Even Apple Mac computers can be attacked using some of the same firmware vulnerabilities that commonly affect many PCs, a new proof of concept work demonstrates.
The new attack created is called Thunderstrike 2, and is similar to the original Thunderstrike vulnerability found last year, likely also relying on the same attack techniques. It was created by a pair of security researchers – Trammell Hudson, who discovered Thunderstrike, and Xeno Kovah.
Apple Mac computers not invincible
It was also discovered that the proof of concept work could be transferred between two Macs without them being networked – it would be able to escape from most scanning software and could even survive being reformatted – the only way to remove it would be to re-flash firmware chips.
The code itself is apparently based on research from Kovah’s LegbaCore consultancy company last year, which found lots of firmware exploits in PCs made by Dell, HP, and Lenovo. Five out of the six are potentially also applicable to Macs, according to Kovah, because computer companies like Apple often rely on the same reference implementations for firmware.
Apple has apparently been notified already and patched one of the exploits, with another partially fixed. There is no information yet however on whether those fixes also include changes made in OS X 10.10.2 to fix Thunderstrike.
Thunderstrike 2 works by targeting the option ROM on accessories like Ethernet adapters and SSD drives, and can be spread simply by connecting an infected device to a Mac. An attack might be initially delivered by email or a malicious website, and the researchers say that computer companies should cryptographically sign firmware and upgrade their hardware to allow authentication.
More details about Thunderstrike 2 will be shared at this forthcoming Black Hat USA security conference on August 6th.