Earlier this month, we detailed how Macs made before mid-2014 were prone to a malware vulnerability that targeted EFI memory. Apple has just released a Mac EFI Security Update 2015-001 to fix this security hole for OS X Mountain Lion and Mavericks users, and credits the original security researcher Pedro Vilaca for finding it:
Impact: A malicious application with root privileges may be able to modify EFI flash memory
Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking.
The update also addresses another security hole discovered by Google staff, using research found by Yoongu Kim in 2014:
Impact: A malicious application may induce memory corruption to escalate privileges
Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates.
Click here to download the Mac EFI Security Update 2015-001. System requirements are OS X 10.8.5 (Mountain Lion) and OS X 10.9.5 (Mavericks).
