Apple is preparing to release the second update to OS X Yosemite in the coming days to its customers.
The upcoming beta update OS X Yosemite 10.10.2 contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port.
Earlier this month, Reverse engineer Trammell Hudson revealed technical details and proof-of-concept ofThunderstrike attack.
Thunderstrike, an undetectable bootkit, works by injecting an Option ROM into a Mac’s EFI. It is possible because hardware attached to a system through Thunderbolt port are not as secure as a Mac itself.
nce installed using Thunderstrike attack, the malware would be almost impossible to detect and remove.
Because the firmware used on Macs doesn’t always apply to the security of attached hardware. So "Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again.” developers told imore.
