Mac malware can survive hard disk formatting

By on
Mac malware can survive hard disk formatting

Apple Mac owners have been warned of a vulnerability that allows attackers to overwrite firmware and attain root access.

Portuguese researcher and self-described "Mac malware hunter" Pedro Vilaca discovered that a bug in the energy conservation functionality left flash protections unlocked after waking from sleep mode.

"This means that an attacker can reflash the computer’s firmware to install Extensible Firmware Interface (EFI) rootkit malware," said an announcement from Symantec last week.

The targeting of firmware means the malware could be invincible to hard disk formatting.

"The vulnerability could be remotely exploited by an attacker if used in conjunction with another exploit that provided root access," Symantec stated.

"While such vulnerabilities are not widespread, they do emerge from time to time. Once an attacker has root access, the only condition required for successful exploit is that the computer enter sleep mode."

The security vendor found that the Mac Mini 5.1 and MacBook Pro 9.2 were vulnerable, with Vilaca also discovering that MacBook Pro Retina 10.1, MacBook Pro 8.2, MacBook Air 5.1 and Mac Pro 9.1 were affected.

Symantec's testing cleared MacBook Pro 11.3 and MacBook Air 6.2 from potential harm.

"Until a patch for the vulnerability is issued, users who are concerned about being targeted are advised to shut down their computers instead of using sleep mode," announced Symantec.

"Affected Mac users are advised to keep their software up to date since remote exploit of this vulnerability needs to be performed in conjunction with another vulnerability that will provide remote root access. Updating software will prevent attacks using known exploits."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?