Those security vulnerabilities include:
- Inadequate firmware verification schemes
- Weak device authentication scheme
- Use of unauthenticated device metadata
- Downgrade attack using backwards compatibility
- Use of unauthenticated controller configurations
- SPI flash interface deficiencies
- No Thunderbolt security on Boot Camp
The unfortunate thing is that there is no way to detect whether the machine is compromised. When the Mac runs the Windows operating system via Boot Camp, all security vulnerabilities will subsist. When running the macOS system, however, only some vulnerabilities will exist.
MacOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2–3 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in MacOS “System Information”. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.
Ruytenberg has notified Intel and Apple, but those vulnerabilities exist in the control chip and cannot be fixed through a software update.
A PDF document regarding the security vulnerabilities has been created, you can view it by clicking the link here.