Patch/Configuration Management, Vulnerability Management

Apple readies Thunderstrike fix for upcoming OS X release

An upcoming Apple OS X Yosemite 10.10.2 release will include a fix for a recently discovered vulnerability that can be exploited via a Mac's Thunderbolt port. 

Dubbed the "Thunderstrike" vulnerability, and discovered by programmer Trammell Hudson, the bug can be exploited via evil maid attacks, which require attackers to have physical access to the device, much like a malicious maid at a hotel would should you leave your device unattended. 

In order to address the bug, Apple changed the code to prevent a Mac laptop's boot ROM from being replaced, in addition to preventing it from being reversed to previous settings which would again make the attack possible, according to a report by iMore. No active Thunderstrike exploits have been found in the wild. 

The upcoming release will also include fixes for three Project Zero vulnerability recently disclosed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.