Skip to main content

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Researchers Create First Firmware Worm that Can Infect Macs

It was reported Monday that the first firmware worm that is able to infect Macs called “Thunderstrike 2” has been created by researchers.

According to Wired, “An attacker could first remotely compromise the boot flash firmware on a MacBook by delivering the attack code via a phishing email and malicious website. That malware would then be on the lookout for any peripherals connected to the computer that contain option ROM … and infect the firmware on those. The worm would then spread to any other computer to which the adapter gets connected.”

While Macs don’t get viruses or worms, etc. just from visiting the wrong website – they are vulnerable when you download and then install something. And this makes it simple – don’t download and install applications (which require user password root access to install) that come from unknown, untrusted, non-verifiable sources.

“Free” can be downright damaging. And now it can be damaging to others. A device connected to a compromised system can itself be compromised and turned into a transmission device to spread this kind of worm exploit without any indication or password access with just the compromised device being connected to a system. It still takes that “patient zero” to do so, though.

The researchers have notified Apple of the vulnerabilities, and the company has patched one and partially patched another with three of the vulnerabilities remaining unpatched as of now.

With that said, Apple needs to close these open doors without further delay. The greatest risk for the potential spread via Thunderbolt susceptibility is to those in media and entertainment/production industries that are frequently swapping external drives between systems and sending work out on such solutions.

This is certainly something to be wary of… but it is an avoidable something.

OWC Larry
the authorOWC Larry
OWC Founder & CEO
Larry O'Connor is the founder and Chief Executive Officer of Illinois-based Other World Computing (OWC®). Starting as a one-man business in 1988, O'Connor has provided the leadership and vision to establish OWC as the leading provider of technology products and services today.
Be Sociable, Share This Post!

Leave a Reply


  • Also, is this even something that is out there or just a hacker’s proof of concept?

  • So, as far as spreading the thing, this looks to me like it is, firstly, only if you have an external device connected with “option ROM”, so this seems to be specific to Thunderbolt connected PCIe-type devices? So, older Macs that don’t have Thunderbolt ports are not susceptible? And, many Mac owners do not have a device with “option ROM” or even know what that is.

    I’ve seen this all over the internet, more of a scare tactic, as, even this article, which is much better than others I have read, still seems incomplete.

    I think we need further explanation.

    • Also, he stated “…some Macs…”, so, not all Macs w/thunderbolt port are susceptible? Which ones?