[Aug 11, 2018]
Researchers demonstrated the vulnerability in Macbook this week at the Black Hat security conference in Las Vegas. The threat targets MacBooks that use Apple’s Device Enrollment Program and its Mobile Device Management platform.
Vulnerabilities in these setup tools that could exploit to get rare remote Mac access.
Researchers said, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they’re logging in, by the time they see the desktop, the computer is already compromised.”
The researchers have already notified Apple about the bug and the company has released a fix in macOS High Sierra 10.13.6 last month. However, the devices manufactured before last month are still vulnerable and the organizations need to update the OS to secure the loophole.