Posted on 08/06/2015 8:50:39 AM PDT by for-q-clinton
It’s Black Hat season, meaning that we are getting a new batch of zero-day exploits showing how insecure our gadgets are. Xeno Kovah and Trammell Hudson found a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status. Apple told The Guardian that it is working on a fix for both Yosemite and El Capitan.
This zero-day exploit dubbed Thunderstrike 2 targets your Mac’s firmware thanks to an attached Thunderbolt accessory, such as an Ethernet adaptor or an external hard drive. After receiving the code via a phishing email or a malicious web site, malware code could look for connected Thunderbolt accessories and flash their option ROMs.
If you reboot your Mac with this infected Thunderbolt accessory plugged in, the EFI will execute the option ROM before booting OS X. As this option ROM has been infected, it will execute malicious code infecting the EFI itself. For example, it could simply make your Mac’s firmware refuse to boot OS X, turning your Mac into a useless machine. And if your firmware is compromised, there is no way to boot OS X, update the firmware and remove the malicious code.
The best part of this zero-day vulnerability is that your Thunderbolt accessory remains infected. If you plug your Ethernet adaptor into a new Mac, this Mac will get infected as well when it reboots. It’s not as harmful as malware that spreads through the Internet, but it could make some serious damage in an office environment for example.
Stefan Esser found another exploit last month dubbed DYLD. This time it lets malicious developers gain root privilege. It could be used to format your hard drive, but also for more lucrative exploits.
Malwarebytes already spotted an adware creator who uses this zero-day vulnerability to get root permission and then execute a script to install a bunch of applications — the VSearch adware, the Genieo adware and the MacKeeper junkware. It also makes the Mac App Store unusable at it will endlessly prompt you to install Download Shuttle.
Apple already fixed DYLD in El Capitan’s beta but not in the current Yosemite version. It has also added applications using these exploits to its malware blacklist, but it’s just a temporary cat-and-mouse fix. The company will issue security patches for both OS X Yosemite and OS X El Capitan beta. In the mean time, be careful when you download something and unplug all your Thunderbolt devices before rebooting your Mac — just in case.
I’m not sure what lists are appropriate, but this *sounds* bad.
Probably just FUD
I had a rootkit once that rewrote router firmware to reinfect a factory-reset on your PC machine. It was rough until I figured it out. Took about a week of heavy combat. Once I learned to flash the router to factory as well, it went away.
Not possible. We all know only Microsoft products can be hacked or get viruses.
Ouch!
Let’s play “How will macbots spin this issue?”
- Hey this requires the user to click on a link AND have an external drive plugged in AND reboot after the drive is infected. That’s not going to happen in the real world.
- Only idiots click on links that they aren’t 100% sure are safe.
- This is someone trying to get famous and sell their services/software. Nothing to see here move along.
- It’s not self-propagating, therefore, it doesn’t count.
- Did you see the latest android malware that bricks the android phone? All’s it takes is a text message! Wow that is some unsafe OS there (oh and Apple’s text bomb doesn’t count because they eventually fixed it—I think).
- Apple will fix this eventually and they are actually already working on a fix. Since it will be fixed soon and it’s not reported to actually to have been used as an exploit—this doesn’t count.
Part of everyday life these days. But if you are clicking on emails or downloading porn, you are kind of stupid.
Swordmaker was the one who posted an article about this threat, two days ago. He didn’t downplay or obfuscate.
“But if you are clicking on emails or downloading porn, you are kind of stupid.”
So the billions of people who click on an email every day are stupid? hmmmm
BTW, the malware pukes inhabit all regions of the internet these days. Not just the porn sites.
fqc,
There is a patch out that can be installed now. Apple is also working on a permanent fix.
In a very unsafe world, the Mac system is amazingly robust. It is not perfect.
I’m not sure if there is anything better that you can hope for. I appreciate every time an exploit reveals a vulnerability that can be improved.
My 13 years as a MS slave showed me a very vulnerable side to windows.
I hope they all continue to become hardened and improved.
Choose one you like best and enjoy.
And don’t forget to wear safety glasses when working with your router.
Well, way to be literal. Reading for context is indeed a lost art form.
Clearly I meant links to unknown sites or unknown senders.
How about that? Do millions do THAT every day?
welll sheesh Im sorry
If you want on or off the Mac Ping List, Freepmail me.
Even going to known safe sites isn’t safe though. Sites get hacked everyday. What happens if Freerepublic gets hacked and you go here to read this thread...and wammo you get the exploit.
This might tank AAPL some more.....hopefully
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.