'JUST WORKS' APPLE has been left looking a little dumb after shipping MacBooks with Intel chips left in 'manufacturing mode'.
The mode, as its name suggests, is designed for manufacturer-testing only and should be deactivated when MacBooks and other Intel chip-touting laptops leave the production line.
Left activated, the mode could allow nefarious types to cause havoc with a laptop they have access to as configuring Intel chips is tricky business and can be easily borked by people without the right skills or with an attitude to cause problems.
Hackers with access to the manufacturing mode could also use it to bypass processor-level security features and enable other attack methods to be opened up against an affected machine.
Maxim Goryachy and Mark Ermolov, security researchers from Positive Technologies found that some MacBooks and Lenovo laptops were being shipped with the mode enabled during an investigation into vulnerabilities in Intel's Management Engine, a tool used for remote management operations by Intel.
"By exploiting CVE-2018-4251, an attacker could write old versions of Intel ME (such as versions containing vulnerability INTEL-SA-00086) to memory without needing an SPI programmer or access to the HDA_SDO bridge--in other words, without physical access to the computer," the researchers said, breaking down the situation in detail.
"Thus, a local vector is possible for exploitation of INTEL-SA-00086, which enables running arbitrary code in ME. Notably, in the notes for the INTEL-SA-00086 security bulletin, Intel does not mention enabled Manufacturing Mode as a method for local exploitation in the absence of physical access. Instead, the company incorrectly claims that local exploitation is possible only if access settings for SPI regions have been misconfigured."
The whole thing is all rather technical so we won't slow you down with information better conveyed by the researchers, but, apparently, Apple has quietly patched the problem with the release of High Sierra 10.13.5 and other updates for older macOS versions.
Still the whole thing it a bit embarrassing for Apple, especially when it touts strong security in its products.
The problem wasn't as damning as the password protection borkage that came with the release of High Sierra last year, but Apple appears to be having a few security slip-ups lately, which isn't great for its efforts to maintain a pristine image in the face of strong competition in both the smartphone and laptop world. µ
'Some of us like the misery'
That'll surely affect its credit score