SecureMac, Inc.

Apple Buys the Company That Built Mac Worm

March 2, 2016

Well, you could never say that Apple doesn’t take security threats seriously. Last year, a security firm called LegbaCore built one of the most serious threats yet to Mac computers. Typically, Macs have been known for having far, far fewer viruses and worms than PCs. For the most part, that lack of attacks has had more to do with market share than anything else. Hackers and cyber criminals can benefit more from creating viruses and malware for Windows PCs, simply because there are more Windows PCs out there than …

Apple Buys the Company That Built Mac Worm

Well, you could never say that Apple doesn’t take security threats seriously. Last year, a security firm called LegbaCore built one of the most serious threats yet to Mac computers. Typically, Macs have been known for having far, far fewer viruses and worms than PCs. For the most part, that lack of attacks has had more to do with market share than anything else. Hackers and cyber criminals can benefit more from creating viruses and malware for Windows PCs, simply because there are more Windows PCs out there than Macs.

LegbaCore, though, changed the game a bit with an attack called Thunderstrike 2. According to TheNextWeb, Thunderstrike 2 was “the first worm that was able to permanently infect Mac computers.” The attack was dubbed “Thunderstrike” because it exploited a bug in Mac’s Thunderbolt technology to infect Mac firmware. The Thunderbolt port “supports high-resolution displays” and “high-performance data devices.” Thunderstrike 2 was able to spread to other computers by way of connected Thunderbolt devices.

Apple’s Smart Acquisition

Like other security companies that look for computer bugs or vulnerabilities, LegbaCore reported the information about the Thunderstrike 2 attack from Apple. Rather than just thank LegbaCore and start patching the firmware, though, Apple did one better: they bought LegbaCore outright.

As TheNextWeb notes, LegbaCore stopped accepting other work in November and is now working on an undisclosed project for Apple. Co-founder Xeno Kovah has gone on record on Twitter, saying that his team is working on “low-level security” and helping Apple with “some *very* interesting and highly impactful work.”

Beyond those few hints, there’s only speculation about what the LegbaCore team could be doing at Apple. In all likelihood, though, the team’s “highly impactful” work has to do with making Mac firmware more secure, possibly with highlighting potential vulnerabilities and blocking exploits before they become public concerns. In any case, it’s clear that Apple saw an opportunity to improve its security team and jumped at the chance.

You can learn a bit more about LegbaCore by visiting their now-inactive website.

Get the latest security news and deals