[ISN] Apple vulnerability could allow firmware modifications, researcher says

http://www.networkworld.com/article/2929173/apple-vulnerability-could-allow-firmware-modifications-researcher-says.html By Jeremy Kirk IDG News Service June 1, 2015 A zero-day software vulnerability in the firmware of older Apple computers could be used to slip hard-to-remove malware onto a computer, according to a security researcher. Pedro Vilaca, who studies Mac security, wrote on his blog that the flaw he found builds on previous ones but this one could be far more dangerous. Apple officials could not be immediately reached for comment. Vilaca found it was possible to tamper with an Apple computer’s UEFI (unified extensible firmware interface). UEFI is firmware designed to improve upon BIOS, which is low-level code that bridges a computer’s hardware and operating system at startup. The UEFI code is typically sealed off from users. But Vilaca wrote that he found the code is unlocked after a computer goes to sleep and reawakens, allowing it to be modified. Apple computers made before mid-2014 appear to be vulnerable. […]