Major security flaw spotted on Macs released before 2014

Justin Kahn

Posts: 752   +6

A security bug has been spotted over the weekend that may leave older Apple computers vulnerable. To some, the Mac is impenetrable to viruses and other malicious software, but the rest of us know that's not true as it looks like another security hole has been overlooked by Cupertino.

Pedro Vilaca, a researcher specializing in OS X, says the zero-day vulnerability allows attackers to stealthily drop rootlkit malware on to Macs. This can be very hard to remove and near impossible to detect, according to reports. Apple computers have a unified extensible firmware interface (UEFI) that is normally blocked off from attacks, but Vilaca claims it’s open season once the target Mac has been put to sleep and reawakened.

Unlike similar vulnerabilities that have been spotted, this one can apparently be triggered remotely. It is a good idea to never allow you computer to sleep or to just shut it down when it’s not in use if this bug worries you. That is, at least until Apple deals with it.

Vilaca was able to undermine the security of a MacBook Pro, an older MacBook and a MacBook Air (made previous to 2014) using the zero-day UEFI attack described above.

The security hole only appears on machines release before 2014, which could suggest that Apple already knows about the bug, fixed it and left older machines in the dust. Cupertino is yet to make an official statement on the matter.

Permalink to story.

 
The security hole only appears on machines release before 2014, which could suggest that Apple already knows about the bug, fixed it and left older machines in the dust.
There is probably more truth in that statement than Apple (Any corporation for that matter) wants to acknowledge.
 
The security hole only appears on machines release before 2014, which could suggest that Apple already knows about the bug, fixed it and left older machines in the dust.
There is probably more truth in that statement than Apple (Any corporation for that matter) wants to acknowledge.

There is also the truth that every security company is looking to make a splash with end-of-the-world security leaks.
 
Back