A MacBook is Not Immune to Cyber Attacks: Jeffrey Katzenberg Almost Learned The Hardway
Most people believe that having a MacBook automatically makes you immune to cyber attacks. One of the major reasons for this assumption is the exorbitant cost of owning one. Putting this myth to the test are two security researchers.
They successfully hacked a Mac belonging to billionaire film producer Jeffrey Katzenberg — proving that owning a macOS device isn’t an automatic defense against cyber threats.
Rachel Tobac, a social engineer and CEO of SocialProof Security, successfully carried out the attack on the unspecified macOS device by leveraging on a patched vulnerability to get Katzenberg to click on a phishing link on a spoofed website.
Once the film producer did so, the engineer was able to steal photos, emails, and contacts from the Mac and also turn on the Mac’s microphone and eavesdrop on Katzenberg without triggering the built-in macOS microphone indicator.
Rachel wasn’t the only one carrying out exploitation on the PC. Her husband, Evan Tobac, attacked the system to gain access to vital information from Katzenberg. He did this by leveraging the underlying bug to carry out an attack using iCloud links and Safari’s sharing preferences
Why Attack the MacBook?
In a tweet by the first researcher, she explained that the attack was a demonstration for a company the said user wants to invest in, Aura – the identity theft protection firm.
We just hacked a billionaire!
Got consent 1st then got to work hacking Jeffrey Katzenberg. @Evantobac & I stole his pics, emails, and contacts then turned on his mic (without an indicator light) & listened to his phone calls.
Here’s the video on how we hacked a billionaire: pic.twitter.com/t63JJQccIr— Rachel Tobac (@RachelTobac) March 16, 2022
Evan Tobac also explained in another tweet that the exploit was built based on research from Ryan Pickren.
The attack worked because Jeffrey’s OS/browser was out of date by close to 4 months.
4 months was enough for detailed descriptions of the vulnerabilities to become public, for me to read about them and incorporate them into an attack.
This is a good segue into mitigation.
— Evan Tobac (@evantobac) March 16, 2022
At the end, both users said the attack only worked because Katzenberg’s Mac was out of date after several updates. Will new Apple products feature better defense?