This security flaw was discovered by Pedro Vilaca (via PCWorld) in which he discovered that this seemed to affect Macs that are older than a year. According Vilaca, he found that when these Macs went to sleep and were reawoken, he was able to access the UEFI code on the computer which is typically sealed off from being accessed by users.
From there he claims that a rootkit could be installed. This is not the first time that the UEFI code on Macs were found to be vulnerable. Previously there were similar attacks, one of them called Thunderstrike which allowed the UEFI to be modified on Macs through the Thunderbolt interface, although Apple has since issued a patch to fix that.
Vilaca tested his theory out on older Mac products and found them to be vulnerable, but his attacks did not work on the newer computers. He suspects that Apple might have discovered the vulnerability already and patched it with the newer models, but has yet to get around to issuing a patch for older computers. Apple has yet to comment on the matter.