top | item 8823181

(no title)

ripa | 11 years ago

Maybe I'm missing something, but if an attacker can update the firmware without Apple's RSA key, then Apple (or you self) should be able to flash it in the same way the attacker did (even though the official update procedure is blocked) and "fix it", or?

discuss

helper|11 years ago

This attack "closes the door behind it" so that you can't use the same vector to undo it. Specifically it completely disables loading option ROMs.

ripa|11 years ago

I see, thanks for the explanation! Hopefully we'll see an EFI upgrade fixing it soon.

userbinator|11 years ago

The attacker can essentially "seal" the firmware in by writing a modified BIOS that either skips executing option ROMs, or write-protects the flash before executing them (as Apple's firmware should've originally done); then you'd need to use hardware to reflash.

ripa|11 years ago

I see, thanks for the explanation! As written in the other response, hopefully we'll see an EFI upgrade fixing it soon.