{"id":11395,"date":"2015-06-02T10:24:35","date_gmt":"2015-06-02T14:24:35","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=11395"},"modified":"2021-07-06T16:57:31","modified_gmt":"2021-07-06T20:57:31","slug":"mac-firmware-security-is-completely-broken","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/06\/02\/mac-firmware-security-is-completely-broken\/","title":{"rendered":"Mac Firmware Security Is Completely Broken"},"content":{"rendered":"<p><a href=\"http:\/\/arstechnica.com\/security\/2015\/06\/new-remote-exploit-leaves-most-macs-vulnerable-to-permanent-backdooring\/\">Dan Goodin<\/a>:<\/p>\n<blockquote cite=\"http:\/\/arstechnica.com\/security\/2015\/06\/new-remote-exploit-leaves-most-macs-vulnerable-to-permanent-backdooring\/\">\n<p>The attack, according to a <a href=\"https:\/\/reverse.put.as\/2015\/05\/29\/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken\/\">blog post published Friday by well-known OS X security researcher Pedro Vilaca<\/a>, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac&rsquo;s <a href=\"https:\/\/en.wikipedia.org\/wiki\/BIOS\">BIOS<\/a> using functionality contained in <a href=\"https:\/\/en.wikipedia.org\/wiki\/User_space\">userland<\/a>, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system.<\/p>\n<p>The attack is more serious than the <a href=\"http:\/\/arstechnica.com\/security\/2015\/01\/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs\/\">Thunderstrike proof-of-concept exploit<\/a> that came to light late last year. While both exploits give attackers the same persistent and low-level control of a Mac, the new attack doesn't require even brief physical access as Thunderstrike did. That means attackers half-way around the world may remotely exploit it.<\/p>\n<\/blockquote>\n<p><a href=\"https:\/\/reverse.put.as\/2015\/05\/29\/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken\/\">Pedro Vilaca<\/a>:<\/p>\n<blockquote cite=\"https:\/\/reverse.put.as\/2015\/05\/29\/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken\/\"><p>As a general user you shouldn&rsquo;t, in theory, be much worried with this bug more than you were with Thunderstrike. This is a bug more interesting to attack targeted users than mass exploitation, although a drive-by exploit is definitely feasible.\nThere are easier and cheaper attacks available against you the general user. As a reminder the latest Mac botnet infected around 17k users just by asking them for administrator privileges. Sophisticated attacks are not required when simple things still work.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Dan Goodin: The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac&rsquo;s BIOS using functionality contained in userland, which is the part of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-07-06T20:57:34Z","apple_news_api_id":"4481b516-77f0-4217-b6fd-dc3757a7b0de","apple_news_api_modified_at":"2021-07-06T20:57:34Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/ARIG1FnfwQhe2_dw3V6ew3g","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2095,30,103,48,201],"class_list":["post-11395","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-exploit","tag-mac","tag-safari","tag-security","tag-thunderbolt"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=11395"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11395\/revisions"}],"predecessor-version":[{"id":11396,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11395\/revisions\/11396"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=11395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=11395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=11395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}