Slashdot Mirror
Researchers Create Mac "Firmworm" That Spreads Via Thunderbolt Ethernet Adapters
BIOS4breakfast writes: Wired reports that later this week at BlackHat and Defcon, Trammell Hudson will show the Thunderstrike 2 update to his Thunderstrike attack on Mac firmware (previously covered on Slashdot). Trammell teamed up with Xeno Kovah and Corey Kallenberg from LegbaCore, who have previously shown numerous exploits for PC firmware. They found multiple vulnerabilities that were already publicly disclosed were still present in Mac firmware. This allows a remote attacker to break into the Mac over the network, and infect its firmware. The infected firmware can then infect Apple Thunderbolt to Ethernet adapters' PCI Option ROM. And then those adapters can infect the firmware of any Mac they are plugged into — hence creating the self-propagating Thunderstrike 2 "firmworm." Unlike worms like Stuxnet, it never exists on the filesystem, it only ever lives in firmware (which no one ever checks.) A video showing the proof of concept attack is posted on YouTube.
macs are not vulnerable to the types of malware that antivirus software could protect against
So if antivirus software protects against viruses, and you're claiming that Macs are not vulnerable to that type of malware, then aren't you claiming that Macs are immune to viruses?
worms such as the "firm worm" on this post cannot be prevented by antivirus software. so there is a class of malware that is not blocked by antivirus and even though macs are immune to malware that would otherwise be blocked by antivirus they can still be succeptible to this particular class and yet keep the general moniker immune to viruses that antivirus software would block.
Here's a question: if Macs are not vulnerable to viruses, then why are there antivirus programs for Macs?
AV exists for mac becuz windows switchers are stuck on this idea of "needing antivirus" and so shysters have stepped in to provide the product. not to mention all macs come with antivirus supplied by apple.