Thunderstrike 2 Could Attack Your Mac, but not Today

Prepare for doomsday because there's a new Mac security threat that targets Thunderbolt to deliver its pox-laden payload to destroy your computer—or so some medial outlets would have you believe. The threat, dubbed Thunderstrike was first revealed at the beginning of the year as a proof of concept, and now the developers have a new version called Thunderstrike 2 that can target computers through malicious websites.

Thunderstrike could use Thunderbolt accessories to infect your Mac's firmwareThunderstrike could use Thunderbolt accessories to infect your Mac's firmware

Where the original Thunderstrike proof of concept required physical access to victim's computers, Thunderstrike 2 can be distributed through maliciously crafted websites or phishing email scams. Both versions attach themselves to Thunderbolt accessories that use Option ROMS, like Apple's Thunderbolt to Ethernet adapter, and then infect any computer they're connected to. Thunderstrike 2's big difference is that it can be delivered to those accessories remotely.

Thunderstrike and Thunderstrike 2 could let attackers install their own malicious code into your computer's firmware. Once there, the code would be virtually undetectable and difficult to remove because it patches the security flaw that lets it install.

While the media is happy to jump on the Thunderstrike bandwagon and call the threat a Mac issue, it's really a Thunderbolt problem that can impact most any computer that uses the peripheral connector port. Apple's issue is that it hasn't fully patched the vulnerabilities yet.

Six potential vulnerabilities are known, according to Ars Technica, and five of those impact the Mac. Apple has fully patched one, partially patched another, and still has three more to address.

The security researchers who created the Thunderstrike and Thunderstrike 2 proof of concept attacks at LegbaCore have passed on their findings to Apple instead of releasing the information on the Internet. That means the threat isn't in the wild, although if one research group could build an exploit it's possible for others to do the same.

Apple hasn't commented on the threat, but could be working on building fixes to release at some point in the future—hopefully before someone with malicious intent figures out how to exploit Thunderstrike.

For now, anyone with a Thunderbolt-equipped computer—whether it's a Mac or PC—should be aware of the Thunderstrike threat, but shouldn't stay up nights afraid that their computer is about to get infected. And Apple needs to get on top of fixing those security flaws.