Macs older than one year are vulnerable to an exploit that can overwrite a machine’s firmware, letting attackers control devices even after they are formatted or restored. The vulnerability, discovered by OS X Security researcher Pedro Vilaca, target a machine’s BIOS after it wakes from sleep. Normally, protection known as FLOCKDN, would prevent any apps write access to the BIOS region, but for some reason, the FLOCKDN protection is inactive after a Mac wakes from sleep. That leaves the operating system open to apps to reflash the BIOS and modify the extensive firmware interface (EFI).”The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access,” Vilaca said in his blog post. “The only requirement is that a suspended happened in the current session. I haven’t researched but you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage ;-).”Share Article:Facebook,   Twitter,   LinkedIn,   Google Plus,   Email,   Reddit,   Digg,   Delicious,   StumbleUponFollow iClarified:Facebook,   Twitter,   LinkedIn,   Google Plus,   Newsletter,   App Store,   YouTubeAdvertise Here

Source: iClarified Read More: New Exploit Lets Attackers Control Macs Even After They Are Formatted