Thunderbolt 3 ‘Thunderclap’ vulnerabilities affect almost all Macs released since 2011

“Vulnerabilities in Thunderbolt has been disclosed by security researchers, with ‘Thunderclap’ allowing a device connecting over Thunderbolt to acquire sensitive data from the host Mac, an issue that affects almost all Macs released since 2011,” Malcolm Owen reports for AppleInsider.

“Revealed at the Network and Distributed Systems Security Symposium on Tuesday, Thunderclap is a set of vulnerabilities that take advantage of issues with the way Thunderbolt operates,” Owen reports. “By misusing how Thunderbolt functions, a malicious device has the capability to access system memory without any oversight from operating systems.”

“Practically all hardware with some form of Thunderbolt connection is affected, including those with USB Type-C ports and those with older Mini DisplayPort connections,” Owen reports. “In the case of Apple, a dedicated Thunderclap website notes ‘all Apple laptops and desktops produced since 2011 are vulnerable, with the exception of the 12-inch Macbook.'”

Read more in the full article here.

MacDailyNews Note: On behalf of his team of researchers (Colin Rothwell, Brett Gutstein, Allison Pearce, Peter Neumann, Simon Moore and Robert Watson), Theo Markettos writes that “since this is a new space of many vulnerabilities, rather than a specific example, we believe all operating systems are vulnerable to similar attacks, and that more substantial design changes will be needed to remedy these problems.”

Read more in the full article here.

[Attribution: AppleInsider. Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]


  1. Let’s be clear:

    Thunderbolt is simply an interface that unnecessarily combines many functions into a single cable. Because combination of many functions onto one cable necessitates software to manage the connections, these new “one cable” solutions are inherently more prone to security cracks. In this day & age, it seems only a matter of time before any software is breached.

    The geniuses at Apple apparently decided to make it so that any peripheral that is attached via Thunderbolt is allowed direct memory access. This means that a hacker with physical access to a Mac has unfetterd access to all network traffic, A/V, and even keylogging capabilities. Oops!!! Don’t ever leave your Mac unattended.

    For the record, Thunderbolt combines DC power, PCI serial data, Displayport/DVI video & audio.

    I miss the days when Apple still offered the user benefit of at least a few frequently used legacy connections, like Magsafe for power, Toslink or SPDIF for digital audio, etc. Apple seems to have rushed headlong into its vision of a portable future with the minimum physical connections that they completely forgot to use the level of security precautions that their sound bites would lead the buyer to believe.

    1. “This means that a hacker with physical access to a Mac has unfetterd access to … your Mac.”

      Fixed that for you. As with almost ALL “security vulnerabilities” in the past few years, the common sense “always keep your hardware in a safe relatively secure location” and “don’t attempt to use anything ON your computer if you’re not sure about the source, whether it’s a free version of an app that’s normally for pay or that free USB stick you found on the ground.”

      There is literally NO device that is so secure that it won’t fall prey to an 1d-10T vulnerability.

  2. How far has Thunderbolt been used in OSes other than MacOS/iOS? Appreciate the MDN addition but somehow looks more like trying to deflect attention from the seriousness of the vulnerability for the Mac community.

  3. If it affects any Thunderbolt device, it’s NOT Mac specific. As there are Thunderbolt devices available for use in Windows as well, and there is a secure haven right?

    Once again with just a touch of common sense, if you don’t connect things to your Mac or install software you’re not sure about, you won’t have any problems, no one is going to hack Thunderbolt without gaining physical access to the computer.

    These security alerts are alway over-blown, sure be cautious, pay attention, but don’t get carried away just because some “security researcher” found a bug.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.