Getting a brand new Mac is a great moment, with a great feeling of freshness, newness, cleanliness, and a smoothly running system without a single error. But even a brand new Apple computer can be at risk - even before you have it in your home or office.ancYou turn on the lights at all. How is that possible?
Security researchers have discovered a surprising way to hack a brand new Mac before its first owner even turns it on. The attack exploits Apple's Device Enrollment Program. Applu and its Mobile Device Management platform. These are a pair of tools that allow companies to completely customize a Mac before it leaves the factory. Appto the relevant employeeanci. However, there is a security flaw in the system that allows would-be attackers to remotely infect a Mac with malware the moment the computer first connects to a Wi-Fi network. According to Jesse Endahl of Fleetsmith and MaxAccording to Dropbox's Bélanger, who decided to demonstrate the flaw live at the Black Hat security conference in Las Vegas, the attacks only target corporate computers.
Gallery
"We discovered a bug that allows a device to be compromised and installed with malicious software before the user even logs in for the first time," explains Endahl. "The moment they log in and look at the desktop, the computer is already at risk," he adds. Company Apple was made aware of the bug and released a fix in macOS High Sierra 10.13.6, but computers that shipped before this update are still at risk. "One of the scary aspects of the whole thing is that if you're using a computer at an enterprise level on a network, you can put everyone else at risk," says Bélanger.
