Vulnerability of non-brand-new Macs (wake from sleep exploit)

Discussion in 'Apple, Inc and Tech Industry' started by Sydde, Jun 2, 2015.

  1. Sydde macrumors 68020

    Sydde

    Joined:
    Aug 17, 2009
    #1
    Ars reports on a pretty darn scary exploit that has the potential to write to EFI firmware. More serious than that, the exploit can be installed from userland, meaning there is no need to mess around with escalation-of-privilege.

    This exploit has been shown to work on all Macs older than the most recent models and requires a wake-from-sleep event to expose the vulnerability. I am not clear on whether it will be possible for Apple to issue some kind of software or firmware fix for this issue, but it sure does not look like a situation that inspires confidence in the brand. Obviously, firmware meddling survive the old "nuke-and-pave" and escapes the notice of most security inspection software, so this could be a really big problem.
     
  2. H00513R macrumors 6502a

    H00513R

    Joined:
    Mar 12, 2010
    Location:
    Indiana
    #2
  3. JamesMike macrumors demi-god

    JamesMike

    Joined:
    Nov 3, 2014
    Location:
    Oregon
    #3
  4. QCassidy352 macrumors G3

    QCassidy352

    Joined:
    Mar 20, 2003
    Location:
    Bay Area
    #4
    This is very scary. As I understand it, the entire thing could be triggered remotely, no physical access ever required. Not good.
     
  5. eekcat macrumors 6502a

    Joined:
    Apr 5, 2010
  6. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
  7. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #7
    Yeah I saw this post yesterday on MalwareBytes' Facebook page. Apparently it's due to the crappy security of the EFI 1.1, which means custom firmware can be installed on the Mac -- they don't have to be signed by Apple? Not sure if anybody can confirm this. And with it being firmware it means it'll be permanently exploited; wiping & reinstalling the OS won't do anything.

    Boy I hope Apple know about this or have some existing protection to prevent this from happening.
     
  8. jamezr macrumors G3

    jamezr

    Joined:
    Aug 7, 2011
    Location:
    US
    #8
  9. z31fanatic macrumors 6502a

    z31fanatic

    Joined:
    Mar 7, 2015
    Location:
    Mukilteo, WA USA
    #9
    Not everyone. Only the uninformed and the blind fanatics assume that.
     
  10. MacFever macrumors regular

    MacFever

    Joined:
    Feb 1, 2007
    #10
    I'm very surprised that Apple seems to be taking it's time in releasing a fix for this...or did they know about it and said nothing which would require you to buy a new machine 2014 and onwards to keep the stocks up. It's unbelievable what seems to be the lack of urgency on Apple's behalf to address the issue that will backfire on them if they don't wake up from decorating the Moscone building. priorities are in reverse. Steve would not allow this to happen or continue without fix.

    and the mac communities don't seem to really care. lol everyone is on about their phones/watches.

    http://arstechnica.com/security/201...ost-macs-vulnerable-to-permanent-backdooring/
     
  11. sim667 macrumors 65816

    Joined:
    Dec 7, 2010
    #11
    Good luck getting any wake from sleep working on macs with yosemite, apple totally trashed something that worked really well when yosemite was released.
     
  12. Sydde thread starter macrumors 68020

    Sydde

    Joined:
    Aug 17, 2009
    #12
    Does this mean that an enemy could brick your computer with minimal effort?

    And, if Apple can issue a fix, will they allow it to be installed on the holdouts who still use 10.6?
     
  13. satcomer macrumors 603

    satcomer

    Joined:
    Feb 19, 2008
    Location:
    The Finger Lakes Region
    #13
    I practice now a better way to protect my Mac. I disconnect the Ethernet cable before sleeping the Mac Pro. :D
     
  14. Sydde thread starter macrumors 68020

    Sydde

    Joined:
    Aug 17, 2009
    #14
    Or you could use an iPad for all your browsing and airdrop any files you need onto the Mac.
     
  15. minifridge1138 macrumors 6502a

    Joined:
    Jun 26, 2010
  16. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #16
  17. minifridge1138, Jul 4, 2015
    Last edited: Jul 4, 2015

    minifridge1138 macrumors 6502a

    Joined:
    Jun 26, 2010
    #17

    That confuses me. A firmware update should be tied to the hardware, not the OS being run.

    Edit: I just checked the firmware section of the 4,1 Mac Pro and it is unchanged. That makes me wonder if this is more of an OS patch than firmware update.
     
  18. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #18
    It is a pure EFI update. And btw, your Mac is older than Early-2011, so that you do not get the EFI security update.
     
  19. Sydde thread starter macrumors 68020

    Sydde

    Joined:
    Aug 17, 2009
    #19
    It seems as though an OS patch might be appropriate, if the can close the post-sleep attack window (restart threads carefully or something) and prevent sleep from being initiated by just any old process.
     
  20. Mr. Retrofire macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl/en
    #20
    @Sydde: I think the new firmware locks previously unlocked areas (some special CPU registers and the EFI firmware itself).
     
  21. subsonix, Jul 4, 2015
    Last edited: Jul 4, 2015

    subsonix macrumors 68040

    Joined:
    Feb 2, 2008
    #21
    This isn't the case, later in the article this is mentioned: "To work, an exploit would require a vulnerability that provides the attacker with unfettered "root" access to OS X resources." so you'd still need to have an exploit and a way to escalate privileges to root.

    The issue is that it's possible to update the firmware at all from the OS I believe.
     

Share This Page