UEFI flaw makes many Macs vulnerable

Macworld Australia Staff
3 June, 2015
View more articles fromthe author
AAA
Security

Internet, security, VPN, macworld australiaA newly discovered flaw has been found by a security researcher. It allows an attacker to install malware that can persist even after all data on the hard drive has been erased. The flaw modifies Apple’s UEFI (unified extensible firmware interface).

Unlike the Rootpipe or Thunderstrike flaws, exploiting this vulnerability doesn’t require physical access to the computer. The flaw takes advantage of a short period of time when your Mac is waking from sleep. During this time, the UEFI is unlocked, allowing malicious data to be written.

The discoverer of the vulnerability, security researcher Pedro Vilaca, says attackers could inject malware to a Mac connected to the internet. He tested the exploit on a number of pre-2014 Macs, all of which were running Apple’s latest EFI firmware. He was able to infect them all.

It’s thought machines released after mid-2014 are not vulnerable to the flaw.

4 Comments

4 people were compelled to have their say. We encourage you to do the same..

  1. Paul Mah says:

    What wasn’t covered here (but mentioned elsewhere), is how Apple apparently fixed the flaw in newer models of the MacBook, but neglected to do it for older versions. More than ever, this shows that businesses must create their own defences in order to quickly detect suspicious activities that may originate from zero-day exploits like this–rather than relying solely on security updates alone-Paul Mah, commenting on behalf of IDG ad FireEye.

  2. Guy says:

    So how can I protect my 2012 iMac against these types of malicious attacks?

  3. MacMicky says:

    This floor has been around in one for or another since 2000. I have reported it here but the posts never get published . So I take it this is another for the floor.

  4. MacMicky says:

    An individual at Apple admitted this to me (name available upon request) in February this year he also explained there is no way Apple can get rid of it so that the end of 31 year love affair with Apple their service STINKS! They (Apple) will not answer your emails they will not answer voice messages left and as for the statement “Don’t worry, I’ll be with you till we sort this out.” hat a load of old crock. Apple Experience absolutely pre-historic.
    Michael Kennedy
    Cleveland.
    Australia

Leave a Comment

Please keep your comments friendly on the topic.

Contact us