Hacking a Brand New Mac Remotely, Right Out of the Box | WIRED: "We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time," Endahl says. "By the time they’re logging in, by the time they see the desktop, the computer is already compromised."
The researchers notified Apple about the issue, and the company released a fix in macOS High Sierra 10.13.6 last month, but devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable. B�langer and Endahl also note that Mobile Device Management vendors—third parties like Fleetsmith that companies hire to implement Apple's enterprise scheme—also need to support 10.13.6 to fully mitigate the vulnerability. Apple did not respond to WIRED's requests for comment.
The researchers notified Apple about the issue, and the company released a fix in macOS High Sierra 10.13.6 last month, but devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable. B�langer and Endahl also note that Mobile Device Management vendors—third parties like Fleetsmith that companies hire to implement Apple's enterprise scheme—also need to support 10.13.6 to fully mitigate the vulnerability. Apple did not respond to WIRED's requests for comment.