Mac users exposed by zero-day vulnerability

Attackers able to overwrite firmware and gain persistent root access to computers

A critical vulnerability affecting most Apple Mac models has been discovered that could enable attackers to overwrite firmware and gain persistent root access to computers.

Security firm, Symantec, has confirmed in a blog post the existence of the Apple Mac OS X extensible firmware interface (EFI) security vulnerability.

It was originally disclosed by the firm’s security researcher, Pedro Vilaca, who discovered that a flawed energy conservation implementation left flash protections unlocked on the affected Macs after they woke up from sleep mode.

An attacker can reflash the computer’s firmware to install EFI rootkit malware.

Analysis by Symantec has confirmed the existence of this vulnerability by replicating the exploit as described.

The company rated the vulnerability as critical because it can provide an attacker with persistent root access to a computer that may survive any disk wipe or operating system reinstallation.

Kaspersky Lab chairman and chief executive, Eugene Kaspersky, said Macs were certainly vulnerable to cyberattacks but these sort of attacks were less common due to the difficulty in finding qualified Mac engineers.

“There are millions of Mac users and there is a big opportunity for cybercriminals to attack Mac,” he said.

“Microsoft built a great ecosystem around their products and technologies. They invested heavily in education for engineers. Apple, not so much.

“We are partners with both Apple and Microsoft and these companies behave in different ways. You do not need to knock on Microsoft’s doors, they are open.

"Apple is different, you have to knock, take a number, join the queue and wait. That’s why there are many more Windows engineers than Mac engineers.”

Symantec has also said that while such vulnerabilities are not widespread, they do emerge from time to time.

The weakness can be remotely exploited by an attacker if used in conjunction with another exploit that provided root access.

Read more: Free upgrade to Windows 10 for computers up to 6 years old

Once an attacker has root access, the only condition required for successful exploit is that the computer enter sleep mode.

Symantec said there had been no reports of the vulnerability being exploited in the wild. However, it did stress the likelihood of attacks will increase as news spreads.

Initial reports indicate that all but the latest 2015 models of Mac appear to be affected by the vulnerability.

The firm has tested four different Mac computers. The Mac Mini 5.1 and MacBook Pro 9.2 were found to be vulnerable. The MacBook Pro 11.3 and MacBook Air 6.2 are said to be unaffected.

In his own testing, Vilaca found the MacBook Pro Retina 10.1, MacBook Pro 8.2, MacBook Air 5.1 and Mac Pro 9.1 were vulnerable to the threat.

According to Symantec, until a patch for the vulnerability is issued, users who are concerned about being targeted are advised to shut down their computers instead of using sleep mode.

Affected Mac users are advised to keep their software up to date since remote exploit of this vulnerability needs to be performed in conjunction with another vulnerability that will provide remote root access.

The firm said updating software will prevent attacks using known exploits. Symantec said analysis of the vulnerability is ongoing and further updates may be published if new information is uncovered.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags kaspersky labsMaczero-day exploitsAppleeugene kasperskysymantecMicrosoftWindows

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Chris Player
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?