Ars Technica reports:
Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, a feat that allows attackers to control vulnerable devices from the very first instruction.
The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac's BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system.
[Editor's Comment: The Ars Technica headline has been changed on their site to remove the word 'remote'. They note that "the hack involves use of a local exploit."]
(Score: 2, Funny) by ikanreed on Tuesday June 02 2015, @07:36PM
Macs "don't get viruses."
So rest easy, Apple users. Within just a few short weeks Apple computers will have a release. A press release. About how this isn't a virus.
(Score: 2) by maxwell demon on Tuesday June 02 2015, @07:40PM
Of course this isn't a virus. It is a vulnerability. Now one could write a virus that exploits that vulnerability, but what was reported was not such a virus, but the vulnerability. Whether there exists a virus using that vulnerability, we don't know.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Interesting) by ikanreed on Tuesday June 02 2015, @07:45PM
See, here comes captain rebranding now, to save you!
(Score: 2) by maxwell demon on Tuesday June 02 2015, @07:57PM
Rebranding? And who is saving whom from what?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2, Insightful) by captnjohnny1618 on Tuesday June 02 2015, @07:48PM
I was a mac user for almost as long as I've had my own computer. In the last year I've switched to linux on all of my machines (and replaced the mac computers) because the software has just gotten so out of hand. Bloated, buggy, and tons of idiot-proofing that anyone with half a clue doesn't need. Yosemite made my older macbook unusable.
I miss the days of the stripped down Snow Leopard (OS 10.6). (Mostly) Clean, efficient, and without too much crap. That being said, the switch to linux was probably for the best in the long run. I'll fix my own damn vulnerabilities if I have to.
(Score: 2, Informative) by Anonymous Coward on Tuesday June 02 2015, @11:22PM
If it requires physical access to your computer it's a vulnerability ... just like it's a vulnerability that someone can install a rootkit when they have physical access to any computer.
(Score: 2) by Daiv on Wednesday June 03 2015, @08:39PM
I'm still on 10.6.8 and have no intention of "upgrading" to whatever the newest version is. I have extremely limited internet activity with that Mac. Regular backups are the only thing I'm concerned with.
(Score: 1, Flamebait) by Tork on Tuesday June 02 2015, @08:10PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 3, Disagree) by ikanreed on Tuesday June 02 2015, @08:30PM
Well, I can see why it got modded flamebait now.
A harmless joke turned you into a raving lunatic.
(Score: 2, Touché) by Tork on Tuesday June 02 2015, @08:44PM
🏳️🌈 Proud Ally 🏳️🌈