Thunderstrike media

The popular media sometimes does an ok job with technical stories, although security ones are frequently difficult to get right. In the case of Thunderstrike, the security vulnerability in Apple's EFI firmware, some of them have summarized it well. I've marked those with a ★. Others have gone for a more click-bait title, as seen above. The commenters on most of these articles are less well informed: don't read the comments if you can avoid it. After reading some of these, you might be wondering if you should be worried about Thunderstrike -- please check out the FAQ.

In the media

Week of 2015-06-01

A new attack on MacBooks' EFI boot ROMs was revealed, leading to a series of new stories about Thunderstrike and firmware security on Apple's MacBooks. Thunderstrike 2 has more details on how it can be used.

• Firmware Bug in OSX Could Allow Installation of Low-Level Rootkits (Dennis Fisher, Threat Post)
• Apple Macs vulnerable to EFI zero-day (Juha Saarinen, IT News AU)
• Rootkit sluipt Mac OS X in via slaapstand (Henk-Jan Buist, Computerworld.nl)
• Mac-datorer får säkerhetshål efter vila (Mats Lewan, NyTeknik)
• Mac: EFI-Lücke erlaubt offenbar Firmware-Modifikation (heise.de)
• Macs Vulnerable To Userland Injected EFI Rootkits (slashdot)
• reddit /r/netsec
• EFI Zero-Day Exposes Macs to Rootkit Attacks (Eduard Kovacs, Security Week) ★
• Mac zero-day makes rootkit infection very easy (Pierluigi Paganini, Security Affairs)
• New exploit leaves most Macs vulnerable to permanent backdooring (Dan Goodin, arstechnica)

Week of 2015-01-24

• Apple readies fix for Thunderstrike bootkit exploit in next OS X release (Dan Goodin, Ars Technica)
• 'Thunderstrike' attack also fixed in OS X 10.10.2 (Rene Ritchie, iMore)
• Apple preparing to release Thunderstrike patch (Adrian Kingsley-Hughes, zdnet)
• Apple werkt aan een patch voor Thunderstrike (Noémie Six, zdnet.be)
• Thunderstrike Patch Slated for New OS X Build (Chris Brook, Threat Post) ★
• OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs (Joe Rossignol, Mac Rumors)
• Next Apple OS X Update to Patch Thunderstrike Flaw (Jill Scharr, Tom's Guide)
• Apple to Patch Thunderstrike, Vulnerabilities Disclosed by Google (Eduard Kovacs, Security Week)
• OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability (Katie Marsal, Apple Insider)
• Apple patch shields Macs from Thunderstrike - But attack vector may stay open for next evil maid (Darren Pauli, The Register)
• Apple preparing fix for Thunderstrike malware in upcoming OS X 10.10.2 release (Jordan Golson, Tech Republic) ★
• Apple OS X 10.10.2 Includes Mac Thunderstrike Exploit Fix (Julian Horsey, Geeky Gadgets)
• Apple fixed Thunderstrike and other vulnerabilities in latest OS X beta (Neil Sardesai, Hacked.com)
• Apple fixes Thunderstrike and 3 Project Zero bugs in OS X 10.10.2 Yosemite (Mark Stockley, Sophos Naked Security) ★
• Apple OS X Yosemite 10.10.2 Update to Patch years-old Thunderstrike vulnerability (Wang Wei, The Hacker News)
• ISC StormCast for Tuesday, January 27^th 2015 (Johannes Ullrich, ISC SANS podcast)
• OS X får skydd mot Thunderstrike (Jakob Nilsson, 99mac.se)
• OS X Yosemite update tackles 'surprise' Mac security flaws (Jon Fingas, engadget)
• OS X 10.10.2 Update Released – Fixing Thunderstrike and other Security Vulnerabilities (Graham Cluley, Intego) ★
• OS X 10.10.2: Apple patcht "Thunderstrike"-Angriff und Googles Zeroday-Lücken (heise.de)
• Apple OS X 10.10.2 Bashes Bugs (Sean Michael Kerner, eweek)

Week of 2015-01-17

• Betting BIOS Bugs Won’t Bite Y’er Butt? (Xeno Kovah andCorey Kallenberg, LegbaCore) Presented at ShmooCon 2015 ★
• How serious is Thunderstrike? (Thomas Reed, The Safe Mac)

2015-01-15

• What You Should Know About the Thunderstrike Mac Bootkit (Brian Donohue, Kaspersky)
• The philosophical implications of Mac malware (Bryan Lunduke, Network World)

