惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
人人都是产品经理
人人都是产品经理
M
MIT News - Artificial intelligence
C
Cybersecurity and Infrastructure Security Agency CISA
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
爱范儿
爱范儿
Spread Privacy
Spread Privacy
P
Palo Alto Networks Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
The Blog of Author Tim Ferriss
The Cloudflare Blog
WordPress大学
WordPress大学
小众软件
小众软件
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
V2EX - 技术
V2EX - 技术
H
Hacker News: Front Page
Last Week in AI
Last Week in AI
D
DataBreaches.Net
V
V2EX
S
Securelist
C
CXSECURITY Database RSS Feed - CXSecurity.com
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Tenable Blog
Cloudbric
Cloudbric
月光博客
月光博客
Y
Y Combinator Blog
博客园 - 三生石上(FineUI控件)
N
News and Events Feed by Topic
K
Kaspersky official blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
Secure Thoughts
S
Security Affairs
W
WeLiveSecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
AI
AI
有赞技术团队
有赞技术团队
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
罗磊的独立博客
Google DeepMind News
Google DeepMind News
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
N
Netflix TechBlog - Medium
PCI Perspectives
PCI Perspectives
SecWiki News
SecWiki News
IT之家
IT之家
Microsoft Azure Blog
Microsoft Azure Blog
V
Visual Studio Blog

Computerworld

Microsoft 365: A guide to the updates Windows 11 Insider Previews: What’s in the latest build? Windows 11: A guide to the updates Apple can't make chips fast enough, but that's only part of the story AI-led job cuts don’t always mean stronger ROI — Gartner Microsoft, Google push AI agent governance into enterprise IT mainstream Microsoft now has more than 20M paying Copilot users AI is more accurate than doctors in emergency diagnoses — study Start small, but start now: How to bring AI into your small business Apple is preparing to spend, but not necessarily on AI 10 quick productivity tips for Microsoft 365 mobile apps Relying on LLMs is nearly impossible when AI vendors keep changing things Apple breaks records, admits it can’t make Macs fast enough Spotlight report: Transforming software development with AI - Whitepaper Repository - 25 great uses for an old Android device AI chatbots need ‘deception mode’ Friendlier chatbots can be less reliable, study says Gartner sees untamed growth in agentic AI Apple reportedly abandons Vision Pro AI venture funding to shoot up this year as bubble looms Scaling up a tech startup in Europe is hard — 'EU Inc.' aims to help Apple will be behind on AI — until it isn’t EU lawmakers fail to agree on watered-down AI Act, talks pushed to May Android reminders, reinvented Who’s the better CEO, Apple’s Tim Cook or Microsoft’s Satya Nadella? AWS unveils trio of key AI strategy announcements SAS makes AI governance the centerpiece of its agent strategy Can Apple’s new CEO turn things around? Enterprises need to think beyond GPUs for agentic AI, analysts say Fleet hopes to be the MDM provider for the AI Era Why simplicity is the silent driver of hybrid workplace success Why security matters in the meeting room Can everyday IT decisions turn sustainability from intent into impact? Why the meeting room has become the true test of hybrid work Why smart meeting rooms are becoming strategic IT assets How collaboration technology defines the next phase of hybrid work Microsoft, OpenAI change contract terms–again OpenAI plans its own ‘iPhone killer’ Your AI strategy is all wrong Agent Mode is now available in Microsoft Word, Excel, and PowerPoint Adobe bets on AI agents to stay at the center of marketing workflows Microsoft to offer voluntary retirement buyouts to about 7% of the US workforce Google Keep cheat sheet: How to get started The AI workplace paradox: Higher productivity, higher anxiety Gartner: Global IT spending to grow by 13.5% this year Apple may be the only laptop vendor to grow in 2026 Tim Cook’s legacy: a successful CEO who stumbled over AI Google Chat becomes an agent interface for Workspace Gemini Enterprise update brings AI agents into collaborative workflows Meta to track employee keystrokes, screen activity to train AI agents The smartest ways to sync your Android and computer clipboards Microsoft trims cloud desktop pricing, even as it boosts AI costs Adobe builds an ‘agentic content supply chain’ for the AI era You can now test and compare AI models on LinkedIn With John Ternus as CEO, expect Apple’s platforms to proliferate Apple CEO Tim Cook stepping down, to be replaced by John Ternus Global RAM shortage appears set to continue through 2027 Is this where Apple Silicon will be in 5 years? AI-ready skills are not what you think World ID expands its ‘proof of human’ vision for the AI era Microsoft's Patch Tuesday updates: Keeping up with the latest fixes Microsoft’s Patch Tuesday release for April is a whopper Robot Zuckerberg shows how IT can free up CEOs’ time UK wants to build sovereign AI — with just 0.08% of OpenAI’s market cap 20 tricks for more efficient Android messaging AI is finally delivering productivity — for remote employees Google should share search data to break its monopoly, European Commission suggests How to think about Apple Business Microsoft Teams cheat sheet: How to get started Reporter’s notebook: In Nepal and Sri Lanka, AI boom brings hope How to create your own custom Android air gesture Can Microsoft really meet its carbon-negative goal by 2030? About the Best Places to Work in IT Microsoft to cut Windows 365 price for SMBs Blancco confirms Mac adoption is accelerating Apple devices’ satellite link is under new ownership IBM’s government DEI settlement could increase pressure to avoid tech hiring diversity Microsoft is developing Copilot features inspired by Openclaw Global RAM shortage prompts Microsoft to hike Surface prices Apple Business rolls out to 200+ countries today Windows 10: A guide to the updates Nvidia’s Stephen Jones on the toolkit powering GPUs: ‘A wild ride’ The French government eyes alternatives to Windows Apple preps for the face race How to build your own AI agents with Google Workspace Studio Adobe Summit 2026: How Adobe hopes to redesign marketing and creativity with AI DARPA wants to help AI agents to talk to one another Apple unveiled a new high-end market opportunity this week Microsoft adds hidden feature flags to Windows Insider builds Meta moves fast toward a world where AI builds the software PC sales rise in Q1 despite memory shortage — IDC Agentic AI – Ongoing coverage of its impact on the enterprise Google’s new AI app is a glimpse of the future This problem might not need a solution: customer-service bots that code for free Chrome, Vivaldi, and the challenge of changing browsers The new M5-based MacBook Air is built to last — and perform Apple worst, Asus best for laptop repairability US court refuses to stay Pentagon’s ‘supply-chain risk’ blacklisting of Anthropic The top priority for Adobe’s next CEO? Prepping for the ‘age of agents’ It's iPhone speculation time: flips, flaps — and Fold
Apple needs to fix admin authentication in ABM
2026-05-11 · via Computerworld

