Major security flaw spotted on Macs released before 2014
A security bug has been spotted over the weekend that may leave older Apple computers vulnerable. To some, the Mac is impenetrable to viruses and other malicious software, but the rest of us know that's not true as it looks like another security hole has been overlooked by Cupertino.
Pedro Vilaca, a researcher specializing in OS X, says the zero-day vulnerability allows attackers to stealthily drop rootlkit malware on to Macs. This can be very hard to remove and near impossible to detect, according to reports. Apple computers have a unified extensible firmware interface (UEFI) that is normally blocked off from attacks, but Vilaca claims it’s open season once the target Mac has been put to sleep and reawakened.
Unlike similar vulnerabilities that have been spotted, this one can apparently be triggered remotely. It is a good idea to never allow you computer to sleep or to just shut it down when it’s not in use if this bug worries you. That is, at least until Apple deals with it. Vilaca was able to undermine the security of a MacBook Pro, an older MacBook and a MacBook Air (made previous to 2014) using the zero-day UEFI attack described above.
