Macs Vulnerable To Userland Injected EFI Rootkits

Posted by timothy on Sunday May 31, 2015 @09:02PM from the but-it's-a-mac-it's-safe dept.

Bismillah writes that a new vulnerability in recent Macs — and potentially older ones — can be used to plant code such as rootkits into areas of EFI memory that shouldn't be writeable, but become unlocked after the computer wakes up from sleep mode. The article explains that [The vulnerability] appears to be due to a bug in Apple's sleep-mode energy conservation implementation that can leave areas of memory in the extensible firmware interface (EFI) (which provides low-level hardware control and access) writeable from user accounts on the computer. Memory areas are normally locked as read-only to protect them. However, putting some late-model Macs to sleep for around 20 seconds and then waking them up unlocks the EFI memory for writing.

1 of 82 comments (clear)

Min score:

Reason:

Sort:

Re:Time for the BIOS to be EEPROM again? by jones_supa · 2015-05-31 22:51 · Score: 4, Interesting

It's interesting that a lot of effort has been put into things like SecureBoot, but there is still a plethora of devices in a PC which are ready to accept new (potentially malicious) firmware at any given point in time.