Hi, Most Mac models suffer from a critical vulnerability in the S3 suspend/resume cycle. When they resume from a suspend cycle the BIOS flash protections are removed and unlocked. This means the BIOS can be overwritten from userland at that moment. The Dark Jedi vulnerability achieved this by modifying the S3 boot script but Apple's implementation is even worse and the only requirement is to put the computer to sleep. Please refer to http://ift.tt/1LO1mo8 for longer description and proof. All Mac models except newest ones (released in 2014/2015?) should be vulnerable. The newest ones require some tests because I don't have any available at the moment. Have fun, fG!
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment