At the Blackhat security conference in Las Vegas this week, security researchers revealed a macOS security bug that affects new devices. When they connect to a WiFi network for the first time, it’s possible—albeit not easy—for a man-in-the-middle to install malware on the system.
Upon its discovery, the researchers, Jesse Endahl, the chief security officer at Mac management firm Fleetsmith, and Max Bélanger, a Dropbox engineer, notified Apple of their findings. They held off disclosing the vulnerability until it had been patched, which Apple did in July with macOS 10.13.6. Machines running older versions of macOS are still vulnerable, but seeing as this bug only affects brand new devices, the chances of this vulnerability being exploited at this point should be quite slim.
According to WIRED, it works like this: “When a Mac turns on and connects to Wi-Fi for the first time, it checks in with Apple’s servers essentially to say, ‘Hey, I’m a MacBook with this serial number. Do I belong to someone? What should I do?'” The system then checks if the serial number is already enrolled in Apple’s enterprise system. The researchers found a problem during one step in this process, when the machine is directed to the Mac App Store to download enterprise software. If a hacker can insert themselves at this point in the setup process, they can re-instruct the machine to download malware, rather than legitimate enterprise software.
The malware could be anything—a key-logger or screen-grabber, or software that infiltrates the rest of the corporate network. The researchers believe this isn’t the sort of thing the average hacker would be interested in undertaking, but something you might see with a state-sponsored attack. (And given the intreating revelations of how far Russia seems to have penetrated American election systems, it seems like a legitimate concern.)
Historically, Windows machines have been more known for malware security issues than Mac devices, but with the growing popularity of Macs, particularly in the workplace, that’s not always the case. Last year, security researches uncovered a serious macOS security bug that allowed hackers potentially steal a user’s passwords stored in their keychain, for example. And the Russian malware that was used to hack the DNC was also found to affect Apple computers.
As always, security vulnerability discoveries like this highlight the importance of keeping machines up to date with system updates.
H/T 9to5Mac