Yesterday LegbaCore published a video of a bricking demo of a a Mac Mini firmware vulnerability.
“Apple does not follow Intel’s recommended best practices for protecting their firmware. Consequently Macs are vulnerable to being disabled in such a way that they can never be made bootable again either by attempting to boot off external media (like a DVD/USB) and reinstalling the OS, or by changing the entire HD/SSD with a known working one. The only way to recover from such attacks is to reflash the SPI flash chip with a known-clean copy of the firmware. This attack does not require physical presence. It can be launched via a remote connection to the system (e.g. SSH/VNC).”
LegbaCore has some upcoming training at HackInTheBox Singapore in October, and it appears this 3-day training will cover some of this new Apple EFI research: