A vulnerability in the firmware of older Mac computers (made before mid-2014) could be used to sneak hard-to-remove malware onto the computer, says a security researcher.
Pedro Vilaca, who studies Mac security, wrote on his blog that the flaw he found builds on previous ones but this one could be far more dangerous. Apple officials could not be immediately reached for comment.
Vilaca found it was possible to tamper with an Apple computer’s UEFI (unified extensible firmware interface). UEFI is firmware designed to improve upon BIOS, which is low-level code that bridges a computer’s hardware and operating system at startup.
While the UEFI code is usually walled off from users, Vilaca found that the code is unlocked when the Mac goes to sleep and reawakens. This allows the code to be modified. He writes that Apple computers made before mid-2014 appear to be vulnerable.
The vulnerability could be used to install a rootkit. The only defense, says Vilaca is to never let the computer sleep, and always shut it completely down.
While many attacks like Vilaca describes require physical access to the computer, he believes it may be possible to remotely exploit the bug he found, making it much more dangerous.
“He tested the attack on a MacBook Pro Retina, a MacBook Pro 8.2 and a MacBook Air, all running the latest EFI firmware available. Newer machines, however, were not vulnerable, which Vilaca wrote led him to suspect that Apple fixed the problem in later models but didn’t patch older computers.”
While it appears Vilaca didn’t notify Apple about the bug before publicizing it, he says he has no issues with Apple itself, writing: “My goal is to make OS X better and more secure.”
