OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs
Apple is readying a fix in OS X 10.10.2 for the so-called "Thunderstrike" hardware exploit targeting Macs equipped with Thunderbolt ports, iMore has learned. According to the report, Apple patched the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked.
To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed.
Thunderstrike is a serious vulnerability discovered earlier this year by security researcher Trammell Hudson, enabling an attacker to replace a Mac's bootrom with malicious code without a user knowing. Since the malicious code is stored in a low level inaccessible to the user, the problem would remain even if the bootrom was replaced.
The proof-of-concept attack is limited in scope, however, as an attacker would require physical access to the Mac or savvy social engineering skills in order to trick a user into attacking his or her Mac themselves. Apple has already addressed the issue in its latest hardware, including the iMac with Retina 5K Display and new Mac mini.
OS X 10.10.2 has been in pre-release testing for over two months and should be made available to the public in the coming days. The most recent OS X 10.10.2 beta was seeded to developers for testing last Wednesday. In addition to the Thunderstrike fix, the upcoming software update addresses security vulnerabilities exposed by Google's Project Zero security team last week.
According to 9to5Mac, the latest OS X Yosemite release will also add iCloud Drive in Time Machine and resolve issues related to Wi-Fi, VoiceOver and security. In particular, a recently identified glitch causing Spotlight on OS X to expose system information to spammers through remote content loading will reportedly be patched. Safari will also gain improved performance and security.
No public instances of Thunderstrike attacks have yet to be reported.
Popular Stories
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store.
The charts below provide an overview of Apple's current and previous trade-in values in the U.S., according to its website. Maximum values for most devices either decreased or saw no change, but the iPad Air received a slight bump.
...
Apple is promoting the new Liquid Glass design in iOS 26, showing off the ways that third-party developers are embracing the aesthetic in their apps. On its developer website, Apple is featuring a visual gallery that demonstrates how "teams of all sizes" are creating Liquid Glass experiences.
The gallery features examples of Liquid Glass in apps for iPhone, iPad, Apple Watch, and Mac. Apple...
Apple's online store in the U.S. is suddenly offering a pack of four AirTags for just $29, which is the same price as a single AirTag.
This is likely a pricing error, and it is unclear if orders will be fulfilled. Apple has not discounted the AirTag four-pack in any other countries that we checked.
Delivery estimates are already pushing into late November to early December, suggesting...
IKEA today announced the upcoming launch of 21 new Matter-compatible smart home products that will be able to interface with HomeKit and the Apple Home app. There are sensors, lights, and control options, all of which will be reasonably priced. Some of the products are new, while some are updates to existing lines that IKEA previously offered.
There are a series of new smart bulbs that are...
Following more than a month of beta testing, Apple released iOS 26.1 on Monday, November 3. The update includes a handful of new features and changes, including the ability to adjust the look of Liquid Glass and more.
Below, we outline iOS 26.1's key new features.
Liquid Glass Toggle
iOS 26.1 lets you choose your preferred look for Liquid Glass.
In the Settings app, under Display...
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon.
Note: MacRumors is an affiliate partner with some of these vendors. When ...
The future of Apple Fitness+ is "under review" amid a reorganization of the service, according to Bloomberg's Mark Gurman.
In the latest edition of his "Power On" newsletter, Gurman said that Apple Fitness+ remains one of the company's "weakest digital offerings." The service apparently suffers from high churn and little revenue.
Nevertheless, Fitness+ has a small, loyal fanbase that...
HTX Studio this week shared the results from a six-month battery test that compared how fast charging and slow charging can affect battery life over time.
Using six iPhone 12 models, the channel set up a system to drain the batteries from five percent and charge them to 100 percent over and over again. Three were fast charged, and three were slow charged.
Another set of iPhones underwent...
Apple in iOS 26.2 will disable automatic Wi-Fi network syncing between iPhone and Apple Watch in the European Union to comply with the bloc's regulations, suggests a new report.
Normally, when an iPhone connects to a new Wi-Fi network, it automatically shares the network credentials with the paired Apple Watch. This allows the watch to connect to the same network independently – for...
