<sarcasm> Nice to see Apple as fast as possible to release patches for major flaws, while leaving even only few year old versions of their OS open for attack.</sarcasm>
Apple patch shields Macs from Thunderstrike
Apple will mute the Thunderstrike attack in an upcoming OS X patch, according to a report. Beta developers told iMore the OSX 10.10.2 release stops the attack and prevents firmware downgrades which could re-enable the vulnerability on patched machines. The Thunderstrike attack was revealed earlier this month by reverse …
COMMENTS
-
Tuesday 27th January 2015 09:39 GMT sabroni
according to a report.
Not clear from your article, or the linked iMore one, exactly who is claiming that this is fixed. Any chance of a bit of clarity? It doesn't sound like it's Apple saying it's fixed, but both Hudson in your article and Rick Mogull in iMore are quoted from when "Thunderstrike" (cool name!) was discovered, not from after patching. So who are these "beta developers", mentioned in your article but not in iMore?
-
-
-
Tuesday 27th January 2015 11:02 GMT Dave 126
Re: according to a report.
> i may be mistaken, but IIRC the original report said this wasn't fixable in software/firmware.
I got the impression that it wasn't fixable after the attack, but it could be prevented from occurring in the first place: "To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed."
- http://www.imore.com/thunderstrike-attack-also-fixed-os-x-10102
So it would seem to be a case of putting a better latch on the stable door before the horse has legged it.
-
Tuesday 27th January 2015 16:39 GMT fearnothing
Re: according to a report.
Technically it is fixable in firmware but to do it you have to crack open the case and hook a physical tool directly onto the pins of the firmware ROM chip. Not for the faint of heart. If you mess up the voltages, e.g. by forgetting to disconnect the battery, you are the owner of a very shiny brick.
-
-
-
Tuesday 27th January 2015 10:55 GMT Dave 126
Re: Is this an issue for any PC using EFI
The proof-of-concept attack only attacks Macs, but it has never been seen in the wild - it needs the attacker to have physical access to the machine or else use social engineering to trick the user into attacking themselves.
The attack uses Thunderbolt, which is seen comparatively few non-Apple machines - there probably isn't a big enough pool or PC targets for it to worth an attacker's effort. Even on these PCs, "Intel has never allowed [PC] motherboard vendors to hang the Thunderbolt silicon / add-in card off the CPU's PCIe lanes. These have to hang off the platform controller hub (PCH). On the other hand, Apple was allowed to hook up the Thunderbolt silicon directly to the CPU."* so this might prevent a similar attack on generic PCs.
* http://www.anandtech.com/show/8529/idf-2014-where-is-thunderbolt-headed
As a PC user, I wish Thunderbolt was more common. The idea of a thin-n-light laptop plugging into an external GPU+monitor is an attractive one for CAD users- but I appreciate it might be a bit niche when USB 3 and ethernet takes care of most users' data transfer needs.