A zero-day vulnerability in the software found in previous-generation Apple Macs allows hackers to take advantage of Sleep Mode to release malware into the computers, as revealed by a security researcher.
Mac security student Pedro Vilaca wrote in his blog that the vulnerability that he discovered is connected to previous issues found in Macs, but this one has the potential to users in more danger. The vulnerability is present in Apple computers released before the middle of last year.
Vilaca's research revealed that tampering the UEFI, or unified extensible firmware interface, of Macs were possible. Apple designed the UEFI as firmware that could improve the BIOS code, which connects the hardware of the computer to its operating system upon starting up.
The UEFI code is usually inaccessible by users, but Vilaca discovered that the code is unlocked after a Mac enters Sleep Mode and then reawakens, which would allow to code to be modified.
Vilaca then wrote that hackers would be able to install malware called a rootkit into the target Mac, with the rootkit being very hard to delete and is almost undetectable by anti-malware software.
According to Vilaca, the only current way to prevent Macs from being compromised is to never let them enter Sleep Mode, instead shutting down the computers if they will not be in use for a lengthy period of time.
Earlier this year, Apple released fixes for similar attacks that were called as Thunderstrike, as these attacks modified the UEFI of computers by accessing the Thunderbolt interface of the Mac.
While Thunderstrike needed the attacker to be able to physically gain access to that target Mac, Vilaca thinks that it could be possible to exploit the Sleep Mode vulnerability that he discovered remotely, which would remove one of the most significant limitations of Thunderstrike.
Vilaca tested the issue across several Apple computers that were running the latest versions of firmware available. He found that newer Macs did not have such a vulnerability, leading to the theory that Apple may have caught the problem and fixed it for newer computers, but has not addresses the issue in the older ones.
Vilaca, however, disclosed the vulnerability publicly without first telling Apple, which may have drawn the disdain of the company. Most companies would want independent security researchers to inform them of issues before disclosing them so that the company could first work and release a fix to minimize the threat. Now, however, with Vilaca revealing the bug to the world and Apple just beginning to create a patch for the issue, older Apple computers have become huge targets for hackers.