Attackers can exploit this vulnerability to gain device control.
On April 9, June 3, a foreign security researcher found a security vulnerability that could control Mac devices running OS X. It is reported that this vulnerability allows hackers to remotely rewrite the firmware for machine startup on Mac devices. Once the hacker finds this vulnerability, they can gain certain control after the computer starts.
It is reported that the vulnerability was first discovered by Mac security research expert Pedro Vilaca. He then published the message to his blog. According to vilack, hackers can remotely gain limited control over Mac devices without being exposed to devices.
Specifically, hackers first need to obtain the Root permission of the target device (this is not easy for remote hackers, but it is absolutely possible ), then, you can use the Mac device to rewrite the firmware when entering sleep mode and disabling the BIOS protection mechanism, then, hackers can use this method to change the default settings of the Extensible Firmware Interface.
This sleep mechanism on Apple's Mac device will render the machine unprotected on a node in the middle, which means hackers can use this mechanism to rewrite BIOS data or implant malware.
However, villak also said that only Mac devices launched before the middle of 2014 had this problem (including the MacBook Air, MacBook Pro 2015, and MacBook Pro Retina models earlier than 8.2 ), the new Mac model does not have this security vulnerability.
The analysis shows that users with models with security risks do not have any special protection measures for this vulnerability. At this stage, they can only change the device's default settings, and prevent the Mac from automatically entering the sleep state to prevent hacker intrusion. However, it should be noted that Mac users do not need to worry about this, because the process of implementing this attack is very complicated, therefore, this vulnerability is unlikely to be widely used by global hackers in a short time.
This article permanently updates the link address: