Note that requirement #1 is the most important protection for OS X Mac users.
Macs are by default, never in Root Access unless the Administrator User actually activates Root and gives it a Root Access password. 99.99% of all Macs do not run with Root Access activated!
This makes this Proof-of-Concept vulnerability almost impossible to exploit as it requires a double user privilege escalation from standard user (You ARE funning as a standard user, aren't you?), to Admin user to Root user before the Firmware can be modified.
To: ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; altair; ...
The newly named "Dark Jedi" Firmware Hack, actually a vulnerability, is not as dangerous as some pundits might claim. 99.99% of all OS X Macs in the wild will not be at risk from this hack. It requires the Mac to have Root Access activated but OS X Macs are shipped without Root Access activated. For this vulnerability to be exploited, it requires the targeted Mac to experience two levels of privilege escalation from standard user to Admin user then to Root user, a very, very difficult thing to accomplish by a malicious application, in fact, something that has never been accomplished. Apple will most likely patch this vulnerability very quickly. It is already is fixed in all Macs post mid 2014. PING!

Apple Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
I challenge the members of the Apple ping list to each donate at least $10 each to the latest Freepathon. I HAVE donated $100. Many members of the Apple Ping list are already rising to the challenge. Join them. Let's show the power of the Apple Ping list in supporting Freerepublic!
If you have ordered an Apple Watch,
MAKE A DONATION TO THE FREEPATHON!
2 posted on
06/02/2015 9:42:17 PM PDT by
Swordmaker
( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Swordmaker
Damn auto correct. . .
"You ARE funning as a standard user, aren't you?" = "You ARE running as a standard user, aren't you?"
3 posted on
06/02/2015 9:43:35 PM PDT by
Swordmaker
( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Swordmaker
exists for MacBook systems created before mid-2014
Does this mean that my old iMac, which my daughter commandeered but isn't using, would NOT be vulnerable (even if it were powered up and in use?).
Are we still waiting for Apple to patch something before we reactivate Java? I'm using Firefox to avoid Safari with/out java, and I'm not preferring it . . .
7 posted on
06/03/2015 5:42:51 AM PDT by
conservatism_IS_compassion
('Liberalism' is a conspiracy against the public by wire-service journalism.)
To: Swordmaker
14 posted on
06/03/2015 8:29:28 PM PDT by
johngrace
( I am a 1 John 4! Christian- declared at every Sunday Mass , Divine Mercy and Rosary prayers!)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson