Thunderstrike 2: Sith Strike

by Trammell Hudson, Xeno Kovah, Corey Kallenberg
Sept. 19, 2017 0 comments Black Hat belen_caty Pen Testing & Audits

The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.

https://www.blackhat.com/us-15/briefings.html#thunderstrike-2-sith-strike