All Apple news

The first worm for EFI firmware is able to infect a Mac without Internet connection

Security researchers have created a worm that infects computers Apple without Internet connection and is recorded in the service software. About this dangerous vulnerability Mac announced the publication of Wired.

Computers contain embedded software (firmware) that controls the boot process, and then passes control to the operating system. Typically, this firmware is called BIOS, by analogy with the name of its old versions, although a more modern version of the firmware is called UEFI (unified extensible firmware interface).

Basic system I / o EFI is not protected by encryption and digital signature, so they can infect that way. After that the virus will be overwritten even if you upgrade the operating system and continues its work. Can be destroyed only by reflashing the chip with the computer’s motherboard special equipment. Applies Trojan from Mac to Mac, even without a network connection.

“Malware is very difficult to calculate and difficult to treat: it is very difficult to resist something that is available inside the firmware, said one of the researchers Xeno Cowan. – For most users, if contaminated, the output will be one to throw your computer”.

A worm is similar to a virus, presumably developed by the national security Agency of the USA, as detected by Kaspersky Lab “on government computers in Iran and Russia, which infects service software hard drives.

Earlier this year, Apple released an update that addresses a similar vulnerability called Thunderstrike, which made it possible to embed malicious code in the UEFI firmware via the Thunderbolt interface. However, in this case to make “mischief”, while not having physical access to the computer, it was not possible. In this case the attack can be done remotely, making this vulnerability more dangerous.

READ  A source at Foxconn has confirmed the release of all-glass iPhone with an OLED display in 2017

Researchers have notified Apple about the existence of this vulnerability, but so far no official reaction from Cupertino are not followed.

Leave a Reply

Your email address will not be published. Required fields are marked *