Newcastle Accountants | Maitland Accountants | Bottrell Offices located in Newcastle, Maitland. Your local Accountants, Tax Agents & Advisors in Newcastle & Maitland.

Email OUR TEAM
Call NEWCASTLE
Call MAITLAND
Bottrell Accountants | Newcastle Accounting Firm | Maitland Accountants
Menu

Newly discovered Mac malware tarnishes Apple’s security credentials

By on August 7, 2015 in Interesting Articles

Newly discovered Mac malware tarnishes Apple’s security credentials

iFans will be the first to tell you that, statistically, Apple Macs, iPhones and iPads are less vulnerable to malware than PCs or Android mobile devices, whose much larger user bases make them far more attractive targets for malicious actors.

But two major security flaws which Apple has yet to fully address have recently thrown into doubt the US tech company’s top-notch security credentials.

German coder Stefan Esser last month published details of a vulnerability introduced in the latest release of the Mac OS X operating system Yosemite 10.10.

The flaw leaves open the ability for a hacker to create and open files “anywhere in the file system” and gain administrative access to a victim’s Mac, potentially wreaking all kinds of havoc.

Some nasty person has now gone and exploited the flaw to automatically install adware on victims’ computers. Adware spams an affected computer with pop-up ads or automatically redirects them to unsolicited websites and apps.

Malwarebytes researcher Adam Thomas discovered the use of the exploit when he took a close look at a new adware installer and noticed some of his computer’s root files had been messed with.

The firm criticised Esser for having released details of the exploit without notifying Apple first.

Apple has reportedly added a temporary measure which notifies users if the adware tries to install itself on their computers, though according to The Guardian‘s Alex Hern it won’t be issuing a full fix for Yosemite users until September.

‘Firmworm’ strikes again

The second bug, dubbed “Thunderstrike 2”, is a type of “worm” which hides inside a Mac’s firmware (firmware runs basic functions such as booting up a computer, launching the operating system, and running a computer’s ports and cooling fan) and then spreads to any other hardware connected to that computer.

Unlike the adware malware which has already surfaced “in the wild”, this “proof of concept” worm is due to be demonstrated at a Black Hat security conference in Las Vegas this week.

It can spread via connected hardware including ethernet adaptors or external hard drives.

A researcher who worked on the findings told Wired that Apple had only patched two of five vulnerabilities which allow the worm to take hold.

Firmware is generally not scanned by anti-virus software products, making it difficult to detect any loitering malware.

The “firmworm” will also remain intact even when the operating system — which is software, not firmware — is scrubbed clean.

 

Researcher Xeno Kovah told Wired the only remedy for an infested device is to “re-flash” the chip containing its firmware.

“For most users that’s really a throw-your-machine-away kind of situation,” Mr Kovah told the tech site.
“Most people and organisations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”
The vulnerabilities are also present in PCs, but this is thought to be the first time they have been shown to be exploited in Macs. 
“People hear about attacks on PCs and they assume that Apple firmware is better […] we’re trying to make it clear that any time you hear about EFI firmware attacks, it’s pretty much all [computers],” Mr Kovah told Wired.
http://www.theherald.com.au/story/3259466/newly-discovered-mac-malware-tarnishes-apples-security-credentials/?cs=4435
author avatar
Bottrell Group
See Full Bio

, , , , , , , ,

Comments are closed.