According to a recent security presentation, attackers could infect Macintosh computers with a special kind of malware using the computer's Thunderbolt port.

The attack, dubbed Thunderstrike, was showcased by security researcher Trammell Hudson at the Chaos Communications Congress in Germany. Hudson is well known in the security community, particularly for his work reverse-engineering various devices and systems.

See also: 2014 was the year hacking became the norm

You can watch Hudson's entire presentation and read an annotated version of the talk, but the gist is that the attack takes advantage of a Thunderbolt flaw that allows custom code — like a bootkit — to be written to the system using Thunderbolt port.

Thunderstrike takes advantage of a flaw in the Thunderbolt Option ROM that was first disclosed in 2012. Hudson's proof-of-concept goes a number of steps further (past attempts to exploit the flaw by writing new code to the ROM at boot left researchers with bricked machines).

Ultimately, it shows that an attacker could use the Thunderbolt port to install a custom bootkit. This bootkit could even replicate itself to any other Thunderbolt-attached device, which means it could spread across networks.

The scary thing is that because this code is in its own separate ROM, the attack can't be stopped by re-installing OS X or swapping out the hard drive.

Hudson even showed that he cold replace the cryptographic keys Apple uses for signing firmware with another key, which would prevent future legitimate firmware updates from being installed.

Scary, but there is some good news

Hudson's work is impressive, if scary. Anytime there are vulnerabilities at the lowest levels of system access, users should be concerned about potential threats.

That said, regular users don't need to fear Thunderstrike. As far as Hudson knows, there are no Mac firmware bootkits in the wild. Right now, it exists only as a proof-of-concept.

Apple has already patched part of the vulnerability in the most recent Mac mini and on the iMac with 5K Retina Display.

It should also be noted that this sort of exploit requires physical access to a machine. You can't download the malware through other software.

That said, the nature of this sort of vulnerability just highlights that computer security is as much about access control as it is about passwords and hardened software.