Systems Windows, macOS, Linux and FreeBSD threatens a new vulnerability, the details of which opened this week at the conference, NDSS 2019, devoted to security issues.
The gap was named Thunderclap, it affects all peripheral devices via Thunderbolt. An attacker can connect to computer malware device that will allow to steal the information directly from memory of system.
Of course, attacking this way may obtain access to confidential information. A team of researchers, who told us about this issue, said that produced 2011’s desktops and laptops from Apple vulnerable.
“By the same logic, many laptops and desktops, which can be running Windows and Linux are also affected by this issue. There are only two conditions: they must be relatively new (produced in 2016) and to support the Thunderbolt interface”, — experts explain.
Experts say that the Thunderclap affects all versions of Thunderbolt: Thunderbolt 1, Thunderbolt 2 and 3 Thunderbolt. The problem is that the OS automatically trusts the device connected via this interface.
Thus, the device is granted full access to system memory by default. All this makes the gap extremely dangerous.
As can be seen from the table below, the majority of gaps Thunderclap still nepropathy.
Report of experts “Thunderclap: Exploring Vulnerabilities in Operating System DMA Protection via IOMMU from Untrustworthy Peripherals” can be found at this link (PDF).
Read more •••