Remember Thunderstrike 2? Last summer, Xeno Kovah and Trammell Hudson unveiled a serious zero-day vulnerability in OS X letting malware creators completely brick your Mac without any way to reset it to its factory status. And it looks like Apple didn’t just fix the vulnerability — it has also hired the team behind this exploit to work on security.
As a reminder, Thunderstrike 2 infected Thunderbolt devices like Ethernet adaptors or external DVD drives. If you reboot your Mac with an infected Thunderbolt device plugged in, the Mac firmware will execute the option ROM on the Thunderbolt accessory before booting OS X. It then bricks the firmware, rendering the Mac unusable.
The best part is that the accessory remains infected, letting someone bricks as many Macs as they want. It was a powerful demo and the team alerted Apple has soon as possible.
In November 2015, Trammell Hudson revealed that Apple had acquired LegbaCore at the 32C3 conference. Xeno Kovah also confirmed that he was working for Apple now:
Since then, LegbaCore has stopped accepting new customers for its security consultancy activity.
It’s unclear whether it’s an acqui-hire or Apple just hired the two persons behind LegbaCore. In both cases, it looks like Kovah and Hudson can’t continue working on LegbaCore and are now working for Apple full time.
And it makes sense that Apple would hire these security experts. Many tech companies hire hackers to fix security holes before they become public. It’s a great way to make sure that your products remain as secure as possible.
Via Mac Rumors
Source: http://feedproxy.google.com/~r/Techcrunch/~3/nHqovcSQQS4/
