Apple will patch serious security flaws in OS X ‘as soon as possible’

By

Tim Cook addresses the White House Summit on Cybersecurity and Consumer Protection. Photo: White House
Tim Cook talks cybersecurity earlier this year.
Photo: White House

Apple plans to issue an update fixing two severe OS X Yosemite security flaws “as soon as possible,” according to a new report.

One bug is the recently discovered Thunderstrike 2, which allows attackers to overwrite a computer’s firmware in a way that is impossible to reverse unless users have the wherewithal to open up their Mac and manually reflash the chip.

The other is a “privilege escalation” bug known as DYLD that allows a program to run as though it has administrator access without prompting users to enter their passwords.

Thunderstrike 2 worm can infect your Mac without detection

By

12-inch MacBook
Get yours for just $999.
Photo: Jim Merithew/Cult of Mac

Apple has touted the Mac’s resistance to viruses for decades as a selling point over Windows PCs, but a team of researchers have created a new firmware worm for Mac that might just make you want to go back to doing work on good old pencil and paper.

Two white-hat hackers discovered that several vulnerabilities affecting PC makers can also bypass Apple’s renowned security to wreak havoc on Mac firmware. The two created a proof-of-concept of the worm called Thunderstrike 2 that allows firmware attacks to be spread automatically from Mac to Mac. Devices don’t even need to be networked for the worm to spread, and once it’s infected your machine the only way to remove it is to open up your Mac and manually reflash the chip.

Here’s a preview of Thunderstrike 2 in action: