If you’re an owner of a Mac computer from the early 2014 product cycle or earlier, your machine has a built-in vulnerability that could leave it open to permanent exploitation.
OS X guru Pedro Vilaca discovered that, thanks to an overlooked security hole relating to the sleep/wake feature, the system’s firmware can be modified in a way that not even a full wipe and restore will fully remove. Essentially, if a vulnerable computer were to be attacked at this core level, there would be almost nothing a user could do to fix it, aside from replacing the guts of the machine or just buying a new one.
Vilaca has made this information public in the hopes that Apple can slap a patch on the hole and make its firmware for slightly older machines a bit more secure. Apple has not yet commented on the issue, and rarely does in such cases until the oversight in question is resolved.
However, there is a bit of good news in all of this. As Vilaca notes, most users really have nothing to worry about, as it’s not a bug that is fit for mass exploitation; it would only be useful when targeting single specific users. Unless you’re a government official or celebrity, there’s probably not a bounty on your MacBook’s firmware.
That being said, if you’re particularly worried about this exploit, you can help mitigate your computer’s vulnerability by turning off the sleep feature and simply shutting your Mac down completely whenever you’re done using it.