by Dan Moren
Rich Mogull on the Thunderstrike 2 worm
No, nearly everyone can ignore Thunderstrike 2 entirely. The research really is excellent, compelling work that the Wired piece unfortunately turned into a bit a fright-fest. The Web attack vector, in particular, is blocked in OS X 10.10.4. The worm can’t automatically jump air gaps – those in sensitive environments can easily protect themselves by being careful where they source their Thunderbolt devices, and this entire family of firmware attacks is likely to become a lot more difficult as hardware improves, and as device manufacturers update their firmware code.
Upshot: This is security research–exactly what experts do to point out where security can be improved–not real live exploits that are attacking people. Rich is a friend and about the smartest guy I know in Mac security; if he says the Thunderstrike 2 worm isn’t a big deal for most folks, then it isn’t.