The only cure for new Apple malware is to trash your Mac

[Bill in NC]

So the vast majority of Mac owners who use nothing more than USB for peripherals will never have to worry about this exploit?

[jdc]

Bill in NC wrote:
So the vast majority of Mac owners who use nothing more than USB for peripherals will never have to worry about this exploit?

Yup.

[rjmacs]

Glad my macs don't have Thunderbolt! miley-music039:

[GGD]

modelamac wrote:
"...Trash your Mac", per your subject line, and "throw away your hard drive", per text are two completely different things. Why do you exaggerate like that?

Those aren't space-time's words, that's the title directly from the article, as well as the quoted text that says to throw away the your hard drive.

[fauch]

There was a similar exploit I remember reading about some time ago for USB. Some sketchy companies could potentially inject malware into their USB devices from the factory, or reflash ones with that capability...

[silvarios]

fauch wrote:
There was a similar exploit I remember reading about some time ago for USB. Some sketchy companies could potentially inject malware into their USB devices from the factory, or reflash ones with that capability...

Once upon a time even Apple shipped iPods with malware on them. It can happen because the supply chains are a lot more complex than we think.

[silvarios]

Bill in NC wrote:
So the vast majority of Mac owners who use nothing more than USB for peripherals will never have to worry about this exploit?

It infects the EFI, can be remotely spread, and by the description, used Thunderbolt to replicate, not infect.

"Attackers might choose to infect a target via a phishing email and malicious site. The malware could “spread automatically from MacBook to MacBook, without the need for them to be networked.” Attackers could remotely target computers, even air-gapped ones, with Thunderstrike 2 as it is designed to spread by infecting the option ROM on peripheral devices. The proof-of-concept malware would “be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those,” explained Wired. “The worm would then spread to any other computer to which the adapter gets connected.”

These flaws don't require physical access; however, since the attack can propagate over Thunderbolt, air gapped systems are not safe. Plenty of people share adapters and other accessories.

[silvarios]

rjmacs wrote:
Glad my macs don't have Thunderbolt! miley-music039:

The attacks don't require Thunderbolt, just an EFI, or I'm totally misreading the two articles provided.

[silvarios]

Mr645 wrote:
But you need physical access to the Mac to install the firmware hack. It cannot infect via the web, e-mail or anything like that. Not a big threat in my book

Incorrect according to the security researchers.

"Attackers might choose to infect a target via a phishing email and malicious site. The malware could “spread automatically from MacBook to MacBook, without the need for them to be networked.” Attackers could remotely target computers, even air-gapped ones, with Thunderstrike 2 as it is designed to spread by infecting the option ROM on peripheral devices. The proof-of-concept malware would “be on the lookout for any peripherals connected to the computer that contain option ROM, such as an Apple Thunderbolt Ethernet adapter, and infect the firmware on those,” explained Wired. “The worm would then spread to any other computer to which the adapter gets connected.”"

[silvarios]

jdc wrote:
[quote=Bill in NC]
So the vast majority of Mac owners who use nothing more than USB for peripherals will never have to worry about this exploit?

Yup.
No. It's an EFI hack that can be remotely executed, as the articles describe things anyway, clearly I'm not a member of the research team.