Patch Management

Apple readies Thunderstrike fix for upcoming OS X release

January 27, 2015
An upcoming Apple OS X Yosemite 10.10.2 release will include a fix for a recently discovered vulnerability that can be exploited via a Mac's Thunderbolt port. 

Dubbed the "Thunderstrike" vulnerability, and discovered by programmer Trammell Hudson, the bug can be exploited via evil maid attacks, which require attackers to have physical access to the device, much like a malicious maid at a hotel would should you leave your device unattended. 

In order to address the bug, Apple changed the code to prevent a Mac laptop's boot ROM from being replaced, in addition to preventing it from being reversed to previous settings which would again make the attack possible, according to a report by iMore. No active Thunderstrike exploits have been found in the wild. 

The upcoming release will also include fixes for three Project Zero vulnerability recently disclosed.
prestitial ad