‘Thunderstrike’, a vulnerability for Macs with a Thunderbolt port, will be patched in the next version of OS X Yosemite. The vulnerability allowed an attacker to swap a Mac’s boot firmware with software of their own via the Thunderbolt port. The new update, released to developers last week, fixes this issue.
The flaw was deemed to be quite significant, with potential for an attacker to pretty much take whatever they wanted from a target machine. However, there have been no examples of this exploit being implemented in the wild – most probably due to the fact it would require an attacker to have physical access to the machine.
The exploit is notable as one of the first of its kind to effect Macs, with many speculating whether the Mac platform and OS X would now be subject to more vulnerabilities like this thanks to their increased popularity.
The update, which includes the fix, should be rolled out to end users in the coming weeks, although that may be sooner considering the urgency required to fix this flaw.
Source: iMore
