ahlam1399
01-26-2015, 07:51 PM
Apple is readying a fix in OS X 10.10.2 for the so-called "Thunderstrike" hardware exploit targeting Macs equipped with Thunderbolt ports, iMore (http://www.imore.com/thunderstrike-attack-also-fixed-os-x-10102) has learned. According to the report, Apple *****ed the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked.To secure against Thunderstrike, Apple had to change the code to **t only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed.Thunderstrike is a serious vulnerability discovered earlier this year by security researcher Trammell Hudson, enabling an attacker to replace a Mac's bootrom with malicious code without a user k**wing. Since the malicious code is stored in a low level inaccessible to the user, the problem would remain even if the bootrom was replaced.
http://cdn.macrumors.com/article-new/2015/01/macbook_air_pro_yosemite-800x260.jpg
The proof-of-concept attack (https://trmm.net/Thunderstrike_31c3) is limited in scope, however, as an attacker would require physical access to the Mac or savvy social engineering skills in order to trick a user into attacking his or her Mac themselves. Apple has already addressed the issue in its latest hardware, including the iMac with Retina 5K Display and new Mac mini.
OS X 10.10.2 has been in pre-release testing for over two months and should be made available to the public in the coming days. The most recent OS X 10.10.2 beta (https://hameed.nwar.uk/vb/OS X 10.10.2 beta six was seeded to developers for testing last Wednesday.) was seeded to developers for testing last Wednesday. In addition to the Thunderstrike fix, the upcoming software update addresses security vulnerabilities exposed by Google's Project Zero security team (http://www.macrumors.com/2015/01/23/os-x-10-10-2-fix-project-zero-flaws/) last week.
According to 9to5Mac (http://9to5mac.com/2015/01/26/os-x-yosemite-10-10-2-to-add-icloud-drive-in-time-machine-wi-fi-security-voiceover-fixes/), the latest OS X Yosemite release will also add iCloud Drive in Time Machine and resolve issues related to Wi-Fi, VoiceOver and security. In particular, a recently identified glitch causing Spotlight on OS X to expose system information (http://www.macrumors.com/2015/01/09/os-x-spotlight-glitch-spammers/) to spammers through remote content loading will reportedly be *****ed. Safari will also gain improved performance and security.
** public instances of Thunderstrike attacks have yet to be reported.http://rss.feedsportal.com/c/35070/f/648326/s/42b85db8/sc/15/mf.gif
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/1/rc.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/1/rc.htm)
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/2/rc.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/2/rc.htm)
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/3/rc.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/3/rc.htm)
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/a2.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/a2.htm)http://pi.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/a2t.imghttp://feeds.feedburner.com/~ff/MacRumors-All?d=yIl2AUoC8zA (http://feeds.macrumors.com/~ff/MacRumors-All?a=9Ui8PCUhSdQ:Nynapm6a2v0:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=9Ui8PCUhSdQ:Nynapm6a2v0:6W8y8wAjSf4)
https://hameed.nwar.uk/vb//feeds.feedburner.com/~r/MacRumors-All/~4/9Ui8PCUhSdQ
أكثر... (http://www.macrumors.com/2015/01/26/os-x-10-10-2-thunderstrike-exploit-fix/)
http://cdn.macrumors.com/article-new/2015/01/macbook_air_pro_yosemite-800x260.jpg
The proof-of-concept attack (https://trmm.net/Thunderstrike_31c3) is limited in scope, however, as an attacker would require physical access to the Mac or savvy social engineering skills in order to trick a user into attacking his or her Mac themselves. Apple has already addressed the issue in its latest hardware, including the iMac with Retina 5K Display and new Mac mini.
OS X 10.10.2 has been in pre-release testing for over two months and should be made available to the public in the coming days. The most recent OS X 10.10.2 beta (https://hameed.nwar.uk/vb/OS X 10.10.2 beta six was seeded to developers for testing last Wednesday.) was seeded to developers for testing last Wednesday. In addition to the Thunderstrike fix, the upcoming software update addresses security vulnerabilities exposed by Google's Project Zero security team (http://www.macrumors.com/2015/01/23/os-x-10-10-2-fix-project-zero-flaws/) last week.
According to 9to5Mac (http://9to5mac.com/2015/01/26/os-x-yosemite-10-10-2-to-add-icloud-drive-in-time-machine-wi-fi-security-voiceover-fixes/), the latest OS X Yosemite release will also add iCloud Drive in Time Machine and resolve issues related to Wi-Fi, VoiceOver and security. In particular, a recently identified glitch causing Spotlight on OS X to expose system information (http://www.macrumors.com/2015/01/09/os-x-spotlight-glitch-spammers/) to spammers through remote content loading will reportedly be *****ed. Safari will also gain improved performance and security.
** public instances of Thunderstrike attacks have yet to be reported.http://rss.feedsportal.com/c/35070/f/648326/s/42b85db8/sc/15/mf.gif
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/1/rc.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/1/rc.htm)
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/2/rc.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/2/rc.htm)
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/3/rc.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/rc/3/rc.htm)
http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/a2.img (http://da.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/a2.htm)http://pi.feedsportal.com/r/219132319896/u/49/f/648326/c/35070/s/42b85db8/sc/15/a2t.imghttp://feeds.feedburner.com/~ff/MacRumors-All?d=yIl2AUoC8zA (http://feeds.macrumors.com/~ff/MacRumors-All?a=9Ui8PCUhSdQ:Nynapm6a2v0:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=9Ui8PCUhSdQ:Nynapm6a2v0:6W8y8wAjSf4)
https://hameed.nwar.uk/vb//feeds.feedburner.com/~r/MacRumors-All/~4/9Ui8PCUhSdQ
أكثر... (http://www.macrumors.com/2015/01/26/os-x-10-10-2-thunderstrike-exploit-fix/)