Security researchers Jesse Andal (Jesse Endahl) and Max Belanger (Max Bélanager) demonstrated a way of hacking the new models of Apple Mac computers in a corporate environment with the Protocol mobile device management MDM (Mobile device management).
The experts used the Protocol to extract the manifest and the custom application when the computer first boots.
MDM allows administrators to remotely manage devices Mac OS and iOS, giving you the ability to easily install or remove apps, lock device and securely erase them.
Each time a new device is added to the enterprise, it receives a configuration profile, an operation that can be performed automatically using the device enrollment program (DEP).
Computers macOS automatically associated with the MDM server during boot or after reset to factory settings.
The profile of the DEP, sent to the device is generated by MDM server and includes information that is associated with the installation of the software (namely, the URL of the server and attached certificates).
Using MDM InstallApplication command, administrators can install a particular application. This command uses the manifest URL, which returns an XML file containing all the information required to install applications.
As explained by the experts, it is possible to manipulate the manifest to install a specific application, perform the attack type “man in the middle” (MitM).
Thus a successful attack, attackers can install malicious application as soon as macOS computers connect to the MDM server.
Researchers have notified Apple about his discovery. The company espabila problem with the release of macOS version 10.13.6.