Older Apple computers may be susceptible to a new zero-day vulnerability discovered by a security researcher, who found the flaw can be used to install rootkit malware that’s nearly undetectable and very hard to remove.
OS X security researcher Pedro Vilaca wrote about the discovery of the zero-day vulnerability on his blog over the weekend, detailing how it’s possible to tamper with Apple computers’ UEFI (unified extensible firmware interface), which is designed to improve upon a machine’s BIOS.
UEFI code is usually sealed off but Vilaca discovered that when Apple computers made before mid-2014 go to sleep and are reawakened, the code is unlocked and able to be modified.
Vilaca says the only way to defend against the vulnerability is to always shut your computer down and never let it go to sleep. A similar exploit, called Thunderstrike, was discovered last year, but Vilaca claims the one he found could be even more dangerous as it may be possible to remotely exploit the bug.
The attack was successfully tested on a MacBook Pro Retina, a MacBook Pro 8.2 and a MacBook Air, all running the latest EFI firmware available. Macs made in 2014 are not vulnerable, which could mean Apple already found the bug but hasn’t patched older models yet. We’ve reached out to Apple for comment but haven’t received a response.