No attack has been seen in the wild, either. However, it should be noted that while this threat is possible at this time, no web-based attack has been demonstrated yet. ![]() (Apple has yet to officially acknowledge the vulnerability at this time.) The issue cannot be recreated in newer models like the 2013 MacBook Pro it’s likely that the vulnerability has been fixed on newer systems. ![]() We tested out this issue on several MacBook models (specifically the 2012 MacBook Pro, 2011 MacBook Air, among others) and found out that the attack is easily replicable. ![]() What makes things worse is that bootkit malware cannot be removed or cleaned even after users reinstall their OS. Since a bootkit loads before the operating system (OS), attackers can use it to bypass passwords and other security measures. ![]() This is can be a major issue for Mac owners since the vulnerability gives attackers unfettered access to their device. According to his research, any attacker can disable the BIOS lock just by taking advantage of a flaw in Apple’s S3 sleep state (more known as 'standby mode') suspend-resume implementation. Once an attacker does this, he can install bootkit malware onto a Mac BIOS without the user’s knowledge. A critical Mac vulnerability was discovered by OS X security researcher Pedro Vilaca last week.
0 Comments
Leave a Reply. |