A new exploit has been discovered working on older Macs. That exploit lets hackers remotely overwrite the firmware that boots up the machine, letting attackers control vulnerable devices from the moment you start up the computer – even if it’s been reformatted.
The exploit was announced by OS X security researcher Pedro Vilaca, who claims that the attack affects Macs shipped before the middle of 2014 that can enter sleep mode.
Here’s how the attack works:
-Pedro was able to reflash a Mac’s BIOS using a command contained in userland (the part of Mac OS where applications and driver commands are executed)
-By exploiting vulnerabilities like those found in Safari and other web browsers, attackers could then install malicious firmware. This firmware would be written onto the hardware of the Mac itself, which means it would survive through reformatting and reinstallation of the operating system.
-This exploit is scary because someone could buy a used, reformatted Mac and treat it like a completely brand new Mac, only to realize there’s some malicious code hidden deep inside.
Some people are even calling this new exploit more dangerous than the “Thunderstrike” proof-of-concept exploit that appeared last year.
Both the Thunderstrike exploit and this new exploit gave attackers the same persistent, low-level control over a Mac, which basically lets the attacker have their way with the system.
This new attack, however, doesn’t require the brief physical access (Thunderstrike required you to insert a Thunderbolt device). You can remotely perform the exploit, which means you may be vulnerable to attackers from halfway around the world.
Don’t let all that scare you, however. Pedro Vilaca says he “doesn’t think his attack is likely to be exploited on a mass scale. Instead, it would be exploited only in highly-targeted attacks.”
So as long as you’re not a CEO, nuclear engineer, or president of a country, you should be okay. Hopefully.