Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, granting attackers control of vulnerable devices.
The exploit is said to affect machines shipped before June 2014. Pedro Vilaca claims to have found a way to reflash a Mac's BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system.
Vilaca's exploit works by attacking the BIOS protections immediately after a Mac restarts from sleep mode. Normally, the protection—known as FLOCKDN—allows userland apps read-only access to the BIOS region. For reasons that aren't clear to the researcher, that FLOCKDN protection is deactivated after a Mac wakes from sleep mode. That leaves the firmware open to apps that rewrite the BIOS, a process typically known as reflashing. From there, attackers can modify the machine's extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions before loading the OS.
An attacker could add code that deliberately sends a targeted Mac into sleep, or the exploit could be programmed to detonate the BIOS payload the next time a machine comes out of sleep mode. In either case, once the Mac awakes it would be possible for the attacker to bypass OS X firmware protections and rewrite the BIOS.
Vilaca has suggested that such an exploit calls for a change in hardware standards at Apple who are at an advantage from other companies in that the design and manufacture both their own hardware and software.
0 comments:
Post a Comment