OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

HACKINTOSH.ORG | Macintosh discussion forums > Macintosh News > Apple News (Moderator: HCK) > OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

Pages: [1] Go Down

« previous next »

Author

Topic: OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs (Read 385 times)

HCK

Global Moderator
Hero Member

Posts: 79425

OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

« on: January 27, 2015, 09:00:12 pm »

OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

Apple is readying a fix in OS X 10.10.2 for the so-called "Thunderstrike" hardware exploit targeting Macs equipped with Thunderbolt ports, iMore has learned. According to the report, Apple patched the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked.

To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed.

Thunderstrike is a serious vulnerability discovered earlier this year by security researcher Trammell Hudson, enabling an attacker to replace a Mac's bootrom with malicious code without a user knowing. Since the malicious code is stored in a low level inaccessible to the user, the problem would remain even if the bootrom was replaced.

macbook_air_pro_yosemite" width="800" height="260" class="aligncenter size-large wp-image-435650

macbook_air_pro_yosemite" width="800" height="260" class="aligncenter size-large wp-image-435650

The proof-of-concept attack is limited in scope, however, as an attacker would require physical access to the Mac or savvy social engineering skills in order to trick a user into attacking his or her Mac themselves. Apple has already addressed the issue in its latest hardware, including the iMac with Retina 5K Display and new Mac mini.

OS X 10.10.2 has been in pre-release testing for over two months and should be made available to the public in the coming days. The most recent OS X 10.10.2 beta was seeded to developers for testing last Wednesday. In addition to the Thunderstrike fix, the upcoming software update addresses security vulnerabilities exposed by Google's Project Zero security team last week.

According to 9to5Mac, the latest OS X Yosemite release will also add iCloud Drive in Time Machine and resolve issues related to Wi-Fi, VoiceOver and security. In particular, a recently identified glitch causing Spotlight on OS X to expose system information to spammers through remote content loading will reportedly be patched. Safari will also gain improved performance and security.

No public instances of Thunderstrike attacks have yet to be reported.

Recent Mac and iOS Blog Stories
• Apple Likely Sold More iPhones in China Than in the U.S. Last Quarter
• Apple China Posts Video Showing Creation of Mural for New Chongqing Store
• Apple Launches 'Free on iTunes' Section With Free TV and Music Downloads
• Buyer's Guide: Deals on iPad Air 2, iMac, Apple Accessories, and More
• Hands-On With the ClamCase Pro Keyboard Case for iPad Air 2
• 'GMT Bug' in iOS 8 Calendar Syncing Causing Time Zone Confusion for Users
• Apple's iTunes Radio, Beats, and Others Hit With Unpaid Royalty Suits Over Pre-1972 Music
• Tetris-Like Puzzle Game 'Shades' Named Apple's Free App of the Week
<img width='1' height='1' src='http://rss.feedsportal.com/c/35070/f/648327/s/42b85dae/sc/15/mf.gif' border='0'/><br clear='all'/>

<a href="http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/rc/1/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/rc/1/rc.img" border="0"/>[/url]
<a href="http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/rc/2/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/rc/2/rc.img" border="0"/>[/url]
<a href="http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/rc/3/rc.htm" rel="nofollow"><img src="http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/rc/3/rc.img" border="0"/>[/url]

<img src="[url]http://da.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/a2.img" border="0"/>[/url]<img width="1" height="1" src="http://pi.feedsportal.com/r/219132319892/u/49/f/648327/c/35070/s/42b85dae/sc/15/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url] <img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url] <img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="//feeds.feedburner.com/~r/MacRumors-Front/~4/9Ui8PCUhSdQ" height="1" width="1" alt=""/>

Source: OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs


	Logged

Pages: [1] Go Up

« previous next »

Jump to: