Thunderstrike2 Details Revealed

An anonymous reader writes: Prior to DefCon and BlackHat, we learned that Trammell Hudson had developed a firmware worm for Apple machines that could spread over Thunderbolt hardware accessories. Now that both conferences have finished, Hudson has published slides and an annotated transcript detailing how the worm works.

A brief quote: "Thunderstrike 2 takes advantage of four older, previously disclosed vulnerabilities. These had all been known and fixed on other platforms, but not on Apple's MacBooks. ... Speed Racer (Incorrect BIOS_CNTL configuration, 2014, VU#766164), Darth Venamis (S3 boot script injection, 2014, VU#976132) Snorlax (Flash configuration is not set after S3 sleep, 2013 VU#577140) and PrinceHarming (2015) Unsigned Option ROMs (2007, 2012). ... While we're looking at Apple specifically in this research, the overall message is that many vendors are not keeping up to date and are not responding to CERT, especially if it requires effort to port or test vulnerabilities from other vendor platforms."

These vulnerability names

are fucking stupid.

Re:1...2...3....

[ArmoredDragon]

Actually it's been scientifically proven that Apple fans view that brand as they would a religion:

http://www.pcmag.com/article2/...

Re:1...2...3....

[NotDrWho]

You just don't understand. Owning Apple is a way for hipsters to demonstrate their originality and reject the herd mentality of you PC users. This is achieved by buying all Apple products like every other hipster.