Mac firmware vulnerability returns with Thunderstrike 2.0

4 Aug 2015

The Mac firmware vulnerability was believed to have been patched earlier this year, but now Thunderstrike 2.0 again appears to be capable of using the Mac’s Thunderbolt cable to infect the computer.

To make matters worse, the return of the Mac firmware vulnerability is now more dangerous than when it first appeared towards the end of last year as, rather than just infect the plugged-in Mac, it now can also spread itself to other Macs on the internet.

According to Wired, this new vulnerability that appears to bypass the previously patched Thunderstrike, but from the findings also applies to PC, was discovered by security researcher Xeno Kovah.

Much like the first vulnerability, Thunderstrike 2.0 affects the any Option ROM connection, which allows those looking to infect systems without being detected a solution as most commercial antivirus programs only look in the computer’s RAM files.

Often used by intelligence agencies

Because of this, the firmware vulnerability hack is increasingly being used by intelligence agencies such as the NSA as a means of getting the malicious software on to the computer through a backdoor.

“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Kovah said to Wired. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organisations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

It is now up to Apple to begin the process of issuing yet another patch for the vulnerability as Thunderstrike 2.0 is capable of causing harm on all Mac devices that have been shipped with a Thunderbolt cable over the last four years.

Given that Kovah has informed Apple of the vulnerability, it is likely that it will be patched in the next Mac OS X update.

Lightning strike image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com