New exploit leaves most Macs vulnerable to permanent backdooring

Posted on Posted in Hacker News

Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, a feat that allows attackers to control vulnerable devices from the very first instruction.


The attack is more serious than the Thunderstrike proof-of-concept exploit that came to light late last year. While both exploits give attackers the same persistent and low-level control of a Mac, the new attack doesn’t require even brief physical access as Thunderstrike did. That means attackers half-way around the world may remotely exploit it.