Full Disclosure mailing list archives

By Date By Thread The Empire Strikes Back Apple  how your Mac firmware security is completely broken From: "fG" <fulldisclosure () put as>

Date: Fri, 29 May 2015 13:04:15 -0400

Hi, Most Mac models suffer from a critical vulnerability in the S3 suspend/resume cycle. When they resume from a suspend cycle the BIOS flash protections are removed and unlocked. This means the BIOS can be overwritten from userland at that moment. The Dark Jedi vulnerability achieved this by modifying the S3 boot script but Apple's implementation is even worse and the only requirement is to put the computer to sleep. Please refer to https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/ for longer description and proof. All Mac models except newest ones (released in 2014/2015?) should be vulnerable. The newest ones require some tests because I don't have any available at the moment. Have fun, fG! _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: The Empire Strikes Back Apple  how your Mac firmware security is completely broken fG (May 31)