SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple Buys the Company That Built Mac Worm

Posted on March 2, 2016

Well, you could never say that Apple doesn’t take security threats seriously. Last year, a security firm called LegbaCore built one of the most serious threats yet to Mac computers. Typically, Macs have been known for having far, far fewer viruses and worms than PCs. For the most part, that lack of attacks has had more to do with market share than anything else. Hackers and cyber criminals can benefit more from creating viruses and malware for Windows PCs, simply because there are more Windows PCs out there than Macs.

LegbaCore, though, changed the game a bit with an attack called Thunderstrike 2. According to TheNextWeb, Thunderstrike 2 was “the first worm that was able to permanently infect Mac computers.” The attack was dubbed “Thunderstrike” because it exploited a bug in Mac’s Thunderbolt technology to infect Mac firmware. The Thunderbolt port “supports high-resolution displays” and “high-performance data devices.” Thunderstrike 2 was able to spread to other computers by way of connected Thunderbolt devices.

Apple’s Smart Acquisition

Like other security companies that look for computer bugs or vulnerabilities, LegbaCore reported the information about the Thunderstrike 2 attack from Apple. Rather than just thank LegbaCore and start patching the firmware, though, Apple did one better: they bought LegbaCore outright.

As TheNextWeb notes, LegbaCore stopped accepting other work in November and is now working on an undisclosed project for Apple. Co-founder Xeno Kovah has gone on record on Twitter, saying that his team is working on “low-level security” and helping Apple with “some *very* interesting and highly impactful work.”

Beyond those few hints, there’s only speculation about what the LegbaCore team could be doing at Apple. In all likelihood, though, the team’s “highly impactful” work has to do with making Mac firmware more secure, possibly with highlighting potential vulnerabilities and blocking exploits before they become public concerns. In any case, it’s clear that Apple saw an opportunity to improve its security team and jumped at the chance.

You can learn a bit more about LegbaCore by visiting their now-inactive website.

Join our mailing list for the latest security news and deals