The first ever publicly known OS X firmware bootkit emerged out of the 31st Chaos Computer Club conference in Hamburg, Germany last month. Security researcher developed the attack and named it Thunderstrike.
In fact, the vulnerability underlies the operating system altogether. Hudson contacted Apple and they reportedly resolved the issue in all affected devices except the MacBook. There is no room for doubt here: Thunderstrike, like all boot- and rootkits, is a nasty threat that can wrest control over everything you do on your computer. You can think of it as the Ebola of computer threats.Read more
In this presentation we demonstrate the installation of persistent firmware modifications into the EFI boot ROM of Apple's popular MacBooks. The bootkit can be easily installed by an evil-maid via the externally accessible Thunderbolt ports and can survive reinstallation of OSX as well as hard drive replacements.
Once installed, it can prevent software attempts to remove it and could spread virally across air-gaps by infecting additional Thunderbolt devices. It is possible to use a Thunderbolt Option ROM to circumvent the cryptographic signature checks in Apple's EFI firmware update routines.Read more