As has been reported a lot, vulnerabilities in the Thunderbolt interface have been revealed by security researchers.
"Thunderclap", as it is known, is a set of vulnerabilities that exploit problems with the way Thunderbolt operates, and allow a device that connects via the interface to acquire sensitive data from the host Mac, a problem that affects almost all Macs released since 201
1, notes AppleInsider
Thunderstorm vulnerabilities cause malicious external devices to attack Mac memory. It also affects some Windows, Linux and FreeBSD systems. Thunderclap affects the way Thunderbolt-based peripherals are allowed to connect and interact with these operating systems, so a malicious device can steal data directly from the operating system's memory.
According to ZDNet researchers from the University of Cambridge, Rice University and the SRI International discovered the Thunderclap problems back in 2016, and have been working with hardware and operating system versions for three years in complete silence to get them fast.
Thunderbolt 3 is often supported via USB Type-C ports on modern laptops. Machines with older versions of Thunderbolt (worn over a Mini DisplayPort connector) are also affected. Thunderclap vulnerabilities can also be exploited by compromised PCI Express devices, either plug-in cards or wells soldered to the motherboard.
The research team behind the vulnerability says "Apple's 2011 portable and portable computers are vulnerable, except for the 12-inch MacBook." They add that "many laptops and some desktop computers designed to run Windows or Linux produced since 2016 are also affected," if they support the Thunderbolt interface.
It should be noted that Thunderclap requires physical access to the computer. End of AppleInsider article states the best advice not to plug in random and insecure Thunderbolt devices of any kind to Mac. You can also protect yourself by not leaving your computer unattended in public and by not using public USB-C charging stations.
Technical details of the Thunderclap errors are available in a research paper entitled "Thunderclap: Exploring Vulnerabilities in the IOMMU Protection Operating System via DMA from Untrustworthy Peripherals", available for download in PDF form on Thunderclap.io/thunderclap-paper -ndss2019.pdf .
Be sure to check back with Rocket Yard for more development on this story.