From InfoWorld: An improved attack on the firmware in Apple computers makes them vulnerable to hard-to-detect malware without even being connected to a network, according to a Black Hat conference presentation due to be given later this week.
The new research highlights ongoing weaknesses in the low-level software that runs on every computer before an operating system is loaded.
It comes from researchers Xeno Kovah and Corey Kallenberg of LegbaCore and Trammell Hudson of Two Sigma Investments. They showed earlier this year how they could infect a Mac's firmware with malware by connecting malicious devices to them using Thunderbolt, Apple's high-speed data transfer interface. The attack was dubbed Thunderstrike.
On Thursday, they will unveil Thunderstrike 2, an attack that improves on the former since it can spread to other machines through removable peripherals.
View: Article @ Source Site
