A zero-day software vulnerability discovered deep in the firmware of many
Apple computers could allows an attacker to modify the system’s BIOS
and install a rootkit, potentially gaining complete control of the
victim’s Mac.
The critical vulnerability, discovered by well-known OS X security
researcher Pedro Vilaca, affects Mac computers shipped before mid-2014 that are
allowed to go into sleep mode.
While studying Mac security, Vilaca found that it’s
possible to tamper with Apple computer’s UEFI (unified extensible firmware
interface) code.
EFI is a low-level firmware designed to
improve upon computer’s BIOS, which links a computer's hardware and operating
system at startup and is typically not accessible to users.
But…
Vilaca found that the machine’s UEFI code can be unlocked after a computer
is put to sleep and then brought back up.
"And you ask, what the hell does this mean?" Vilaca wrote
in a blog post published Friday. "It means that you
can overwrite the contents of your BIOS from userland and rootkit EFI without
any other trick other than a suspend-resume cycle, a kernel extension,
flashrom, and root access."
With the help of various vulnerabilities regularly found in Safari and
other Web browsers, it is possible for an attacker to install a rootkit, a
malware type that is hard to remove and almost undetectable by security
solutions.
Only Solution -- Don’t let your Computer
SLEEP
The only defense users can do to not let their computers go into sleep mode
and always shut it down, according to Vilaca.
The attack is somewhat similar to Thunderstrike disclosed late last year by researchers
named Trammel Hudson that allowed modification of the UEFI by accessing a
peripheral device connected to the Mac's Thunderbolt port.
While both the attacks give attackers the same control over a vulnerable
Mac, Vilaca claims that his exploit is more dangerous, as it could be possible
to exploit remotely the bug, without need of brief physical access as Thunderstrike
proof-of-concept exploit did.
"The bug can be used with a Safari or other remote vector to
install an EFI rootkit without physical access."
The security researcher successfully tested his exploit on a MacBook
Pro Retina, a MacBook Air and a MacBook Pro 8.2,
all running the Apple latest EFI (Extensible Firmware Interface) firmware
available.
The security hole discovered by Vilaca only appears on Mac computers
released before mid-2014, which suggests that the company was already aware of
the security bug, and instead of patching, it left all the older machines
vulnerable to hackers.
It seems that the researcher did not notify Apple before disclosing the
vulnerability to the public, causing many technology companies to bristle.
Most of the tech companies argue that independent security researchers
should report any security issue they discover before going public, so they can
stop cyber criminals from taking advantage of those loopholes.
However, Vilaca clarified that he has no issue with Apple stating, "My
goal is to make OS X better and more secure."
Apple has yet to make an official statement on the matter.
Source: thehackernews.com
No comments:
Post a Comment