Experts explained how to hack macs in enterprises through MDM

guest · Aug 11, 2018

Experts explained how to hack macs in enterprises through MDM
August 11, 2018
https://securityaffairs.co/wordpress/75240/hacking/macs-mdm-hack.html

A security duo composed by Jesse Endahl, CPO and CSO at macOS management firm Fleetsmith, and Max Bélanger, staff engineer at Dropbox, demonstrated at the Black Hat security conference how a persistent attacker could compromise brand new Mac systems in enterprise environments on the first boot.

Every time a new device is added in an enterprise, it receives a Configuration Profile, an operation that can be performed automatically using the Device Enrollment Program (DEP).

The experts explained that it is possible to manipulate this manifest to install a specific application by carrying out a man-in-the-middle (MitM) attack.

The attack can exploit this technique to force the installation of a malicious application as soon as the macOS computers connect to the MDM server.
Click to expand...

Minimalist · Aug 12, 2018

Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

By tweaking just two lines of code, a researcher stumbled on an Apple zero-day that could allow a local attacker to virtually “click” a security prompt and thus load a kernel extension on systems running Apple’s latest High Sierra operating system.

Kernel access on a Mac gives an adversary unparalleled access to a system and that can be used to fully compromise the operating system. Apple has previously blocked methods abused by hackers and malware to synthetically approve security prompts presented to the user when attempting to perform risky tasks such as loading a kernel extension. Unfortunately, Apple’s efforts, yet again, have fallen short.
Click to expand...

https://threatpost.com/def-con-2018-apple-0-day-reopens-door-to-synthetic-mouse-click-attack/

guest · Sep 27, 2018

Researchers find vulnerability in Apple's MDM DEP process
Vulnerability could lead to attackers enrolling malicious devices in enterprise networks, researchers say
September 27, 2018
https://www.zdnet.com/article/researchers-find-vulnerability-in-apples-mdm-dep-process/

In a research paper published today and shared with ZDNet in advance, the Duo Labs team has revealed a vulnerability in DEP, or the Device Enrollment Program, the protocol through which new Apple devices are added to an MDM server.

Duo researchers say that flaws in the way DEP was designed allow an attacker to trick the authentication step and enroll a device of the attacker's choosing in an organization's MDM server.

The main reason why these attacks on the MDM DEP authentication process are possible is because Apple only relies on a device's serial number to uniquely identify an iPhone, iPad, or Mac device that is being added to an MDM server.

"Some of the recommended remediation steps will require re-architecting how DEP and MDM enrollment work [...]" These remediation steps are described in a 32-page report released today.
Click to expand...

Log in or Sign up

Experts explained how to hack macs in enterprises through MDM

guest Guest

Minimalist Registered Member

guest Guest

Log in or Sign up

Experts explained how to hack macs in enterprises through MDM

guest Guest

Minimalist Registered Member

guest Guest

Useful Searches