MacOS High Sierra Can be Hacked Thru Wi-Fi

Corporation eliminated it with the release of macOS 10.13.6 in July 2018, but unupdated computers are still vulnerable
13 August 2018   1084

The chief security officer at Fleetsmith Jesse Endahl and the Dropbox engineer Max Belanger found a way to compromise Apple's computers with MacOS High Sierra to version 10.13.6 when the device connects to Wi-Fi for a first time. Attackers can hack the device before the first start of the system. This is is reported by Digital Trends.

We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time. By the time they’re logging in, by the time they see the desktop, the computer is already compromised.
 

Jesse Endahl

CSO, Fleetsmith

According to experts, the errors are in the tools for the remote access called Device Enrolment Program (DEP) and Mobile Device Management (MDM). When you connect to Wi-Fi for the first time, the laptop connects to Apple's servers and, if its serial number coincides with the company's identifiers, it starts downloading corporate programs from the list in the manifest file. MDM does not require a certificate of authenticity, so hackers can replace the original file with an arbitrary file with its own list of software.

The researchers told Apple about the vulnerability, and the corporation eliminated it with the release of macOS 10.13.6 in July 2018. Computers with older versions of the OS remain vulnerable.

In November 2017, experts discovered a vulnerability in the macOS High Sierra, which allowed root privileges to be received in a couple of clicks. Then the corporation released a bug fix the very next day.

Huawei May Use Russian OS Instead Android

Due to US sanctions, popular smartphone manufacturer is negotiating of using Russian OS called Aurora, which is based on Sailfish OS
11 June 2019   497

The Bell has received information from several unnamed sources about the discussion of the possibility of using the proprietary mobile operating system Aurora on some types of Huawei devices.

The movement in the direction of Aurora has so far limited itself only to a discussion of the possibility of using this OS, no plans have been presented. The discussion was attended by the Minister of Digital Development and Communications Konstantin Noskov and the Executive Director of Huawei. The meeting also raised the issue of creating a joint production of chips and software in Russia. The information was not confirmed at Rostelecom, but expressed willingness to cooperate.

Huawei declined to comment on the published information. At the same time, the company is developing its own mobile platform Hongmeng OS (Arc OS), providing compatibility with Android applications. The first release of Hongmeng OS is scheduled for the fourth quarter of this year. Two options will be offered - for China and the global smartphone market. It is alleged that Hongmeng OS has been in development since 2012 and was ready for the beginning of 2018, but was not delivered due to the use of Android as a main platform and partnership with Google.

There is evidence that for testing in China, the first batch of 1 million Hongmeng OS-based smartphones has already been distributed. Technical details are not disclosed yet and it is not clear whether the platform is built on Android code or only includes a layer for compatibility. Huawei has long been delivering its own Android edition - EMUI, it is possible that it is the basis of Hongmeng OS.

Huawei’s interest in alternative mobile systems is driven by restrictive measures introduced by the US Department of Commerce, which will restrict Huawei’s access to Android services falling under a commercial agreement with Google, as well as breaking commercial relations with ARM.

Sailfish is partly a proprietary mobile operating system with an open system environment, but closed by the user shell, basic mobile applications, QML components for building the Silica graphical interface, an interlayer for launching Android applications, a smart text input engine and a data synchronization system. The open system environment is built on the basis of Mer (fork MeeGo), which since April has been developing as an integral part of Sailfish, and packages of the Mer distribution package Nemo. On top of the Mer system components, a graphical stack is launched based on the Wayland and Qt5 library.