Security researchers have found a way to immediately infringe Mac before users log in for the first time. That's pretty bad, but the deal here is difficult. It affects only a part of Mac users and patches have already been applied.
Apple's Mac MDM security flaw
Security exploit uses Apple 's Mobile Device Management Platform (MDM) to deliver every payload that a hacker tries to ride a new Mac. Jesse Endahl, the Mac security manager's chief security officer at MaxBélanger, staff engineer at Fleetsmith and Dropbox, found this flaw.
Endahl told Wired.
Before the user logged in for the first time, a bug was found to infringe the device and install malicious software. When logging in, the computer has already been compromised before the desktop is displayed.
To take advantage of this flaw, you need to find a way to incorporate a server with malicious payload into the MDM setup process. After the Mac completes the setup verification process, the server must conform to the process before the computer starts delivering the application to Apple servers.
Such MDM settings are typically used at the enterprise level. The company buys a Mac during the purchase process and connects to the MDM system. When an employee gets a computer and turns on the computer for the first time, it connects to Apple's server. By the time the Mac completes booting to the desktop, the process is complete and the necessary applications and settings are installed.
Why Apple's MDM security flaws do not hurt you
Apple 's MDM problem is a legitimate security flaw, but it does not affect most people, nor is it going to spread.