Thunderstrike 2 worm can infect your Mac without detection


Researchers have created the first undetectable firmware worm for Mac.
Researchers have created the first undetectable firmware worm for Mac.
Photo: Jim Merithew/Cult of Mac

Apple has touted the Mac’s resistance to viruses for decades as a selling point over Windows PCs, but a team of researchers have created a new firmware worm for Mac that might just make you want to go back to doing work on good old pencil and paper.

Two white-hat hackers discovered that several vulnerabilities affecting PC makers can also bypass Apple’s renowned security to wreak havoc on Mac firmware. The two created a proof-of-concept of the worm called Thunderstrike 2 that allows firmware attacks to be spread automatically from Mac to Mac. Devices don’t even need to be networked for the worm to spread, and once it’s infected your machine the only way to remove it is to open up your Mac and manually reflash the chip.

Here’s a preview of Thunderstrike 2 in action:

The naked truth about iCloud safety


Backup everything to iCloud.
Photo: Jim Merithew/Cult of Mac
Photo: Jim Merithew/Cult of Mac

By now you’ve probably heard about the avalanche of celebrity nude photos that slammed the Web on Labor Day. But amid the chaos of FBI investigations, celeb denials and Apple PR releases that say basically nothing, understanding how the attackers executed the hack — and how to prevent it from happening to you — hasn’t been so clear.

Apple recommended that all users enable two-step verification “to protect against this type of attack,” but the truth about iCloud’s two-step security is a little more complicated than Apple’s letting on, and turning it on probably wouldn’t have prevented the celebrities’ pics from getting hacked in the first place.

To help sort through the confusing mess, we’ve broken down everything you need to know about iCloud’s security and how you can use two-factor authentication and other security steps to keep some perv named 4chan from blasting your nips all over the Internet.

How to keep your iCloud account safer with 2-step verification



If you make something private, obviously you want it to stay that way. But with hackers trying to get at your data, you need to be prepared. Following the recent iCloud hacking that leaked tons of private celebrity photos, there’s a renewed focus on security.

In today’s video, we show you how to enable two-step verification on all your Apple devices so you’ll have a better chance of keeping everything that’s near and dear to you private and secure.

Subscribe to Cult of Mac TV on YouTube to catch all our latest videos.

Hackers accused of ‘ransomware’ iOS attack arrested in Russia


Oleg Pliss

Last month, a number of Apple users in Australia woke up to find that their iOS devices had been locked by an “Oleg Pliss,” and that they needed to pay a ransom if they wanted to continue using them. While a few people thought iCloud could have been hacked, Apple denied those rumors.

Now it seems that the hackers involved with the ransom demands have been detailed by authorities in Russia, according to a new report from the Sydney Morning Herald.

Aged 17 and 23, the alleged hackers are both residents of the Southern Administrative District of Moscow, and one has been previously tried for a similar case.

Apple says iCloud was not hacked during ‘ransomware’ attack


Apple says that iCloud was not hacked, following on from the news that a number of iOS and Mac users in Australia, New Zealand, Canada, and the U.S. report have had their devices remotely locked in exchange for ransom.

It’s been speculated that the hacking in question was done using login credentials gained from users as a result of recent data breaches and then used as Apple ID logins to lock users out via iCloud. While this may be the case, Apple says that it is not the result of the iCloud being compromised in any way.