Earlier this year, security engineer Trammell Hudson developed and showed off a proof-of-concept firmware called Thunderstrike. The malware could hitch a ride on Thunderbolt-connected accessories that used Option ROMs and infect any Mac it was connected to at boot. The infected Mac could then pass the malware to other accessories, which could infect other computers.
Apple (mostly) patched this exploit in OS X version 10.10.2 back in January, but Wired reports that Hudson and LegbaCore security researcher Xeno Kovah have developed a sequel.
Dubbed "Thunderstrike 2," the new proof-of-concept attack still spreads primarily through infected Thunderbolt accessories. But where the original Thunderstrike required a malicious user to have physical access to your computer to work—something sometimes referred to as an "evil maid" attack, though an evil butler could probably do the same job—the new one can be spread remotely. The malware can be delivered "via a phishing e-mail and malicious Web site," and once downloaded it can infect connected accessories that use Option ROM (Apple's Thunderbolt-to-gigabit-Ethernet accessory is a commonly cited example). Once the accessory is infected, the malware can spread to any Mac that you plug the accessory into.
Read 3 remaining paragraphs | Comments
No comments:
Post a Comment