{"id":333097,"date":"2026-05-11T22:48:52","date_gmt":"2026-05-11T17:18:52","guid":{"rendered":"https:\/\/ebiztoday.news\/?p=333097"},"modified":"2026-05-11T22:48:52","modified_gmt":"2026-05-11T17:18:52","slug":"apple-needs-to-repair-admin-authentication-in-abm-computerworld","status":"publish","type":"post","link":"https:\/\/ebiztoday.news\/index.php\/2026\/05\/11\/apple-needs-to-repair-admin-authentication-in-abm-computerworld\/","title":{"rendered":"Apple needs to repair admin authentication in ABM \u2013 Computerworld"},"content":{"rendered":"<div>\n<h2 class=\"wp-block-heading\"><strong>What are the implications?<\/strong><\/h2>\n<p>What this implies in practice is that when admins engage with the authentication process, they should achieve this\u00a0using non-federated Apple Account sign-in with Apple\u2019s two\u2011factor authentication (typically via a trusted device or trusted phone number using SMS\/voice).\u00a0That\u2019s weird; it means the important thing accounts that manage protection for sometimes hundreds of devices are still only protected by a six-digit SMS code sent to a specified phone number. We all know that SMS authentication is dangerous, with three well-known attack paths:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>SIM swapping<\/strong>, where an assailant contacts your cellular company posing as you and convinces them to transfer your phone number to a SIM of their control. Once that takes place, all of your SMS codes go to them.<\/li>\n<li><strong>Phishing<\/strong>, reminiscent of a fake login page that acts normally but intercepts your SMS code when you enter it, capturing and immediately using it to attack your actual account.<\/li>\n<li><strong>Interception<\/strong>, by which sophisticated, often nation-state-adjacent attackers exploit the known vulnerabilities of SMS to intercept messages in transit.<\/li>\n<\/ul>\n<p>While it&#8217;s true most small and mid-size businesses probably don\u2019t must worry about that third attack possibility, and the second will be mitigated against by being careful never to make use of a link provided in an email to access key accounts, the primary exploit sits throughout the reach of determined attackers.<\/p>\n<aside class=\"jwPlayer--floatingContainer\" role=\"complementary\" data-nosnippet=\"\">\n<\/aside>\n<h2 class=\"wp-block-heading\"><strong>A hole within the bucket<\/strong><\/h2>\n<p>The implications of a successful attack will be serious. Equipped with a compromised ABM account, an attacker could reassign enrolled devices to an MDM server they control, wipe devices, or push malicious apps\/profiles or configurations at your devices. Those outcomes are, let&#8217;s consider, sub-optimal.<\/p>\n<p>I\u2019m certain Apple has considered this.\u00a0It has, in spite of everything, introduced a variety of security protections for all its devices, including managed devices. But on this case, it\u2019s left things slightly exposed. That weakness is made more critical because Apple\u2019s system permits only a small variety of administrators for every ABM setup, no matter company size.\u00a0<\/p>\n<\/div>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What are the implications? What this implies in practice is that when admins engage with the authentication process, they should achieve this\u00a0using non-federated Apple Account sign-in with Apple\u2019s two\u2011factor authentication (typically via a trusted device or trusted phone number using SMS\/voice).\u00a0That\u2019s weird; it means the important thing accounts that manage protection for sometimes hundreds of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":333098,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[51599,14547,280,2300,17165,2305],"class_list":["post-333097","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-abm","tag-admin","tag-apple","tag-authentication","tag-computerworld","tag-fix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/333097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/comments?post=333097"}],"version-history":[{"count":2,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/333097\/revisions"}],"predecessor-version":[{"id":333100,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/posts\/333097\/revisions\/333100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media\/333098"}],"wp:attachment":[{"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/media?parent=333097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/categories?post=333097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ebiztoday.news\/index.php\/wp-json\/wp\/v2\/tags?post=333097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}