Apple vulnerability could allow firmware modifications, researcher says

[InfoSec News <alerts () infosecnews org>]

http://www.networkworld.com/article/2929173/apple-vulnerability-could-allow-firmware-modifications-researcher-says.html

By Jeremy Kirk
IDG News Service
June 1, 2015

A zero-day software vulnerability in the firmware of older Apple computers 
could be used to slip hard-to-remove malware onto a computer, according to 
a security researcher.

Pedro Vilaca, who studies Mac security, wrote on his blog that the flaw he 
found builds on previous ones but this one could be far more dangerous. 
Apple officials could not be immediately reached for comment.

Vilaca found it was possible to tamper with an Apple computer’s UEFI 
(unified extensible firmware interface). UEFI is firmware designed to 
improve upon BIOS, which is low-level code that bridges a computer’s 
hardware and operating system at startup.

The UEFI code is typically sealed off from users. But Vilaca wrote that he 
found the code is unlocked after a computer goes to sleep and reawakens, 
allowing it to be modified. Apple computers made before mid-2014 appear to 
be vulnerable.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/