The Portuguese researcher Pedro Vilaa discovered and detailed on your blog Reverse Engineering Mac OS X It is a new critical security vulnerability that targets Macs released until mid-2014. Since the newer ones are unaffected, Apple probably took notice of the flaw a while ago and fixed it.
Briefly, the failure zero-day allows a cracker to manipulate the UEFI (unified extensible firmware interface) Macs, and you can then install a “Rootkit” that is, a type of malware is not only difficult to detect, but also to be removed.
The vulnerability, according to Vilaa, is so severe that it can even be exploited remotely. The biggest problem when Macs go to sleep (sleep), which ends up “unlocking” the UEFI code and allowing it to be modified.
The researcher's recommendation, for now, is that owners of old Macs do not let them hibernate in public places, but turn them off completely.
Earlier this year, Apple fixed a similar flaw in the Thunderbolt interface. Let's see if, with this new flaw coming up, she takes steps to protect users of the Macs affected by the Vilaa discovery as well.
(via PCWorld)
