WikiLeaks claims the CIA’s Sonic Screwdriver tool uses Thunderbolt to deploy malicious code into UEFI-based Mac OS firmware. Leveraging Direct Memory Access (DMA), it infects firmware even with firmware passwords enabled, bypassing typical security controls on targeted Mac OS systems. This exploit is part of a series of malware that targets Apple devices that WikiLeaks claims the CIA’s Embedded Development Branch (EDB) is responsible for creating.
