Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Thunderstrike shocks OS X with firmware bootkit

Thunderstrike shocks OS X with firmware bootkit


The Register - (International) A researcher presented at the Chaos Communications Congress security conference an outlined attack dubbed Thunderstrike that can use legacy option ROMs to replace the RSA keys in Mac OS X machines' extensible firmware interface (EFI) and allow the installation of malicious firmware. The attack works against Macbooks released since the introduction of Thunderbolt in 2011 and requires brief physical access, though the researcher stated that it may be able to be exploited remotely.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:23:03