OS X Yosemite in the coming days to its customers.
The upcoming beta update OS X Yosemite 10.10.2 contains a patch for the Thunderstrike vulnerability that allows malware to be injected into Macs via the Thunderbolt port.
Earlier this month, Reverse engineer Trammell Hudson revealed technical details and proof-of-concept of Thunderstrike attack.
Thunderstrike, an undetectable bootkit, works by injecting an Option ROM into a Mac’s EFI. It is possible because hardware attached to a system through Thunderbolt port are not as secure as a Mac itself.
Once installed using Thunderstrike attack, the malware would be almost impossible to detect and remove.
Because the firmware used on Macs doesn’t always apply to the security of attached hardware. So "Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again.” developers told imore.
“According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed.”
OS X Yosemite 10.10.2 beta also addresses the three zero-day vulnerabilities previously disclosed by Google’s Project Zero.
Don’t worry, patches are already on the way. OS X Yosemite 10.10.2 update has already gone out to developers and soon will be rolled out to OS X users.