Symantec confirms existence of unpatched rootkit Mac security flaw

“Symantec says a critical vulnerability within some Apple Mac models could allow hackers to inject systems with persistent rootkit malware,” Charlie Osborne reports for ZDNet.

“The security firm confirmed the existence of the security flaw late on Thursday. The flaw, called the Apple Mac OS X EFI Firmware Security Vulnerability, was originally disclosed last week by security researcher Pedro Vilaca,” Osborne reports. “The problem lies within Mac sleep mode. After Macs awake from this low-power hibernation, a flawed suspend-resume implementation means that some Mac models’ flash protections are left unlocked.”

“While this attack is unlikely to impact on users en masse, it could be exploited in order to spy upon specific, targeted users with valuable data or accounts to share,” Osborne reports. “Until such a time when Apple issues a firmware patch to fix the security flaw, concerned users are advised to shut down their computers rather than put them in sleep mode.”

Full article here.

MacDailyNews Take: Sleep is bad. Shut Down is good. It’ll be patched before you know it.


How to protect your Mac from the ‘Dark Jedi’ firmware hack – June 2, 2015
Vulnerability in Macs made before mid-2014 could allow firmware modifications, researcher says – June 1, 2015
Apple preparing to release ‘Thunderstrike’ patch for OS X – January 26, 2015
Apple secures Macs against ‘Thunderstrike’ attacks in OS X 10.10.2 – January 24, 2015
New proof-of-concept ‘Thunderstrike’ bootkit for OS X can permanently backdoor Macs – January 9, 2015
Macs vulnerable to virtually undetectable malware that ‘can’t be removed’, but physical access is required – January 12, 2015


  1. I’m sure it will get patched, I’m worried about how far back will they go. We are still running 20″ iMacs from 2008/2009 and 2011 models. So hopefully they get patched.

    1. And BTW: Once a computer is ‘theoretically’ infected with malware enacting this exploit, it doesn’t matter if you set your Mac to NOT sleep. The malware could trigger sleep anyway via the Terminal, forcing the EFI firmware rewrite next time it is awoken. That’s one reason Apple has to kick into gear and solve this for ALL Macs NOW NOW NOW. Got that Apple?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.