One way to beef up security is by hiring the people who find the flaws in your products, and that's exactly what Apple did with LegbaCore—the company that detailed the Thunderstrike 2 Mac firmware exploit. The Mac and iPhone maker bought the security research company in November 2015, and founders Xeno Kovah and Corey Kallenberg became full time Apple employees.
The two are working on what Mr. Kovah called "low level security." Word of the LegbaCore purchase came from security researcher Trammell Hudson during a recent presentation.
Mr. Kovah and Mr. Kallenberg developed the Thunderstrike 2 exploit last year as a proof of concept. The malware they created used a security flaw in the Thunderbolt interface to install itself into the firmware on victim's Macs. Once there, it couldn't be removed.
The good news for Thunderstrike is that the LegbaCore team went to Apple with their proof of concept instead of unleashing it on the world. To date, their exploit hasn't been used in the wild. Apple also released a security update to patch the flaw.
Apple was clearly impressed with the two because it bought the company and has kept both on staff to work on unnamed security projects. That's great for Apple device users because it's another sign the company is serious about security.
[Thanks to MacRumors for the heads up]