It could be used to format your hard drive, but also for more lucrative exploits. This time it lets malicious developers gain root privilege. Stefan Esser found another exploit last month dubbed DYLD. It’s not as harmful as malware that spreads through the Internet, but it could make some serious damage in an office environment for example. If you plug your Ethernet adaptor into a new Mac, this Mac will get infected as well when it reboots. The best part of this zero-day vulnerability is that your Thunderbolt accessory remains infected. And if your firmware is compromised, there is no way to boot OS X, update the firmware and remove the malicious code. For example, it could simply make your Mac’s firmware refuse to boot OS X, turning your Mac into a useless machine. As this option ROM has been infected, it will execute malicious code infecting the EFI itself. If you reboot your Mac with this infected Thunderbolt accessory plugged in, the EFI will execute the option ROM before booting OS X. After receiving the code via a phishing email or a malicious web site, malware code could look for connected Thunderbolt accessories and flash their option ROMs.
This zero-day exploit dubbed Thunderstrike 2 targets your Mac’s firmware thanks to an attached Thunderbolt accessory, such as an Ethernet adaptor or an external hard drive. Apple told The Guardian that it is working on a fix for both Yosemite and El Capitan.
Xeno Kovah and Trammell Hudson found a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status. It’s Black Hat season, meaning that we are getting a new batch of zero-day exploits showing how insecure our gadgets are.
0 kommentar(er)
