- Pornhub has a bundle now, Disney+ style Thursday 11:27 PM
- Jacob Wohl’s dad is selling horny calendars of himself for the soldiers Thursday 11:10 PM
- Amanda Palmer dragged for ‘demanding’ coverage of her music Thursday 8:33 PM
- How to get free TikTok followers without downloading a virus Thursday 7:57 PM
- Trump Jr.s ‘Triggered’ topped best-seller’s list with help of RNC Thursday 7:41 PM
- FBI raided millionaire YouTuber’s home, allegedly took everything Thursday 6:55 PM
- A fake Labour party website is spreading disinformation in Britain Thursday 6:16 PM
- Twitter bans cricket club for posting ISIS content in apparent hack Thursday 6:12 PM
- This dad remade his daughter’s NSFW photo—and people are loving it Thursday 5:51 PM
- Teen allegedly posted ‘slave for sale’ Craigslist ad featuring his Black classmate Thursday 5:28 PM
- People are crushed that this teen love story might be a TikTok ‘joke’ Thursday 4:50 PM
- Is Jacob Wohl evading his Twitter ban with Jack Burkman’s account? Thursday 2:06 PM
- Biden’s most perplexing debate answers, explained Thursday 2:03 PM
- How to stream Colts vs. Texans on Thursday Night Football Thursday 12:52 PM
- Netflix drops ‘A Christmas Prince: The Royal Baby’ trailer Thursday 12:43 PM
Dangerous new flaw proves that Macs aren’t as safe as you think
Buying a Mac doesn’t mean you’re invulnerable.
Two researchers have developed a malware exploit that not only infects a MacBook with a particularly resilient worm but also spreads the infection to other MacBooks without requiring that they share a network.
Xeno Kovah, who owns the security firm LegbaCore, and Trammell Hudson of Two Sigma Investments used a known vulnerability in Apple’s Mac firmware to make a worm that could spread to new computers without alerting their users.
Taking inspiration from the original vulnerability’s name “Thunderstrike,” they called their creation “Thunderstrike 2.”
A computer’s firmware is like a house’s foundation. Everything is built on top of it, which makes an infection of it extremely difficult to detect or eliminate. Thunderstrike 2 is particularly dangerous, not just because of its ability to compromise a Mac’s firmware—though that is certainly its key trait—but also because of how discreetly it operates.
You would likely never know that your computer was infected with a worm like Thunderstrike 2. All you’d need to do is trust a sketchy email attachment or strange link and you’d be opening the door to a worm that is very difficult to detect and scrub.
Once Thunderstrike 2 takes root on a system, it spreads itself to any compatible plugged-in accessories, including Apple’s own Thunderbolt Ethernet adapter, which allows people to plug Internet cables into their laptops. If you were to share an infected accessory with another Mac, Thunderstrike 2 would sneak onto that machine and continue its infectious process.
An infected computer can relay its owner’s personal information to a nefarious third party. It can also be sucked into a botnet, a collection of computers used by a malicious actor to spread malware or spam.
Kovah and Hudson will show off more of their Thunderstrike 2 development at the Black Hat conference in Las Vegas on Aug. 6.
Mike Wehner is a former tech editor for the Daily Dot who now writes for BGR. His work has appeared everywhere from Yahoo to CNN, and there’s a good chance his Apple Watch is dead right now.