Foreign a security researcher recently found a can control the portion of the running OS X system Mac devices for security vulnerabilities. It is reported that the vulnerability allows hackers to remotely re-write the Mac within the device responsible for the machine to start the work of the firmware, once the hack is successful to find that loophole they can in after computer starts to get some control over it.
It is reported that the vulnerability is by the Mac security expert Pedro-Villa-Pedro Vilaca）first found, he will then the message posted to their blog. According to Vera g revealed, a hacker can through this approach in the not in contact with the device under the premise of remote acquires the Mac device of limited control.
Specifically, hackers first need to get the target device Rooted it for for remote operation of a hack to say that although it is not easy, but absolutely possible to achieve, and then you can use the Mac device to enter the Sleep mode, and turn off BIOS protection mechanism when the firmware is rewritten, then the hacker can through this method to change the device Extensible Firmware Interface Extensible Firmware Interface default settings.
Vera g revealed thatApplethe Mac device of this sleep mechanism so that the machine in the middle of a node losing the protection, which means that a hacker can use this fact to rewrite the BIOS data or implant malicious software.
However, Vera g also shows only a 2 0 1 4 mid-year before the launch of the Mac device the existence of this problem, including 2 0 1 5 years before the MacBook Air, MacBook Pro 8.2 and MacBook Pro Retina these models, and the launch of new Mac models is not the existence of this security vulnerability.
The analysis considered, there are security risks models for the vulnerability and there is nothing particularly good protection, at this stage only by changing the device default settings, and let the Mac do not automatically go into hibernation to prevent hacking. But it should be noted that Mac users do not need to particularly worry about, because to achieve this attack process is very complicated, so that a vulnerability in a short period of time is unlikely to be the global hackers a large area to use.