Thunderbolt 3 ‘Thunderclap’ vulnerabilities affect almost all Macs released since 2011

“Vulnerabilities in Thunderbolt has been disclosed by security researchers, with ‘Thunderclap’ allowing a device connecting over Thunderbolt to acquire sensitive data from the host Mac, an issue that affects almost all Macs released since 2011,” Malcolm Owen reports for AppleInsider.
“Revealed at the Network and Distributed Systems Security Symposium on Tuesday, Thunderclap is a set of vulnerabilities that take advantage of issues with the way Thunderbolt operates,” Owen reports. “By misusing how Thunderbolt functions, a malicious device has the capability to access system memory without any oversight from operating systems.”
“Practically all hardware with some form of Thunderbolt connection is affected, including those with USB Type-C ports and those with older Mini DisplayPort connections,” Owen reports. “In the case of Apple, a dedicated Thunderclap website notes ‘all Apple laptops and desktops produced since 2011 are vulnerable, with the exception of the 12-inch Macbook.'”
Read more in the full article here.
MacDailyNews Note: On behalf of his team of researchers (Colin Rothwell, Brett Gutstein, Allison Pearce, Peter Neumann, Simon Moore and Robert Watson), Theo Markettos writes that “since this is a new space of many vulnerabilities, rather than a specific example, we believe all operating systems are vulnerable to similar attacks, and that more substantial design changes will be needed to remedy these problems.”
Read more in the full article here.
[Attribution: AppleInsider. Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]