OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability

Posted:
in macOS edited February 2015
A Mac hardware vulnerability that has yet to be exploited on a wide scale will reportedly be fixed with Apple's forthcoming OS X 10.10.2 update for Yosemite, preventing any future attacks.




The so-called "Thunderstrike" hardware exploit was publicized late last year, but the hack takes advantage of a flaw in the Thunderbolt Option ROM first disclosed in 2012. Until now, that flaw hasn't been patched, but according to iMore, the latest beta of Apple's OS X 10.10.2 update fixes the problem.

Citing people familiar with the software, it was said that OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.

The "bootkit" hack, discovered by researcher Trammell Hudson, could replicate itself to any attached Thunderbolt device. That means the exploit could spread across air-gapped networks, unbeknownst to users.

The code becomes stored in a separate ROM on the logic board, which would allow the attack to remain even if the user were to install OS X or put in an entirely new hard drive.

While such low-level attacks are dangerous because they are difficult to detect and can do significant damage, they are also more challenging to spread because they require physical access to a machine.

Thus far, Apple has issued five betas of OS X 10.10.2 to developers, with the most recent release arriving last week. Developers have been asked to focus on problem areas including Wi-Fi, Mail, VoiceOver and Bluetooth.
«1

Comments

  • Reply 1 of 24
    Glad to see Apple moved on this. Obviously it's harder to get access to a machine than to remotely download something, but it's still an issue.
  • Reply 2 of 24
    you really need to up your game when reporting on these sort of things. Other sites were reporting on this days ago and as a major Apple "news" site people expect AI to be on the ball.
  • Reply 3 of 24
    mazda 3smazda 3s Posts: 1,612member
    Quote:

    Originally Posted by singularity View Post



    you really need to up your game when reporting on these sort of things. Other sites were reporting on this days ago and as a major Apple "news" site people expect AI to be on the ball.



    Hey, there's no time for such "nonsense" when "infidels" like NVIDIA, AMD, and Intel must be taken down in print <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />

  • Reply 4 of 24

    For this issue, Microsoft's been way ahead with Secure Boot in Windows 8 (October 2012). And there, they had to corral all the third-party video, storage, and network card manufacturers to migrate from BIOS to signed UEFI firmware, where Apple was already on EFI and controls the whole ecosystem in-house.

  • Reply 5 of 24
    Quote:

    Originally Posted by Mazda 3s View Post

     



    Hey, there's no time for such "nonsense" when "infidels" like NVIDIA, AMD, and Intel must be taken down in print <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />




    For the fourth time inside of two weeks....

  • Reply 6 of 24
    gtrgtr Posts: 3,231member
    konqerror wrote: »
    For this issue, Microsoft's been way ahead with Secure Boot in Windows 8 (October 2012).

    Whew!

    That's reassuring to know you can securely boot into your insecure operating system that then requires you to install and update anti-virus software.

    You've got me convinced. I'm switching to Windows!

    ????
  • Reply 7 of 24

    When is this baby being released?

  • Reply 8 of 24
    lkrupplkrupp Posts: 10,341member
    Quote:
    Originally Posted by TheWhiteFalcon View Post



    Glad to see Apple moved on this. Obviously it's harder to get access to a machine than to remotely download something, but it's still an issue.



    Which is more likely to happen? A Mac user getting nailed by Thunderstrike or that same user getting abducted by an Alien. I’d say the odds are about the same.

  • Reply 9 of 24
    lkrupplkrupp Posts: 10,341member
    Quote:
    Originally Posted by konqerror View Post

     

    For this issue, Microsoft's been way ahead with Secure Boot in Windows 8 (October 2012).


     

    Let’s you and me have a contest. We turn off any and all anti-virus software, turn off the firewall, and then head out on the Internet, maybe some porn sites. Any bets as to who will get nailed first?

  • Reply 10 of 24
    ktappektappe Posts: 808member

    >OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.

     

    This may be good for security, but Apple had better be sure to not release any boot ROM versions with bugs. They'll be impossible to patch in the field and would likely require every owner to take their Mac into an Apple Store or ship to depot for patching/repair!

  • Reply 11 of 24
    Quote:

    Originally Posted by lkrupp View Post

     

     

    Let’s you and me have a contest. We turn off any and all anti-virus software, turn off the firewall, and then head out on the Internet, maybe some porn sites. Any bets as to who will get nailed first?




