Uncategorized

Apple EFI malware triad: Mojo/Thor/Loki?

Mojo / Thor / Loki are a triad of malware that infects the EFI of Apple MacBooks.[…]

https://github.com/rickmark/mojo_thor

Standard
Uncategorized

more from Duo on Apple EFI security

Nice, in addition to an upcoming new EFI tool, it appears Duo has some defensive advise, using OSQuery, Puppet, and Chef. Click on the first tweet below for an image from their upcoming presentation.

 

Note that Teddy Reed is giving a presentation on OSQuery in November at Usenix LISA:

Pepjin’s Apple EFI version spreadsheet:

https://docs.google.com/spreadsheets/d/1qGRVF1aRokQgm_LuTsFUN2Knrh0Sd3Gp0ziC_VIWqoM/edit#gid=0

Standard
Uncategorized

Nikolaj moves to US

Apple firmware security researcher Nikolaj Schlej has been working from Europe, and is now moving to the US.

Nice picture of the Xeno, Corey, and Nikolaj in the above tweet.

Standard
Uncategorized

Apple macOS automatic EFI checks

High Sierra automatically checks EFI firmware each week

Upgrading to High Sierra brings a new and significant security feature: your Mac will automatically check its EFI firmware. In a series of tweets, Xeno Kovah, one of the three engineers responsible for the new tool, has outlined how this works.[…]

High Sierra automatically checks EFI firmware each week

AFAICT, the article references Tweets from earlier today that appear to have subsequently been deleted from Twitter.

Standard
Uncategorized

Dmitry on macOS and external USB drives

http://www.grivet-tools.com/blog/2016/target-disk-mode-firmware-password/

 

Standard
Uncategorized

new Apple tools: eficheck (and nvm)

Apple has apparently created a tool for examining Apple Mac EFI firmware, called eficheck. As I understand things, it was released, then pulled due to some issues (bugs?), and is apparently now avabilable in latest macOS updates. Also, it sounds like there might be another tool for NVMe diagnostics.

usage: eficheck: [–save -b] [ –cleanup -b] [–generate-hashes [-b] [-p]] [–integrity-check [-h [-b]]] [–show-hashes [-h] | [-b]]

https://pikeralpha.wordpress.com/2017/08/18/apple-to-cleanup-a-bios-region-of-your-ami-and-phoenix-bios/
https://www.apple.com/macos/sierra/
https://en.wikipedia.org/wiki/MacOS_High_Sierra
https://www.macrumors.com/roundup/macos-10-13/
https://firmwaresecurity.com/2017/01/25/eficheck

Maybe someday there’ll be more info on eficheck, if you find any manpage or other info, please leave a Comment.
https://www.apple.com/us/search/eficheck
https://twitter.com/search?q=eficheck&src=typd

Standard