2015-01-13

• Your Risk Isn’t My Risk (Apple Thunderbolt Edition) (Rich Mogul, Securosis) ★
• Why you shouldn't panic about Thunderstrike Mac virus (Jane McCallion, PC Pro (UK))
• IT Security Stories to Watch (Dan Kobialka, MSP Mentor)
• Macs are wide open to a virus you can't see and can't remove (Kim Komando)
• Mac Owners Alert: Thunderbolt Port May Infect Your Computer (Reid Schram, Epoch Times)
• Thunderstrike – Horror für alle Mac-Benutzer (20min.ch)
• Thunderstrike! How a radar-proof rootkit could infect your Mac (Graham Cluley, We Live Security) ★

2015-01-12

• Macs vulnerable to virtually undetectable virus that "can't be removed" (Adrian Kingsley-Hughes, zdnet)
• This new Mac virus goes untraced and can't be removed (Alex La Feria, The Daily Dot)

2015-01-09

• Thunderstrike - new Mac "ueberrootkit" could own your Apple forever‏ (Paul Ducklin, sophos naked security) ★
• Reverse engineer creates Thunderstrike bootkit able to exploit vulnerability in OS X boot ROM (Bob Yirka, phys.org)
• Thunderstrike opens backdoor to Apple Macs (Tim Ring, SC Magazine UK) ★
• New proof-of-concept ‘Thunderstrike’ bootkit for OS X can permanently backdoor Macs (Mac Daily News)
• Apple laptops vulnerable to virus that 'can’t be removed' (Matthew Sparkes, The Telegraph) ★
• Thunderstrike Proof-of-Concept Attack Serious, but Limited (Rich Mogull, tidbits) ★
• إصابة حواسيب ابل بفيروس خطير لا يمكن إزالته (argaam.com)
• Basta un cavo Thunderbolt per violare un Mac (Antonino Gruner, DataManager.it)

2015-01-08

• New Apple malware is undetectable, unstoppable, and can infect any Thunderbolt-equipped device (Joel Hruska, Extreme Tech)
• Bootkit OS X maakt Mac tot permanente slaaf (Thijs Doorenbosch, Automatiseringgids.nl)
• Thunderstrike kan ta över en Mac (Jakob Nilsson, 99mac.se)
• Thunderstrike shocks OS X with firmware bootkit: Permanent backdoor affects all Macs packing Thunderbolt ports (Darren Pauli, The Register)
• First Public Mac OS X Firmware Bootkit Unleashed (Michael Mimoso, Threat Post) ★
• The Experimental Malware That Can Take Down Any Mac Made After 2011 (Matthew Braga, Motherboard / Vice.com) ★
• Thunderstrike bootkit further erodes Apple's reputation for rock-solid security (Fred Donovan, Fierce IT Security)
• Thunderstrike : un bootkit redoutable pour les Mac (Geek Paradize)
• Thunderstrike Bootkit: Perfekt für Industriespionage an MacBooks (Tom, weblogit.net)
• Thunderstrike, el primer bootkit conocido para OS X (Carlos Burges, faq-mac.com)
• Uważaj co podłączasz do swojego MacBooka, możesz trafić na bootkit (Anna Rymsza, dobreprogramy.pl)
• First OSX Bootkit Revealed (slashdot.org)
• Ondsindet Thunderbolt-udstyr kan åbne permanent bagdør på Mac (Jesper Stein Sandal, version2.dk)

2015-01-07

• World’s first (known) bootkit for OS X can permanently backdoor Macs - Thunderstrike allows anyone with even brief access to install stealthy malware (Dan Goodin, Ars Technica) ★
• Thunderstrike : le premier bootkit connu qui vise spécifiquement les Mac (Par Didier, mac4ever.com)
• Thunderstrike Rootkit - Macs under threat (Anthony Caruana, CSO Online)

2015-01-06

• Security Now 489 (Steve Gibson and Leo Laporte)
• Skummel sårbarhet i Thunderbolt – Kan utnyttes til å overskrive fastvaren til Macbook (Harald Brombach, digi.no)
• Macs are hackable via Thunderbolt port, says researcher (Joel Locsin, GMA News)
• CSI MacMark: Thunderstrike Bootkit (Markus Möller, MacMark.de) ★
• Bits und so #406 (Thunderstrike) (Timo Hertzel and Ben Schwan, podcast)

2015-01-05

• 5 Things You Need to Know About Mac Security Vulnerability Thunderstrike (Kraig Becker, Apple Gazette) ★
• Thunderstrike — Infecting Apple MacBooks with EFI Bootkit via Thunderbolt Ports (Swati Khandelwal, TheHackerNews)
• Thunderstrike hack – Infecting Apple Mac with EFI Bootkit (Pierluigi Paganini, Security Affairs)

2015-01-03

• Thunderstrike: la nueva vulnerabilidad en el puerto Thunderbolt de las Mac (technomagazine.net)
• Thunderstrike: EFI bootkits for Apple MacBooks via Thunderbolt & Option ROMs (Sean Metcalf, adsecurity)

2015-01-02

• Thunderstrike: The scary vulnerability in your Mac's Thunderbolt port (Christina Warren, Mashable) ★

