Disable Thunderbolt ports in macOS Mojave to mitigate the Thunderclap vulnerabilities

macos applescript thunderbolt mojave thunderbolt-display

Due to the Thunderclap vulnerabilities we need to disable all Thunderbolt interfaces (except the DisplayPort signal). We are using Late 2015 iMac running macOS Mojave 10.14.5.

Currently there is a secondary Apple Display connected via a Thunderbolt Port.

I already tried to unload kernel extension by running:

$ sudo kextunload com.apple.iotkit.IOThunderboltFamily
$ sudo kextunload -b com.apple.iokit.IOThunderboltFamily 6.8.4
$ sudo kextunload /System/Library/Extensions/IOThunderboltFamily.kext

I found the right process using:

$ kextstat -a

 75    3 0xffffff7f8198f000 0xf000     0xf000     x86_64             com.apple.driver.AppleThunderboltDPAdapterFamily (5.6.4) C6AEB6E6-AFFC-355F-8073-73E21E8BC49E <65 12 6 5 3 1>

Every time I try to unload, I get the messages that there was a problem terminating the services.


Solution 1:

The best way to do this is to move away those kernel extensions completely. This means that they're never loaded during boot - and thus you do not have a "gap" where the computer is vulnerable during the time between boot and the time where you run the kextunload commands. In addition you do not have to deal with dependencies for unloading them.

The necessary steps are:

1) Boot the Mac in Recovery mode (boot the Mac with cmd-R pressed).

2) Open Terminal

3) Disable SIP by running: 

  csrutil disable

4) Create a folder to contain the disabled extensions:

  mkdir /Users/<username>/ArchivedExtensions/

5) Move the kernel extensions you want to disable away by running:

  mv /System/Library/Extensions/<name>.kext /Users/<username>/ArchivedExtensions/

6) Re-enable SIP by running:

  csrutil enable

Note that should be substituted with your username, and should be substituted with the extension you want to disable. You can run the command multiple times with different names to disable more extensions.

The relevant extensions you can disable are:

  • AppleThunderboltDPAdapters.kext
  • AppleThunderboltEDMService.kext
  • AppleThunderboltIP.kext
  • AppleThunderboltNHI.kext
  • AppleThunderboltPCIAdapters.kext
  • AppleThunderboltUTDM.kext
  • IOThunderboltFamily.kext

Related

Python interactive mode not registering changes made to file on disk
MBP shutting down during sleep
How to boot into macOS directly in Boot Camp?
Remove or relocate Java icon in Dock
iOS App with Free trial and subscribe after that
Apple iPhone 6 Plus display languages
Using other glyphs in Arabic on the iPad
Alternatives of BitThief to Download Torrent Files Sequentially
Disable automatic phone number linking in iOS Safari
How can I sync and store data for offline access on an iPad?
Output device changed but not getting sound output
How to change the Subscription plan for third party app purchased through iTunes?