Jonny Evans

opinion

May 11, 20265 mins

Apple’s platforms are secure by design, but when it comes to authentication, the company seems to be protecting employees more than it protects IT admins. It’s an attack vector just waiting to be exploited — if it hasn’t been already.

As noted first by Six Colors, the problem is that administrator and People Manager accounts on Apple Business Manager (ABM) can’t sign in using federated authentication, even though they manage the federation process for everyone else. 

What are the implications?

What this means in practice is that when admins engage with the authentication process, they need to do so using non-federated Apple Account sign-in with Apple’s two‑factor authentication (typically via a trusted device or trusted phone number using SMS/voice). That’s weird; it means the key accounts that manage protection for sometimes thousands of devices are still only protected by a six-digit SMS code sent to a specified phone number. We know that SMS authentication is risky, with three well-known attack paths:

  • SIM swapping, where an assailant contacts your cellular company posing as you and convinces them to transfer your phone number to a SIM in their control. Once that takes place, all your SMS codes go to them.
  • Phishing, such as a fake login page that acts normally but intercepts your SMS code once you enter it, capturing and immediately using it to attack your actual account.
  • Interception, in which sophisticated, usually nation-state-adjacent attackers exploit the known vulnerabilities of SMS to intercept messages in transit.

While it is true most small and mid-size businesses probably don’t need to worry about that third attack possibility, and the second can be mitigated against by being careful never to use a link provided in an email to access key accounts, the first exploit sits within the reach of determined attackers.

A hole in the bucket

The consequences of a successful attack can be serious. Equipped with a compromised ABM account, an attacker could reassign enrolled devices to an MDM server they control, wipe devices, or push malicious apps/profiles or configurations at your devices. Those outcomes are, shall we say, sub-optimal.

I’m certain Apple has thought about this. It has, after all, introduced a range of security protections for all its devices, including managed devices. But in this case, it’s left things a little exposed. That weakness is made more critical because Apple’s system permits just a small number of administrators for each ABM setup, regardless of company size. 

As a result, an attacker might be able to penetrate a company with perhaps tens of thousands of users simply by identifying five names to target with any/all of the above attacks. Apple does not need to leave this hole in its security bucket.

What can you do to improve protection?

There are some easy wins when you try to protect your business while using Apple’s existing system:

  • The best practice seems to be for admins to use a dedicated phone number that is only used to handle the ABM and never anything else.
  • The number should have SIM swap protection in place. You might be able to set this up with a call to your carrier to have this applied to the account.
  • The number of active admin accounts should be limited to a minimum to narrow the target surface.

What can Apple do better?

Apple needs to change things up. Doing so needn’t be horrifically complex, either, as most of these mitigations are already in place elsewhere in its ecosystem. Here are some suggestions:

  • Extend authenticator support to ABM admin accounts.
  • Introduce Passkeys for admin accounts.
  • Put FIDO2 support in place so admins can use hardware security keys to authenticate, if they choose.
  • Introduce mitigations such as conditional access, so logins from unexpected locations aren’t respected.
  • Introduce support for Sign in with Apple, using biometric data to a specific device as a second factor.

All of these protections are already available in the Apple ecosystem; all Apple needs is to divert a little of its R&D cash into implementing the same protections in Apple Business Manager. From what I’ve seen, the Apple admin community would rejoice if it did. I imagine the Apple Business team is already lobbying for it to find the resources to do just that.

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.

Jonny Evans

Hello, and thanks for dropping in. I'm pleased to meet you. I'm Jonny Evans, and I've been writing (mainly about Apple) since 1999. These days I write my daily AppleHolic blog at Computerworld.com, where I explore Apple's growing identity in the enterprise. You can also keep up with my work at AppleMust, and follow me on BlueSky,Mastodon, and LinkedIn.

More from this author