    Same. Attack vectors are equal on Internet sites... Flash, Java, browsers. 67% of web browser share is Chrome and Firefox, both cross-platform. As this bug shows, Apple, and its users, need to realize that due to increasing market share and corporate use, the Mac is becoming an attractive target faster than Apple can respond.

  • Reply 12 of 24
    foggyhillfoggyhill Posts: 4,767member
    Quote:

    Originally Posted by konqerror View Post

     



    Same. Attack vectors are equal on Internet sites... Flash, Java, browsers. 67% of web browser share is Chrome and Firefox, both cross-platform. As this bug shows, Apple, and its users, need to realize that due to increasing market share and corporate use, the Mac is becoming an attractive target faster than Apple can respond.


     

    Really, the fact that there is still a 100 to one security bug ratio between MS and Apple means that?

     

    Look in settings how many security patches MS gets.... Just insanity. Lucky all our machines are not botnet nodes.

  • Reply 13 of 24
    foggyhillfoggyhill Posts: 4,767member
    Quote:

    Originally Posted by ktappe View Post

     

    >OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.

     

    This may be good for security, but Apple had better be sure to not release any boot ROM versions with bugs. They'll be impossible to patch in the field and would likely require every owner to take their Mac into an Apple Store or ship to depot for patching/repair!


     

    That's probably why they've been testing this thing a while...

  • Reply 14 of 24
    Quote:
    Originally Posted by lkrupp View Post

     



    Which is more likely to happen? A Mac user getting nailed by Thunderstrike or that same user getting abducted by an Alien. I’d say the odds are about the same.




    The low amount of Thunderbolt hardware, and the cost of it, is something of a blessing in that regard. Plus the lack of Thunderbolt flash drives (which would be sweet, USB 3.0 is garbage).

  • Reply 15 of 24
    There have been far too many "upgradings" and fixes.
    Apple is hell bent on direct access to, and taking total control of, your computing,music,reading,etc.
    Apple performed an unapproved download of 10.7.5 at an Apple store "to solve an issue" with iTunes.
    As you all know, 10.7.4 was the last of "freedom to operate" with a bevy of existing software.
    One is now unable to retrograde to 10.7...3..4 from Apple.
    Both Safari and iTunes have been made "indispensable" to the OS.
    Didn't Microsoft run into litigation issues over "indispensable Explorer"?
  • Reply 16 of 24

    So what this article says is that the horribly irresponsible flaw that was going to zombify your Mac by plugging in some theoretical Thunderbolt hacked thingamabob is... fixed in a little over a month since an exploit was demo'd.

  • Reply 17 of 24
    Quote:

    Originally Posted by foggyhill View Post

     

     

    Really, the fact that there is still a 100 to one security bug ratio between MS and Apple means that?

     


     

    Myth. Microsoft splits each component into a separate patch so that if something goes wrong, they can back out the specific patch. Apple rolls everything into one update. Go count the number of issues fixed in Mavericks 10.9.4: 19 bugs. Microsoft would release that as around 15 separate patches, Apple rolls into one. iOS 8.1.1 fixed 8 issues, Safari 8.0.1 fixed 13.

  • Reply 18 of 24
    eriamjheriamjh Posts: 1,410member
    > The code becomes stored in a separate ROM on the logic board, which would allow the attack to remain even if the user were to install OS X or put in an entirely new hard drive.

    How does something new get stored in ROM?

    ROM.
  • Reply 19 of 24
    kkerstkkerst Posts: 330member
    Quote:
    Originally Posted by Lord Amhran View Post

     



    For the fourth time inside of two weeks....


     

    Quote:

    Originally Posted by Mazda 3s View Post

     



    Hey, there's no time for such "nonsense" when "infidels" like NVIDIA, AMD, and Intel must be taken down in print <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />


    You forgot Qualcomm. I don't know what they did to DED, but sheesh.....

  • Reply 20 of 24
    mazda 3smazda 3s Posts: 1,612member
    Quote:

    Originally Posted by kkerst View Post

     

     

    You forgot Qualcomm. I don't know what they did to DED, but sheesh.....




    Yeah, it just seems odd to me. I mean, I love Apple and all, and I only buy Apple hardware, but damn, I have no animosity towards the other guys. As much as I like Apple, I welcome a world of diversity in the realm of smartphones, chips, etc. I just don't see why everything has to have an us versus them angle.

Sign In or Register to comment.