Security experts at this week’s Black Hat conference in Las Vegas, Nevada have demonstrated a vulnerability with the 2018 MacBook Pro. The researchers found that would-be hackers could take control of the new laptop right as it makes its first Wi-Fi connection. In doing so, malware could be installed on the machine even before the user first saw the desktop. Luckily, Apple quickly sent out a fix when told about the problem.
According to the researchers, initiating the vulnerability isn’t an easy process since it requires a laptop that’s been purchased by a corporation which uses Apple’s Mobile Device Management tools to install enterprise apps. It also needs a Man in the Middle attack.
When a Mac turns on and connects to Wi-Fi for the first time, it checks in with Apple’s servers essentially to say, “Hey, I’m a MacBook with this serial number. Do I belong to someone? What should I do?”
If the serial number is enrolled as part of DEP and MDM, that first check will automatically initiate a predetermined setup sequence, through a series of additional checks with Apple’s servers and an MDM vendor’s servers. Companies typically rely on a third-party MDM facilitator to navigate Apple’s enterprise ecosystem. During each step, the system uses “certificate pinning,” a method of confirming that particular web servers are who they claim. But the researchers found a problem during one step. When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest’s authenticity.
If a hacker could lurk somewhere between the MDM vendor’s web server and the victim device, they could replace the download manifest with a malicious one that instructs the computer to instead install malware.
Apple was made aware of this vulnerability and quickly issued a fix with the macOS High Sierra 10.13.6 update that launched last month. Regardless, some machines shipped with older versions of macOS, which is something to keep in mind.
This isn’t the first problem being uncovered about the 2018 MacBook lineup, which was released last month. Earlier this week, some users went online to complain about random crackling noises coming out of the device’s speakers. Just weeks ago, other complained that the new laptop suffered from the Mac equivalent to the Windows blue screen of death.
If you’re concerned your company-issued Mac might be suffering from vulnerabilities, contact your IT manager. For everyone else, always make sure your system is up-to-date.
To check for Mac software updates, open the App Store app on your Mac. Click Updates in the App Store toolbar, then use the Update buttons to download and install any updates listed. Updates installed in the last 30 days appear below this list.