Last year, security firm LegbaCore created the first worm that was able to permanently infect Mac computers by embedding itself in firmware — and now the company has been acquired by Apple.
The attack, called Thunderstrike 2, exploited a flaw in Thunderbolt to infect Mac firmware without user detection and spread itself to other computers using the option ROM in attached Thunderbolt devices.
According to Macrumors, when the company reported the bug to Apple and worked through resolution, it began courting them for acquisition.
Xeno Kovah, one of the company’s founders said on Twitter that “as we were having discussions with Apple in the wake of our presentation this summer it became clear that Apple had some *very* interesting and highly impactful work that we could participate in.”
LegbaCore was wound down and quietly added a notice in November 2015 that it was ‘no longer accepting work.’
Unfortunately — and unsurprisingly — the team won’t say what it’s directly involved in at Apple other than “low level security” though Kovah notes that he doesn’t even know their job titles.
The acquisition makes a lot of sense; having researchers with such deep experience exploiting Mac firmware is incredibly valuable for Apple, so the company is able to have internal engineers working to fix exploits before they’re ever made public.