Bismillah writes that a new vulnerability in recent Macs — and potentially older ones — can be used to plant code such as rootkits into areas of EFI memory that shouldn’t be writeable, but become unlocked after the computer wakes up from sleep mode. The article explains that [The vulnerability] appears to be due to a bug in Apple’s sleep-mode energy conservation implementation that can leave areas of memory in the extensible firmware interface (EFI) (which provides low-level hardware control and access) writeable from user accounts on the computer. Memory areas are normally locked as read-only to protect them. However, putting some late-model Macs to sleep for around 20 seconds and then waking them up unlocks the EFI memory for writing. Read more of this story at Slashdot.
Continued here:
Macs Vulnerable To Userland Injected EFI Rootkits
