Our new paper "Intel ME Manufacturing Mode: obscured dangers" about SPI write-protection bypass in Apple MacBook. https://t.co/PTswfwJBZA [ru]https://t.co/G2l3nzuhSD [en]
— Maxim Goryachy (@h0t_max) October 2, 2018
Intel ME Manufacturing Mode: obscured dangers and their relationship to Apple MacBook vulnerability CVE-2018-4251 https://t.co/lJ8XTN6sKs #MacBook #Intel #IntelME
— PT Security (@PTsecurity_UK) October 2, 2018
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
One of the interesting things about https://t.co/SHusekPfJn is the reference to ExitBootServices() – it sounds like there's an expected contract between the OS boot environment and the firmware, but that contract is entirely undocumented
— Matthew Garrett (@mjg59) October 3, 2018
Additionally, 𝙴𝚡𝚒𝚝𝙱𝚘𝚘𝚝𝚂𝚎𝚛𝚟𝚒𝚌𝚎𝚜() is useful for rootkits to know when it is time to exfiltrate the FileVault password, although that contract is also undocumented. pic.twitter.com/Z6hUGvOslC
— Trammell Hudson ⚙ (@qrs) October 3, 2018