Major security flaw spotted on Macs released before 2014

By Justin Kahn
Jun 1, 2015
Post New Reply
  1. [parsehtml]<p><img src='' class='intro-image' /></p><p>A security bug has been <a href="">spotted</a> over the weekend that may leave older Apple computers vulnerable. To some, the Mac is impenetrable to viruses and other malicious software, but the rest of us know that&#39;s <a href="">not true</a> as it looks like another security hole has been overlooked by Cupertino.</p> <p>Pedro Vilaca, a researcher specializing in OS X, says the zero-day vulnerability allows attackers to stealthily drop rootlkit malware on to Macs. This can be very hard to remove and near impossible to detect, according to reports. Apple computers have a unified extensible firmware interface (UEFI) that is normally blocked off from attacks, but Vilaca claims it&rsquo;s open season once the target Mac has been put to sleep and reawakened.</p> <p>Unlike similar vulnerabilities that have been spotted, this one can apparently be triggered remotely. It is a good idea to never allow you computer to sleep or to just shut it down when it&rsquo;s not in use if this bug worries you. That is, at least until Apple deals with it.</p> <p>Vilaca was able to undermine the security of a MacBook Pro, an older MacBook and a MacBook Air (made previous to 2014) using the zero-day UEFI attack described above.</p> <p>The security hole only appears on machines release before 2014, which could suggest that Apple already knows about the bug, fixed it and left older machines in the dust. Cupertino is yet to make an official statement on the matter.</p><p><a rel='alternate' href='' target='_blank'>Permalink to story.</a></p><p class='permalink'><a rel='alternate' href=''></a></p>[/parsehtml]
  2. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 9,731   +3,703

    There is probably more truth in that statement than Apple (Any corporation for that matter) wants to acknowledge.
  3. VitalyT

    VitalyT Russ-Puss Posts: 3,670   +1,957

    There is also the truth that every security company is looking to make a splash with end-of-the-world security leaks.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...