OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability

The so-called "Thunderstrike" hardware exploit was publicized late last year, but the hack takes advantage of a flaw in the Thunderbolt Option ROM first disclosed in 2012. Until now, that flaw hasn't been patched, but according to iMore, the latest beta of Apple's OS X 10.10.2 update fixes the problem.

Citing people familiar with the software, it was said that OS X 10.10.2 prevents the Mac's EFI boot ROM from being replaced, and also makes it impossible to roll it back to a previous state.

The "bootkit" hack, discovered by researcher Trammell Hudson, could replicate itself to any attached Thunderbolt device. That means the exploit could spread across air-gapped networks, unbeknownst to users.

The code becomes stored in a separate ROM on the logic board, which would allow the attack to remain even if the user were to install OS X or put in an entirely new hard drive.

While such low-level attacks are dangerous because they are difficult to detect and can do significant damage, they are also more challenging to spread because they require physical access to a machine.

Thus far, Apple has issued five betas of OS X 10.10.2 to developers, with the most recent release arriving last week. Developers have been asked to focus on problem areas including Wi-Fi, Mail, VoiceOver and Bluetooth.