Apple readies Thunderstrike fix for upcoming OS X release
Dubbed the "Thunderstrike" vulnerability, and discovered by programmer Trammell Hudson, the bug can be exploited via evil maid attacks, which require attackers to have physical access to the device, much like a malicious maid at a hotel would should you leave your device unattended.
In order to address the bug, Apple changed the code to prevent a Mac laptop's boot ROM from being replaced, in addition to preventing it from being reversed to previous settings which would again make the attack possible, according to a report by iMore. No active Thunderstrike exploits have been found in the wild.
The upcoming release will also include fixes for three Project Zero vulnerability recently disclosed.