Some of you guys might recall that a couple of months ago, an exploit nicknamed Thunderstrike was discovered for Mac computers, where basically it could allow hackers to modify the firmware of a Mac computer. Further proving the vulnerability and bringing it to attention, a group of researchers have built on that exploit, resulting in Thunderstrike 2.
According to a report from WIRED, it seems that Thunderstrike is basically a worm that can infect the firmware of a Mac computer, thus making it impossible to be removed. Issuing a patch would be impossible since the worm is said to be able to block the update or reinstall itself regardless of what’s been done.
The scary thing about Thunderstrike 2 is that it can easily infect a Mac computer via a website or email, and it will also be able to spread itself to other Mac computers by hiding in the option ROM of peripherals such as Thunderbolt or a Gigabit Ethernet adapter, external drives, RAID controllers, and more.
To fix the issue, it seems that it can only be done at a hardware level, meaning that the average user probably won’t know what to do about it. According to the researchers, “Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware. Most other vendors, including Apple as we are showing here, have not. We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security.”
The researchers have since gotten in touch with Apple, but the Cupertino company has so far only fixed one of the five security flaws they pointed out, and have only partially addressed the second, but hopefully they will be fixed in future updates. Hopefully in the meantime hackers don’t take advantage of this and start infecting Mac computers with this worm.