Tuesday 2 June 2015

Leak In Older MacBooks Makes Installation Possible Rootkit


A security researcher has discovered a vulnerability in the firmware of several older Apple MacBooks, allowing an attacker could install malware. The latest models do not seem to be vulnerable, but 100% sure researcher Pedro Vilaca not, he tells on his blog.

Vilaca discovered that he is the Unified Extensible Firmware Interface (UEFI) can adjust from "userland". UEFI is the successor to the BIOS and a new model for the interface between the computer's operating system and the platform firmware.The UEFI code should normally be inaccessible to users but the researcher discovered that the code is accessible after a computer is restarted and is in sleep mode.

The problem is in MacBooks for mid-2014 and is mounted on a MacBook Pro Retina MacBook Pro 8.2 and a MacBook Air.Through the vulnerability it is possible to install a rootkit. An attacker does not even have a physical access, since the leak via Safari or attack another attack vector distance is.

The researcher thought that Apple knew of the problem, but that turns out not to be so. So it is a zero-day vulnerability for which no security update Apple has released. Users also are advised to completely turn off their computers and not to put into sleep mode. Vilaca further advises to mail Apple asking for a firmware update.

No comments:

Post a Comment