The new exploit discovered by F-Secure is said to put the “almost all” Mac and Windows laptops and desktop at risk of data theft. This vulnerability also affects Macs that have FileVault enabled.
Reported TechCrunchFirmware vulnerability is related to how to overwrite data when most Mac or Windows machines turn off. This abuse is based on a cold boot attack and hackers work to steal data from computers that are powered off.
F-Secure’s Olle Segerdahl and Pasi Saarinen can discover firmware vulnerabilities and override data overwriting. In particular, malicious parties need to physically own a computer to take advantage of this flaw.
According to Segerdahl, this flaw says “It is easy to misuse”, but he said that this technology is not well known to some hacker groups, he said, “It will be very surprising,” Said.
Segerdahl also discovered that in almost all cases the data can be stealed even though the FileVault encryption feature is enabled on the Mac.
Researchers said that after understanding the mechanism of memory overwrite processing it took only a few hours to build a concept-of-concept tool that firmware prevents clearing secrets from memory. From there, the researcher could scan the disk encryption key and mount the protected volume when obtained.
Researchers used to share discoveries with Apple, Microsoft, and Intel. Macs equipped with a new T2 chip are escaped from defects such as iMac Pro and 2018 MacBook Pro.
“Apple was considering measures to protect Macs not shipped with the T2 chip,” he said. Meanwhile, Intel TechCrunch About the problem