It was reported Monday that the first firmware worm that is able to infect Macs called “Thunderstrike 2” has been created by researchers.
According to Wired, “An attacker could first remotely compromise the boot flash firmware on a MacBook by delivering the attack code via a phishing email and malicious website. That malware would then be on the lookout for any peripherals connected to the computer that contain option ROM … and infect the firmware on those. The worm would then spread to any other computer to which the adapter gets connected.”
While Macs don’t get viruses or worms, etc. just from visiting the wrong website – they are vulnerable when you download and then install something. And this makes it simple – don’t download and install applications (which require user password root access to install) that come from unknown, untrusted, non-verifiable sources.
“Free” can be downright damaging. And now it can be damaging to others. A device connected to a compromised system can itself be compromised and turned into a transmission device to spread this kind of worm exploit without any indication or password access with just the compromised device being connected to a system. It still takes that “patient zero” to do so, though.
The researchers have notified Apple of the vulnerabilities, and the company has patched one and partially patched another with three of the vulnerabilities remaining unpatched as of now.
With that said, Apple needs to close these open doors without further delay. The greatest risk for the potential spread via Thunderbolt susceptibility is to those in media and entertainment/production industries that are frequently swapping external drives between systems and sending work out on such solutions.
This is certainly something to be wary of… but it is an avoidable something.