Ioshackz.com Major Thunderbolt Security Flaws Discovered, Leave Many Macs Vulnerable Security researcher Björn Ruytenberg discovered 7 severe vulnerabilities in the Intel Thunderbolt chip, as well as 9 attack techniques. These security holes affect all machines with Thunderbolt ports, including all Mac computers equipped with Thunderbolt connectors between 2011 and 2020. Both the standalone Thunderbolt port and the USB-C compatible Thunderbolt port have been affected.
Those security vulnerabilities include:
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Downgrade attack using backwards compatibility
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.