“Thunderclap” Vulnerabilities Affect Major Operating Systems

A group of researchers discovered several security flaws affecting many devices running Windows, macOS, Linux, and FreeBSD operating systems that come with the Thunderbolt interface – used to allow outside devices to connect to a machine. These vulnerabilities, collectively known as “Thunderclap,” could allow a threat actor with physical access to the affected system to run arbitrary code under the highest privilege level and potentially steal sensitive data, including passwords, banking credentials, encryption keys, files, and browsing history. The researchers are working with each company to patch the vulnerabilities. The NJCCIC recommends users review the Thunderclap information page and research paper, and ensure they are running the most current, up-to-date version of their operating system.