No software in the world is completely safe from hacker attacks, and today we can see for ourselves, as a team of scientists from LegbaCore managed to develop the first ever worm that can control the firmware of Mac computers. The virus itself uses the Thunderstrike critical bug, which was discovered a long time ago by security expert Trammell Hudson, who developed a fully functional threat in cooperation with LegbaCore. It uses a previously discovered security hole for its functionality and it is probably not surprising that it is called Thunderstrike 2.
This is a worm that attacks the firmware of Mac computers and is therefore practically impossible to remove. It remains on the computer even after installing new updates and even has such great privileges that it can block the installation of new updates, whether they are firmware or software updates. The icing on the cake is that in case of any problems, it can reinstall and therefore restore itself, so trying to remove it is practically futile. Thunderstrike 2 is a much more sophisticated threat than the original Thunderstrike, which was more of a technology demo and a demonstration that there was a serious problem that could threaten millions of Macs around the world.
A new, mature version of this threat can enter your Mac after visiting a malicious website or opening a malicious email. It can then be copied and hidden in ROM in peripheral devices such as external SSD drives, Thunderbolt drives or RAID controllers, thanks to which it can get into other computers to which you connect them. In this respect, it is reminiscent of the older Win32/Agent threat that spread on computers with Windows so that it was copied onto the then popular 3.5 inch floppy disks along with your files. Thus, Thunderstrike 2 can spread similarly and users themselves can spread it among themselves without knowing about it. All it takes is for them to share add-ons that have malicious code hidden in their ROM, and it copies itself to a new Mac after connecting to a Mac. So, its installation is very simple, but its removal is much more difficult, as it has to be fought at the hardware level, which is very risky.
In his contribution, Xeno Kovah, head of LegbaCore, not only presented how the mentioned threat works in practice, but also appealed to Apple and says the company hasn't done enough to protect users. He says that even though his company contacted him before Apple and described all the important details, the company has so far patched only one of the 5 security holes and released only a partial fix for the other one. The remaining three bugs have not been patched, so millions of users are currently at risk. It is enough for someone to post an infected add-on on eBay and wait for a victim to buy it.
*Source: MacRumors
Please try to limit those full-page ads that have "Skip and visit site" on the top right and a new page loads anyway. Most of the time, the site is dubious exactly as this article describes.
I agree with the kangaroo
Mr. Zavrěl, do you have a few ads here? And you're forcing us to click on some dubious ad.
Anubisi: Romča needs for a new Bentley, don't be surprised. :-)