This is scary. Adrian Kingsley-Hughes on what is called Thunderstike, a malware variant that uses the Mac’s Thunderbolt connector.
A security researcher has discovered a way to infect Macs with malware virtually undetectable and that ‘can’t be removed.’ The attack, which has been called Thunderstrike, installs the malicious code into the Boot ROM of the system via the Thunderbolt port.
This is a proof of concept malware, so it’s not actually living in the wild. What about a fix?
Apple is working on an update that will prevent malicious code from being written to the Boot ROM via the Thunderbolt port. However, this update would not protect the system from having the Boot ROM tampered with directly.
Of course, someone needs access to your Mac to make it happen.