[$] The Thunderclap vulnerabilities

Post Syndicated from jake original https://lwn.net/Articles/782381/rss

It should come as no surprise that plugging untrusted devices into a
computer system can lead to a wide variety of bad outcomes—though often
enough it works just fine. We have reported on a number of these kinds of
vulnerabilities (e.g. BadUSB in 2014) along
the way. So it will not shock readers to find out that another
vulnerability of this type has been
discovered, though it may not sit well that, even after years of vulnerable
plug-in buses, there are still no solid protections against these rogue
devices. This most-recent entrant into this space targets the Thunderbolt
interface; the
vulnerabilities found have been dubbed “Thunderclap”.