Possibly true. If you’re a Mac user, your Mac has Thunderbolt ports. So do the Microsoft Surface computers. It’s the fastest peripheral transfer connection. However, Intel apparently made a boo-boo when they designed the original silicon back in 2011 and it’s coming back to bite the standard.
The claim this vulnerability can steal all data is bogus, I think, especially on an encrypted Mac or Mac storage drive. Macs use industry leading 256bit Advanced Encryption Standard to do such encryption which uses a single key that is not available on the device. No matter WHAT peripheral might be plugged into the Thunderbolt port by any vulnerable means cannot magically decrypt the user’s data unless the user has entered their password to decrypt the data. Such a device, no matter what they might be able to install, is also not magic and can be uninstalled, contrary to the article’s claims of locking out further updates. Apple, for example, requires a higher than Super User password to make system level changes to the core software, including firmware. Without that password, any external attempt to change things just cannot occur.
This vulnerability requires physical access to the computer. It is not a remote exploit by any means: a physical device MUST be physically plugged into the computer’s Thunderbolt port before anyone could attempt any break-in.
This has been another Intel (they designed it) security issue for some time. The OEM’s (Dell, HP, Lenovo) all run bios/uefi security settings that you can enforce for thunderbolt. It’s hilarious that for once Microsoft comes down on the secure side of this. I firmly believe they only bailed on using it for the Surface line because they didn’t want to pay the licensing fees.
You can run bitlocker @256bit or Apple encryption, but I believe what they are concerned about is being able to intercept it by spoofing an approved hardware address (on the bus), just as your machine could send data freely to another authenticated device over thunderbolt.
I’m sure Intel will issue patched microcode to the OEM’s within a few weeks to address it.