A $300 Device Can Steal Mac FileVault2 Passwords

An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple's disk encryption utility) passwords from a device's memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap.

From the article

[berj]

December 13th: Apple released macOS 10.12.2 which contains the security update. At least for some hardware - like my MacBook Air.

Conclusion
The solution Apple decided upon and rolled out is a complete one. At least to the extent that I have been able to confirm. It is no longer possible to access memory prior to macOS boot. The mac is now one of the most secure platforms with regards to this specific attack vector.

So, it seems that this door has been closed as of 10.12.2

Remains to be seen if those machines that don't support 10.12 Sierra will get patches for their latest supported macOS version, of course.