Every Mac equipped with a Thunderbolt port are victims of a fault all hazards since it is virtually impossible to seal.
It is the occasion of the conference Chaos Computer Club that the security researcher Trammel Hudson has detailed a flaw that affects all Apple computers with a Thunderbolt adapter.
While the hacker Snare, in 2012, had already shown the ability to drag Mac malware using the opportunity to read areas of alternative submissions on Thunderbolt adapters through the PCIe connection via “Option ROM” Trammel Hudson for his part used this attack vector to rewrite EFI Boot ROM.
This particularly pernicious attack, called Thunderstrike highlights a huge vulnerability of Mac saw the EFI Boot ROM is a hardware component that manages the computer starts.
Although it takes physical access to the machine, which is not necessarily difficult for a hacker or a secret agent, this flaw is particularly pernicious because it indirectly gives full access to the machine allowing the installation of a back door, but especially that you reinstall the operating system or change the hard disk will not clean the infection since it is a separate component. This attack is particularly pernicious that it only takes one infected Thunderbolt peripheral sharing to spread the infection.
Apple has already taken a countermeasure against this vulnerability by changing the startup procedure. This patch is not enough in the eyes of Trammell Hudson as it believes it will be possible to return to a previous configuration on an older Mac, but also by the fact that the recent flaw called “Dark Jedi Coma” would bypass cons-measures implemented by Apple.
In order to protect themselves, Trammel Hudson has applied Thunderstrike attack on its own Mac to completely disable “Option ROM”, a highly technical solution which is unfortunately not everyone mainstream users. Until Apple offers a more permanent solution, the best advice is to not connect anything to the Mac.
It should also specify that Thunderstrike runs on any Intel Mac with a Thunderbolt port, ie including all MacBook marketed since 2011
..
No comments:
Post a Comment