure tools, they get highly concerned regarding its exploitation to access anonymously brand new MacBook remotely.
Chief Security Mac Management stated, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time.” “By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”
The group of a researcher who found the bug notified Apple and the Mac management developers immediately released a fix in the form of new Sierra OS update 10.13.6 last month. But devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable. One way of protecting against this threat is by using a Mac VPN as it encrypts your device’s traffic and also hides your identity between servers. Bélanger and Endahl also note that Mobile Device Management vendors—third parties like Fleetsmith that companies hire to implement Apple’s enterprise scheme also need to support 10.13.6 to adequately mitigate the vulnerability.