Mac EFI is exposed a major security vulnerability by Thunderbolt devices to spread malicious programs-vulnerability warning-the black bar safety net

ID MYHACK58:62201457245
Type myhack58
Reporter 佚名
Modified 2014-12-23T00:00:00


Next week, Germany at the Chaos Communication Congress Security Conference, a researcher Trammell Hudson will present a new method, through the unique production of Thunderbolt devices in the Mac EFI boot firmware in the injection almost impossible to not remove the Bootkit virus. The exploits of the Thunderbolt ROM in a design flaw, for the first time in 2 0 1 2 years was found, but it has not been amended.

In addition to any code written to the boot ROM, Hudson will also show bootkit virus self-replicating to any Thunderbolt device that will allow a large number of Thunderbolt will be caught and infected more Mac computers.

Since the virus code is present in the motherboard ROM, so the virus even if the user re-install OS X or replacing a hard drive cannot remove it. Hudson said that he can even use the new encryption spoons alternative to Apple's encryption key, the block can remove the virus firmware upgrade. He said:“the hardware and software cryptographic checks are unable to validate firmware authenticity, when the malicious code is written into the ROM, it can control the system, you can use SMM and other techniques to hide themselves, to avoid being found.”

So lower the security vulnerabilities in trouble a lot, because the vulnerability is difficult to be found. Before, there were hacker use full-disk encryption system vulnerabilities to attack the EFI. Of course, the Hudson, the attack requires access to the user's Mac, only via a Thunderbolt device to spread the way it will not bring too much trouble.