A new exploit discovered by F-Secure is said to put “almost all” Mac and Windows laptops and desktops at risk for data theft. The vulnerability even leaves Macs with FileVault turned on susceptible.
As reported by TechCrunch, the firmware exploit has to do with how almost all Mac and Windows machines overwrite data when they are turned off. This exploit is based on a cold boot attack, where hackers are working to steal data from a computer that’s powered off.
F-Secure’s Olle Segerdahl and Pasi Saarinen discovered the firmware vulnerability that allows the ability to turn off data overwriting. Notably, a malicious party would need to have physical possession of a computer to leverage this flaw.
Segerdahl also discovered that in almost all instances it was possible to steal data even if the Mac had the FileVault encryption feature turned on.
The researchers previously shared their discovery with Apple, Microsoft and Intel. Macs with the new T2 chip are immune from the flaw, which include the iMac Pro and the 2018 MacBook Pros.
“Apple said it was looking into measures to protect Macs that don’t come with the T2 chip.” Meanwhile, Intel didn’t respond to TechCrunch on the matter.
