Latest in Apple

Image credit:

Exploit can control older Macs even after they're formatted

Share
Tweet
Share
Save

Sponsored Links

There's a new vulnerability that could let evildoers control your Mac, even after you format the system drive. Discovered by OS X security expert Pedro Vilaca, the exploit targets older machines after they wake up from sleep mode. The problem is that security normally protecting the firmware isn't activated immediately after certain models wake up, leaving them briefly exposed. And unlike other vulnerabilities that require physical access to a machine (like ThunderStrike) an attacker would be able to plant such an exploit remotely via Safari or other means.

To pull it off, they'd first need to get root OS X root access via a malicious website, email attack or other vector. After a carefully designed program is planted, it could wait for the Mac to sleep (or force it to sleep), then flash the firmware when it wakens. Once inside, the malicious "rootkit" would be difficult to detect and delete compared to regular malware, surviving even re-installs or formatting. Though tricky to use on a large scale, the exploit could be used by attackers to gain "epic ownage" on individual targets, as Vilaca put it.

You could probably... trigger this, all remotely. That's pretty epic ownage.

Vilaca updated his original post to point out that the vulnerability's seriousness, saying it "appears to be an effective zero-day" problem. He confirmed that the bug works on a MacBook Pro Retina, MacBoook Pro 8.2 and a MacBook Air, with all models running the latest BIOS software. However, machines newer than about a year old appear to be immune to it -- possibly because Apple already knows about the issue and patched it, according to Vilaca. Also, even though the exploit is now out there, it would be trickier for attackers to implement than something like Heartbleed. Vilaca doesn't consider the disclosure irresponsible, saying that "the goal is to pressure them to fix their firmware." We've reached out to Apple for comment on the matter.

Source: Pedro Vilaca
In this article: apple, exploit, Mac, Security, vulnerability
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
The Morning After: Preparing for Google's Pixel 4 event

The Morning After: Preparing for Google's Pixel 4 event

View
Fortnite's new 'Party Hub' feature gives mobile players a voice

Fortnite's new 'Party Hub' feature gives mobile players a voice

View
Intrigue at the Nurburgring as Tesla unofficially beats Porsche's fastest lap

Intrigue at the Nurburgring as Tesla unofficially beats Porsche's fastest lap

View
The iPhone 11 Pro Max has 23 percent more battery capacity than the Pro

The iPhone 11 Pro Max has 23 percent more battery capacity than the Pro

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr