January 12, 2015
A security researcher has discovered a way to infect Macs with malware virtually undetectable and that ‘can’t be removed.’
The attack, which has been called Thunderstrike, installs the malicious code into the Boot ROM of the system via the Thunderbolt port.
Trammell Hudson, who works for hedge fund Two Sigma Investments and is also the creator of the Magic Lantern open-source programming environment for Canon DSLRs, discovered the vulnerability after his employer asked him to look into the security of Apple notebooks.
“A few years ago we were considering deploying MacBooks and I was asked to use my reverse engineering experience to look into the reports of rootkits on the Mac to see if it was possible to patch the firmware to be secure against them,” wrote Hudson in a summary of the vulnerability.