A bug in the latest version of Apple's OS X gives attackers the ability to obtain unfettered root user privileges, a feat that makes it easier to surreptitiously infect Macs with rootkits and other types of persistent malware.
The privilege-escalation bug, which was reported ...
The article about thunderstrike is a little vague. It doesn't come out and say they used a privilege escalation exploit, but it implies that it does.
Thunderstrike 2 Worm can infect your Mac without detection— but requires Root access— MacDailyNews, Forbes Report, August 3, 2015“Trammell Hudson, an employee of high-tech hedge fund Two Sigma Investments, created something of a storm late last year with his Thunderstrike exploit on Apple Macs,” Thomas Fox-Brewster reports for Forbes. “t was the first time anyone had demonstrated a Mac bootkit – malware that launches ahead of the operating system, from the moment the PC starts, and is hidden from security tools, most of which don’t delve so deep inside Macs’ innards. It’s probably the most surreptitious, devilish kind of malware one can get onto a PC, effectively granting an attacker total control over the computer.”
“There was one major barrier to exploitation outside of labs, however: it required physical access to the target PC,” Fox-Brewster reports. “But now Hudson has collaborated with self-proclaimed ‘voodoo’ researchers Xeno Kovah and Corey Kallenberg, Mac bootkits can now be delivered from anywhere on the planet. They could also jump between machines over infected Thunderbolt devices, creating a ‘firmworm.'”
“To get that bootkit up and running, there are numerous paths a malicious hacker could take. The one the trio will show off at the Black Hat security conference in Las Vegas this week will assume the attacker already has root control over the machine. Getting to that point is not the simplest of tasks on Apple Macs, but an Oracle Java or Adobe Flash exploit would do the trick,” Fox-Brewster reports. “In the video below, Hudson shows how an attack can jump from OROMs, to the BIOS, and back to the OROMs, primed to infect another Mac.”
The Forbes article seems to think that achieving ROOT access is a trivial matter, it really isn’t. However, a really determined hacker could conceivably find a way.