Latest in Apple

Image credit:

Researchers create a worm that infects Macs silently and permanently

Roberto Baldwin, @strngwys
August 3, 2015
745 Shares
Share
Tweet
Share

Sponsored Links

Macs have typically been heralded as the more secure of the two main operating systems. But according to researchers, at the firmware level, that's not necessarily true. Ahead of their 'Thunderstrike 2: Sith Strike' Black Hat presentation, Xeno Kovah, Trammell Hudson and Corey Kallenberg demonstrated to Wired that Macs have some of the same vulnerabilities as their Windows counterparts. The exploit is especially troubling because now a phishing email or click on a link on a malicious site could compromise the computer. This is in addition to the exploit shown last year that was spread by the ROM of infected external drives and accessories like a Thunderbolt to ethernet adapter. These exploits are nearly impossible to detect because security software doesn't scan the firmware and reinstalling the system doesn't remove the problem.

The exploit highlights that firmware (the software that boots a computer) isn't typically encrypted out of the factory and doesn't authenticate updates from the manufacturer. The researchers say they have alerted Apple about the issue and according to the Wired article, the company has patched one exploit and partially patched another.

This is the second Thunderstrike exploit to target Macs. The first version was fixed with OS X 10.10.2 and required the hacker to have physical access to the computer. This new version is more nefarious because the malware can be delivered via a link. The latest OS X security update (10.10.4) seems to keep the exploit from taking hold.

Still, vulnerabilities like this are a reminder that companies should be encrypting all the elements of a machine to reduce the chance of their customers getting hacked in the first place.

In this article: apple, BlackHat, Firmware, Hacking, Security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
745 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
A $13,000 electric car will go on sale in the US by late 2020

A $13,000 electric car will go on sale in the US by late 2020

View
Tesla is reportedly close to making a more affordable Model Y

Tesla is reportedly close to making a more affordable Model Y

View
Pixel 4a review: The best $350 phone

Pixel 4a review: The best $350 phone

View
Sony explains how PS4 accessories will work on PS5

Sony explains how PS4 accessories will work on PS5

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr