Companies suck at prevention. It almost always takes publicly available exploits to get them to act to fix security holes. In nearly every case if the vulnerabilities are to be fixed at all, they need to be public to get the ball rolling.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Firmware Worm Able to Infect Macs Created by Researchers
- Thread starter MacRumors
- Start date
- Sort by reaction score
Companies suck at prevention. It almost always takes publicly available exploits to get them to act to fix security holes. In nearly every case if the vulnerabilities are to be fixed at all, they need to be public to get the ball rolling.
Interesting that you didn't ask the guy rambling about Windows or 950 android devices for a source...
You post and accept a lot of fanboy nonsense until the second someone dares to say something slightly less than positive about your beloved Apple (especially the watch)
Actually, Apple has traditionally being slow to address security issues, seeming to rely instead on the small installed base of Mac OS relative to Windows, as a "deterrent."
http://www.wired.com/2011/04/apple-crisis-management/
This is hardly the first time researchers have had to go public trying to push Apple unto action, after security issues being swept under the rug by Apple.
http://www.wired.com/2011/04/apple-crisis-management/
This is hardly the first time researchers have had to go public trying to push Apple unto action, after security issues being swept under the rug by Apple.
Please pardon my ignorance here...but I have never understood why people make these viruses. Like, what's their motive, and what do the get from it?
Anyone care to explain?
Anyone care to explain?
If you short the two terminals, it'll remove the worm by clearing the firmware and preventing it from re-spawning. Make sure the TB cable is not plugged in to your Mac or any other device.
If you're talking about the guys in the article who discovered this, it's for recognition and the satisfaction of helping to get a serious problem fixed.
If you mean the bad guys who try to exploit this, it gets complicated. Usually a malware developer will write the malware and sell it to a fraudster, who hires a spammer to send millions of emails a day containing the malware. The spammer does this from computers rented from a hacker. The hacker gets the computers to rent or sell to the spammer by compromising computers, routers, etc using exploits, phishing, etc. Money changes hands at each step.
At least with Windows 10 you know MS is snooping on everything by default. The whole OS is a trojan.
Is this not related? ”About the security content of Mac EFI Security Update 2015-001” https://support.apple.com/en-us/HT204934
Actually, Apple has already been infected by a worm.
It happened many years ago. It lay dormant, and bided its time, waiting for the right moment to begin its mission to turn Apple rotten. It's name is Tim.
It happened many years ago. It lay dormant, and bided its time, waiting for the right moment to begin its mission to turn Apple rotten. It's name is Tim.
Free Macs for all! Good news.
Make mine a Mac Pro with 30" Retina Thunderbolt Display.
Still, though, that's just the precautions you take regarding trojans. If you know someone can't be trusted with the admin password, don't give them the admin password.
I wonder if I can trust my wife with the admin password... not sure if she knows it or not and she rarely uses any of the Macs in the house. If she doesn't know it I probably won't give it to her, just as a security precaution since she'll never need it.
How though? This is a part I don't understand. When you attach it to your computer, it's a slave. A master driver which isn't yet infected will talk with it and determine, IE, that it's a memory storage device and then expose the files on it to the user to be copied over and ran or what not. Why would it execute any code to copy over and/or install firmware from that attached memory storage device? That driver isn't going to execute any code to write over itself or to write malicious firmware, no matter what that storage device says. The firmware on that storage device could be compromised to, IE, send over files other than those that the user wants to copy over, but that sounds like it's still relying on user action, which means it's still a trojan.
The Wired article talks about this in a little more detail. Basically, the way the systems are designed, code from firmware embedded in devices is automatically "loaded" by the computer to which they're attached. My understanding is that, at that point, the reason they execute is in the general class of reasons that code that isn't meant to be executed executes (i.e., basically, why viruses and worms etc can exist in / infect anything other than application binaries to begin with). In principle, the system could probably be designed the way you describe, but it isn't.
We'll have to wait for the actual details to be revealed later this week at Blackhat. But the article mentions several unpatched vulnerabilities in the EFI firmware which allow code execution when the option ROM of an infected device is loaded. My guess is that this is a bug in the way EFI handles loading the option ROM rather than a design flaw.
The Wired article links to this article about BIOS hacking, though it too has virtually no details whatsoever: http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/
This is hardly the first time that people CLAIM that Apple sweeps security issues under the rug etc.
You know as little or as much as anybody.
The fact that Apple doesn't talk about it or only gives cookie cutter statements is their policy to deal with security.
It has it's pros and cons.
Always amazes me how people (including the concept creators) expect Apple to open a drawer and have a solution within minutes. That, after they work on that stuff for months.
Same for the posters here, overreacting.
Let's just say the chances that Apple DOES take security issues seriously are better than NOT.
The researchers who getting their panties in a twist will not accomplish anything or put pressure onto Apple.
It all takes time to evaluate, test, double check find an antidote if possible etc.etc.
Doesn't seem like anybody is willing to give that time or be at least reasonable with their assumptions.
Correct me if I'm wrong, but that's the number of known exploits available right? So not how many viruses out there, but how many ways that viruses can be used. Which means there could be 200 viruses using 147 exploits for Mac OS, but 2500 viruses for Windows 8/8.1 using 36 exploits, especially if those 36 exploits are easy to use. There is also the fact that Windows versions are listed separately, but Mac OS versions are not. Adding together all of Windows exploits gets you to 248 exploits, which is more than Apples.
One question. If the BIOS or EFI chip is only a few megabytes is there even free space on there to host such a complex worm? Many EFI chips are only just big enough to hold the firmware. They are also easily replaceable and can be found on eBay.