“A beta of the next OS X update for Mac users contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port,” Adrian Kingsley-Hughes reports for ZDNet.
“The attack, while serious in scope, requires the attacker to have physical access to the Mac to carry it out,” Kingsley-Hughes reports. “It cannot be carried out remotely.”
“The fix, which sources report has appeared in the OS X 10.10.2 beta which Apple has released, not only prevents the system’s Boot ROM from being altered, but also prevents it from being downgraded so as to make it vulnerable at a future point,” Kingsley-Hughes reports. “This update will be rolled out to OS X users soon.”
Read more in the full article here.
Apple secures Macs against ‘Thunderstrike’ attacks in OS X 10.10.2 – January 24, 2015
Macs vulnerable to virtually undetectable malware that ‘can’t be removed’, but physical access is required – January 12, 2015
New proof-of-concept ‘Thunderstrike’ bootkit for OS X can permanently backdoor Macs – January 9, 2015