The vulnerability, which according to its discoverer, has been around for more than a year, allows the nefarious individual behind it to take control of the machine, and even grants them the ability to flash the BIOS on the system, thereby making it possible to re-write the system’s POST code. That means that even if you clean your HDD or SSD out entirely, it can just become re-infected the second you boot it up, as per Ars.
Related: Can Macs get viruses and malware? We ask an expert
What makes this issue so problematic is that it could be bundled with other, already-existing malware in order to make them effectively invincible to traditional software and manual cleaning methods.
The good news, however, is that Apple’s late 2014 systems all seem to have had this vulnerability fixed. Even so, Apple hasn’t done anything about those systems that were sold before that time. That could be its way of trying to keep a lid on the problem, hoping that no one would discover — and thereafter exploit — it. If so, that is some pretty hefty wishful thinking, leaving people vulnerable to persistent attacks from remote actors.
For those of you who have a pre-mid-2014 Mac and wish to protect yourselves from this security flaw, the only real advice that can be offered — until Apple releases its own fix — is to not allow your system to sleep, as that’s when it becomes vulnerable to attack via this particular exploit.
Editors' Recommendations
- Update your Mac now to fix vulnerability that gives full access to spying apps
- MacOS Big Sur will be coming to a Mac near you on November 12