2014-12-30

• Security researcher rewrites Mac firmware over Thunderbolt, says most Intel Thunderbolt Macs vulnerable (Ben Lovejoy, 9to5mac)
• 31C3: Thunderstrike greift MacBooks über Thunderbolt an (heise.de)
• 31c3: Malware "Thunderstrike" nistet tief in MacBooks (derstandard.at)
• Perfide Attacke auf MacBooks (JOHANNES WENDT, Zeit.de)

2014-12-28

• Thunderstrike: Schwachstelle in Thunderbolt wird auf dem 31C3 gezeigt (de.engadget.com)
• Thunderstrike: MacBooks können mit manipulierter Firmware angegriffen werden (apfelnews.de)
• Zero Day Weekly: Chase 2-auth shame, Apple forced update, German APT nightmare (Violet Blue, zdnet)
• NEW APPLE MACS VULNERABLE TO THUNDERSTRIKE BOOTKIT VIA THUNDERBOLT (NEIL SARDESAI, hacked.com)

2014-12-25

• Mac можно взломать через порт Thunderbolt (Илья Кабачинский, applemix.ru)

2014-12-24

• MacBooks Vulnerable To Being Taken Over Via Thunderbolt (itnerd)
• New Mac Malware Spreads Via Thunderbolt Ports (Jill Schar, Tom's Guide)
• Взлом «макбуков» через Thunderbolt (Denis Mirkov, xakep.ru)
• Apple phát hành bản vá khẩn cho Mac (tuoitre.vn)
• Vulnerabilidad en la ROM de Thunderbolt (Carlos Burges, faq-mac.com)
• Hack flings bootkits from Macs' Thunderbolts (Darren Pauli, The Register)

2014-12-23

• Sorry Apple fans, your precious Macs are at risk -- beware of Thunderbolt-injected rootkits (Brian Fagioli, betanews)
• Researcher: Mac computers vulnerable to bootkit attack via Thunderbolt port (Paul Mah, FierceCIO)
• Apple Security Researcher Announces Thunderbolt Threat (Brian White, Pioneer News)
• Thunderstrike Mac Attack Achieves Persistence (Tara Seals, InfoSecurity Magazine)
• Thunderbolt devices can infect MacBooks with persistent rootkits (Lucian Constantin, MacWorld/PC World/Network World)
• Apple's year-end is about security (Mihaita Bamburic, betanews)
• Researcher to Demonstrate Attack on Apple EFI Firmware (Eduard Kovacs, Security Week)
• Flaw in MacBook EFI allows boot ROM malware (Larry Seltzer, zdnet)
• Mac EFI 被曝重大安全漏洞，通过Thunderbolt设备传播

2014-12-22

• Apple's Mac EFI found vulnerable to bootkit attack via rogue Thunderbolt devices (Sam Oliver, AppleInsider)
• Flaw in Thunderbolt ROM may allow overtaking of a Mac’s hardware (Topher Kessler, MacIssues)
• Thunderbolt vulnerability leaves Macs at risk, researcher finds (Mike Wehner, Tuaw)

2014-12-21

• Thunderbolt EFI Exploit (Mac Performance Guide)
• Poważna dziura w komputerach Apple (vi.curry, niebezpiecznik.pl)
• Masz Maka z portem Thunderbolt? Zatem jesteś narażony na atak (Dawid Kosinski, Spidersweb.pl)
• MacBookのEFIにThunderbolt経由でブートキットが感染し検知や削除不能＆ウイルス拡散もされてしまう脆弱性が発見される (Gigazine)
• Angriff auf Apples EFI ROM wird beim Hackerkongress 31C3 gezeigt (WinFuture.de)
• Firmware-Hack über Thunderbolt manipuliert MacBooks (Martin Schindler, Silicon.de)
• Une vulnérabilité dans l'EFI des Mac sera détaillée après Noël (Florian Innocente, macg.co)
• Thunderbolt har vært kritisk sårbar i flere år (Av Trond Bie, itavisen.no)
• Onderzoeker demonstreert firmware-aanval op Macbook (security.nl)
• Mac EFI漏洞可被Thunderbolt设备注入病毒 (yesky.com)
• Mac EFI 被曝重大安全漏洞 通过Thunderbolt设备传播恶意程序 (cnbeta.com)
• Thunderbolt vulnerabile ad un bootkit: pericolo codice malevolo (Mauro Notarianni, macitynet.it)
• La EFI del Mac, vulnerable a ataques Thunderbolt (Martes, macsoluciones.com)

Social media

Not reading the comments applies double for social media sites. According to an Anonymous Coward on slashdot, I'm "not even a tech person".

• osnews

• HackerNews 2

• HackerNews 1
• /r/netsec, /r/apple, /r/technology, /r/netsec, /r/netsec, /r/sysadmin
• slashdot

---

Last update: November 8, 2020