“A beta of the next OS X update for Mac users contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port,” Adrian Kingsley-Hughes reports for ZDNet.
“The attack, while serious in scope, requires the attacker to have physical access to the Mac to carry it out,” Kingsley-Hughes reports. “It cannot be carried out remotely.”
“The fix, which sources report has appeared in the OS X 10.10.2 beta which Apple has released, not only prevents the system’s Boot ROM from being altered, but also prevents it from being downgraded so as to make it vulnerable at a future point,” Kingsley-Hughes reports. “This update will be rolled out to OS X users soon.”
Read more in the full article here.
Related articles:
Apple secures Macs against ‘Thunderstrike’ attacks in OS X 10.10.2 – January 24, 2015
Macs vulnerable to virtually undetectable malware that ‘can’t be removed’, but physical access is required – January 12, 2015
New proof-of-concept ‘Thunderstrike’ bootkit for OS X can permanently backdoor Macs – January 9, 2015
And it requires a Thunderbolt port, it should go without saying. In other words, as far as I can tell: No Thunderbolt port=No problem.
I said this before, Apple needs to prevent unauthorized updates via external ports. This should have been there prior to the tech being released. IE: The first Thunderbolt iMacs should have been protected from day one. Same goes for USB.
But I am happy they are taking care of it now.
Shoulda, coulda, woulda, yadda, yadda, yadda…
Having an active ego is important to one’s self-esteem, but beating one’s breast in public is unseemly. If others identify you as an oracle and praise your wisdom, then smile discretely and soak in the adulation. Otherwise…
The MDN link to the article is self-referencing. Here is the source article link:
http://www.zdnet.com/article/apple-preparing-to-release-thunderstrike-patch/