A security flaw related to firmware in Apple computers can be used to infect the system with a hard-to-remove malware, according to Pedro Vilaca who studies Mac security. In a blog, Vilaca noted that firmware gets unlocked in older Apple computers after a computer goes to sleep.
Older Apple computers vulnerable
While studying Mac security, Vilaca found that meddling with Apple computer’s UEFI (unified extensible firmware interface) is very much possible. UEFI firmware is better than BIOS, which is a low-level code that links a computer’s hardware and operating system at start up. Generally, UEFI code is not accessible to users, but according to Vilaca, he found that the code can be unlocked after a computer is put to sleep. This code can then also be changed. Apple computers manufactured before mid-2014 are expected to be vulnerable to this flaw.
Joel Greenblatt Owned Hedge Fund On Why Value Investing Isn’t Working Now
Acacia Capital was up 12.27% for the second quarter, although it remains in the red for the year because of how difficult the first quarter was. The fund is down 14.25% for the first half of the year. Q2 2020 hedge fund letters, conferences and more Top five holdings Acacia's top five holdings accounted for Read More
Further, after the UEFI is modified, it is possible to install a rootkit, a type of malware that is very difficult to detect or remove using commercial security products. The only thing a user can do is not let the computer go into sleep mode.
Vilaca tested the attack on MacBook Pro Retina, a MacBook Pro 8.2 and a MacBook Air, all running the latest EFI firmware available. Newer machines were not prone to the flaw, which led him to believe that although Apple has fixed the issue in the newer system, it has not done so for older devices.
More dangerous than Thunderstrike
In the beginning of 2015, the Cupertino, California-based company came up with solutions to address a similar type of attack known as Thunderstrike, which allowed a modification of the UEFI by accessing a Mac’s Thunderbolt interface. Thunderstrike was discovered by researcher Trammell Hudson at the Chaos Communication Congress in Hamburg last December. However, launching Thunderstrike is only possible with the attacker having physical access to the computer. However, for this latest bug, Vilaca believes it could be exploited remotely, thus making it a lot more dangerous.
Vilaca might not have conveyed the flaw to Apple before going public, and taking this tack can aggravate tech firms. Most companies argue that independent researchers should inform them about any issue they discover in order to stop attackers from taking advantage of the problems. Vilaca, however, clarified that he has no rift with Apple stating, “My goal is to make OS X better and more secure.”