Apple preparing to release ‘Thunderstrike’ patch for OS X

“A beta of the next OS X update for Mac users contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port,” Adrian Kingsley-Hughes reports for ZDNet.

“The attack, while serious in scope, requires the attacker to have physical access to the Mac to carry it out,” Kingsley-Hughes reports. “It cannot be carried out remotely.”

“The fix, which sources report has appeared in the OS X 10.10.2 beta which Apple has released, not only prevents the system’s Boot ROM from being altered, but also prevents it from being downgraded so as to make it vulnerable at a future point,” Kingsley-Hughes reports. “This update will be rolled out to OS X users soon.”

Read more in the full article here.

Related articles:
Apple secures Macs against ‘Thunderstrike’ attacks in OS X 10.10.2 – January 24, 2015
Macs vulnerable to virtually undetectable malware that ‘can’t be removed’, but physical access is required – January 12, 2015
New proof-of-concept ‘Thunderstrike’ bootkit for OS X can permanently backdoor Macs – January 9, 2015

5 Comments

  1. I said this before, Apple needs to prevent unauthorized updates via external ports. This should have been there prior to the tech being released. IE: The first Thunderbolt iMacs should have been protected from day one. Same goes for USB.

    But I am happy they are taking care of it now.

    1. Having an active ego is important to one’s self-esteem, but beating one’s breast in public is unseemly. If others identify you as an oracle and praise your wisdom, then smile discretely and soak in the adulation. Otherwise…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.