An upcoming Apple OS X Yosemite 10.10.2 release will include a fix for a recently discovered vulnerability
that can be exploited via a Mac's Thunderbolt port.
Dubbed the "Thunderstrike" vulnerability, and discovered by programmer Trammell Hudson
, the bug can be exploited via evil maid attacks, which require attackers to have physical access to the device, much like a malicious maid at a hotel would should you leave your device unattended.
In order to address the bug, Apple changed the code to prevent a Mac laptop's boot ROM from being replaced, in addition to preventing it from being reversed to previous settings which would again make the attack possible, according to a report by iMore
. No active Thunderstrike exploits have been found in the wild.
The upcoming release will also include fixes for three Project Zero vulnerability recently disclosed.