Chinese customers are experiencing and choosing Apple's products in an Apple store beside West lake in Hangzhou, which is the biggest Apple store in Asia.Zhang Peng—LightRocket via Getty Images
If you think Apple computers are safer than their Windows-powered cousins, think again.
Security researchers say they’ve crafted a computer worm that can burrow deep inside Mac computers, beyond the scrutiny of anti-virus scanners. From there, it can spread between devices that are not networked by hitching a ride on a Thunderbolt Ethernet adapter, writing itself into a machine’s firmware and remaining undetected.
The vicious worm, dubbed Thunderstrike 2, can even evade a whole system reboot.
“For most users that’s really a throw-your-machine-away kind of situation,” said Xeno Kovah, the head of security startup LegbaCore, who discovered the vulnerabilities and helped create the proof-of-concept worm, in an interview with Wired. “Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”
The research builds on work that Kovah and his associate Corey Kallenberg undertook last year. At the time, the team identified several vulnerabilities in the firmware of Dell, Lenovo, Samsung, and HP PCs.
In the latest probe, Kovah partnered with Trammell Hudson, a security engineer at investment management firm Two Sigma Investments. They found five-in-six of those previously uncovered bugs applied to Macs as well. The flaws are more pervasive than previously thought since many hardware makers share firmware code.
Unnervingly, the worm can be transmitted via unassuming computer accessories, like the aforementioned Ethernet adapter. That makes this attack a potential vector for compromising air-gapped computers, which are usually considered more secure.
“People are unaware that these small cheap devices can actually infect their firmware,” Kovah said. “If people don’t have awareness that attacks can be happening at this level then they’re going to have their guard down and an attack will be able to completely subvert their system.”
According to Wired, most of the bugs remain unfixed. Apple has “fully patched one and partially patched the other. But three of the vulnerabilities remain unpatched,” writes Wired’s Kim Zetter. Apple did not immediately respond to Fortune‘s request for comment.
1976
Apple I was Apple's first computer, which became obsolete within a year. Today, they are auctioned off as collector's items.Justin Sullivan—Getty Images1977 Apple II was the follow up to the Apple I computer. Apple II proved highly successful and spawned several variations.Ralph Morse—The LIFE Images Collection/Getty Images1983 Lisa was Apple's office computer that was the first personal computer to use a graphical user interface. It was a commercial flop, largely because it retailed for a whopping $10,000. Ted Thai—The LIFE Picture Collection/Getty Images1991 NeXT Station was a workstation computer manufactured by NeXT, a computer company Steve Jobs founded in 1985 after he was forced out of Apple. After Apple acquired NeXT in 1996, Jobs rejoined Apple. Kristy MacDonald—dapd/AP1995 Pixar's Toy Story was the film studio's first feature film in 1995. Pixar had spun out from a larger graphics corporation in 1986 with funding from Steve Jobs. Alan Dejecacion—Getty Images1998 The iMac was originally released in 1998, and it was the first Mac computer to have a USB drive but no floppy disk. Many media outlets heralded it as a game changer. Over two million were sold in two years. John G. Mabanglo—AFP/Getty Images1999 The iBook was a line of laptop computers designed for use in schools. The computer, called the "iMac to go," was a huge hit with several upgrades over the years. Ted Thai—The LIFE Picture Collection/Getty Images1999 The Power Mac G3 was a personal computer in the Power Macintosh line. Its upgraded hardware meant it was faster than most other computers on the market. Alan Dejecacion—Getty Images2001 Apple opened its first Apple Stores in 2001, with the original two stores in Virginia and California. On the opening day, thousands of Apple fans stood in line and collectively spent over half a million dollars. Justin Sullivan—Getty Images 2003The iTunes Store is Apple's online digital media store that redefined the music purchase experience and became a runaway success within years. By 2008, it had become the largest music vendor in the U.S. Ian Waldie—Getty Images 2001The iPod followed the release of iTunes and other consumer-facing software. It offered data storage and a sleek design, and soon became the nation's go-to portable music player. Gabe Palacio—Getty Images2006 Macbook Pro was Apple's first computer to use Intel Core processors, replacing PowerBook computers. The Macbook Pro line is Apple's latest laptop collection. Justin Sullivan—Getty Images2005 The Mac Mini was Apple's first consumer-targeted computer to ship without a display, keyboard or mouse, intended to minimize the space taken by a desktop computer.Justin Sullivan—Getty Images2007 The first iPhone was released after years of speculation that Apple would produce a smartphone. It was known for its large touch screen and finger-touch method, as opposed to using a stylus. It was marketed under the slogan "This is only the beginning." Tony Avelar—AFP/Getty Images2008 The App Store is Apple's online marketplace for downloading and developing apps. It was released alongside its iPhone 3G, and both proved to be massive successes. The App Store logged over 10 million downloads on the first weekend.Justin Sullivan—Getty Images2010 The iPad is an Apple tablet computer that met mixed reviews, as users were not sure if it was intended to replace or supplement laptop use, though many praised its ability to connect to WiFi or 3G. That year, the iPad became the leader in the tablet computer market. Justin Sullivan—Getty Images
