I think we're in trouble...

Joined
Feb 14, 2004
Messages
4,781
Reaction score
166
Points
63
Location
Groves, Texas
First OSX Bootkit Revealed - Slashdot

From the article:

"Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity."
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Once again the joy of a bootable USB thumb drive with operating system installed.
 
C

chas_m

Guest
How often do you plug in Thunderbolt devices that you didn't purchase from a legit vendor?

Or, alternatively, how often do you let people come in while you're signed in to your computer and let them plug in unknown Thunderbolt devices?

Because those are the only two vectors of attack. So if that number is any higher than once, you're just asking for trouble. If it is once or lower, then you're completely safe.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,945
Reaction score
578
Points
113
Location
Queensland
Your Mac's Specs
Too many devices to list
The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity."
This is the dangerous part - it's not just the control but the ability to continue circumvention.

I'm sure the response of many ardent supporters will be that this is a proof of concept and that it requires physical access (thus minimizing the importance of the exploit) but nonetheless, it's clear that more work is being done (and thankfully so) to poke away at the notion that OS X is infinitely more secure than everything else. Honestly, the more this happens, the better it is for us the users.
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
If I have physical access to your machine, I PWN it. Period. It does not matter which vendor, or operating system.

Secure your computers, this (btw) has always been the case.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,945
Reaction score
578
Points
113
Location
Queensland
Your Mac's Specs
Too many devices to list
I'm finding things everywhere.
Absolutely agreed. While I think that headline for that article is sensational (I'm not sure I'd call my OS version and IP address a private detail), it does point to a bug that ought to be fixed quickly.

General rant: Most of these complaints seem to be levied at both OS X and iOS. iOS, from where I sit, hasn't decreased in quality significantly (in fact, I think it's improved) but OS X has lost its exceptionalism. To this day, Handoff remains extraordinarily flaky, AirDrop works if the sun is at a perfect 60° angle to where I am and only then and AirPlay is possessed. These features on iOS though work wonderfully. Methinks that Apple has put too high a priority on iOS.
 
Joined
Dec 8, 2009
Messages
453
Reaction score
10
Points
18
Location
The same as Sheldon Cooper - East Texas
Your Mac's Specs
iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
General rant: Most of these complaints seem to be levied at both OS X and iOS. iOS, from where I sit, hasn't decreased in quality significantly (in fact, I think it's improved) but OS X has lost its exceptionalism. To this day, Handoff remains extraordinarily flaky, AirDrop works if the sun is at a perfect 60° angle to where I am and only then and AirPlay is possessed. These features on iOS though work wonderfully. Methinks that Apple has put too high a priority on iOS.

Agreed. This year I have seen Win XP bsod's on OSX for the first time, required Win 98 like reboots to fix something and such like stuff. I am afraid that sales is overiding engineering in the post Jobs Apple.
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,945
Reaction score
578
Points
113
Location
Queensland
Your Mac's Specs
Too many devices to list
I had my machine slow to a crawl last night converting video files which normally didn't happen with Mavericks. This is another issue in my list of things that I've come to terms with. In fact, I've come to terms with the idea that this is par for the course with Yosemite until the wrinkles get ironed out (if at all). I wonder if this is why I'm using my iPad more often now as iOS has, in my opinion at least, only gotten better on the whole (especially now that Office is available for it).

Don't get me wrong - I still think OS X is great...it's just not better to the same extent that it used to be.
 

dbm


Joined
Dec 31, 2010
Messages
498
Reaction score
17
Points
18
Location
Preston, Lancs, UK
Your Mac's Specs
Mac Mini 2011 i5 2.3/8GB, MBPr 15 2013 with i7/16GB both running El Capitan
iOS 8 was a huge change as we all know, and I recall stories at the time reporting that the OSX team had been co-opted into helping out the iOS team so the launch schedule could be met.

I think we are seeing those chickens come home to roost now, with the under-resourced Yosemite showing some chinks in its armour. I'm sure it will stabilise, or next year's release will be much better at the very least.

But iPhones and iPads are Apple's gateway products, so I can understand why they have been prioritised.
 
C

chas_m

Guest
If I have physical access to your machine, I PWN it. Period. It does not matter which vendor, or operating system.

Secure your computers, this (btw) has always been the case.

This is what I've been saying, The USB exploit this is built off of has been around for a long time (since, well, USB came around). Physical access to a machine has always equalled the possibility of compromised security since before the first keylogger was invented.

I'm saying that this is really nothing new, and that it doesn't really affect most users. If you're in an office, dealing with sensitive information, obviously then this affects you more than the rest of us, and precautions should be taken.

As I've always said in my Mac computer classes for going on 20 years now -- whether you work for the CIA or you just have nosey relatives in your home, it's a sound idea to have an automatic logout that requires a password to re-enter if you routinely step away from your computer.
 
Joined
Mar 17, 2008
Messages
6,879
Reaction score
191
Points
63
Location
Tucson, AZ
Your Mac's Specs
Way... way too many specs to list.
As I've always said in my Mac computer classes for going on 20 years now -- whether you work for the CIA or you just have nosey relatives in your home, it's a sound idea to have an automatic logout that requires a password to re-enter if you routinely step away from your computer.

Mine are all set to require login on screen on, screensaver halt, and wake. Also have hot corners set up for two of those 4. Then again, when I would find coworkers who didn't lock their Unix machines I would do things like..


echo "logout" >> .login

Or just change their runlevel to 6.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top