MDM does not require a certificate of authenticity.
Experts on cyber security found a vulnerability that allows to install malware on a brand new Apple computer when you first connect to a wireless network Wi-Fi. The concept of the attack showed Jesse Endal from the company Fleetsmith and Dropbox engineer Max Bellinger, speaking at the conference Black Hat in Las Vegas.
The bug is in tools Mobile Device Management (MDM) and Device Enrollment Program (DEP), used by the organization to configure Macs. The first connection with Wi-Fi laptop connects to the Apple servers and if it turns out that the serial number matches the enterprise identifiers, it starts to download and configure enterprise software. Programs that must be installed are listed in the file manifest.
However, this process is easy to breach, Wired reports. MDM does not require a certificate of authenticity, and therefore, attackers can replace the original file-the manifest on its own, which will specify the “Mac” download software from a malicious source. As a result, the step of setting the computer might be infected by whatever viruses, including tools that will look for vulnerabilities across the enterprise network.
Thus, “malware” will be taken to a new Mac even before his owner can see the desktop. Researchers have notified Apple about the bug: it was fixed with the release of macOS 10.13.6 last month. However, computers running earlier versions of Windows remain vulnerable.