The apples’ supply chain has been among the most closely monitored and analysed since its devices are not immune to all potential hackers. A report released from the wired says that it is possible for a brand new Mac to be compromised remotely in the place whenever it connects to wifi out of the box. The report further says that the attackers usually target the devices from apple’s device enrolment programme and its mobile device management (MDM) platform. The attest the credulity of their findings, the report was demonstrated during the Black Hat security conference. According to the report from the wired, it explains that when a Mac is set up for the first time, checks should be made to the apple’s servers to help verify the serial number. If the server is able to detect the computer enterprise, it will automatically initiate a setup interface which is predetermined. The process involves the servers of Apples as well as the MDM vendors which is the third part.
During the process which is taken to verify the web servers, vulnerability may result at one step in the process especially where the MDM hands over the identity of the device to the Mac App Store in order for the relevant apps and software to be installed. During this process, one is able to discover that the sequence will retrieve a manifest on what to download and where to install it without pinning for the confirmation of the authenticity of the manifest.
At this point, if the hackers get to the process with the intention of redirecting the users to their own portal, the result will be the installation of the malware and spyware on the victims’ computers. This will end up compromising the results of the users. Besides, the hacked computer will be used as a gateway or entry point to other computers in the network within the enterprise. This is more common to these employees who are working from their homes since they are likely to use router to access internet that are consumer-grade.
According to the report a bug was discovered which can be exploited in order to gain access. Besides, for the DEP and MDM to be attacked they must require a lot of access. Because of all these threats Apple has been made aware and efforts made to come up with a solution. In the process of finding the solution, Apple was able to come up with a version of MacOS High Sierra so that it can help them to fix the bug. Despite, the discovery of the new version of the MacOS High Sierra, Apple confirmed that those machines that are still running on the old version of OS are still vulnerable to the attacks. Therefore, the IT experts in the helpdesk of pros whose responsibility is to manage Mac devices should identify them and patch them as soon as possible.
Further the report said that when the Mac serial number is enrolled in MDM and DEP, a series of checks are likely to be conducted automatically. This function will be performed by both the servers of the MDM vendors and the Apple’s servers.
For instance, in the year 2007, an individual be the name Miller became the first person to hack the iphone using a simple flaw in its Safari browser which enabled him remotely to gain control over the no-smart-phone. The second incidence of hacking Macbook took place after six months when the iphone was hacked. The incidence took place for two minutes only. All these incidences demonstrate clearly that Macbook is not safe and can be hacked and important data manipulated. When Miller asked why he was making all those hacks, he said that he wasn’t showing his elite hacking skills instead he wanted to demonstrate how easy it was to find chinks in the armour of the commonly used software. In his hacking process, Miller used a technique by the name dumb Fuzzing in order to gain access and find flaws in some programmes that are in PowerPoint and other PDF files.
Still Macs are being hacked. The hack is aimed at stealing source code, patent and some other highly specific data. Despite the many hacks and the bug, the apples’ application security is still praised considering the fact the software provided by apple are able to kill any app that is malicious after they have been installed in a Mac computer.
No comments:
Post a Comment