

Mac EFI Update 2015-001: malicious root app may be able to modify EFI flash - SchizoDuckie
https://support.apple.com/en-us/HT204934

======
SchizoDuckie
Related CVE:

[http://www.kb.cert.org/vuls/id/577140](http://www.kb.cert.org/vuls/id/577140)

Applies to (at least) some DELL computers as well.

TLDR: There's a bug in some UEFI BIOSes that don't set the read-only flag when
a computer comes back from sleep, thus allowing a malicious program to
silently reflash the BIOS

More detailed analysis: [https://reverse.put.as/2015/05/29/the-empire-strikes-
back-ap...](https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-
how-your-mac-firmware-security-is-completely-broken/)

