Authored by a Symantec employee
Two researchers have designed a worm that can spread itself via the firmware of Apple OS X computers and peripherals, without the aid of connecting to the Internet. Firmware is software that resides on a chip in your device, and provides instructions to the hardware on how to power up properly and then load the operating system.
The researchers found five vulnerabilities, originally discovered in the firmware of PCs that can cross over to Mac OS X. This is also the first instance where a vulnerability on a Mac can be spread without an Internet connection. Instead, it is transferred via the firmware of a device. For example, if you were to plug in a lightning USB Ethernet adapter into an infected Mac, that adapter will then become infected, as it has firmware in it. Once unplugged, the malware will stay on the device and spread itself once plugged into a clean computer. Most traditional antivirus and Internet security products do not scan these chips, as they are low level functions and are related to the operation of the hardware that they are attached to. Right now, there is no way of removing this malware once it has infected a device.
Fortunately, this is what is called a “proof-of-concept,” which means even though it has been discovered by researchers, it has not been exploited by cybercriminals. Yet.
So far, Apple has been able to patch one vulnerability and has partially patched another, however, there are still three to go. When you get that notification from Apple that there are updates available, do NOT click on “Remind Me Tomorrow,” and do it right away.
Whether a vulnerability has been exploited or newly discovered, it is important to always play it safe. While no cyber security software can protect you from every single thing on the threat landscape, a little knowledge and caution can go a long way. Remember to always be careful when receiving emails, chats, text messages and private messages from unknown senders and never download attachments or click on unfamiliar links.
More information about this type of exploit will come to light after it has been presented at this week’s Black Hat USA Conference, so stay tuned for updates.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.