TuanLeDevelopment / CVE-2023-MDM0001-Vulnerability-Forced-MDM-Profiles-Removal-Exploit

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

NOT AN ACTUAL CVE but yeah!

Forced-MDM-Profiles-Removal

Non-removable MDM profiles cannot officially removed without doing a full system wipe, or even with one it could be automatically reinstalled by the past profiles.

This is a method to FORCEFULLY remove any profiles in your MAC.

Responsibility Warning


You are about to execute a Forced-MDM-Profiles-Removal code. Before proceeding, please read and understand the following responsibilities and implications:

  1. Data Loss: Executing this code may result in the loss of device configurations, settings, and associated data. Ensure you have backed up all essential data before proceeding.

  2. Device Malfunction: Improper use or errors during the removal process can lead to device malfunctions or bricking. Only proceed if you are confident in your understanding of the process and its implications.

  3. Security Risks: Removing MDM profiles can expose the device to potential security threats. Ensure that you have alternative security measures in place if you choose to proceed.

  4. Compliance Issues: If the device is owned by an organization or is under any form of management agreement, removing MDM profiles without proper authorization can lead to compliance issues or legal repercussions.

  5. Support Limitations: Once the MDM profiles are removed, you may no longer be eligible for technical support or warranty services from the device manufacturer or service provider.

  6. Reinstallation Challenges: Reinstalling MDM profiles after removal can be complex and may require professional assistance.

By executing the Forced-MDM-Profiles-Removal code, you acknowledge that you have read, understood, and accepted the responsibilities and potential risks involved. You also agree to bear full responsibility for any consequences that arise from this action.


Proceed with caution.

  1. Boot the Mac into Recovery Mode (hold down command+R during startup). Go to the Utilities menu and open Terminal and type:
csrutil disable

This will disable SIP (System Integrity Protection).

  1. Reboot into the OS (Not Recovery Mode).

  2. Open the integrated terminal and type: (The sudo commands might requires your Computer Password)

cd /var/db/ConfigurationProfiles
sudo rm -rf *
sudo mkdir Settings
sudo touch Settings/.profilesAreInstalled
  1. Reboot.
  2. Boot the Mac into Recovery Mode (hold down command+R during startup).
  3. Go to the Utilities menu and open Terminal and type:
csrutil enable

This will re-enable SIP.

  1. Reboot into the OS. (Wuala)

Re-install Profiles

The profile will be now removed and you will be able to re-enroll the Mac to your MDM with:

sudo profiles renew -type enrollment

About

License:MIT License