Copyright © 2016
Tag - Firmware
It has been discovered that Apple acquired the two security researchers behind LegbaCore, Corey Kallenberg, and Xeno Kovah -- the developers of the firmware worm for Macs known as Thunderstrike 2. The hiring was revealed by fellow security researcher Trammell Hudson at a security conference in December, with Apple having brought the pair on board the previous month. LegbaCore had developed a method to infect Macs with a difficult-to-remove firmware hack that could be delivered via altered Thunderbolt connectors.
Pebble is shipping the circular-faced version of its smartwatch on the 8th of November, starting with those who preordered the wearable device when it was first announced in September. On the same day as shipments begin, the Pebble Time Round will be available at retail in the United States, with the smartwatch appearing in Target and BestBuy stores from Sunday onwards, priced at $250.
A new exploit has been developed that could threaten Mac security by leveraging vulnerabilities in firmware rather than software, making the worm nearly impossible to remove. While sounding more ominous than any threat since the original firmware-based Thunderstrike (which was limited to a proof-of-concept with no reported attacks), leading security experts say this new threat is also very low-risk.
Apple on Wednesday issued a firmware update for the recently-released "mid-2015" MacBook Pro Retina 13- and 15-inch models. The update, aimed at only the MacBook Pro models with the Force Touch trackpad as a distinguishing feature, fixes a problem with flash storage that could, in rare cases, cause data corruption, according to Apple. The 1.9MB file is available directly from Apple and the Mac App Store's update section.
Apple has released a firmware update today for the late-2012 Mac mini, the model just before the current models. The 4.4MB EFI Firmware Update (version 1.8) will automatically appear in the Software Update portion of the Mac App Store for users with affected machines, and fixes "an issue that may prevent a USB keyboard from being recognized after the system wakes from sleep."
A new vulnerability -- albeit one that is extremely unlikely to happen "in the wild" -- has been discovered by security researcher Pedro Vilaca, where a flaw in pre-2014 Macs could conceivably allow an attacker access to a portion of OS X that has access to the Mac's Open Firmware and EFI (what PC users might call the BIOS of the machine) and possibly exploit other vulnerabilities to perhaps overwrite it with malicious firmware.
Cloud home monitoring start-up Spotcam has announced a new motion-masking feature for its Wi-Fi home monitoring camera system. A feature available in professional security camera systems, Spotcam's motion masking can be acquired by users through updating to the latest firmware. The camera can then be configured to only monitor motions for a specified area, and ignore other locations within its field of view. Notifications of movement can be received via email or the mobile app, and motion detection alerts are triggered for unmasked zones only.
On Thursday, Apple issued a number of new builds of Safari for the last three versions of OS X, a new firmware update for the current Thunderbolt Display, an update to Camera RAW, and updates for printer drivers for Epson printers. The Thunderbolt Display firmware update covers a "rare" issue that can cause some displays to go dark, according to the company. The update, to version 1.2, also brings "improved reliability when connecting external displays to the display."
A pair of researchers are going to discuss a giant security flaw that illustrates how the Universal Serial Bus (USB) firmware can be exploited. Security researchers Karsten Nohl and Jakob Lell have developed "BadUSB," a malware package resident in USB firmware that can be used as an attack vector to install any manner of software on a PC, with little or no warning to the user, and - as of now -- no effective way to stop the attack or spread of the malware.
Apple released a new update for MacBook Air EFI firmware today, updating to version 2.9.1 for "Mid-2011" models of the notebook. The company states that the update fixes a few issues for owners facing problems with waking from sleep and fans running at full speed in a specific instance. The update replaces a previous version that caused a number of additional problems for owners.