Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...

This zero-day exploit dubbed Thunderstrike 2 targets your Mac’s firmware thanks to an attached Thunderbolt accessory, such as an Ethernet adaptor or an external hard drive. After receiving the code via a phishing email or a malicious web site, malware code could look for connected Thunderbolt accessories and flash their option ROMs.

If you reboot your Mac with this infected Thunderbolt accessory plugged in, the EFI will execute the option ROM before booting OS X. As this option ROM has been infected, it will execute malicious code infecting the EFI itself. For example, it could simply make your Mac’s firmware refuse to boot OS X, turning your Mac into a useless machine. And if your firmware is compromised, there is no way to boot OS X, update the firmware and remove the malicious code.

The best part of this zero-day vulnerability is that your Thunderbolt accessory remains infected. If you plug your Ethernet adaptor into a new Mac, this Mac will get infected as well when it reboots. It’s not as harmful as malware that spreads through the Internet, but it could make some serious damage in an office environment for example.

Image credit (posted on Facebook) <===> http://www.pcworld.com/article/2955707/security/macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting.html

Mehr erfahren / En savoir plus / Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike

One door closes, another one opens

Apple introduced security patches in OS X 10.10.2, released at the end of January 2015, in an attempt to shut off the Thunderstrike hole.

Unfortunately, it seems that Apple didn't close all the doors.

Hudson, together with two other researchers named Xeno Kovah and Corey Kallenberg, have figured out Thunderstrike 2, which they'll be showing off at Black Hat USA 2015 and Def Con, two security events taking place back-to-back this week in Las Vegas.

They've actually gone one step further with Thunderstrike 2.

As well as using a booby-trapped Thunderbolt Option ROM to modify your Mac's firmware, they've figured out how to include a virus in the modified firmware code.

Their virus will, in turn, attempt to modify the firmware of Thunderbolt devices you insert from then on, thus turning them into carriers of the firmware booby trap, too.

With a touch of techie humour, they've dubbed their firmware-borne virus a "firmworm".

Thunderbolt devices, of course, include removable hard disks...

...in an echo of Stuxnet, the virus that used USB devices to travel between computers on physically separate networks.

Unfortunately, while USB disks carrying Stuxnet could be purged altogether by overwriting them from inside your operating system, infectious Thunderbolt devices can't be cleaned up, or even detected, in that way.

Mehr erfahren / En savoir plus / Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike

#NAnother serious vulnerability has been found at the heart of Macs and MacBooks, and could be exploited by an undetectable firmware worm.

Shouldn't Apple be doing more to encourage vulnerability ...

The really bad news is that Apple isn't doing enough to work with these researchers, and could be doing much more to ensure that their discoveries are only made public when a fix is available.

Other technology companies are offering sizeable bug bounties to researchers who work with them to uncover security holes, whereas Apple — one of the richest companies in the world — doesn't even bother to dangle the carrot of a $10 iTunes voucher, preferring to name bug reporters on a "hall of fame" page instead.

Mehr erfahren / En savoir plus / Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike

Researchers created Thunderstrike 2 firmware malware that could remotely infect Apple computers and remain even if a user were to wipe the hard drive and reinstall OS X.

When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.

Firmware runs when you first boot a machine; it launches the operating system. For Apple computers, the firmware is called the extensible firmware interface (EFI). Most people believe Apple products are superior when it comes to security, but the researchers want to “make it clear that any time you hear about EFI firmware attacks, it’s pretty much all x86 [computers].” Attackers need only a few seconds to remotely infect Mac firmware. Macs infected with Thunderstrike 2 would remain infected even if a user were to wipe the hard drive and reinstall the OS, as that doesn’t fix a firmware infection.

Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike

C'est la première fois qu'une telle menace est observée chez Apple. Elle ne peut pas être détectée par les anti-virus et est difficilement patchable.

Image credit (posted on Facebook) <===> http://www.pcworld.com/article/2955707/security/macs-can-be-remotely-infected-with-firmware-malware-that-remains-after-reformatting.html

Mehr erfahren / En savoir plus / Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike

Deux découvertes montrent que la sécurité des Mac est toute relative. Des chercheurs ont à la fois trouvé un exploit utilisant une faille zero day récemment découverte et ont créé un prototype d’attaque ciblant le firmware des ordinateurs d’Apple.

Avec le lancement de Windows 10, on aurait presque oublié Mac OS X. Les hackers ne l’oublient pas et avec le développement des Mac (cf le mega contrat entre Apple et IBM qui pourrait s’équiper de 200 000 Macbook), ces derniers deviennent des cibles pour les cybercriminels.

En quelques jours, deux équipes de chercheurs ont démontré les faiblesses de sécurité de l’OS et des ordinateurs d’Apple. Premier en piste, des chercheurs de Malwarebytes ont découvert un installateur de logiciel malveillant qui s’appuie sur une faille zero day. Cette dernière a été trouvée la semaine dernière par Stefan Esser dans les dernières versions de Mac OS X.

Mehr erfahren / En savoir plus / Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike

When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.

Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Thunderstrike