Mac isn’t as safe as we thought.
Not too long ago an exploit was discovered for Mac machines called Thunderstrike, simply put the exploit allowed hackers to modify the firmware on a Mac machine. A group has researchers has built up on that exploit and came out with Thunderstrike 2, the first firmware worm that’s capable of infecting Macs.
Since the worm is capable of infecting the firmware it’s effectively impossible to remove it since it can block software updates and even reinstall itself even if the update has been applied. Thunderstrike 2 can infect Macs through email or websites and it can even spread to other Macs by hiding itself in option ROM of peripherals such as a Gigabit Ethernet adapter, RAID controllers, external drives, Thunderbolt connected devices and more.
According to the accompanying report the only real method to fix this vulnerability appears to be at a hardware level which means that the average user won’t be able to safeguard themselves against Thunderstrike 2. The researchers that developed it are in touch with Apple but so far the company has only fixed one of the five flaws that they pointed out.
There’s hope that Apple will be quick about it and issue software patches for all five flaws so that even the average user can be secured against this firmware worm.