1. Akshay Masand's Avatar

    According to the folks over at iMore, the latest beta of Apple’s OS X 10.10.2 update fixes the “Thunderstrike” hardware exploit which was publicized last year. For those of you who aren’t familiar with the issue, the Mac’s EFI bootrom was being replaced making it impossible to roll it back to a previous state.

    The “bootkit” hack was discovered by researcher Trammel Hudson which could replicate itself to any attached Thunderbolt device. This means the exploit could spread across air-gapped networks without users even knowing. The code became stored in a separate ROM on the logic board which would allow the attack to remain even if the user installed OS X or put in an entirely new hard drive.

    Although the low-level attacks are dangerous since they are hard to detect but can still do significant damage, they are also more challenging to spread because they require physical access to a machine. Apple’s most recent beta of OS X 10.10.2 seems to patch the exploit though.

    Aside from this Thunderstrike exploit fix, OS X 10.10.2 also fixes three recently disclosed Project Zero vulnerabilities. Exploit fixes aside, developers have been told to focus on several problem areas for OS X 10.10.2, with a focus on Wi-Fi, Mail, Voiceover and Bluetooth in particular.

    Source: Apple via iMore

    Twitter: @AkshayMasand
    2015-01-27 08:32 AM