Reply to thread

Message

<blockquote data-quote="cradom" data-source="post: 1632776" data-attributes="member: 305283"><a href="http://apple.slashdot.org/story/15/01/08/214238/first-osx-bootkit-revealed" target="_blank">First OSX Bootkit Revealed - Slashdot</a>From the article:&quot;Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity.&quot;</blockquote>

[QUOTE="cradom, post: 1632776, member: 305283"] [url=http://apple.slashdot.org/story/15/01/08/214238/first-osx-bootkit-revealed]First OSX Bootkit Revealed - Slashdot[/url] From the article: "Hudson's bootkit takes advantage of a vulnerability in how Apple computers deal with peripheral devices connected over Thunderbolt ports during a firmware update. In these cases, the flash is left unlocked, allowing an Option ROM, or peripheral firmware, to run during recovery mode boots. It then has to slip past Apple's RSA signature check. Apple stores its public key in the boot ROM and signs firmware updates with its private key. The Option ROM over Thunderbolt circumvents this process and writes its own RSA key so that future updates can only be signed by the attacker's key. The attack also disables the loading of further Option ROMs, closing that window of opportunity." [/QUOTE]

Verification

Name this item 🌈