A remote attacker can compromise the Extensible Firmware Interface (EFI) on Mac computers and install a rootkit by getting the device to sleep for a few seconds, according to a researcher.
Pedro Vilaça, better known as @osxreverser, discovered the bug while analyzing firmware security issues presented last year at the Chaos Communication Congress (CCC): the Thunderstrike vulnerability disclosed by Trammell Hudson, and various UEFI flaws detailed by Rafal Wojtczuk and Corey Kallenberg.
One of the vulnerabilities presented by Wojtczuk and Kallenberg, dubbed “Dark Jedi,” is related to the failure of some UEFI systems to properly restrict access to the boot script used by the EFI S3 Resume Boot Path (CVE-2014-8274). This allows a local attacker to bypass firmware write protections on systems from Dell, Intel, American Megatrends Incorporated (AMI), Lenovo, and Phoenix Technologies.
Hudson, who demonstrated that the Apple EFI can be attacked from a Thunderbolt device, noted shortly after his presentation that CVE-2014-8274 could also work against Apple devices because the flash lockdown (FLOCKDN) and other BIOS protection registers are unlocked after an S3 suspend/resume cycle.
Vilaça was analyzing this type of attack when he noticed that Apple’s S3 implementation of the suspend/resume cycle was exposing the BIOS. The researcher determined that an attacker could overwrite the contents of the BIOS from userland and install a rootkit simply by letting the computer sleep for a few seconds.
The expert reproduced the zero-day on a MacBook Pro Retina, a MacBook Pro 8,2, a MacBook Pro 9,1, and a MacBook Air and determined that they are all vulnerable, despite running the latest EFI firmware available. The latest MacBook models don’t appear to be affected by this vulnerability, Vilaça said.
The flaw is dangerous because, as Hudson has pointed out, it’s “much less complicated” than Thunderstrike and Dark Jedi, and it can be exploited remotely by triggering sleep with the “sudo pmset sleepnow” command.
“The bug can be used with a Safari or other remote vector to install an EFI rootkit without physical access. The only requirement is that a suspended happened in the current session. I haven’t researched but you could probably force the suspend and trigger this, all remotely. That’s pretty epic ownage,” Vilaça explained in a blog post.
The researcher disclosed the details of this zero-day because he was confident that Apple was aware of this issue, especially since the attack doesn’t work on the latest MacBook models. Even if Apple doesn’t know about it, Vilaça says the goal is to pressure the company into fixing the firmware. Apple has not provided any clarifications by the time of publication.
“A firmware level vulnerability is critical in that security controls on the operating system have no visibility into the presence of malicious code running on the machine at that level. The only likely way to fix or prevent infection is a firmware update from Apple,” Trey Ford, Global Security Strategist at Rapid7, told SecurityWeek.
Hudson, Kallenberg and Xeno Kovah are preparing a talk on Mac firmware vulnerabilities for DefCon. The researchers plan on disclosing several vulnerabilities in a presentation titled “Thunderstrike 2: Sith Strike.”
Hudson says he has replicated the attack method detailed by Vilaça on several MacBooks, including 10,1 and 10,2 models.
“It should be fixable with a firmware patch for the affected chipsets such as the 10,1 with the Intel HM77 or the 10,2 with the QS77. I don’t know the extend of vulnerable machines — the 11,2 Macbook, with the HM87 chipset, does not seem to be affected for instance,” Hudson told SecurityWeek. “However, Thunderstrike v2 will likely be able to override the S3 bootscript using Rafal and Corey’s Dark Jedi attack, so there will probably be another firmware fix required.”
