It seems that if you have a Mac that is older than a year, you could be potentially exposed to zero-day software vulnerability in which hackers could modify the firmware on your computer. This in turn allows a rootkit, a type of malware that is hard to detect and remove, to be installed on your Mac.
This security flaw was discovered by Pedro Vilaca (via PCWorld) in which he discovered that this seemed to affect Macs that are older than a year. According Vilaca, he found that when these Macs went to sleep and were reawoken, he was able to access the UEFI code on the computer which is typically sealed off from being accessed by users.
From there he claims that a rootkit could be installed. This is not the first time that the UEFI code on Macs were found to be vulnerable. Previously there were similar attacks, one of them called Thunderstrike which allowed the UEFI to be modified on Macs through the Thunderbolt interface, although Apple has since issued a patch to fix that.
Vilaca tested his theory out on older Mac products and found them to be vulnerable, but his attacks did not work on the newer computers. He suspects that Apple might have discovered the vulnerability already and patched it with the newer models, but has yet to get around to issuing a patch for older computers. Apple has yet to comment on the matter.
Filed in Mac (Apple) and Security.
. Read more about