OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs
Apple is readying a fix in OS X 10.10.2 for the so-called "Thunderstrike" hardware exploit targeting Macs equipped with Thunderbolt ports, iMore has learned. According to the report, Apple patched the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked.
To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed.
Thunderstrike is a serious vulnerability discovered earlier this year by security researcher Trammell Hudson, enabling an attacker to replace a Mac's bootrom with malicious code without a user knowing. Since the malicious code is stored in a low level inaccessible to the user, the problem would remain even if the bootrom was replaced.
The proof-of-concept attack is limited in scope, however, as an attacker would require physical access to the Mac or savvy social engineering skills in order to trick a user into attacking his or her Mac themselves. Apple has already addressed the issue in its latest hardware, including the iMac with Retina 5K Display and new Mac mini.
OS X 10.10.2 has been in pre-release testing for over two months and should be made available to the public in the coming days. The most recent OS X 10.10.2 beta was seeded to developers for testing last Wednesday. In addition to the Thunderstrike fix, the upcoming software update addresses security vulnerabilities exposed by Google's Project Zero security team last week.
According to 9to5Mac, the latest OS X Yosemite release will also add iCloud Drive in Time Machine and resolve issues related to Wi-Fi, VoiceOver and security. In particular, a recently identified glitch causing Spotlight on OS X to expose system information to spammers through remote content loading will reportedly be patched. Safari will also gain improved performance and security.
No public instances of Thunderstrike attacks have yet to be reported.
Top Stories
Apple today announced that it will be holding a special event on Tuesday, September 14 at 10:00 a.m. The event will take place at the Steve Jobs Theater on the Apple Park campus in Cupertino, California.
As with WWDC and last year's fall events, this new event will be held digitally with no members of the media invited to attend in person. Apple will likely provide pre-taped segments for...
Apple will retain the Lightning connector on the iPhone for the "foreseeable future," with no intention of switching to USB-C, according to reliable analyst Ming-Chi Kuo.
In spite of much of the industry moving toward USB-C, Apple will not be using it to replace the Lightning connector on the iPhone 13, or indeed on any iPhone model for the time being. In a note seen by MacRumors yesterday,...
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option.
A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
To commemorate the tenth anniversary of the iPhone, Apple marketing chief Phil Schiller sat down with tech journalist Steven Levy for a wide-ranging interview about the smartphone's past, present, and future.
The report first reflects upon the iPhone's lack of support for third-party apps in its first year. The argument inside Apple was split between whether the iPhone should be a closed...
Apple today seeded the sixth betas of iOS and iPadOS 15 to developers for testing purposes, with the updates coming one week after Apple released the fifth betas.
Registered developers can download the profile for the iOS and iPadOS betas from the Apple Developer Center, and once the profile is installed, beta updates will be available over the air.
iOS 15 is a major update that...
Wednesday September 25, 2019 12:02 pm PDT by
Juli CloverApple has teamed up with Maroon 5 to add the group's new song "Memories" to the Memories feature in the Photos app, allowing it to be used for photo slide show creations, reports Billboard.
"Memories" will be available as a soundtrack option for a limited time and it is available to iPhone and iPad users running the latest iOS 13 and iPadOS software.
Memories in the Photos app are created ...
Apple may be planning to launch the iPhone 13 on Friday, September 17 and third-generation AirPods on Thursday, September 30, according to an image of an e-commerce app discovered by Chinese language site IT Home.
The screenshot, originally posted by Weibo account @PandaIsBald, suggests all four iPhone 13 models will go on sale on September 17, followed by the AirPods 3 on September 30....
Apple has issued an internal notice about a new Quality Program that addresses anti-reflective coating issues on MacBook and MacBook Pro models with Retina displays, as confirmed by multiple sources. These issues include the anti-reflective coating on displays wearing off or delaminating under certain circumstances.
Apple will replace Retina displays on affected MacBook or MacBook Pro models ...
With the launch of Apple's iPhone 13 lineup believed to be just a few weeks away, we have compiled all of the coherent rumors from our coverage over the past year to build a full picture of the features and upgrades coming to the company's new smartphones.
For clarity, only explicit improvements, upgrades, and new features compared to the iPhone 12 lineup are listed. It is worth noting that...
The iPhone 12 and iPhone 12 Pro arrived in October 2020 in a range of color options, with entirely new hues available on both devices, as well as some popular classics. The 12 and 12 Pro have different color choices, so if you have your heart set on a particular shade, you might not be able to get your preferred model in that color.
iPhone 12 mini and iPhone 12
The iPhone 12 mini and iPhone...
Top Rated Comments
Safari stinks as well under Yosemite.
Start-up time is 10 times longer than before as well
Closed system under Apple is supposed to prevent stuff like this from happening and until Yosemite it was pretty much true.
Keep Ivy away from the Operating System!
After seeing what he did to the Mini I wouldn't mind seeing him take a long hike permanently
I'd rather see them increase the free storage amount to 10 GB to be more in line with other cloud backup services. Not everyone has the incentive or need to pay for more storage.
Come on now, these are all things that you shouldn't have to do. I have dozens of devices, all types of macs (meaning non-yosemite) macs that haven't had a single problem. Don't blame the user....
For Those About to Update.... We Salute You! :cool:
EXCELLENT. I've been hoping I would eventually be able to go to a cloud based backup.