A known flaw in Mac firmware could leave it open to attacks via Thunderbolt devices, security researcher Trammel Hudson has found. This unpatched hole has been known for at least two years, though it remains completely unaddressed thus far.
“It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple’s EFI firmware update routines,” Trammel writes in the essay for his upcoming lecture at the Chaos Communication Conference in Germany. “This allows an attacker with physical access to the machine to write untrusted code to the SPI flash ROM on the motherboard and creates a new class of firmware bootkits for the MacBook systems.”
Trammel also notes that the vulnerability could be fixed with “a few byte patch to the firmware,” but goes on to say that hammering out the security issues with Apple’s EFI is a larger issue on the whole.