Two researchers have recently discovered that several known vulnerabilities affecting the firmware of all the leading PC makers can also attack the firmware of MACs, which are generally believed to be locked down by Apple in ways that PCs aren’t. According to Wired, the researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.
Researches say that the worm is really hard to detect, really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware. “For most users that’s really a throw-your-machine-away kind of situation”, says Xeno Kovah, one of the researchers who designed the worm. The only way to eliminate malware embedded in a computer’s main firmware would be to re-flash the chip that contains the firmware, he explained, adding that majority of people and organizations can’t physically open up their machine and electrically reprogram the chip.
“The attack raises the stakes considerably for system defenders since it would allow someone to remotely target machines—including air-gapped ones—in a way that wouldn’t be detected by security scanners and would give an attacker a persistent foothold on a system even through firmware and operating system updates. Firmware updates require the assistance of a machine’s existing firmware to install, so any malware in the firmware could block new updates from being installed or simply write itself to a new update as it’s installed”.
To read about the vulnerability in detail, click here.