Apple Takes Over Firm Involved in Mac Firmware Worm

During November 2015, Apple completed the acquisition of LegbaCore a firmware security firm, said Trammell Hudson security researcher through a presentation he made in December at 32C3 conference. Xeno Kovah founder of LegbaCore described his company's objective as assisting in making systems of a more secure order like with ease of making them.

A firmware worm Thunderstrike 2 not seen earlier that Hudson detected and which targeted Mac computers was what LegbaCore and Hudson collaborated on. The worm just couldn't be eradicated being resilient to updated software/firmware. With a high degree of risk, the worm could proliferate from PC-to-PC interconnected through Thunderbolt ports. Hudson along with LegbaCore notified Apple about security flaws in Thunderstrike 2 and subsequently Apple started developing patches, releasing the first one during June 2015.

Later during August 2015, an expansion of the attack occurred simultaneously with one even more perilous exploit that LegbaCore researchers developed to form a bootkit that couldn't be removed and which tainted the Extensible Firmware Interface of Apple, making permanent alterations. The EFI succeeds the firmware interface BIOS.

Fortunately, LegbaCore's researcher group approached Apple with Thunderstrike's POC (proof-of-concept) rather than disclosing it online. Thus far, this POC has not been utilized on World Wide Web. During the time, Apple even issued a patch as remediation of the vulnerability.

Both LegbaCore and its exploit impressed Apple which then acquired the firm while keeping its staff engaged in undisclosed security projects. Consequently, users of Apple devices were greatly benefited since it again showed the company regarded security with seriousness. Macobserver.com posted this, March 3, 2016.

Meanwhile, it isn't unknown to have organizations hire security investigators who performed hacking attacks on them. Among such instances, MacKeeper is the latest, a security company for Mac devices which hired Christ Vickery independent security investigator who first discovered how a database of the firm leaked out private details belonging to 13m users.

Also, of the jobs LegbaCore is involved in, the important ones are R&D on Thunderstrike 2 and developing BIOS attacks' "dead code" both equating to gold for a few organizations, and also particularly for intelligence community as well as some nefarious groups.

» SPAMfighter News - 3/10/2016