Related CVE:<p><a href="http://www.kb.cert.org/vuls/id/577140" rel="nofollow">http://www.kb.cert.org/vuls/id/577140</a><p>Applies to (at least) some DELL computers as well.<p>TLDR: There's a bug in some UEFI BIOSes that don't set the read-only flag when a computer comes back from sleep, thus allowing a malicious program to silently reflash the BIOS<p>More detailed analysis: <a href="https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/" rel="nofollow">https://reverse.put.as/2015/05/29/the-empire-strikes-back-ap...</a>