Your new post is loading...
“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.
“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”
Apple has been contacted for comment.
Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.
Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.
Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.
“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.
Learn more:
- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
“It means that you can overwrite the contents of your BIOS from userland a rootkit EFI without any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access.
“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access [provided] a suspended happens in the current session … you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage.”
Apple has been contacted for comment.
Flash locks are removed when machines enter a sleep state for about 30 seconds or more, allowing attackers to update the flashrom contents from userland including EFI binaries.
Affected models include the MacBook Pro Retina, and Pro, and MacBook Airs, each running the latest EFI firmware updates.
Some of the latest machines are not affected leading Vilaça to think Apple is aware of the vulnerability.
“If they (Apple) indeed knew about the bug – because I don’t believe it’s a coincidence not working in latest machines – then they keep their pattern of not patching older versions,” he says.
Learn more:
- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=EFI