The exploit highlights that firmware (the software that boots a computer) isn't typically encrypted out of the factory and doesn't authenticate updates from the manufacturer. The researchers say they have alerted Apple about the issue and according to the Wired article, the company has patched one exploit and partially patched another.

This is the second Thunderstrike exploit to target Macs. The first version was fixed with OS X 10.10.2 and required the hacker to have physical access to the computer. This new version is more nefarious because the malware can be delivered via a link. The latest OS X security update (10.10.4) seems to keep the exploit from taking hold.

Still, vulnerabilities like this are a reminder that companies should be encrypting all the elements of a machine to reduce the chance of their customers getting hacked in the first place.