Thunderstrike 2 – A worm designed to kill your Mac


Researchers have developed a worm targetting Macs on a firmware level. This makes it almost impossible to remove as it can resist software/firmware updates as well as block them entirely. The worm is also capable of reinstalling itself if required as it is embedded deep in the firmware level.

This worm dubbed ‘Thunderstrike 2’ was created by the same people who found the exploit ‘Thunderstrike’ (a proof of concept) which was made public around February this year. Thunderstrike 2 builds upon this proof of concept by putting the exploit into use and actually implementing a malicious worm deep inside the MacBooks core.

The Mac can be infected by this exploit via a website or email. Once infected the worm is able to spread itself through to other Macs via Apples perephirals – external drives, RAID controllers and even Thunderbolt to Gigabit ethernet adapters.

You may ask, surely there is a way to get rid of the worm? Well the only way to remove it as it stands is on a hardware level (this process most likely involves removing the logic board containing the firmware). Making this worm particularly dangerous to remove and costly if you are out of warranty! Potentially killing your MacBook if you don’t have the funds to repair the affected Mac.

Check out a preview of the exploit in action:

The researchers who developed the worm thankfully have been in touch with Apple in regards to the vulnerabilities, however Apple have only so far fixed one security flaw and partially fixed another. 3 of the 5 vulnerabilities have still not been addressed as of yet, however may be patched in an upcoming security update.

Leave a Reply

Your email address will not be published. Required fields are marked *