Mac users exposed by zero-day vulnerability

Attackers able to overwrite firmware and gain persistent root access to computers

A critical vulnerability affecting most Apple Mac models has been discovered that could enable attackers to overwrite firmware and gain persistent root access to computers.

Security firm, Symantec, has confirmed in a blog post the existence of the Apple Mac OS X extensible firmware interface (EFI) security vulnerability.

It was originally disclosed by the firm’s security researcher, Pedro Vilaca, who discovered that a flawed energy conservation implementation left flash protections unlocked on the affected Macs after they woke up from sleep mode.

An attacker can reflash the computer’s firmware to install EFI rootkit malware.

Analysis by Symantec has confirmed the existence of this vulnerability by replicating the exploit as described.

The company rated the vulnerability as critical because it can provide an attacker with persistent root access to a computer that may survive any disk wipe or operating system reinstallation.

Kaspersky Lab chairman and chief executive, Eugene Kaspersky, said Macs were certainly vulnerable to cyberattacks but these sort of attacks were less common due to the difficulty in finding qualified Mac engineers.

“There are millions of Mac users and there is a big opportunity for cybercriminals to attack Mac,” he said.

“Microsoft built a great ecosystem around their products and technologies. They invested heavily in education for engineers. Apple, not so much.

“We are partners with both Apple and Microsoft and these companies behave in different ways. You do not need to knock on Microsoft’s doors, they are open.

"Apple is different, you have to knock, take a number, join the queue and wait. That’s why there are many more Windows engineers than Mac engineers.”

Symantec has also said that while such vulnerabilities are not widespread, they do emerge from time to time.

The weakness can be remotely exploited by an attacker if used in conjunction with another exploit that provided root access.

Read more: Free upgrade to Windows 10 for computers up to 6 years old

Once an attacker has root access, the only condition required for successful exploit is that the computer enter sleep mode.

Symantec said there had been no reports of the vulnerability being exploited in the wild. However, it did stress the likelihood of attacks will increase as news spreads.

Initial reports indicate that all but the latest 2015 models of Mac appear to be affected by the vulnerability.

The firm has tested four different Mac computers. The Mac Mini 5.1 and MacBook Pro 9.2 were found to be vulnerable. The MacBook Pro 11.3 and MacBook Air 6.2 are said to be unaffected.

In his own testing, Vilaca found the MacBook Pro Retina 10.1, MacBook Pro 8.2, MacBook Air 5.1 and Mac Pro 9.1 were vulnerable to the threat.

According to Symantec, until a patch for the vulnerability is issued, users who are concerned about being targeted are advised to shut down their computers instead of using sleep mode.

Affected Mac users are advised to keep their software up to date since remote exploit of this vulnerability needs to be performed in conjunction with another vulnerability that will provide remote root access.

The firm said updating software will prevent attacks using known exploits. Symantec said analysis of the vulnerability is ongoing and further updates may be published if new information is uncovered.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags kaspersky labsMaczero-day exploitsAppleeugene kasperskysymantecMicrosoftWindows

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Chris Player
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Michael Hargreaves

Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?