One more day, one more loophole. Light Blue Touchpaper researchers recently unveiled their findings about a worrying vulnerability, which they named Thunderclap, which rounds the protocol Thunderbolt and can affect, in addition to PCs and Linux computers, all Macs released from 2011 to c, with the exception of the 12-inch MacBook.
What's the matter anyway? The original article explains the issues further, but basically what happens is that the protocol has very few security measures to prevent malicious agents from entering your machine and capturing sensitive files or information. This is not a single vulnerability, but a series of small holes that together can be exploited by crackers to infect systems and invade your memories without any warning about it.
In general, operating systems offer Thunderbolt devices more privileges than USB peripherals than expected, as devices with the latest protocol often have refined and demanding functionality. The problem is that there are few security measures to prevent these privileges from being used by malicious people; As a result, both USB-C and Mini DisplayPort interfaces are affected.
One example gives macOS a slight advantage over other systems: Apple OS is the only one to bring active support to IONMU (Input-Output Memory Management Unit), defense mechanism that were peripheral to use only the memory area of a machine required for its task and block all others. Microsoft only brings (limited) support to the feature in versions of Windows 10 Enterprise, while most Linux distributions do not come with the feature enabled.
Still, other vulnerabilities affect all systems, including macOS. Researchers have, for example, been able to build a malicious peripheral that simulates the operation of a network card and makes the machine read all traffic carried by the system even on normally inaccessible networks. Peripherals can also open programs and run scripts even without administrative permission.
Of course, this is a low threat vulnerability for ordinary users, since the attack must be carried out with computer ownership and the concern should be greater for people with high visibility, such as government officials, journalists or activists. Still, it's a tip to never plug in an unreliable accessory on your Mac and always monitor system traffic using Activity Monitor.