| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 May 2015 13:04:15 -0400 From: "fG" <fulldisclosure@....as> To: fulldisclosure@...lists.org Subject: [FD] The Empire Strikes Back Apple how your Mac firmware security is completely broken Hi, Most Mac models suffer from a critical vulnerability in the S3 suspend/resume cycle. When they resume from a suspend cycle the BIOS flash protections are removed and unlocked. This means the BIOS can be overwritten from userland at that moment. The Dark Jedi vulnerability achieved this by modifying the S3 boot script but Apple's implementation is even worse and the only requirement is to put the computer to sleep. Please refer to https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/ for longer description and proof. All Mac models except newest ones (released in 2014/2015?) should be vulnerable. The newest ones require some tests because I don't have any available at the moment. Have fun, fG! _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists