CATEGORIES
home News

Pre-2014 Macs Susceptible To Slippery Backdoor Firmware Exploit

by Rob WilliamsWednesday, June 03, 2015, 10:00 AM EDT

After mainboard vendors began adopting EFI en masse in recent years, security researchers all over have dissected the many different implementations out there to find that elusive crippling bug. Sometimes, though, such bugs are not actually elusive at all, like one just discovered by reverse engineering enthusiast fG.

fG starts off his report by pointing out two excellent presentations revolving around EFI exploitation, and how this new one relates to one of those. At any point while using your PC, your EFI should never become exposed to write commands, but fG notes that this isn't the case on Macs older than mid-2014. In fact, the bug can be exploited from the desktop - all it requires is that the machine was put to sleep, and then resumed.

On a normal boot, the string "FLOCKDN=1" in the EFI readout tells the computer that the EFI cannot be written to, but that changes to "FLOCKDN=0" after a sleep/resume cycle. Usually, writing to a BIOS/EFI requires low-level access, so this bug is very unique by allowing it to happen in user space.

Apple MacBook 13

The report notes that multiple pre-2014 Macs have been deemed to be vulnerable, while the newer ones seemed to be locked down. fG notes that it appears Apple either fixed this bug by accident, or that it knew about it and decided to patch newer machines. Though they add, "It's not something you just fix by accident."

To fully protect yourself from this bug, you simply need to avoid using the sleep mode until Apple releases an updated EFI for your machine (if it does, that is). If you want to test for the vulnerability and are fluent with the inner-workings of OS X, you can download a tool called DarwinDumper, load the DirectHW.ext kernel module, and then run "flashrom -r biosdump -V -p internal" to check for that "FLOCKDN" string.

fG further notes that this bug can be exploited remotely. If someone has access to a Mac through SSH, they could simply force a sleep with "sudo pmset sleepnow". If the user is right in front of the machine, they will simply trigger it to wake back up.

Let's wait and see what Apple has to say about this one.

Tags:  Apple, OS X, security, Mac, vulnerability, exploit, NASDAQ: AAPL
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment