Explore the vulnerabilities in Mac firmware and their susceptibility to software-only attacks in this 43-minute Black Hat conference talk. Delve into the rising number of firmware vulnerabilities affecting Wintel PC vendors and examine Apple's previous claims of invulnerability. Gain conclusive evidence of Mac's susceptibility to many software-only firmware attacks that also affect PC systems. Witness demonstrations of Mac firmware malware capabilities, emphasizing the potential consequences of successful exploitation. Learn about EFI vs UEFI, shared vulnerabilities, and specific case studies such as Speed Racer and Darth Venamis. Discover the process of reverse engineering Mac OS X and understand the implications of Apple's EFI Security Update 2015-001. Examine the role of Option ROMs and the persistence of old bugs on new platforms. Gain insights into potential actions for both vendors and audience members to address these security concerns.
Overview
Syllabus
Intro
About us - Trammell Hudson
SOFTWARE EXPLOIT
EFI vs UEFI
Shared vulnerabilities
Vulnerability Case Studies
Case study 1: Speed Racer
Case study I: Speed Racer
Intel® Platform Innovation Framework for EFI Boot Script Specification
Case study 2: Darth Venamis
Reverse Engineering Mac OS X
Why didn't we see Prince Harming?
Issues with Apple's EFI Security Update 2015-001
Option ROMs
Old bugs, new platforms
What can vendors do?
What can the audience do?
Taught by
Black Hat
