Emerging Threats

Researchers create Thunderstrike 2-the firmware worm that attacks Macs

Authored by a Symantec employee


Two researchers have designed a worm that can spread itself via the firmware of Apple OS X computers and peripherals, without the aid of connecting to the Internet. Firmware is software that resides on a chip in your device, and provides instructions to the hardware on how to power up properly and then load the operating system.

Safety for every device.

Security is no longer a one-machine affair. You need a security suite that helps protect all your devices – your Windows PC, Mac, Android smartphone or your iPad.

The researchers found five vulnerabilities, originally discovered in the firmware of PCs that can cross over to Mac OS X. This is also the first instance where a vulnerability on a Mac can be spread without an Internet connection. Instead, it is transferred via the firmware of a device. For example, if you were to plug in a lightning USB Ethernet adapter into an infected Mac, that adapter will then become infected, as it has firmware in it. Once unplugged, the malware will stay on the device and spread itself once plugged into a clean computer. Most traditional antivirus and Internet security products do not scan these chips, as they are low level functions and are related to the operation of the hardware that they are attached to. Right now, there is no way of removing this malware once it has infected a device.

Fortunately, this is what is called a “proof-of-concept,” which means even though it has been discovered by researchers, it has not been exploited by cybercriminals. Yet.

So far, Apple has been able to patch one vulnerability and has partially patched another, however, there are still three to go. When you get that notification from Apple that there are updates available, do NOT click on “Remind Me Tomorrow,” and do it right away.

Whether a vulnerability has been exploited or newly discovered, it is important to always play it safe. While no cyber security software can protect you from every single thing on the threat landscape, a little knowledge and caution can go a long way. Remember to always be careful when receiving emails, chats, text messages and private messages from unknown senders and never download attachments or click on unfamiliar links.

More information about this type of exploit will come to light after it has been presented at this week’s Black Hat USA Conference, so stay tuned for updates.

Don’t wait until a threat strikes.

Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.

Enjoy peace of mind on every device you use with Norton Security Premium.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.