Vulnerability in Older Apple Machines

Tuesday, June 2, 2015 @ 02:06 PM gHale

Older Apple computers have a Zero Day software vulnerability in the firmware that makes it susceptible for a malware infiltration, a researcher said.

The flaw builds on previous ones but this one could be far more dangerous, said Pedro Vilaca, who studies Mac security, in a blog post.

Safari Browser Spoofing Potential
Apple Fixes Webkit Flaws in Safari
Ransomware Focuses on Outdated Plug-Ins
Malware Goes Invisible

It is possible to tamper with an Apple computer’s UEFI (unified extensible firmware interface), Vilaca said. UEFI is firmware designed to improve upon BIOS, which is low-level code that bridges a computer’s hardware and operating system at startup.

The UEFI code typically ends up sealed off from users. But Vilaca said he found the code unlocks after a computer goes to sleep and reawakens, allowing for modification. Apple computers made before mid-2014 appear to be vulnerable.

Vilaca said it is then possible to install a rootkit, a type of malware hard to remove and nearly undetectable by security products. The only defense is to not let the computer sleep and always shut it down, Vilaca said.

Apple officials were not immediately available for comment.

Apple released patches earlier this year for a similar type of attack called Thunderstrike, which allowed modification of the UEFI by accessing a Mac’s Thunderbolt interface.

Thunderstrike, though, required an attacker to have physical access to the computer. Vilaca thinks it may be possible to remotely exploit the bug he found, making it potentially a whole lot more dangerous.

He tested the attack on a MacBook Pro Retina, a MacBook Pro 8.2 and a MacBook Air, all running the latest EFI firmware available. Newer machines, however, were not vulnerable, which Vilaca wrote led him to suspect that Apple fixed the problem in later models but didn’t patch older computers. It appears Vilaca did not notify Apple before disclosing the bug.