Thunderstrike firmworm mac

Apple’s computers are generally known to be safer when it comes to viruses and harmful worms than their Windows counterparts. That however doesn’t mean they are not vulnerable. A team of researchers have created a proof-of-concept firmware worm dubbed as ThunderStrike 2 Firmworm, which affects Mac computers. What makes this worm particularly dangerous is that it is undetectable by antiviruses and can permanently affect your computer. It can even be inflicted on a Mac through an email or through a malicious webpage. This is different from previous ThunderStrike viruses that affected the device through Thunderbolt accessories.

Firmware, which is a software that boots the computer isn’t encrypted and it does not even authenticate any changes from the computer’s manufacturer making it vulnerable. What makes this worm undetectable by antiviruses is that it lives inside the firmware and most antivirus software don’t scan the firmware of the computer. This worm is capable of spreading from one Mac to another even when they are not networked with each other.

You cannot remove this worm from your Mac even if you install a fresh copy of OS X or change its hard drive. The only way to remove this kind of firmware worm, if it is detected in the first place would be to re-flash or re-program the chip that it is installed on. This means most users cannot get rid of this virus and as a result will have to get rid of their machine instead.

The good news is that the researchers have reported the exploit they have found to Apple and the company has already patched one of the exploits. It has also partially patched the other exploit reported by the researchers. [Wired]

Tags: , , , , , , ,

  • Lance Garvey

    This is like the herpes of computer viruses. (see what I did there?)

  • 5723alex .

    When was the last time anyone got a firmware update for his PC (windows, mac chrombook, linux…), his router, his a/v receiver,… ?
    All BIOSs are made by the same Phoenix, Award… companies, for ages. All have the same vulnerabilities.