According to a recent security presentation, attackers have been able to infect Macintosh systems with a particular kind of malware using the computer's Thunderbolt port.
The attack, named Thunderstrike, and presented by the security researcher Trammell Hudson at the Chaos Communications Congress in Germany. Hudson is well-known in the security community, particularly for his reverse engineering on various devices and systems.
Below you can watch the entire Hudson presentation or read one annotated version of speech, but the point is that the attack exploits a flaw in the Thunderbolt port that allows custom code to be entered - e.g. a bootkit - on the system using the port.
Vulnerability Thunderstrike exploits it Thunderbolt Option ROM, which was first described in 2012. However, Hudson's PoC is progressing several steps below (attempts to exploit the defect in the past to write new code to the ROM at startup disappointed many researchers).
Eventually, Hudson's PoC shows how an attacker could use the Thunderbolt port to install a custom bootkit. This bootkit could also be played on any other Thunderbolt-connected device, which means it could spread across networks.
The scary is that because this code uses its own separate ROM, the attack can not stop by reinstalling OS X or switching the hard disk.
Hudson also showed that he could replace the encryption keys used by Apple to sign up with the new firmware, which prevents future system updates.
the good news
The Hudson project is impressive and scary for Apple's device owners, although they do not have to be afraid of Thunderstrike at the moment. Hudson reports that Mac bootkits firmware is not released, and that they only exist as proof of the concept (PoC).
Apple has already repaired some of the vulnerability to the latest Mac mini and iMac with 5K Retina screen.
It should also be noted that this type of attack requires physical access to a machine. You can not download malware through other software.