Apple’s “Dark Jedi” Exploit Explained

The prevailing notion of Apple computers is that they are uncannily capable of protecting themselves from the day-to-day vulnerabilities that plague the likes of Windows. This hasn’t stopped being true, but there is one vulnerability that has managed to slip through the cracks and create a bit of chaos in a system that prides itself in providing order to everyone using it.

It’s called the Dark Jedi exploit, and it was discovered on May 29, 2015. Although the exploit has become a subject of conversation among tech enthusiasts, many of the details surrounding the exploit seem to be discussed scantily, if at all. At Make Tech Easier we’re not satisfied until we’ve exposed the entire dilemma and discussed it in full honesty.

What Does The Exploit Do?

The Dark Jedi exploit was actually an older proof-of-concept posted in a blog in February of 2015. This gives you an idea of how relaxed we are about security since it took months for the news to hit the mainstream when another blogger re-discovered it in slightly older Mac machines on May 29, 2015.


It works by taking advantage of a vulnerability in Apple’s sleep mechanism. Before we go any further, I will need to explain to you that the basic input/output system (BIOS) is a chip on your computer that stores all of the code it needs to begin the boot process and monitor the rest of the hardware attached to the main board. If you’re familiar with the BIOS, you may consider this an oversimplification, but that’s the price we pay for being brief. Usually when a computer shuts off, it also locks the BIOS so that its firmware cannot be rewritten unless there’s some sort of special trigger disabling that lock-up.

The locking mechanism┬ámentioned above is extremely important since it prevents malware from invading what is arguably one of the most important chips in your system. On many of the older Apple computers (and we’re not talking about ancient ones here; the test was done on a MacBook Pro Retina 10.1) the locking mechanism fails to initiate when you put the computer to sleep as opposed to shutting it down. This allows any malware that rewrites your BIOS to do so whenever you close the lid on your laptop. Many rootkits work this way, meaning that your computer is suddenly vulnerable to a host of different malicious programs.

What Should You Do?


For a rootkit to “take root” in your Apple machine, three criteria must be reached:

  • Your hardware must be from mid-2014 at the latest;
  • You must have downloaded the malicious application and executed it; and
  • You must have put your computer to sleep at some point in the future then started it up again.

To prevent the Dark Jedi exploit:

  • Download only from trusted sources like developer’s websites and original manufacturers of software, and
  • Shut down your computer and never let it go into sleep mode if you have one of the older pre-2015 models.

As long as you have a Mac made after mid-2014, you should have the mechanism mentioned earlier even when the computer is put to sleep. This means that you don’t have to worry about this particular threat.

If I may be honest, this exploit doesn’t necessarily make Apple computers any less safe than they already are. I know there might be a panic after everything that’s been said here, but computers running Macintosh are still among the safest to use (although some would have good reason to argue that Linux is a measure safer).

What do you think? Is Apple starting to lose its touch, or is this a one-time slip-up? Tell us in a polite comment below!

Miguel Leiva-Gomez
Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox