Beware: Mac Firmware Worms Are Wiggling!
Mac fanatics can now join the camp of those who are afraid of viruses: new Mac firmware worms emerged from the ether.
Fellow Mac users, wasn’t it nice to have a comforting bubble around us, protecting us from all the pesky things PC owners are afraid of? Yes. It was nice. Playing on the newest gambling apps, surfing social media, opening e-mails like there’s no tomorrow. Now, however, this protecting dome has fallen. According to Wired, two researchers found a gap in the system and created a worm called Thunderstrike 2 that can remain hidden and cause damage within. It can also spread without getting noticed, just like a ninja.
I really wish these smarty-pants didn’t figure out how to make the lives of Mac owners so miserable… But now, let’s educate ourselves on the menace that these two malware pose.The Guardian reports that one of these ugly viruses exploits something that techies call “privilege escalation.” It basically “gains access to a Mac to run as though it is the administrator of the computer,” as The Guardian explains. When somebody gains access to a Mac this way, it opens up the computer to vulnerabilities like skipping security measures, allowing for more malware to be downloaded or the device to be completely exploited for anything.
Apple has not yet fixed the flaws in its system
As The Guardian reports, it was a German IT specialist, Stefan Esser, who first recognized the flaw in the OS of Macs. The company hasn’t fixed the error in the current Mac OS, and it seems like the next OS, El Capitan has it, too. Esser wrote: “At the moment it is unclear if Apple knows about this security problem or not, because while it is already fixed in the first betas of OS X 10.11, it is left unpatched in the current release of OS X 10.10.4 or in the current beta of OS X 10.10.5.” So, people who love social gaming and gambling on their Macs should take special caution from now on.
Even worse, the bug discovered by Esser has reportedly been spotted a couple of times. According to The Guardian, they have seen it in the form of an adware installer. It simply installed itself without any permission form the administrator. Esser said the followings on the matter: “This is obviously very bad news. Apple has evidently known about this issue for a while now … Unfortunately, Apple has not yet fixed this problem, and now it is beginning to bear fruit.” Some reseacrhers from Malwarebytes say that Esser wasn’t fair in his criticism; he didn’t give Apple time to figure something out.
As far as we know, there are two Mac firmware worms so far
According to Wired, the second set of issues were discovered by Kovah, owner of Legbacore (a firmware security consulting firm) and Corey Kallenberg. They found a set of vulnerabilities in 80% of PCs, the worst one being that they managed to surpass the protection embedded in these devices to make sure that nobody alters the firmware on them. They easily access the core firmware and planted beastly codes in it. They then took the experiment to Macs and found that out of six of these severe weaknesses PCs presented, five manifested in Macs. They can be spread by phishing e-mails or malicious websites, so always be cautious when visiting an unknown sites. It is best to stick to online casinos that have online gaming security issues figured out. Thankfully, they usually take special care, what with all the personal data they have to store.
Thunderstrike 2 can go unnoticed, as Wired reports, “because it never touches the computer’s operating system or file system.” It could even infect an Ethernet adapter, and it can do so while being remotely controlled. The moment the same adapter is used on another device, the malware uploads itself and the deed is done. Malware can even be transmitted with SSD, or solid-state drives, often used by people in high-security places where a WiFi connection is not secure enough. Mac users, I’m sorry, but from now on, you have to take extra caution when it comes to downloading apps and opening e-mails. You are as safe as the next guy using a PC.