UEFI attack and the Mac: What you need to know

UEFI - Unified Extensible Firmware Interface — is what the Mac uses to boot from firmware and into the OS X operating system. If you're familiar with BIOS, then this replaced that. At the Chaos Communication Congress (CCC) in 2014, a presentation showed how a vulnerability in the boot script table could be used to rewrite the firmware when a Mac wakes after being in sleep mode. As usual, it's something to be informed about, but for the vast majority of people, nothing to panic about. According to Reverse Engineering Mac OS:

As a general user you shouldn't, in theory, be much worried with this bug more than you were with Thunderstrike. This is a bug more interesting to attack targeted users than mass exploitation, although a drive-by exploit is definitely feasible.

For anyone to exploit the vulnerability, they need already to have root access to your Mac, and the ability to issue commands as root. And if that's the case, the remote access itself would be your most pressing concern. In other words, it needs the back window to be unlocked before it can get in and chain itself to the furnace.

Macs manufactured after mid-2014 appear not to be affected. Given the nature of the exploit and the attention it's getting, I expect Apple will be issuing a patch for affected systems as soon as possible.

If you think you may be targeted, you can mitigate the risk by running as a standard user rather than as an admin. If you have to run as admin, disable sleep and shut down your Mac when you're done with it instead. You can do that in System Preferences > Energy Savings.

Also, remember to practice safe surfing. Most attacks begin with phishing — bogus messages that try to con you into clicking on malware links — or social engineering — attempts to trick you into handing over your password.

For expert users, the following test procedure is also detailed:

Downloading DarwinDumper and load the DirectHW.kext kernel extension. Then you can use flashrom with "flashrom -r biosdump -V -p internal" to dump the bios and show the register contents. Else you can compile yourself DirectHW.kext and also flashrom. DarwinDumper just works out of the box and its kext appears to be legit (it's on Apple exclusion list so at least Apple trusts it ;-)).

Apple continues to work on new ways to improve security. Recent examples include the Mac App Store, Gatekeeper, and Sandboxing. Hopefully, we'll see and hear even more about the company's plans for OS X security at WWDC 2015, which kicks off June 8.

Nick Arnott contributed to this article.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

Latest in Security
iPhone 15 Plus review
Recent Apple iPhone spyware alerts could have been triggered by China-linked attacks, researchers say
Google One VPN on iPhone
Google is about to give iPhone owners a privacy and security headache as it prepares to shut down another key service
iCloud Keychain on iPad
I can finally use iCloud Keychain and ditch 1Password thanks to this key new feature
At home with 15-inch MacBook Air, on a mosaic balcony table and on a wooden floor.
Old-school Mac malware is hiding in plain sight in this productivity app
M2 Macbook Pro 13 Inch Hero
Researcher claims a key Mac security feature can be bypassed and Apple won't fix it
macOS Ventura Passkeys
The apple.com website adds passkey support, but there's a catch
Latest in News
iMore Logo
One more thing… Goodbye from iMore
Jony Ive
Jony Ive’s OpenAI hardware device could be his next world-changing design
NEBULA Cosmos 4K SE with Apple TV
This new 4K projector is tempting me to replace my LG C2 TV, just so I can watch Slow Horses on a 200-inch display
VisionOS 2 app reorganization
visionOS 2 is the first major software update for Apple Vision Pro, and now it's available
macOS Sequoia
macOS Sequoia (version 15) is now available for your Mac with some big upgrades
watchOS 11
watchOS 11 is now rolling out to all Apple Watch users with the Series 6 or newer