Macs Made Before Mid-2014 Prone to Malware Vulnerability: Report

iPhoneinCanada.ca Staff
9 years ago

Security researcher and Apple hacker Pedro Vilaca has uncovered a zero-day vulnerability in Macs that allows unwanted persons to slip malware onto computers. The newly discovered security flaw apparently affects all older Macs, and builds on older flaws already uncovered by security researchers (via PC World).

Mac OS X Yosemite.png

After finding that is it possible to gain access to a Mac’s UEFI (unified extensible firmware interface), he was able to install a “rootkit”, a malware type that is nearly undetectable and hard to remove.

The only defense against this type of zero-day flaw is to always shut down the computer and never put it to sleep, Vilaca wrote on his blog.

A similar flaw, Thunderstrike, was discovered last December by another security researcher and presented by researcher Trammell Hudson. That scenario required physical access to the Mac.

Not this time. Vilaca thinks the security flaw can be exploited remotely, which makes it even more dangerous.

Well, Apple’s S3 suspend-resume implementation is so f*cked up that they will leave the flash protections unlocked after a suspend-resume cycle, Vilaca wrote on his blog. !?#$&#%&!#%&!#

And you ask, what the hell does this mean? It means that you can overwrite the contents of your BIOS from userland and rootkit EFI without any other trick other than a suspend-resume cycle, a kernel extension, flashrom, and root access.

Wait, am I saying Macs EFI can be rootkitted from userland without all the tricks from Thunderbolt that Trammell presented? Yes I am! And that is one hell of a hole :-).

Apple has allegedly patched the Thunderstrike bug, which also allowed access to the Mac’s UEFI, but when tested, Vilaca was able to install a rootkit on all test machines released before mid-2014, running the latest EFI firmware available. Newer machines, however, weren’t affected, so Vilaca suspects Apple did manage to patch the vulnerability but left it open in older models.

Vilaca did not notify Apple before exposing this bug, so you may want to follow Vilaca’s advice and always shut down your computer.

P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.

Other articles in the category: Mac

Apple’s M1 MacBook Air on Sale for $799, Save $500

If you’re looking for a ‘cheap’ Apple laptop, the company’s M1 MacBook Air has been slashed down to $799 over at The Source and Amazon Canada, saying that it’s a discount of $500 off. The M1 MacBook Air first debuted back in November 2020, so the laptop is coming up to four years old. The...
IIC Deals
2 days ago

Apple M2 Mac mini on Sale for $599, Certified Open Box

If you’re in the market for a Mac mini, the company’s smaller desktop computer with M2 is available for $599.99, as part of Geek Squad certified open box specials over at Best Buy. Apple currently sells this same Mac mini for $799 new, so you're saving $200 here for an open box computer that's been...
IIC Deals
2 days ago

Apple Plans New M4 Chip for Entire Mac Lineup: Report

What does Apple have in the pipeline for its Mac? According to Bloomberg’s Mark Gurman, it’s going to be a new overhaul of chips, with the next Apple Silicon version known as M4, that will feature AI capabilities. Sources tell Gurman the M4 chip is close to production and will debut in three versions for...
John Quintet
6 days ago