3 matches found
Code injection
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete...
CVE-2014-4498
CVE-2014-4498 affects Apple OS X pre-10.10.2. The EFI/firmware can be modified by a physically proximate attacker via a Thunderbolt device carrying crafted code in an Option ROM during the EFI update process (Thunderstrike). The vulnerability targets the EFI update flow; impact is attacker-contro...
CVE-2014-4498
The CPU Software in Apple OS X before 10.10.2 allows physically proximate attackers to modify firmware during the EFI update process by inserting a Thunderbolt device with crafted code in an Option ROM, aka the "Thunderstrike" issue...