Home » Apple » Apple Mac OS X Sleep Mode Security Flaw

yosemite-sys_prefs-power_nap_desktop

Some Apple Macs have a particularly terrible flaw that lets hackers sneak in and remain undetected security researcher Pedro Vilaca noted in his blog.

Older Apple computers may be susceptible to a new zero-day vulnerability the flaw can be used to install rootkit malware that’s nearly undetectable and very hard to remove. Macs purchased one year ago or before, apparently are susceptible to the attack.

When a Mac goes into sleep mode and wakes back up, it allows direct access to the BIOS. It’s a weird quirk that lets someone tamper with the code there. The vulnerability is in Apple computers’ UEFI (unified extensible firmware interface), which is designed to improve upon a machine’s BIOS.

UEFI code is usually sealed off but Vilaca discovered that when Apple computers made before mid-2014 go to sleep and are reawakened, the code is unlocked and able to be modified. The attack was successfully tested on a MacBook Pro Retina, a MacBook Pro 8.2 and a MacBook Air, all running the latest EFI firmware available. Macs made in 2014 are not vulnerable, which could mean Apple already found the bug but hasn’t patched older models yet.

The only way to defend against the vulnerability is to always shut your computer down or never let it go to sleep by adjusting the settings in the power save area under preferences. A similar exploit, called Thunderstrike, was discovered last year, but Vilaca claims the one he found could be even more dangerous as it may be possible to remotely exploit the bug.

Comments

comments

Latest

subscription music Apple Realizes Subscription Music Is Future
Manufacturing Automation Trends 4 Manufacturing Automation Trends Revolutionizing the Industry
online ads Three Ways to Advertise Not Online
fiber optics Fiber OPTICS- A SCIENCE TO BOOST TECHNOLOGY
skype Why Can’t I Stop Using Skype

Tech Geek Today

Tech Geek Today

MonTueWedThuFriSatSun
      1
2345678
16171819202122
23242526272829
30      
   1234
567891011
12131415161718
262728293031 
       
   1234
567891011
12131415161718
19202122232425
262728    
       
1234567
891011121314
22232425262728
293031    
       
    123
45678910
11121314151617
18192021222324
25262728293031
       
  12345
6789101112
20212223242526
27282930   
       
      1
9101112131415
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
252627282930 
       
 123456
78910111213
14151617181920
21222324252627
28293031   
       

Subscribe To The Technology Geek

Archives