Mac users exposed by zero-day vulnerability

Attackers able to overwrite firmware and gain persistent root access to computers

A critical vulnerability affecting most Apple Mac models has been discovered that could enable attackers to overwrite firmware and gain persistent root access to computers.

Security firm, Symantec, has confirmed in a blog post the existence of the Apple Mac OS X extensible firmware interface (EFI) security vulnerability.

It was originally disclosed by the firm’s security researcher, Pedro Vilaca, who discovered that a flawed energy conservation implementation left flash protections unlocked on the affected Macs after they woke up from sleep mode.

An attacker can reflash the computer’s firmware to install EFI rootkit malware.

Analysis by Symantec has confirmed the existence of this vulnerability by replicating the exploit as described.

The company rated the vulnerability as critical because it can provide an attacker with persistent root access to a computer that may survive any disk wipe or operating system reinstallation.

Kaspersky Lab chairman and chief executive, Eugene Kaspersky, said Macs were certainly vulnerable to cyberattacks but these sort of attacks were less common due to the difficulty in finding qualified Mac engineers.

“There are millions of Mac users and there is a big opportunity for cybercriminals to attack Mac,” he said.

“Microsoft built a great ecosystem around their products and technologies. They invested heavily in education for engineers. Apple, not so much.

“We are partners with both Apple and Microsoft and these companies behave in different ways. You do not need to knock on Microsoft’s doors, they are open.

"Apple is different, you have to knock, take a number, join the queue and wait. That’s why there are many more Windows engineers than Mac engineers.”

Symantec has also said that while such vulnerabilities are not widespread, they do emerge from time to time.

The weakness can be remotely exploited by an attacker if used in conjunction with another exploit that provided root access.

Read more: Free upgrade to Windows 10 for computers up to 6 years old

Once an attacker has root access, the only condition required for successful exploit is that the computer enter sleep mode.

Symantec said there had been no reports of the vulnerability being exploited in the wild. However, it did stress the likelihood of attacks will increase as news spreads.

Initial reports indicate that all but the latest 2015 models of Mac appear to be affected by the vulnerability.

The firm has tested four different Mac computers. The Mac Mini 5.1 and MacBook Pro 9.2 were found to be vulnerable. The MacBook Pro 11.3 and MacBook Air 6.2 are said to be unaffected.

In his own testing, Vilaca found the MacBook Pro Retina 10.1, MacBook Pro 8.2, MacBook Air 5.1 and Mac Pro 9.1 were vulnerable to the threat.

According to Symantec, until a patch for the vulnerability is issued, users who are concerned about being targeted are advised to shut down their computers instead of using sleep mode.

Affected Mac users are advised to keep their software up to date since remote exploit of this vulnerability needs to be performed in conjunction with another vulnerability that will provide remote root access.

The firm said updating software will prevent attacks using known exploits. Symantec said analysis of the vulnerability is ongoing and further updates may be published if new information is uncovered.

Join the PC World newsletter!

Error: Please check your email address.

Tags kaspersky labsMaczero-day exploitsAppleeugene kasperskysymantecMicrosoftWindows

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Chris Player
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?