OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability
A Mac hardware vulnerability that has yet to be exploited on a wide scale will reportedly be fixed with Apple's forthcoming OS X 10.10.2 update for Yosemite, preventing any future attacks.
The so-called "Thunderstrike" hardware exploit was publicized late last year, but the hack takes advantage of a flaw in the Thunderbolt Option ROM first disclosed in 2012. Until now, that flaw hasn't been patched, but according to iMore, the latest beta of Apple's OS X 10.10.2 update fixes the problem.
Citing people familiar with the software, it was said that OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.
The "bootkit" hack, discovered by researcher Trammell Hudson, could replicate itself to any attached Thunderbolt device. That means the exploit could spread across air-gapped networks, unbeknownst to users.
The code becomes stored in a separate ROM on the logic board, which would allow the attack to remain even if the user were to install OS X or put in an entirely new hard drive.
While such low-level attacks are dangerous because they are difficult to detect and can do significant damage, they are also more challenging to spread because they require physical access to a machine.
Thus far, Apple has issued five betas of OS X 10.10.2 to developers, with the most recent release arriving last week. Developers have been asked to focus on problem areas including Wi-Fi, Mail, VoiceOver and Bluetooth.
The so-called "Thunderstrike" hardware exploit was publicized late last year, but the hack takes advantage of a flaw in the Thunderbolt Option ROM first disclosed in 2012. Until now, that flaw hasn't been patched, but according to iMore, the latest beta of Apple's OS X 10.10.2 update fixes the problem.
Citing people familiar with the software, it was said that OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.
The "bootkit" hack, discovered by researcher Trammell Hudson, could replicate itself to any attached Thunderbolt device. That means the exploit could spread across air-gapped networks, unbeknownst to users.
The code becomes stored in a separate ROM on the logic board, which would allow the attack to remain even if the user were to install OS X or put in an entirely new hard drive.
While such low-level attacks are dangerous because they are difficult to detect and can do significant damage, they are also more challenging to spread because they require physical access to a machine.
Thus far, Apple has issued five betas of OS X 10.10.2 to developers, with the most recent release arriving last week. Developers have been asked to focus on problem areas including Wi-Fi, Mail, VoiceOver and Bluetooth.
Comments
you really need to up your game when reporting on these sort of things. Other sites were reporting on this days ago and as a major Apple "news" site people expect AI to be on the ball.
Hey, there's no time for such "nonsense" when "infidels" like NVIDIA, AMD, and Intel must be taken down in print " src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />
For this issue, Microsoft's been way ahead with Secure Boot in Windows 8 (October 2012). And there, they had to corral all the third-party video, storage, and network card manufacturers to migrate from BIOS to signed UEFI firmware, where Apple was already on EFI and controls the whole ecosystem in-house.
Hey, there's no time for such "nonsense" when "infidels" like NVIDIA, AMD, and Intel must be taken down in print " src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />
For the fourth time inside of two weeks....
Whew!
That's reassuring to know you can securely boot into your insecure operating system that then requires you to install and update anti-virus software.
You've got me convinced. I'm switching to Windows!
????
When is this baby being released?
Glad to see Apple moved on this. Obviously it's harder to get access to a machine than to remotely download something, but it's still an issue.
Which is more likely to happen? A Mac user getting nailed by Thunderstrike or that same user getting abducted by an Alien. I’d say the odds are about the same.
For this issue, Microsoft's been way ahead with Secure Boot in Windows 8 (October 2012).
Let’s you and me have a contest. We turn off any and all anti-virus software, turn off the firewall, and then head out on the Internet, maybe some porn sites. Any bets as to who will get nailed first?
>OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.
This may be good for security, but Apple had better be sure to not release any boot ROM versions with bugs. They'll be impossible to patch in the field and would likely require every owner to take their Mac into an Apple Store or ship to depot for patching/repair!
Let’s you and me have a contest. We turn off any and all anti-virus software, turn off the firewall, and then head out on the Internet, maybe some porn sites. Any bets as to who will get nailed first?
Same. Attack vectors are equal on Internet sites... Flash, Java, browsers. 67% of web browser share is Chrome and Firefox, both cross-platform. As this bug shows, Apple, and its users, need to realize that due to increasing market share and corporate use, the Mac is becoming an attractive target faster than Apple can respond.
Same. Attack vectors are equal on Internet sites... Flash, Java, browsers. 67% of web browser share is Chrome and Firefox, both cross-platform. As this bug shows, Apple, and its users, need to realize that due to increasing market share and corporate use, the Mac is becoming an attractive target faster than Apple can respond.
Really, the fact that there is still a 100 to one security bug ratio between MS and Apple means that?
Look in settings how many security patches MS gets.... Just insanity. Lucky all our machines are not botnet nodes.
>OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.
This may be good for security, but Apple had better be sure to not release any boot ROM versions with bugs. They'll be impossible to patch in the field and would likely require every owner to take their Mac into an Apple Store or ship to depot for patching/repair!
That's probably why they've been testing this thing a while...
Which is more likely to happen? A Mac user getting nailed by Thunderstrike or that same user getting abducted by an Alien. I’d say the odds are about the same.
The low amount of Thunderbolt hardware, and the cost of it, is something of a blessing in that regard. Plus the lack of Thunderbolt flash drives (which would be sweet, USB 3.0 is garbage).
Apple is hell bent on direct access to, and taking total control of, your computing,music,reading,etc.
Apple performed an unapproved download of 10.7.5 at an Apple store "to solve an issue" with iTunes.
As you all know, 10.7.4 was the last of "freedom to operate" with a bevy of existing software.
One is now unable to retrograde to 10.7...3..4 from Apple.
Both Safari and iTunes have been made "indispensable" to the OS.
Didn't Microsoft run into litigation issues over "indispensable Explorer"?
So what this article says is that the horribly irresponsible flaw that was going to zombify your Mac by plugging in some theoretical Thunderbolt hacked thingamabob is... fixed in a little over a month since an exploit was demo'd.
Really, the fact that there is still a 100 to one security bug ratio between MS and Apple means that?
Myth. Microsoft splits each component into a separate patch so that if something goes wrong, they can back out the specific patch. Apple rolls everything into one update. Go count the number of issues fixed in Mavericks 10.9.4: 19 bugs. Microsoft would release that as around 15 separate patches, Apple rolls into one. iOS 8.1.1 fixed 8 issues, Safari 8.0.1 fixed 13.
How does something new get stored in ROM?
ROM.
For the fourth time inside of two weeks....
Hey, there's no time for such "nonsense" when "infidels" like NVIDIA, AMD, and Intel must be taken down in print " src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />
You forgot Qualcomm. I don't know what they did to DED, but sheesh.....
You forgot Qualcomm. I don't know what they did to DED, but sheesh.....
Yeah, it just seems odd to me. I mean, I love Apple and all, and I only buy Apple hardware, but damn, I have no animosity towards the other guys. As much as I like Apple, I welcome a world of diversity in the realm of smartphones, chips, etc. I just don't see why everything has to have an us versus them angle.