Latest in Efi

Image credit:

Thunderbolt vulnerability leaves Macs at risk, researcher finds

Share
Tweet
Share
Save

Sponsored Links


A known flaw in Mac firmware could leave it open to attacks via Thunderbolt devices, security researcher Trammel Hudson has found. This unpatched hole has been known for at least two years, though it remains completely unaddressed thus far.

"It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines," Trammel writes in the essay for his upcoming lecture at the Chaos Communication Conference in Germany. "This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems."

Trammel also notes that the vulnerability could be fixed with "a few byte patch to the firmware," but goes on to say that hammering out the security issues with Apple's EFI is a larger issue on the whole.

via AppleInsider

[Photo via Marckvision]

In this article: efi, mac, privacy, security, thunderbolt
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

Law enforcement is using a facial recognition app with huge privacy issues

Law enforcement is using a facial recognition app with huge privacy issues

View
Microsoft will fix an Internet Explorer security flaw under active attack

Microsoft will fix an Internet Explorer security flaw under active attack

View
Hitting the Books: Hackers can convince your IoT devices to betray you

Hitting the Books: Hackers can convince your IoT devices to betray you

View
The Morning After: Counting down to SpaceX's next Crew Dragon test

The Morning After: Counting down to SpaceX's next Crew Dragon test

View
Recommended Reading: The internet sleuths who caught the Astros cheating

Recommended Reading: The internet sleuths who caught the Astros cheating

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr