A security researcher has found what he says is a deep flaw that potentially affects all Macintosh Intel models made until mid-2014, when the error he discovered appears to have been fixed. The exploit would allow, in a very particular set of combined conditions, to rewrite the boot-up firmware in a Mac to include persistent, malicious software.

lock_keyboard_mac_thinkstockphotos-152030999-100589057-large

Pedro Vilaca revealed the information without what is considered responsible disclosure in the security industry, in which an affected company or project is notified sufficiently far ahead of the release of information to allow them the potential to fix the problem. Apple isn’t always terrific about this, but looking at the list of credited, fixed security issues in its regular updates indicates it does accept and act on reports.

To read this article in full or to leave a comment, please click here

from Macworld http://ift.tt/1H4g1LZ