A fix for the Thunderstrike proof-of-concept bootkit attack has made its way into a beta version of Apple’s OS X, according to a just-published report. The new fix may indicate that a patch isn’t far from general release.
The exploit was dubbed Thunderstrike because it spreads through maliciously modified peripheral devices connected to a Mac’s Thunderbolt interface. When plugged into a Mac that’s booting up, the device injects what’s known as an option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac’s system management mode and enabling other low-level functions. Once a Mac is infected, the malicious firmware can survive hard drive reformats and OS reinstallations. And since Thunderstrike replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected systems.
Earlier this month, Thunderstrike creator Trammell Hudson said that only the latest versions of Mac Mini’s and iMac Retina 5ks were largely immune to the exploit but that Apple engineers were in the process of developing a fix for the rest of the Mac product line. According to a report published Friday by iMore, the patch has been spotted in the latest beta of OS X 10.10.2, the next version of Yosemite.
Read 6 remaining paragraphs | Comments

Leave a Reply