The Latest in IT Security

Apple DEP vulnerability lets attackers access orgs’ resources, info

27
Sep
2018
Apple DEP vulnerability lets attackers access orgs’ resources, info

de7wjbwvqaacizv

An authentication weakness in Apple’s Device Enrollment Program (DEP) may allow attackers to enroll any device into an organization’s Mobile Device Management server and, consequently, to obtain privileged access to the private resources of an organization or even full VPN access to internal systems.

In addition to this, the provided DEP profile may contain information about the organization (email addresses, phone numbers) that could be used to mount successful social engineering attacks against company employees.

The vulnerability

The vulnerability was discovered by Duo Security researchers while probing Apple DEP’s security.

“Our research focused on the details of how some of the undocumented DEP APIs work, specifically those that are used by Apple devices to communicate and enroll with the DEP service.

Read More

Leave a reply


Categories

SATURDAY, DECEMBER 15, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks