Brand new Macs were vulnerable to hacking during their first WiFi log-on, security researchers reveal
- Cooking Mama’s return whips up a fresh batch of memes Tuesday 8:18 PM
- Influencer body-shames model, Photoshops photo of self to ‘prove point’ Tuesday 7:27 PM
- Boosie Badazz goes on transphobic rant about Dwyane Wade’s daughter Tuesday 6:34 PM
- Royal Family’s website accidentally links to porn instead of charity Tuesday 5:39 PM
- Republican senator spreads false conspiracy about coronavirus Tuesday 5:11 PM
- New DNA technology could help exonerate Black man serving life sentence Tuesday 4:24 PM
- ‘SNL’s’ Kenan Thompson to host the White House Correspondents’ Dinner Tuesday 3:58 PM
- Singer Summer Walker dragged for insensitive HIV comments Tuesday 2:39 PM
- This video of a teddy bear getting steam cleaned makes a perfect meme Tuesday 2:27 PM
- Ted Cruz goes on Twitter tirade over proposed vasectomy bill Tuesday 2:22 PM
- Billie Eilish says she’s stopped reading Instagram comments Tuesday 2:13 PM
- Christian group blames satanists for Twitter poll results Tuesday 1:41 PM
- Coronavirus has pandemic-themed video games topping charts Tuesday 12:58 PM
- Bloomberg said kids are drawn to socialism because they think it involves social media Tuesday 12:55 PM
- Jake Paul gives ill-informed advice on how to deal with anxiety Tuesday 12:25 PM
At the Blackhat security conference in Las Vegas this week, security researchers revealed a macOS security bug that affects new devices. When they connect to a WiFi network for the first time, it’s possible—albeit not easy—for a man-in-the-middle to install malware on the system.
Upon its discovery, the researchers, Jesse Endahl, the chief security officer at Mac management firm Fleetsmith, and Max Bélanger, a Dropbox engineer, notified Apple of their findings. They held off disclosing the vulnerability until it had been patched, which Apple did in July with macOS 10.13.6. Machines running older versions of macOS are still vulnerable, but seeing as this bug only affects brand new devices, the chances of this vulnerability being exploited at this point should be quite slim.
According to WIRED, it works like this: “When a Mac turns on and connects to Wi-Fi for the first time, it checks in with Apple’s servers essentially to say, ‘Hey, I’m a MacBook with this serial number. Do I belong to someone? What should I do?'” The system then checks if the serial number is already enrolled in Apple’s enterprise system. The researchers found a problem during one step in this process, when the machine is directed to the Mac App Store to download enterprise software. If a hacker can insert themselves at this point in the setup process, they can re-instruct the machine to download malware, rather than legitimate enterprise software.
The malware could be anything—a key-logger or screen-grabber, or software that infiltrates the rest of the corporate network. The researchers believe this isn’t the sort of thing the average hacker would be interested in undertaking, but something you might see with a state-sponsored attack. (And given the intreating revelations of how far Russia seems to have penetrated American election systems, it seems like a legitimate concern.)
Historically, Windows machines have been more known for malware security issues than Mac devices, but with the growing popularity of Macs, particularly in the workplace, that’s not always the case. Last year, security researches uncovered a serious macOS security bug that allowed hackers potentially steal a user’s passwords stored in their keychain, for example. And the Russian malware that was used to hack the DNC was also found to affect Apple computers.
As always, security vulnerability discoveries like this highlight the importance of keeping machines up to date with system updates.
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.