“A new exploit dubbed ‘Dark Jedi’ exists for MacBook systems created before mid-2014, where a hacker can issue a malicious program to overtake the system’s firmware by simply having the system be put in sleep mode,” Topher Kessler reports for MacIssues.
“Upon waking from sleep, the firmware on these older Macs is unlocked, which leaves them open to access and modification from applications running in OS X,” Kessler reports. “This contrasts with the recent Thunderstrike firmware vulnerability that allowed hackers to overtake firmware, but required physical access to the system. Since this current vulnerability is run by way of malicious software, systems can be attacked remotely by uses of trojan horse and other social engineering approaches, but this also provides an avenue for protection.”
Kessler reports, “If your Mac is an older one and you are concerned about this vulnerability, keep in mind that for now this is a proof-of-concept attack that is not known to be in any active hacking attempts. In addition it has three key limitations: It requires root access; It requires you download it; It requires your system be put to sleep.”
Read more in the full article here.
MacDailyNews Take: It’s also nice, until Apple patches this thing, that Macs with SSDs boot so quickly. It’s almost like sleep anyway.
Vulnerability in Macs made before mid-2014 could allow firmware modifications, researcher says – June 1, 2015
Apple preparing to release ‘Thunderstrike’ patch for OS X – January 26, 2015
Apple secures Macs against ‘Thunderstrike’ attacks in OS X 10.10.2 – January 24, 2015
New proof-of-concept ‘Thunderstrike’ bootkit for OS X can permanently backdoor Macs – January 9, 2015
Macs vulnerable to virtually undetectable malware that ‘can’t be removed’, but physical access is required – January 12, 2015