Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Pre-2014 Macs vulnerable to potential firmware attack

Pre-2014 Macs vulnerable to potential firmware attack
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 1, 2015, 04:54 PM
A new vulnerability -- albeit one that is extremely unlikely to happen "in the wild" -- has been discovered by security researcher Pedro Vilaca, where a flaw in pre-2014 Macs could conceivably allow an attacker access to a portion of OS X that has access to the Mac's Open Firmware and EFI (what PC users might call the BIOS of the machine) and possibly exploit other vulnerabilities to perhaps overwrite it with malicious firmware.

The vulnerability occurs on pre-2014 Macs immediately after the computers wake from sleep. Vilaca discovered that a protection mechanism known as FlockDN that normally shields Open Firmware from access by "userland" apps -- the part of OS X where installed applications and drivers are executed -- is deactivated when an older Mac wakes from sleep, leaving the firmware open to potential attack, including a possible "reflashing" (rewriting the firmware) or other malicious modifications.

The threat is considered more serious than other recent exploits because it could be executed remotely, but it must be stressed that the odds of this happening outside a dedicated proof-of-concept demonstration or targeted attack is extremely low. Even if an attacker could use the flaw to reach into Open Firmware, they would need to also have an exploit that allowed for completely unrestricted "root" access to OS X resources, which don't appear to currently exist (though are not outside the realm of possibility, as the recent "Thunderstrike" exploit -- which, unlike this new flaw, requires physical access to the machine, have shown).

The fact that Macs from 2014 and newer appear to have addressed the vulnerability hints that Apple could be aware of the flaw, though it is also possible that the problem was fixed accidentally in various sleep patches. Those with older machines can avoid the remote possibility of an issue with some future developed exploit of the flaw by simply turning off the ability of the affected Macs to go into system sleep (as distinct from simple display sleep, which does not trigger the vulnerability in Open Firmware).

The new potential vulnerability is the latest in a series of recently-discovered exploits that take advantage of flaws in firmware or hardware such as Rootpipe and BadUSB. Apple, Vilaca said, is in a strong position to guard against such vulnerabilities compared to other companies, as it controls both its hardware and software/firmware chain. ""We need to think different and start a trust chain from hardware to software." he wrote in his documentation of the potential exploit.

"Everyone is trying to solve problems starting from software when the hardware is built on top of weak foundations. Apple has a great opportunity here ... I hope they finally see the light and take over this great opportunity."
( Last edited by NewsPoster; Jun 2, 2015 at 07:19 PM. )
Dedicated MacNNer
Join Date: Aug 2001
Status: Offline
Reply With Quote
Jun 1, 2015, 05:13 PM
Oh wow, another security threat for Macs! Cool.

Let's summarize: "conceivably", "possibly", "perhaps", "odds are... extremely low", and to top it off, "extremely unlikely to happen in the wild".

And I almost got excited.
Mike Wuerthele
Managing Editor
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 1, 2015, 05:26 PM
Yeah, we're getting ahead of the game with skepticism. Wait until CNN gets all breathless about it.
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Jun 2, 2015, 05:43 AM
And I was so hoping this would be something to actually have to be concerned about.
Foiled again!
Fresh-Faced Recruit
Join Date: Nov 2005
Status: Offline
Reply With Quote
Jun 2, 2015, 10:14 AM
I found a much more serious exploit.

Someone can come over to your house, walk up to your Mac, and smash it with a hammer. I hope Apple is working on this.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Privacy Policy
All times are GMT -4. The time now is 11:49 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,