![]() ![]() Therefore, once a Mac's EFI has been owned, if the attacker did it right, then the only way to reflash the EFI with valid Apple firmware would be to wire up a reflasher directly to the EFI chip on the logic board itself (do not try this at home). The same security researcher who announced this vulnerability also claims to have seen a demonstration at a conference of a firmware hack that cannot be removed or overwritten. This vulnerability was made public at least four weeks before Apple patched it on July 30 for OS X 10.8, 10.9, and 10.10 with EFI Firmware Security Update 2015-001. ![]() (The vectors available for this are in other CVEs, but could hypothetically be anything, including things like malicious fake Flash update installers.) In July 2015, CVE-2015-3692 revealed that a Mac's EFI firmware could be hacked by a remote attacker. How can the average user easily validate the integrity of their Mac's firmware?īefore you downvote this question or lecture me on how I am paranoid and no one should ever need to do that, please read below.
0 Comments
Leave a Reply. |