Apple computers found a vulnerability that allows hackers to reflash the Mac by putting a malware directly into the “BIOS”. The malicious code is difficult to detect and remove.
Malicious code placed in the boot area, it is very difficult to clean, and standard security tools such as virus scanners will not be able to detect it, reports Cnews referring to the information securit y expert Pedro Vilaca. And since Apple releases firmware updates extremely rare, malicious code can be in it long. It is reported that the vulnerability affects all computers manufactured before mid-2014.
Mac have built-in software (firmware) that controls the boot process, and then passes control to the operating system. This firmware usually referred to as BIOS, by analogy with the name of its old versions, although a more modern version of the firmware PC is called UEFI.
The problem with the found vulnerability is that after you resume the computer from standby (S3 mode) protection from flashing UEFI Apple computers is lost. Thus, an attacker can easily inject malicious code in UEFI using standard utilities for flashing. To remove protection, he only needed to put the computer into standby and then withdraw from it.
According to Welaka, he tested his theory on multiple models of the MacBook Pro with Retina display, MacBook Pro and MacBook Air released before mid-2014. On all models installed the latest firmware, and all the computers were vulnerable to the described method. The expert was informed about the problem to Apple, but only after he published details of his find.
Apple has not responded to the message of Vilaka.
